http://www.wired.com/news/politics/0,1283,56382,00.html

By Noah Shachtman
Nov. 14, 2002

Despite the panting about "cyberterrorists," and despite the scare
mongering about venomous hackers preying on fragile federal networks,
attacks on government computer systems are declining worldwide,
according to a recently released report.

In the United States, reported intrusions into government networks
fell from 386 in 2001 to 162 in the first 10 months of 2002.
Worldwide, such attacks have declined by about a third -- from 2,031
last year to a projected 1,400 today.

The report, from the British firm mi2g, comes just a day after the
U.S. Justice Department indicted Londoner Gary McKinnon for breaking
into military and NASA systems -- and the U.S. Congress approved a
$903 million bill for beefing up computer security.

"As we move forward in our war against terrorism, it will be as
important for us to secure cyberspace as it will be for us to secure
the homeland against malicious attack," Rep. Nick Smith (R-Mich.) said
after the passage of the Cyber Security Research and Development Act.

To many in the computer security world, mi2g's numbers show just how
craven these sorts of statements are.

The government hacking figures are like the "similar and consistent
drop in violent crime statistics. Despite these facts, politicians
have been claiming the public was under siege. Here we go again,"
wrote Oxblood Ruffin, founder of the Hacktivismo online action group,
in an e-mail. "Threats will always be exaggerated because that's how
one strip mines civil liberties. This is the real battleground."

The anti-terrorist USA Patriot Act, signed into law by President Bush
last October, makes it easier than ever for federal authorities to pry
into e-mail, phone conversations, voice messages -- even Web surfing
paths. It also punishes unauthorized computer access with up to five
years in jail.

This year's decrease in government intrusions has occurred while the
overall level of hacks worldwide has risen, from 31,322 in 2001 to
64,408 so far this year. That doesn't surprise Lawrence Walsh, editor
of Information Security magazine.

"Most of the attacks today are made by unsophisticated 'script
kiddies' using off-the-shelf tools. What's the incentive for them to
go after government systems?" Walsh asked. "There are more rewards
available from attacking small- and medium-sized businesses -- like
credit card information and financial data. And these networks are
typically not as well-defended."

Others in the computer security arena are reluctant to draw too many
conclusions from the report.

Winn Schwartau, author of Pearl Harbor Dot Com, noted that mi2g seems
to be relying solely on hacks that have been publicly documented.

But the government is "increasingly reluctant to admit to the world
that they've been hit," he said.

Marquis Grove, editor of the Security News Portal, added in an e-mail,
"Their statistics are basically worthless. Mi2g doesn't have a crystal
ball or inside information from the U.S. government sources."

Even if the report only counts the most obvious attacks against
government networks, it does convey an important message, hackers
noted.

"There is no such thing (as cyberterrorism), currently. And I do not
ever see such things taking place in the near future or distant
future," Lilac Echo, who runs the security website WBGLinks, wrote in
an e-mail. "Though it makes for good print, it's pure fiction.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]