Companies asking for trouble with lax security, hackers say

Doug Bedell

To old-line hackers, the flap over the recent denial of service attacks is totally out of whack.

Rather than sending government storm troopers to arrest hackers, Internet businesses should be forced to upgrade their own security, says Brian Martin, Attrition.org site administration, which logs computer incursions.

"Basically, by analogy, these companies parked their car in a bad neighborhood, they left it unlocked, they returned to find they had valuables stolen," says Mr. Martin. "Gee, I wonder why."

The government and most corporations know how to stop nearly all the disruptions to the new Internet economy, but they have done nothing, Mr. Martin says.

"Now, because of their stupidity, they're getting all the reaction," he says. "I don't understand that."

Gary Lawrence Murphy, CEO of TCI, the Canadian coordinators of the Bynari International open-source support network, writes that a much higher threat to security comes from within e-commerce companies, where sensitive customer information is left unsecured every day.

"Is it because it is easy to demonize an anonymous geeky teen and witch-hunt all those like him for daring to threaten our most precious Web portals, for their audacity in delaying a purchase of a cookbook for an hour?" Mr. Murphy asks.

One security expert likened the recent denial of service attacks attributed to Mafiaboy, a Canadian 15-year-old, to "cow-tipping" - a traditional farmland prank in which teens tip over sleeping cattle.

"With the amount of money involved these days, I'd say it was more like setting a high school on fire," says Richard Smith, a nationally recognized security expert.

"I think they realize it's costing a lot of money. They hit Yahoo on a Monday morning when a whole lot of people want to use that service. They know," he says.

Tolerance for hacker-cracker pranks is dissipating rapidly.

In Washington late last month, U.S. Attorney General Janet Reno said it was time to make an example out of Mafiaboy and other malicious hackers.

"I think that it's important first of all that we look at what we've seen and let young people know that they are not going to be able to get away with something like this scot-free," the attorney general told reporters on Capitol Hill. "There has got to be a remedy; there has got to be a penalty."

The perception fostered by events such as the denial of service attacks has too many repercussions to be ignored.

Charles Biggs, an Internet security expert for NetGuard Inc., says the corporate world can do plenty to prevent the erosion of confidence in e-tailer security.

"I don't think the Internet's any more full of holes than any other delivery mechanism we have in retail right now," he says. "The only thing different in the electronic world is that it's harder to see what's going on and be aware of what's happening."

The FBI and Internet service providers are in a position to deter malicious hacking with swift action, Mr. Martin says.

"But until the attack against Yahoo, the Federal Bureau of Investigation was not concerned over these attacks," he says.

Perhaps, says Daniel Dern, editor of Byte.com, the recent brouhaha may have a beneficial outcome for the network as a whole.

"The good news about this round of attacks on the Internet is that this time, I think it's gotten the attention of people who have purse strings to open," Mr. Dern says.

Staff writer Doug Bedell can be e-mailed at dbedell@dallasnews.com