Despite the arrest of the FBI's most-wanted hacker, computersystem operators are scrambling to put virtual locks on theircyberworlds in what might be a futile attempt to protect themselves.
"We're doing what we can, but it's impossible to give peoplethe world with a fence around it," said Bruce Katz, owner of theWell, which is based in Sausalito, Calif., and is one of thenetworks that hacker Kevin D. Mitnick is accused of invading.
Mitnick allegedly broke into the system to read strangers'e-mail, camouflage his other activities and, in one final affront,wipe out all of its accounting records.
While Mitnick is considered one of the best hackers, networksare concerned about the hundreds of others who also get thrillsfrom breaking into computers.
Computer security is a daunting task. The global Internet wasdesigned for researchers to collaborate, not for high security.
But as it has gone from being the purview of scientists to abusiness and public forum, security needs have changed, but theporous nature of the network has not. Anyone with a computer, amodem and a phone line can get onto the Internet.
In the case of the Well, Mitnick's alleged security breach wasso severe that technicians will have to rebuild the system fromscratch next week.
"We're actually going to have to go off the air for two fulldays to do it," Katz said.
That's on the order of evacuating a small town so police cansearch for bombs. The Well's 10,000 users comprise a tight --albeit virtual -- community.
Since the Well was ravaged, it has moved all its internalcommunications and accounting systems behind a portion of itscomputer that the public cannot reach. And a new password programgoing up next week will let users chose only "strong passwords."
"If people pick a word that's in the dictionary, it will tellthem to find another," Katz said.
Mitnick, 31, was arrested Wednesday in Raleigh, N.C., andcharged with computer fraud and illegal use of a telephone-accessdevice. He was jailed without bail Friday.
Prosecutors say the man described as the nation's most-wantedcomputer infiltrator commandeered cellular-phone circuits to raidcorporate computer systems and steal information worth more than $1million, including at least 20,000 credit card numbers.
With hacking of that magnitude going on, companies that dobusiness through the Internet were already wary, and they have beengrowing warier.
CyberSource of Menlo Park, Calif., which sells software via theInternet, allows only a small portion of its computer system toconnect to the Internet.
"Places like the Well and Netcom (another system that Mitnickallegedly cracked) are kind of throwing the house open to anyone onthe street and then trying to stop them from stealing thesilverware," said John Pettitt, CyberSource's vice president ofengineering.
"We changed all our passwords yesterday, on general principle,"Pettitt said.
That is no surprise to those who consider the Mitnick case awake-up call for the computer community and seek tighter standardson the Internet.
"This whole sorry mess could have been avoided -- and the blamecan be laid directly at the door of the government for suppressingstrong cryptographic applications," Berkeley consultant BruceKoball said.
Cryptographic computer programs are based on algorithms thatallow users to code and decode messages. Currently, on-linecommunications are like postcards -- anyone can read anything onthem.
Several companies, including Apple and Microsoft, plan torelease easy-to-use cryptography as part of their e-mail systems inthe next year. The encryption scheme they are using, RC4, has beenapproved by the government.
"The reason, of course, is that the National SecurityAdministration would have no problem breaking an RC4 encryptedmessage with its computers," Koball said.
Sooner or later, it won't just be the government that can breakthe code.
"Nothing you put on a computer which you share with 8,000 ofyour closest friends should be regarded as secret," Pettitt said.
Комментариев нет:
Отправить комментарий