Corporate and Government Computers Hacked by Juveniles: Your Government Computer Is Being Targeted for a Hack Right Now. the Hackers Are Teenagers. They'll Never Be Caught, and They Know It
Radnofsky, Mary L., The Public Manager
Imagine a teenager in his pajamas on the computer in his bedroom at 3:00 a.m., absorbed by the challenge of hacking into the Pentagon. And then, finally, he comes across a list of thousands of e-mails from top military brass with cool subjects about different "operations." There, appearing on the screen before his eyes, are the names and passwords of over a dozen U.S. Department of Defense (DoD) employees. He could be the proverbial fly on the wall, listening to bioweapon experts at the Defense Threat Reduction Agency. Yeah, he'll get to that tomorrow night. OK. Save. Maybe in a week or two, he'll get to that high-security software for the International Space Station on the National Aeronautic and Space Administration's (NASA's) network. But it's 4:00 a.m. and there is school tomorrow. Bookmark. Shut down.
Seem unlikely? It happened. Yes, this case was way back in 1999, when most people hadn't realized the transparency of computer communication. Except, well, many had. So today, in 2006, why are there even more of these cases? Thousands of computer intrusions? Millions of identity thefts? And $67.2 billion lost to cybercrime last year? The lesson begins two decades ago.
First Hacker Caught
The year was 1986. One lone American astronomer, who fiddled with computers during his research, discovered a financial discrepancy of seventy five cents. From that, he followed a trail of computer hacks over several years, eventually convincing the Federal Bureau of Investigation (FBI), military, international security, and law enforcement agencies to pursue a computer criminal for the first time in history. In Germany, a college student had gained access to hundreds of computers on Milnet and Arpanet, the U.S. military versions of today's Internet. The hacker downloaded data from our Army bases in Germany, Japan, Alabama, and Georgia, from Air Force bases in Germany and California, from Navy systems in Florida, from the Pentagon, from the jet Propulsion Lab, from an MIT computer, from Lawrence Berkeley Laboratory, and from other defense contractors.
Who else had seen the thousands of secret files that a German college student (dubbed the "Hannover Hacker") had been stealing for years? How does one measure the consequences of unveiled defense strategies, proprietary software, and military identities? Perhaps the more recent, though individual, case of Valerie Plame's lost cover can illustrate this point for us today. We won't know how bad things are until something happens on the basis of lost intelligence. That could be tomorrow or in two months. Hackers are patient, and sometimes wait years before acting on stolen information.
So, since 1986, Germans have become the best enforcers of information technology (IT) security in Europe. Here in the United States, however, we are still struggling with postponed legislation (H.R. 5835, the Veterans Identity and Credit Security Act of 2006), unclear and unevenly enforced laws, and, worst, the battle to convince ourselves that the problem of computer intrusions is in fact a very big deal--not just to industry giants, but to every government agency, school, and home.
The State of Cybercrime
Twenty years after the Hannover Hacker, not only do we still have these types of hacking crimes, but a plethora of even more creative ones, despite the genuine (and expensive) industry and government attempts to secure computer networks. Cybercrime is, of course, global. Although attacks come from all over the world, 26 percent start in the United States, followed by China with 24 percent. Many such crimes are committed by students--not because they really want state secrets, but just to prove they can do it. Many more do it for the millions of dollars they can generate through extortion. First, they demonstrate they have access, and then threaten to shut down a company's Web site for a day. So the company pays them not to make a denial of service (DoS) hack, and the cybercriminals get paid time and again. …