Originally created 04/09/00

Tech executives say government little help in fighting cybercrime

STANFORD, Calif. -- Threats from cyberterrorists have become almost routine at Oracle Corp., the leading developer of database software.

Last month, someone in Sudan tried to blackmail the company based in Redwood Shores with a threat to break into its system unless it paid an undisclosed sum of money.

A clear case for the FBI? Not at Oracle -- or at hundreds of other high-tech victims of Internet cyberstalking.

"We've notified them of a couple of threats, but we didn't expect them to take any action," said Bill Maimone, Oracle's vice president of server technologies. "It seems so unlikely that they'd be able to do something."

As high-tech executives know, the Justice Department lacks the staff to investigate and prosecute most hackers. Many companies also are reluctant to undergo government scrutiny; they've got too many secrets.

As a result, cybercriminals are breaking into or paralyzing Web sites with little fear of retribution, costing the industry hundreds of millions of dollars.

At a Stanford University Law School conference on cybercrime Wednesday, Attorney General Janet Reno pleaded for greater cooperation between the private and public sectors.

"It seems to me that we all have a common goal -- to keep the nation's computer network secure, safe and reliable," Reno told the assembled CEOs and top prosecutors.

Many company leaders were unconvinced.

"High-tech businesses know they can't count on the Justice Department to handle their complaints," said John Palafoutas, a senior vice president of the American Electronics Association. "They know they must take care of their own security."

For the past four years, the Clinton administration has asked Congress for additional staff to prosecute computer crime. To date, the answer has been a consistent refusal.

There was just one cybercrime prosecution for every 50 private industry complaints in 1998, according to the latest Justice Department figures.

"We're only able to respond to a limited number of the complaints we receive because we're starved for resources," said Associate Deputy Attorney General John Bentivoglio.

While funding for prosecutors remains static, computer crime has quadrupled over the past three years, according to a survey by the FBI and San Francisco's Computer Security Institute.

Seventy-five percent of the hacking victims -- most often corporations and government agencies -- said it cost an average of $1 million per intrusion to investigate, repair and secure their systems.

Corporations spent $7.1 billion in 1999 on corporate security to protect themselves against cyberattacks and the bill could reach $17 billion by 2003, according to Internet analysts at Aberdeen Group in Boston.

Hackers know authorities are overwhelmed.

Two months have passed with no arrests in the Feb. 8 electronic assault that crippled Web sites at 10 major computer companies, including Silicon Valley powerhouses eBay, Yahoo! and ETrade.

EBay, the leading Internet auction site with more than 4.1 million items up for sale at any given time, fights a constant battle against hacking, fraud and illegal deals.

"We only take the most serious matters to the FBI. They investigated a few, but there haven't been any prosecutions," said eBay's general counsel, Robert Chesnut. "If the government is going to come out and vow action in these sorts of cases, they need to provide resources, not just the promises."

Meanwhile, companies like eBay and Oracle rely on the help of private consultants to combat hackers -- a decision that also helps keep their problems from being publicized.

"Information-sharing is a risky proposition with less than clear benefits," said Harris Miller, president of the Information Technology Association of America.

"Companies are understandably reluctant to share sensitive proprietary information about prevention practices, intrusions and actual crimes with either government agencies or competitors."

On The Net:

Department of Justice: http://www.usdoj.gov/criminal/cybercrime

CERT Coordination Center: http://www.cert.org

Computer Security Institute: http://www.gocsi.com


Trending this week:


© 2016. All Rights Reserved.    | Contact Us