FBI missing the real hacking threat?
With the FBI executing 16 search warrants in 12 cities, U.S. attorney Paul Coggins said Wednesday the Federal Government's "massive" hunt for the hackers responsible for a string of high-profile hacks of government sites was "the most far reaching hacking investigation ever conducted by the Department of Justice."
Several security watchers, however, consider the manhunt a distraction, and say that the biggest threats to online security are the hackers who aren't making headlines -- an observation supported by Wednesday's hack of the Department of Energy's Brookhaven National Laboratory.
In the Brookhaven hack, intruders claiming to be the Posse replaced the laboratory's home page with a picture of TV personality Rosie O'Donnell and a treatise. According to security watchers, the Posse is more sophisticated than the hackers behind previous government site hacks.
The Posse's note prominently thanked the script kiddies, who use script-based programs to break into servers, for grabbing the attention of the FBI. "While you have been keeping the FBI (Federal Bureau Of Instigation) and SS (Secret Cervix) busy tracking down 14 year old hacker hopefuls; we have spent our time burrowing ourselves deep within Corporate America," the Posse's note read at one point.
While the Brookhaven hack was quickly removed, MSNBC reported that the site itself was taken offline between 5:30 a.m. and 1 p.m. PT. "The guys who broke into the White House site, it's like living in D.C., running over to the White House and spray painting it," said B.K. DeLong, a security consultant in Boston. "The biggest threats are the hackers that aren't making themselves known."
"There's a limit to what they (the script kiddies) could do," DeLong noted. "But if these guys are getting in, what about the really experienced guys?" The FBI could not be reached for comment on this issue, though spokesmen were adamant that the FBI would find and punish the hackers who were breaking into government sites.
While there had been speculation that the Department of Defence would pull its Web site down to guard against hacking incidents, an agency spokesman said Wednesday there's no plan for a wholesale shutdown of the site.
"Only certain pages are being taken down" to gauge their security, DoD spokesman Glenn Flood said. Public information on the site will remain up during the testing, set to begin later Wednesday and be concluded later this week, he said.