High Tech distrusts FBI (hacking probe)

greenspun.com : LUSENET : Grassroots Information Coordination Center (GICC) : One Thread

Friday, February 11, 2000 |

High Tech's Distrust of FBI Could Impede Hacking Probe

Internet: Industry is leery of call for cooperation. Many question agency's competence and fear the publicity.

By CHARLES PILLER, Times Staff Writer

SAN FRANCISCO--The obstacles to finding the perpetrators of this week's Internet sabotage may be as much cultural as technical, underscored by an enduring mistrust of the FBI by technology firms. As the FBI pressed ahead with a broad investigation of those who disrupted Yahoo and other popular Web sites, officials called for a strong partnership between law enforcement and the high-tech industry. But many in the industry frankly question the FBI's competence and fear the publicity that may ensue from a high-profile agency investigation. They prefer to hire their own investigators and handle their own security, even though today's technology tools cannot always ensure network safety from computer hackers.

"FBI management still doesn't get it," said Jim Settle, a Springfield, Va., security consultant and former chief of the FBI's national computer crime program. "They keep turning over their management and putting people in that have little or no background. . . . Do I have a lot of confidence that they will find the people who did this? No." Even the FBI's offer of free security software Wednesday was greeted with deep skepticism by many corporate security experts. The FBI posted the program, designed to probe systems for intrusions, on the agency's Web site and encouraged companies to use it to make sure their sites hadn't been unwittingly compromised. But some companies flatly refused, partly out of suspicion that the program could also allow the FBI to peek into private networks. The FBI could have allayed such fears by posting a copy of the source code--a blueprint computer programmers can examine--but the agency declined to do so. "I'm a little bit paranoid about the FBI," said Phil Karn, a top security expert at Qualcomm Corp., a booming telecommunications company in San Diego. Karn e-mailed the FBI on Wednesday to request a copy of the source code. "Until then," he said in his message, "I must decline to run it and encourage as many others as possible to stay away from it." One reason most Internet and technology companies emphasize prevention is because they believe investigation and prosecution can move so slowly. "A high-technology company says, 'I don't care who did it. Just make sure he doesn't do it again,' " said James Adams, chief executive of Infrastructure Defense, a high-tech security firm in Alexandria, Va. Only 32% of large companies and government agencies that were victims of serious hacking incidents reported those crimes to law enforcement officials, according to a survey by the nonprofit San Francisco-based Computer Security Research Institute. Partly as a result of such concerns, many companies rely on anti-hacking technology tools as a first and last resort. And a burgeoning security industry has emerged to assist companies in protecting their computers and Internet sites--but with mixed success, as seen this week. To be sure, the major Web sites that were attacked this week have said they will cooperate fully with law enforcement. Online auctioneer EBay, a victim of this week's episode, has approached the FBI on numerous occasions. "We have a great relationship with them," said Kevin Pursglove, an EBay spokesman. Thousands of unsolved hacking events cost U.S. firms billions of dollars annually, said Richard Powers, editorial director of the Computer Security Research Institute, perhaps promoting the idea that no matter how competent law enforcement may be, it is overwhelmed by the scope of the problem. Part of the challenge for law enforcement is the insatiable demand for security talent, said Scott Charney, who served as chief of the Justice Department's Computer Crime and Intellectual Property Section from 1991 to 1999. "Generally speaking, those who have left the government to go the private sector can get a pay raise of anywhere from 25% to 400%," Charney said. The FBI also faces dogged distrust from high-tech firms rooted in fundamental disagreements about security and privacy issues. "In the Silicon Valley culture, there is a very visceral distrust of government" fueled by such differences, Adams said. But the biggest barrier to a team effort with the government may be the publicity it could entail. Companies fear being labeled as unreliable because of publicity from successful hacker attacks during criminal investigations, which could drive away customers. "If you are a big company heavily dependent on the Internet, do you want everyone to know a hacker stole 200,000 credit card numbers?" Charney asked. In an Oval Office interview with the Los Angeles Times and two other newspapers on Thursday, President Clinton acknowledged his concern about this week's string of hacker attacks that immobilized Internet retailers for hours. But he said this was a product of what makes the Internet such a valuable retailing tool--its openness. "It's harder to rob a bank than it used to be, and we figured out how to make it harder. And we'll continue to figure out how to secure the Internet without shutting it down or closing off options," Clinton said. The White House also announced that Clinton will meet next week with security and technology executives to discuss the attacks. Atty. Gen. Janet Reno and National Security Advisor Samuel R. Berger are expected to attend.

* * * Times staff writers Peter G. Gosselin and Greg Miller contributed to this report

http://www.latimes.com/business/20000211/t000013499.html

-- Martin Thompson (mthom1927@aol.com), February 11, 2000


Moderation questions? read the FAQ