Information Security News mailing list archives

Re: Feds pursue secrecy for corporate victims of hacking

From: InfoSec News <isn () c4i org>
Date: Mon, 4 Nov 2002 00:30:49 -0600 (CST)

Forwarded from: huggins () airmail net

Let me see if I get this right

I'm xyz bank I haven't taken the initiative to hire a security mangaer
or have hired one but, pay them minimum, they tell me I need to fix
security holes I say nah to expensive.  I get hacked, my user data
base and credit card information is stolen.  Numerous account users
identities are stolen but, because I report it to the FBI I dont need
to disclose it to my stake holders, or customers at will.  Hmmm!
sounds great rob me again.

http://www.nandotimes.com/technology/story/601028p-4652104c.html

By TED BRIDIS, Associated Press

WASHINGTON (October 31, 2002 6:36 p.m. EST) - Senior law enforcement
officials assured technology executives Thursday that government
will increasingly work to keep secret the names of companies that
become victims to major hacking crimes, along with any sensitive
corporate disclosures that could prove embarrassing.

The effort, described at a cybercrime conference in northern
Virginia, is designed to encourage businesses to report such attacks
and build public confidence in Internet security. Officials promised
to use legal mechanisms, such as protective orders and sealed court
filings, to shield corporate hacking victims from bad publicity.

"It's important for us to realize that you have certain concerns as
victim companies that we have to acknowledge," FBI Director Robert
Mueller said. He promised, for example, that FBI agents called to
investigate hacking crimes will arrive at offices discreetly without
wearing official jackets with "FBI" emblazoned on them.

"The mere calling of us in an investigation can have an adverse
impact on the image of your company," said Mueller, who has made
cybercrime an FBI priority. In exchange for this protection, Mueller
said, companies should more frequently admit to the FBI when they
are victims of hacking. "You're not enabling us to do the job," he
said.


[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.

Current thread:

Feds pursue secrecy for corporate victims of hacking InfoSec News (Nov 01)
- <Possible follow-ups>
- Re: Feds pursue secrecy for corporate victims of hacking InfoSec News (Nov 03)
- Re: Feds pursue secrecy for corporate victims of hacking InfoSec News (Nov 05)
- Re: Feds pursue secrecy for corporate victims of hacking InfoSec News (Nov 07)