Most Hacks Are Inside Jobs
by Daniel Rubin, Medill News Service
February 9, 1999, 3:35 p.m. PT
FBI director urges encryption keys to protect businesses from internal
sabotage.
WASHINGTON -- The greatest threat to the security of American companies'
computer networks isn't an outside hacker, FBI Director Louis Freeh told a
group of business leaders Tuesday. It isn't a foreign intelligence agency,
either.
Employees or former employees who have an ax to grind with their bosses or
who sell corporate information for cash are the greatest sources of stolen
corporate secrets and data, Freeh said at a meeting of the U.S. Chamber of
Commerce.
"Disgruntled former employees and dishonest, greedy employees are a
serious danger," Freeh said. "It is an area of critical vulnerability for
us."
Freeh said that such internal threats justify the Clinton administration's
efforts to require encryption "keys" for law enforcement officials. These
keys could unlock encrypted corporate data that might have been sealed by
a disgruntled employee.
"It is the equivalent of someone locking your house from the inside and
keeping the key," Freeh said.
Privacy Concerns
Privacy groups, as well as several coalitions of high-tech firms, have
opposed this type of key or other access to encryption software. The issue
is tied to opposition to export controls on encryption software.
"What we are looking for is a more balanced policy," said Dave McCurdy,
president of the Electronic Industries Alliance, prior to Freeh's speech.
"We are seeking a relaxation of export controls."
While Freeh focused on internal threats, the conference dealt mostly with
external threats to corporate computer security and trade secrets.
Representatives from firms ranging from Cisco Systems to Coca-Cola
attended.
Jeffrey Moss, who is known in computer hacking circles as Dark Tangent,
talked about the ease of obtaining hacking software over the Internet.
"A few years ago, these programs were traded among hackers like baseball
cards," said Moss, who runs a computer network security-assessment
service. "Now anybody who can search Yahoo can get these things."
As a computer security consultant, Moss now hacks into corporate systems
to test network defenses. He said he has failed to crack a system only
once, and that system belonged to a bank.
"The biggest problem is that people don't even know their own networks,"
said Moss. "If the people who built the network are gone, then new people
won't know what it looks like."
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 17:21:04 1999