Friday June 01, 2001
U.S. Falling Behind in Cyber Combat
By Daniel F. DeLong, www.NewsFactor.com

As the latest computer virus -- this one featuring actress Jennifer Lopez -- makes its way around the Internet via e-mail, the number of people who wonder if the government is up to the task of providing electronic security is growing.

The Jennifer Lopez file, which spreads the highly destructive Chernobyl virus, is the latest in a string of mass-mailing worm viruses -- copycat versions of the Anna Kournikova virus which spread across the globe last February.

While these kinds of viruses have the potential for causing millions of dollars in damage, at least they are usually detected early in the process. It's the unannounced hack attacks and cybercrime that comprise the real problem facing both government and business. And from all appearances, the bad guys are way ahead.

FBI (news - web sites) Is Stymied
John Collingwood, the FBI's assistant director for public affairs, concedes the government is stymied, saying there is little it can do at this point.

"The new technology allows people to commit crimes in the United States from anywhere else in the world," Collingwood told NewsFactor Network. "Unfortunately, this is a brand new area for us -- and we're not sure of what the implications will be."

If this sounds like someone who has already lost the fight, then consider the words of Rich Pethia, director of the Software Engineering Institute at Carnegie Mellon University in Pittsburgh, Pennsylvania: "There is no good way to defend against sophisticated hackers."

Early Warning System Crippled
Pethia's words are all the more alarming because his unit is in charge of the U.S. Computer Emergency Response Team (CERT), which is supposed to be the early warning system against cybercriminals. In one of its most embarrassing moments to date, the unit was crippled last week by a denial-of-service attack.

No one has thrown in the towel, but several experts contacted by NewsFactor admitted that if the battle against cybercrime is likened to a baseball game, the opposition is throwing a no-hitter and it's late in the contest.

In support of this analogy, the University of California at San Diego estimates that about 4,000 sites come under denial-of-service attacks each week, including some of the largest and most popular business and government portals.

Economic Losses Soaring
According to a survey of 538 computer security specialists conducted by the FBI and San Francisco's Computer Security Institute, both the number of computer penetrations and the economic losses associated with them are soaring.

Participants in the survey reported that losses climbed to US$378 million in 2000, after reporting losses of about U$266 million the previous year. What's worse, it appears that losses this year have already topped those in 2000.

Pilot Network Services, an Alameda, California firm that makes firewall security software, reports that in April the company discovered 95 million attempted entries had been detected by computers using Pilot's protective program -- a 220 percent increase over the number detected the previous month.

University Systems Vulnerable
Even if the government can manage a frontal attack on its sensitive military materials, hackers are now going through the back door by tapping into major university systems to get to classified information.

At the University of Washington, for example, hackers are reportedly gaining access to military weapons research by going through university research labs. The school's online systems are left open 24 hours a day so that academic researchers can work freely. Of course, that helps electronic criminals gain access.

And now there is a new set of players causing trouble: unhappy dot-com workers who have lost their jobs.

Ex-Employees Haunt Firms As layoffs become more common at technology companies, say authorities, an increasing number of disgruntled or fired employees are hacking their former companies in revenge.

"The whole nature of computer crimes has changed," agent Greg Walton of the FBI's San Francisco area computer intrusion squad told NewsFactor.

"The network administrator is probably the last guy who finds out someone got fired and he doesn't cut off your access. Or, if the network administrator gets fired, he still has access."

The government's latest response to all of this? It plans to invest $8.6 million in scholarships for a "cybercorps" of 200 computer-security students who will wage war in cyberspace

Back To The Study