Hacking is the biggest threat to national and personal security. 01/07/27 ReleVents hed: An urgent need for cybercops dek: Hacking is the biggest threat to national and personal security. By James Mathewson
I talk to on an FBI insider on a regular basis just to get an idea of how cyber law enforcement is going. His job is more on the forensic side–analyzing seized hard drives and other media for evidence of criminal behavior. But he’s up on the entire scope of electronic criminal apprehension. Every time we talk, the situation gets more desperate. Tracking and containing hackers is a numbers game. For every new FBI agent trained in digital techniques, there are a hundred new hackers plying their wares on the Internet.
The last time we talked, about six months ago, I had a long argument with him about Carnivore–the FBI’s e-mail wiretapping system, now called the DCS1000. I argued it is ripe for privacy abuse. He argued that the FBI needs more and more sophisticated technology to counteract the numbers game. Not only are there more hackers every day, but also their tools are getting more sophisticated and easier to find on the Internet. If something is not done, the situation will rapidly deteriorate into chaos. Most security folks say it is not a matter of whether your network will be hacked but when, and how much damage will be done.
This is why it is no surprise to me to read the news item on our site today that describes the FBI’s efforts to safeguard our national networks. In short, the National Infrastructure Protection Center (NIPC), a division of the FBI, is not doing an adequate job of protecting the nation’s computer networks. The determination was made by the General Accounting Office (GAO) and presented to a Senate Judiciary subcommittee that will set funding levels for the NIPC.
Among the GAO’s recommendations was that the NIPC “bolster its staff with skilled personnel.” Good luck. For some reason, the desire to be on the good side of the law when it comes to hacking does not match the rest of society. There are plenty of ethical hackers who use illegal means to promote personal causes. But few wish to use legal means and work for law enforcement. On the other hand, cop schools are full. National Guardsmen are plentiful. Special units like the PJs, an Air National Guard unit that sends specially trained personnel on suicide rescue missions, have to go to extreme measures to weed out candidates. The Green Beret still only passes three out of 100 candidates. Why is there such a dearth of good cybercrime candidates?
I don’t have any answers here, except a few observations: Hacking is a cultural phenomenon that does not favor prevention. The culture of hacking is similar to the culture of gaming. Both gaming and hacking often include multiple layers of interdependent challenges. When successful, the participants of both activities can brag about their exploits. While the field of computer forensics involves detective work that might interest gamers or hackers, a lot of computer crime work is not nearly as glamorous as hacking or gaming. At least that is the image of cybercops. Somehow this image must be changed, or we will be overrun with hackers, and our critical information resources will be more at risk than at any time in our country’s history.
It’s kind of ironic that the Internet, a communications medium originally designed to protect our information resources in the event of war, enables growing vulnerability to our information resources in times of peace.
James Mathewson is editorial director of ComputerUser magazine and ComputerUser.com.