Why Kevin Mitnick Worries Me

[InfoSec News <isn () c4i org>]

http://www.osopinion.com/perl/story/20358.html

Contributed by James Maguire
osOpinion.com 
January 2, 2003 

The solution to the ever-growing army of intruders is to beef up our
cybercrime-fighting forces -- exponentially. The FBI created a new
cybercrime unit in late 2001, but it doesn't appear to be enough.

Things are looking good for Kevin Mitnick. In 2000, he completed a
five-year prison term for computer crimes; this January, 39-year-old
Mitnick will have his probation restrictions lifted. So Mitnick,
probably the world's most notorious hacker , is on the verge of once
again being free to use his computer.

And that's just the start. He has a new book out, The Art of
Deception: Controlling the Human Element of Security. He has launched
his own corporate security company, Defensive Thinking (he presumably
knows more about this subject than most, but after so many years
locked up, isn't he rusty?)

He just got his ham radio license back, and he'll be making extra cash
by auctioning off his PCs that were seized as evidence. He's also
negotiating with Oscar-winning actor Kevin Spacey to co-produce
computer security training films. In short, he looks like one happy
(former) hacker.

Kind of Cool, But...

I have to admit that I enjoy seeing Mitnick do well. He has something
of the folk hero about him, a lone PC virtuoso, nimbly cracking code
to enter monolithic corporate networks. He's the Jesse James of the IT
age.

But something worries me about Mitnick's situation if I think about it
for more than a few moments. His highly publicized case makes it look
like hackers are getting caught. The specter of this hacking virtuoso
sent off to the big house makes it seem as if there's an effective
cybercrime-fighting force in the United States.

Different Sophistication Levels

As has been widely reported, computer crime is very much on the rise
-- and law enforcement officials are no match for today's hackers.  
Kevin Mitnick, however reformed he may be, is not the only happy
hacker running free. There are plenty of them.

The elite hackers of 2003 are more cunning than ever before. And,
based on the fact that plenty of high-profile cybercrimes have gone
unsolved, they are apparently also more cunning than the good folks
who are fighting them.

Peruse the news and you'll find plenty of major cases that are
unsolved. Malicious intrusions at Western Union, Playboy.com, Egghead
and other sites demonstrate that the black hatters are staying several
keystrokes ahead of their pursuers.

Helping the Good Side

The solution to the ever-growing army of intruders is to beef up our
cybercrime-fighting forces -- exponentially. The FBI created a new
cybercrime unit in late 2001, but it doesn't appear to be enough.  
Compared with the many headlines that announce new computer
intrusions, notice how few headlines trumpet arrests.

If we don't bulk up our anti-hacking forces, the fight against network
intrusion will become that much more lopsided. In fact, it's not
unlikely that network security will deteriorate until e-commerce and
other Net-related activities are severely dampened by lack of user
trust. And at that point, we'll need more than Kevin Mitnick's new
book to help us.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.