Yesterday the U.S. House Oversight and Investigations Committee held an open hearing to talk about cracks of government computers during 2000. Their findings were alarming, natch, and congressmen were quoted agreeing that Something Must Be Done.
Some of the witnesses, however, seemed to be having a grand time. D. Ian Hopper's AP piece concluded, as did much of the coverage, with this irresistible sound bite from security expert Tom Noonan: "You don't have to be very experienced, you don't have to have a high IQ in order to attack our government." Hopper added some flair to the witness' delivery: "Showing an African Web site, Noonan explained that many of the tools to break into government computers are easy to find and free."
A story by William New of the National Journal's Technology Daily, carried by Govexec.com, shed light on testimony about how hard it is for the government to retain qualified security experts. A big part of the problem is the salary levels in private industry.
Brock N. Meeks's story for MSNBC went deeper into the hearing. He noted that the 155 break-ins reported last year represent only those incidents in which the attackers gained administrative ("root") access to the computer systems. For a wider cross-section of break-ins, see the statistics at the site of record for defaced Web sites: Attrition.org reports that U.S. government and military sites were targets of fewer than 4.5 percent of reported incidents over 1999 and 2000.
Meeks described a presentation to the congressional committee by a Department of Energy white-hat hacking team. Perhaps it came at the end of a long day and the other reporters had all slipped out to file their copy - Grok can't think of any other reason why a reporter would resist the presentation of "Hacking 101" to goggle-eyed politicos.
Hackers Took Over Dozens of Government Systems Last Year, Study Finds (AP)
U.S. Government Computers Widely Hacked in 2000
FBI Struggles to Retain Cybercrime Experts
Hackers Hit 155 Government Sites
Defacement Counts and Percentages, by Domain Suffix