From: InfoSec News (isnC4I.ORG)
Date: Thu Apr 05 2001 - 19:34:34 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.washingtonpost.com/wp-srv/aponline/20010405/aponline131104_000.htm

By D. Ian Hopper
Associated Press Writer
Thursday, April 5, 2001; 1:11 p.m. EDT

WASHINGTON At least 155 federal computers systems some with sensitive
research information or personal data on Americans were temporarily
taken over by hackers last year, according to a review that found
widespread lax computer security.

The government's lack of safeguards against domestic and foreign
attackers who struck 32 federal agencies last year is "chilling," one
congresswoman said.

"I think it would come as quite a surprise for most Americans to learn
the extent to which these federal civilian agencies are the target of
attacks by foreign and domestic sources bent on espionage or other
malicious actions," Rep. Billy Tauzin, R-La., said at a House
Oversight and Investigations hearing Thursday.

A month ago, subcommittee chairman Rep. James Greenwood, R-Pa.,
demanded updates from 15 federal agencies to check their compliance
with federal security regulations. Very few had done even cursory
checks of the integrity of their defenses, he said.

"We are not surprised or pleased by what we are finding," Greenwood
said.

The committee also released a February computer security study by
overseers at the Health Care Financing Administration, which controls
Medicare. The report found numerous weaknesses that permitted
unauthorized access to the medical information of Medicare recipients,
Tauzin said.

"I can envision incredible fraud opportunities with that scenario, as
well as privacy problems," he said.

Ronald L. Dick, director of the FBI's National Infrastructure
Protection Center, said there are currently 102 open investigations of
computer intrusions into government systems, and the bureau is keenly
aware of the rise of state-sponsored hacking.

"The range and motives associated with who are perpetrating these acts
makes the full gamut," Dick said, adding that some do it for sport and
others are "state-sponsored activities concerned with trying to
perform information warfare."

"We've been hearing a lot of very chilling testimony here," said Rep.
Diana DeGette, D-Colo. "With all of this activity going on, I'm
wondering why we haven't seen an incident of cyberterrorism yet."

"Eventually we are going to see it," replied Dick, but adding that
since 80 percent of incidents go unreported, it could be happening
now.

Security expert Tom Noonan highlighted some of the shortfalls of
government security, noting that only 5 to 10 percent of federal
agencies use automatic security detection programs, and that the
average salary among security experts at his company is $80,000, far
more than what most federal employees make.

"Computer security experts are scarce, they're in short supply, and
they're expensive," said Noonan, the president of Atlanta-based
Internet Security Systems.

Showing an African Web site, Noonan explained that many of the tools
to break into government computers are easy to find and free.

"You've got a whole smorgasbord here to fill your palate," Noonan
said. "You don't have to be very experienced, you don't have to have a
high IQ in order to attack our government."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]