Europe South Asia Asia Pacific Americas Middle East Africa BBC Homepage World Service Education
BBC Homepagelow graphics version | feedback | help
BBC News Online
 You are in: World: Americas
Front Page 
Middle East 
South Asia 
From Our Own Correspondent 
Letter From America 
UK Politics 
Talking Point 
In Depth 
Friday, 3 March, 2000, 08:24 GMT
Hacker warns US authorities

By BBC News Online's Kevin Anderson in Washington

A convicted hacker has urged the US Congress to strengthen government computer security, following recent attacks on some of the world's most popular websites.

Kevin Mitnick's warning came as senators said it was only a matter of time before the government itself came under cyber attack.

The FBI is hunting saboteurs who paralysed Yahoo and other major sites
FBI is hunting the saboteurs who paralysed Yahoo! and other major sites
Fresh from prison, Mr Mitnick told a congressional hearing: "I have gained unauthorised access to computer systems at some of the largest corporations on the planet, and have successfully penetrated some of the most resilient computer systems ever developed."

He said that in 20 years of hacking, he had been successful in breaking into every system he had targeted except one.

Mr Mitnick was released from a federal prison in California on 21 January. As part of his probation, he is barred from so much as touching a computer keyboard, using a mobile phone or using "anything capable of accessing computer networks".

Social engineering

Mr Mitnick testified before the Senate Governmental Affairs Committee which is considering a bill that would require agencies to create computer security measures subject to review by the Office of Management and Budget.

Denial of service
Hide software "daemons" on hundreds of computers
Daemons bombard internet sites with thousands of requests for information
Volume of internet traffic paralyses website
Daemons give false addresses making them hard to trace
The convicted hacker said that the bill was a "good first step" but said it should be strengthened and should include extra security measures.

The government should also train its employees to be aware of techniques, known as "gagging" used by hackers to obtain passwords and access to computer systems.

He said he had in the past convinced Motorola workers he was a fellow employee so they would create accounts for him on target machines and provide him with passwords to their systems.

He also was able to convince a receptionist at AT&T he was an executive at the company. She then faxed him a password that gave him access to the telecommunications giant's global network.

Senator Joe Lieberman, who co-sponsored the bill requiring governmental agencies to implement computer security said: "Scores of government systems have already been hacked.

"Fortunately, none of the intrusions to date has been damaging. But, let's face it, it's only a matter of time."

'Co-operation, not regulation'

But representatives from technology firms and civil liberties groups cautioned against using the recent denial of service (DoS) attacks on major sites such as Yahoo! to justify increased government intervention. Targeted for attack Targeted for attack
Microsoft's chief information officer, Howard Schmidt, said the IT industry regularly dealt with hacker attacks and defeated most of them.

Charles Giancarlo, senior vice president with computer networking equipment maker Cisco, said: "At this time, we do not ask Congress for new laws in the area of internet security".

He said co-operation, not regulation, would protect security while at the same time offering the broadest possible public access to the internet.

Jack Dempsey of the Centre for Democracy and Technology, an electronic civil liberties organisation, echoed the concerns of industry representatives.

He told lawmakers: "You must be careful to ensure that the recent internet attacks do not serve as justification for legislation or other government mandates that will be harmful to civil liberties and the positive aspects of the openness and relative anonymity of the internet."

Search BBC News Online

Advanced search options
Launch console
Americas Contents

Country profiles
See also:

26 Feb 00 |  Sci/Tech
Web hackers strike again
11 Feb 00 |  UK
A - Z: Hack attack
10 Feb 00 |  Business
Beating the hacker attack
06 Sep 99 |  e-cyclopedia
Cracking: Hackers turn nasty
16 Feb 00 |  Sci/Tech
When states go to cyber-war
11 Feb 00 |  Sci/Tech
Security answers to cyber attack
28 Mar 99 |  Sci/Tech
Notorious hacker pleads guilty
Links to other Americas stories are at the foot of the page.

E-mail this story to a friend

Links to more Americas stories