OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[ISN] Government ineffective in chasing Net crime, executives say.

From: William Knowles (wkC4I.ORG)
Date: Thu Apr 06 2000 - 12:40:54 CDT

http://news.cnet.com/news/0-1005-200-1648223.html

By The Associated Press
Special to CNET News.com
April 6, 2000, 10:05 a.m. PT

STANFORD, Calif.--Threats from cyberterrorists have become almost
routine at Oracle, the leading developer of database software.

Last month, someone in Sudan tried to blackmail the Redwood Shores,
Calif.-based company with a threat to break into its system unless it
paid an undisclosed sum of money.

A clear case for the FBI? Not at Oracle--or at hundreds of other
high-tech victims of Internet cyberstalking.

"We've notified them of a couple of threats, but we didn't expect them
to take any action," said Bill Maimone, Oracle's vice president of
server technologies. "It seems so unlikely that they'd be able to do
something."

As high-tech executives know, the Justice Department lacks the staff
to investigate and prosecute most hackers. Many companies also are
reluctant to undergo government scrutiny; they've got too many
secrets.

As a result, cybercriminals are breaking into or paralyzing Web sites
with little fear of retribution, costing the industry hundreds of
millions of dollars.

At a Stanford University Law School conference on cybercrime
yesterday, Attorney General Janet Reno pleaded for greater cooperation
between the private and public sectors.

"It seems to me that we all have a common goal--to keep the nation's
computer network secure, safe and reliable," Reno told the assembled
CEOs and prosecutors.

Many company leaders were unconvinced.

"High-tech businesses know they can't count on the Justice Department
to handle their complaints," said John Palafoutas, a senior vice
president of the American Electronics Association. "They know they
must take care of their own security."

For the past four years, the Clinton administration has asked Congress
for additional staff to prosecute computer crime. To date, the answer
has been a consistent refusal. There was just one cybercrime
prosecution for every 50 private industry complaints in 1998,
according to the latest Justice Department figures.

"We're only able to respond to a limited number of the complaints we
receive because we're starved for resources," said Associate Deputy
Attorney General John Bentivoglio.

While funding for prosecutors remains static, computer crime has
quadrupled over the past three years, according to a survey by the FBI
and San Francisco's Computer Security Institute.

Of the hacking victims--most often corporations and government
agencies--75 percent said it cost an average of $1 million per
intrusion to investigate, repair and secure their systems.
Corporations spent $7.1 billion in 1999 on security to protect
themselves against cyberattacks, and the bill could reach $17 billion
by 2003, according to Internet analysts at Aberdeen Group in Boston.

Hackers know authorities are overwhelmed.

Two months have passed with no arrests in the Feb. 8 electronic
assault that crippled Web sites at 10 major computer companies,
including Silicon Valley powerhouses eBay, Yahoo and E*Trade.

eBay, an Internet auction site with more than 4.1 million items up for
sale at any given time, fights a constant battle against hacking,
fraud and illegal deals.

"We only take the most serious matters to the FBI. They investigated a
few, but there haven't been any prosecutions," said eBay's general
counsel, Robert Chesnut. "If the government is going to come out and
vow action in these sorts of cases, they need to provide resources,
not just the promises."

Companies such as eBay and Oracle rely on the help of private
consultants to combat hackers--a decision that also helps keep their
problems from being publicized.

"Information-sharing is a risky proposition with less than clear
benefits," said Harris Miller, president of the Information Technology
Association of America. "Companies are understandably reluctant to
share sensitive proprietary information about prevention practices,
intrusions and actual crimes with either government agencies or
competitors."

*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".