low graphics version | feedback | help
Hacker warns US authorities
By BBC News Online's Kevin Anderson in Washington
A convicted hacker has urged the US Congress to strengthen government computer security, following recent attacks on some of the world's most popular websites.
Kevin Mitnick's warning came as senators said it was only a matter of time before the government itself came under cyber attack.
A convicted hacker has urged the US Congress to strengthen government computer security, following recent attacks on some of the world's most popular websites.
Kevin Mitnick's warning came as senators said it was only a matter of time before the government itself came under cyber attack.
 FBI is hunting the saboteurs who paralysed Yahoo! and other major sites
|
Fresh from prison, Mr Mitnick told a congressional hearing: "I have gained unauthorised access to computer systems at some of the largest corporations on the planet, and have successfully penetrated some of the most resilient computer systems ever developed."
He said that in 20 years of hacking, he had been successful in breaking into every system he had targeted except one.
Mr Mitnick was released from a federal prison in California on 21 January. As part of his probation, he is barred from so much as touching a computer keyboard, using a mobile phone or using "anything capable of accessing computer networks".
Social engineering
Mr Mitnick testified before the Senate Governmental Affairs Committee which is considering a bill that would require agencies to create computer security measures subject to review by the Office of Management and Budget.
He said that in 20 years of hacking, he had been successful in breaking into every system he had targeted except one.
Mr Mitnick was released from a federal prison in California on 21 January. As part of his probation, he is barred from so much as touching a computer keyboard, using a mobile phone or using "anything capable of accessing computer networks".
Social engineering
Mr Mitnick testified before the Senate Governmental Affairs Committee which is considering a bill that would require agencies to create computer security measures subject to review by the Office of Management and Budget.
Denial of service |
Hide software "daemons" on hundreds of computers
Daemons bombard internet sites with thousands of requests for information
Volume of internet traffic paralyses website
Daemons give false addresses making them hard to trace
|
The convicted hacker said that the bill was a "good first step" but said it should be strengthened and should include extra security measures.
The government should also train its employees to be aware of techniques, known as "gagging" used by hackers to obtain passwords and access to computer systems.
He said he had in the past convinced Motorola workers he was a fellow employee so they would create accounts for him on target machines and provide him with passwords to their systems.
He also was able to convince a receptionist at AT&T he was an executive at the company. She then faxed him a password that gave him access to the telecommunications giant's global network.
Senator Joe Lieberman, who co-sponsored the bill requiring governmental agencies to implement computer security said: "Scores of government systems have already been hacked.
"Fortunately, none of the intrusions to date has been damaging. But, let's face it, it's only a matter of time."
'Co-operation, not regulation'
But representatives from technology firms and civil liberties groups cautioned against using the recent denial of service (DoS) attacks on major sites such as Yahoo! to justify increased government intervention.
The government should also train its employees to be aware of techniques, known as "gagging" used by hackers to obtain passwords and access to computer systems.
He said he had in the past convinced Motorola workers he was a fellow employee so they would create accounts for him on target machines and provide him with passwords to their systems.
He also was able to convince a receptionist at AT&T he was an executive at the company. She then faxed him a password that gave him access to the telecommunications giant's global network.
Senator Joe Lieberman, who co-sponsored the bill requiring governmental agencies to implement computer security said: "Scores of government systems have already been hacked.
"Fortunately, none of the intrusions to date has been damaging. But, let's face it, it's only a matter of time."
'Co-operation, not regulation'
But representatives from technology firms and civil liberties groups cautioned against using the recent denial of service (DoS) attacks on major sites such as Yahoo! to justify increased government intervention.
 Amazon.com: Targeted for attack
|
Microsoft's chief information officer, Howard Schmidt, said the IT industry regularly dealt with hacker attacks and defeated most of them.
Charles Giancarlo, senior vice president with computer networking equipment maker Cisco, said: "At this time, we do not ask Congress for new laws in the area of internet security".
He said co-operation, not regulation, would protect security while at the same time offering the broadest possible public access to the internet.
Jack Dempsey of the Centre for Democracy and Technology, an electronic civil liberties organisation, echoed the concerns of industry representatives.
He told lawmakers: "You must be careful to ensure that the recent internet attacks do not serve as justification for legislation or other government mandates that will be harmful to civil liberties and the positive aspects of the openness and relative anonymity of the internet."
Charles Giancarlo, senior vice president with computer networking equipment maker Cisco, said: "At this time, we do not ask Congress for new laws in the area of internet security".
He said co-operation, not regulation, would protect security while at the same time offering the broadest possible public access to the internet.
Jack Dempsey of the Centre for Democracy and Technology, an electronic civil liberties organisation, echoed the concerns of industry representatives.
He told lawmakers: "You must be careful to ensure that the recent internet attacks do not serve as justification for legislation or other government mandates that will be harmful to civil liberties and the positive aspects of the openness and relative anonymity of the internet."
|
Search BBC News Online |
|
|
 Advanced search options | |
| |
 | |
 | |
| |
 | BBC RADIO NEWS |
| |
| |
 | BBC ONE TV NEWS |
| |
| |
| WORLD NEWS SUMMARY |
| |
| |
| |
| |
 | PROGRAMMES GUIDE |
Country profiles
See also:
Internet links:
The BBC is not responsible for the content of external internet sites
Links to other Americas stories are at the foot of the page.
E-mail this story to a friend
~RS~a~RS~international~RS~q~RS~~RS~z~RS~18~RS~)