[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cybercrooks



The Dream of the Internet Becomes Worst Nightmare


Manhasset, N.Y., Feb. 16 -- Technology managers, who
dreamed of the Internet as a new business tool and
championed their cause to senior management, are waking
up to nightmares of security gone awry, reports CMP's
InformationWeek in its February 19 issue.

"The incidence of cybercrook attacks to mine or sabotage
a company's information resources is rising rapidly,"
states Bob Violino, editor-at-large of InformationWeek.
"What is especially alarming is that despite the fact
that companies like Rockwell International and Merrill
Lynch and various government agencies employ the latest
firewall and encryption technology available, they are
experiencing security breaches on a regular basis."

Business users have been particularly skittish about the
Internet since last September, when two computer science
students at the University of California at Berkeley
cracked the public-key encryption code used by Netscape
Communications Corp.'s popular browser software.

"There are more experts than ever in the intruder
community who know the infrastructure of the Internet,"
explains Cathy Fithen, CERT's team leader of strategic
incident response.  "In the past we saw people breaking
into systems using passwords.  Now they look for flaws to
exploit involving networking protocols and source codes
for operating systems."

The fear of invasion is well founded, according to
federal law enforcement agencies, which have stepped up
their investigations of online intrusions.  "We're aware
that this is a serious problem for any industry using the
Internet," says Jim Freeman, special agent in charge of
the FBI's San Francisco office.

"Salvation from the government, or from vendors with new
security products, seems unlikely," says Violino.
"History shows that as soon as new security tools are
developed, hackers learn to crack them.  And while not
every company possesses trade secrets, security is still
a must for everyone in business.  For now, at least,
absolute security is one thing the Net can't offer."

But, companies are so focused on Internet intrusions from
outsiders that they often fail to consider the
possibility of an inside hacker.  According to John
Reinke, chief information security architect at Merrill
Lynch & Co., Inc. in New York, "There is no modern large
organization that I now of that does internal firewalls."

At Bell Laboratories, where an internal network links
some 300,000 host computers around the world, security is
a constant concern. "We're bigger than the entire
Internet was in the late 1980s," says Bill Cheswick,
technical staff manager at the labs' computer science
research department in Murray Hill, N.J.  "Our firewall
keeps the bad guys out but you can't say there aren't bad
guys inside the company."

--