U.S. government figures indicate that hacker attacks have dropped significantly since September of 2001. Other numbers show that hackers are still creating as much havoc as ever. Despite the discrepancy, it remains clear that enterprise system attacks launched by hackers are still a serious threat. The size of the threat is up for debate.
Hack attacks are slowing down
The Federal Computer Incident Response Center (FedCIRC) reported a total of 15 attacks in December of 2001, down from 53 during December of 2000. FedCIRC is the central coordination and analysis facility dealing with computer security-related issues that affect the U.S. government.
Bill Wall, chief computer engineer at Harris STAT, has been keeping his eyes on the numbers listed by FedCIRC. He said that December has traditionally been a peak month for hacker activity. Wall was surprised to see such a low number in December of 2001.
“Normally, you have a high period of attacks over the holidays when the kids are on break. People take that break and try to use it to get into systems.”
The FedCIRC claims that hacker attacks have been dropping since a high of 114 attacks in August 2001. Wall said that the drop could be attributed to reactions to Sept. 11. In the wave of the terrorist attacks, hackers may have backed off because they are feeling more patriotic or they fear a more serious punishment if hacking attacks were equated with terrorism.
But, as Wall says, this still wouldn’t account for those hackers who live outside the United States and don’t face as harsh of punishment.
Wall said that technology might have improved to the degree that IT is finally a step ahead of hackers. He also said the decline in recent attacks may be a reflection of the fact that hackers have moved to underreported areas such as attacks against home computers with DSL connections. Nonetheless, Wall still finds the low numbers unusual.
Hackers are as prolific as ever
Allan Paller, director of research at the SANS Institute, has an entirely different answer to the question of whether hacking attacks are up or down. He said that he has not seen a slowdown at all in hacker activity. Instead of relying on FedCIRC numbers, Paller prefers to follow the numbers provided by Alldas.de Deface Archives, which reported 259 hacker attacks in December 2001, up from 165 attacks in December of 2000. “They have come back even greater than they were acting before. The underlying attack rate is continuing to trend upward, ” said Paller.
In addition to the upward trend, Paller said the attacks are proliferating more quickly. “The attacks were breathtaking from March through September,” said Paller. Paller said the attacks picked up speed during the period. “They got faster—they used to take three or four days” to spread. By the end of the period, however, Paller said that some attacks would spread to hundreds of thousands of machines in only a few hours.
Paller and Wall may look at different numbers to gauge hacker activity. But there is one area the two security experts agree upon. IT managers should not let down their guards. “There is no shortage of vulnerabilities or exploits,” said Wall.
It’s important to stay current on your patches as well as antivirus software, according to Wall. “I’m sure new code is being written now to take advantage of them,” said Wall.
Paller had some strongly worded advice for IT managers. “Don’t let anybody touch the computer that doesn’t know what they are doing with security. A lot of really bad problems happened because of system administrators who didn’t know what they were doing with security,” said Paller.
The most important thing to do is to make sure that whoever controls your computers knows how to secure them.
How to report a computer crime
The Computer Crime and Intellectual Property Section (CCIPS) of the U.S. Justice Department maintains a Web site to make it easier to report computer crimes. The CCIPS advises that computer crimes be reported to appropriate law enforcement investigative authorities at the local, state, federal, or international levels, depending on the scope of the incident. But taking that advice can be confusing because so many agencies investigate cybercrimes. These agencies include:
- Federal Bureau of Investigation (FBI)
- U.S. Secret Service
- U.S. Customs Service
- U.S. Postal Inspection Service
- Bureau of Alcohol, Tobacco and Firearms (ATF)
In most cases, you may report a cybercrime by calling the local office of an appropriate law enforcement agency. You should ask to speak with the “duty complaint agent.” There are often a variety of agencies that can handle your complaint, depending on what type of cybercrime has occurred.
For example, if a hacker has broken into your organization’s network, you may consider reporting it to the closest U.S. Secret Service office. Another option is reporting the incident to the FBI—either the local office or the FBI’s interagency center, the National Infrastructure Protection Center (NIPC).
What’s your view?
Have hackers backed off or are they still a major threat? Send us an e-mail or join the discussion.