February 21, 2000
Net Crime Does Pay � for Cops
Recent hack attacks have spurred law enforcers to seek more funding. But is throwing money at the problem really going to help?
By Elinor Abreu
The attacks that crippled Yahoo and at least seven other top sites this month could prove a boon to law enforcement officials seeking more funding from Congress.
"Our current resources are stretched paper-thin," testified FBI Director Louis Freeh at a Senate committee hearing last week. "We only have 193 agents assigned to NIPC [National Infrastructure Protection Center] squads nationwide." Freeh's comments came only one day after the White House convened a summit on Internet security.
The Justice Department will need an additional $37 million next year, according to U.S. Attorney General Janet Reno. Cybercrime, Reno warns, "is one of the most critical issues law enforcement has ever faced."
Many Internet analysts, however, are skeptical. "There's an enormous amount of money sloshing around the DoJ today," says Marc Rotenberg, director of the Electronic Privacy Information Center. "They've received incredible increases in the last few years to address computer crime, and it's not clear to me the current funding is being well spent."
San Francisco attorney Jennifer Granick scoffs: "This is a great opportunity [for law enforcement] to get more cash." Granick, who has represented accused hackers in the past, adds, "They have been extremely successful in getting more funding from legislators around the country by using the threat of computer crime."
Reno wants more than millions. She wants to amend the Computer Fraud and Abuse Act to cover computer attacks even if no single computer sustains damage above the current $5,000 limit. The amendment would also allow judges to issue court orders enabling authorities to monitor phone calls and computer messages that travel across jurisdictions.
Such demands alarm civil-rights advocates, who fear further erosion of online privacy.
"Law enforcement has had very little trouble tracking down the perpetrators in these cases," says Ari Schwartz, an analyst with the Center for Democracy and Technology. "So we should focus on making sure law enforcement stays up to date with the technologies and uses techniques that do not invade civil liberties."
Indeed, within days of the recent denial-of-service hacks, authorities quickly focused their search on an Internet Relay Chat braggart with the moniker "mafia-boy" and on "Coolio," the alias of the person who allegedly hijacked the domain of RSA Security and redirected it to a defaced site. "I would not characterize [the investigation] as difficult," says George Grotz, special agent in the FBI's computer crime squad in San Francisco. "[But] I think we need the help of the community to solve this."
Meanwhile, several lawmakers are preparing bills to increase penalties and broaden hacking prohibitions.
"My nightmare fear is some congressman is going to seize on this and they're going to pass some laws," says Paul Saffo, director of the Institute of the Future in Menlo Park, Calif. "I can just see people overreacting and doing things that would invade people's privacy or tie up the Internet with so much security nonsense that innovation slows down."
In Washington, tech-industry officials caution against new regulations to prevent future attacks, asking the government to lead by example. "We recommend that the government use secure Web servers and do the hygiene," says Roberto Medrano, general manager of Hewlett-Packard (HWP) 's Internet security division.
"The government should be getting its own house in order first," agrees Frank Cilluffo, deputy director of the Global Organized Crime Project at the Center for Strategic and International Studies. "Only then can they expect the private sector to pony up the resources" to fight cybercrime.
http://www.thestandard.com/article/display/0,1151,11342,00.html
-- Jen Bunker (jen@bunkergroup.com), February 24, 2000