ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Security experts say hackers have the edge

May 11, 2000
Web posted at: 11:55 a.m. EDT (1555 GMT)

(IDG) -- Leaders from industry, government and law enforcement hunkered down earlier this week for a day of closed-door meetings in Menlo Park, Calif., to brainstorm about the difficult task of protecting the world's computer networks against cybercriminals.

One theme to emerge early on at the event, billed as the Internet Defense Summit, was that governments have neither the financial resources nor the technical know-how to stay on top of hackers and computer terrorists.

"The private sector must (provide for) themselves much of the action which is necessary to prevent attacks being made on the Internet," Raymond Kendall, the secretary general of Interpol, said in a speech at the start of the day's activities.

"It's no longer possible for governments to provide the kind of resources and investment necessary to deal with these kinds of issues," said Kendall, who spoke via satellite link from Brussels.


The summit, which took place at the Stanford Research Institute's (SRI) leafy campus, attracted more than 100 chief information officers and other top executives from companies and organizations including IBM, Microsoft, Visa International, the U.S. Postal Service and the Los Angeles County Sheriff's Office.

Meetings were held behind closed doors to encourage candid discussion about security problems and the ways participants have learned to cope with them. The event took place in the shadow of the I Love You virus, which emerged last week and has wreaked havoc in public and private computer networks the world over.

"There won't be a lot of resolutions passed here today, but the key is to get the dialogue open and to get CEOs interested in providing their customers with protection," William Crowell, president and CEO of Cylink, which provides security products and services for businesses, said in an interview.

"There are no cookie-cutter solutions; every network is different," he added.

At the top of CIOs' concerns here was denial of service (DoS) attacks, he said, which earlier this year brought Yahoo,, eBay and other high-profile Web sites to their knees. DoS attacks are a key concern because the only way that is currently available to prevent them is to catch the perpetrators, Crowell said.

  Make your PC work harder with these tips
  Download free PC software fast
  TechInformer: The Thinking Internaut's Guide to the Tech Industry's products pages
  Reviews & in-depth info at
  E-BusinessWorld's Windows software page
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletters
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Second on the list of concerns was attacks that reach into networks to steal valuable corporate data. Firewalls are the best way to prevent data theft that originates outside of a network, while cryptography can help to protect data from internal theft, he said.

Selwyn Gerber, a managing partner with offshore banking firm PrimeGlobal USA, said his company considers the Internet so insecure that it won't use it at all to transmit sensitive customer data.

"We're back to using faxes, and we find that much more secure. We use FedEx. In fact, if there were ponies still travelling across Europe we'd probably use those too," Gerber said, speaking at a lunch event that was opened to reporters.

While the business leaders seemed focused on computer hackers, Interpol's Kendall said there is a "real danger" of terrorists and hostile nations using computer networks to wage international warfare.

"We know already ... that most of the major terrorist organizations have their own Web sites, and therefore have the facility to carry out the same sort of action that we've seen carried out over the last week," Kendall said, referring to the I Love You virus.

Cyberterrorism can be "more effective and more costly" to governments than "the classic methods of bomb attacks and assassination." Kendall said. "It is really a serious threat to all of us and all of our societies."

Solutions seemed harder to come by today than the problems discussed. Governments, businesses and research institutions must band together to find the best technologies and courses of action to defeat cybercrimes, the participants said. And companies must be more willing to invest in security systems to protect their networks.

A few participants called on software companies and service providers to make their products more secure. Default settings for software products sold to consumers should be at the highest level of security, they said.

"You wouldn't build a swimming pool in the center of town and not put a fence around it, and I think that's what the software companies are doing," Glenn Tenney, a director with Pilot Network Services in Alameda, California, said during the luncheon.

Although security firms have financial incentives for promoting security issues, for the average corporation, the benefits of spending millions of dollars to bolster security in networks aren't immediately obvious, making them slow to act, others said.

"If you have a choice of spending a million dollars on getting 250,000 new customers, or a million dollars on serving the ones you already have, better, that's a difficult value proposition," Cylink's Crowell said, suggesting that most companies would take the additional customers.

But the severity of attacks could get worse, and businesses would be wise to make precautionary investments now, he said.

"I think we've been lucky so far," Crowell said.

SRI International, which cohosted Tuesday's summit with its consulting arm, Atomic Tangerine, used the event to launch a new software component for Sun Microsystems' Solaris servers. Called Emerald, it is designed for network surveillance and intrusion detection.

In addition, Atomic Tangerine took the wraps off of a new technology, NetRadar, that uses sophisticated network agents to reduce the threat of attacks before they actually occur, according to Atomic Tangerine.

Suspected hacker may face extradition requests
May 9, 2000
Experts say more legislation will not deter computer hackers
May 5, 2000
Feds ask Congress for help in trapping hackers
April 10, 2000
Can you counter-attack hackers?
April 7, 2000
Government computers: The ultimate hackers' proving ground
March 23, 2000

Love bug exposed inadequate warning systems
Interpol: Looking for help to fight cybercrime
Inside a hacker's toolchest
New Fed center targets Internet fraud
New weapon bolsters crackers' arsenals
Mafiaboy attacks could have been stopped
DoS attacks: A problem of the information age
How to prevent DoS attacks

SRI International
Atomic Tangerine

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.