Topic: Government US

FBI: US losing hacker war

Summary: A Federal Bureau of Investigation (FBI) executive says "we're not winning" the hacker war. He warns that FBI's current model to fight hackers infiltrating governments and companies is "unsustainable."

By Emil Protalinski for Zero Day | March 28, 2012 -- 13:10 GMT (06:10 PDT)

Follow @emilprotalinski

The Federal Bureau of Investigation (FBI) says it is losing the war against hackers. Shawn Henry, an FBI executive assistant director who is preparing to leave the organization after working for more than two decades with the bureau, says that the U.S. is not keeping up with hackers. Thousands of individuals and groups around the world are taking aim at businesses and government websites, including those in the U.S., and Henry says "we're not winning."

"I don't see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it's an unsustainable model," Henry told The Wall Street Journal. "Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security."

Furthermore, Henry said FBI agents are increasingly coming across data stolen from companies whose executives had no idea their systems had been breached (see 63% of website owners don't know how they were hacked). "We have found their data in the middle of other investigations,'' Henry told the WSJ. "They are shocked and, in many cases, they've been breached for many months, in some cases years, which means that an adversary had full visibility into everything occurring on that network, potentially.''

Henry's comments follow a statement made by Richard Clarke, a former cybersecurity and cyberterrorism advisor for the White House. He said every major U.S. company has been infiltrated by hackers employed by the Chinese government to steal R&D.

Although the number of hackers arrested around the world seems to be growing, the attacks keep coming. For example, earlier this week hacktivist group LulzSec hacked MilitarySingles.com and exposed 170,937 accounts belonging to U.S. military members looking for a date, and then hacked communications technology firm CSS Corp and publicly posted the company's entire e-mail database (66 files in total).

The main reason the FBI can't keep up is because the organization is outnumbered. Not only are there too many hackers around the world, but there are also way too many points of entry given all the companies and government agencies the FBI is interested in protecting.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

69 comments

Log in or register to join the discussion

I use Linux for my website for good reason

Plone is reverse proxied behind Apache and the site is protected by 'tarpit'.

I see the log every day and the attacks are quenched by tarpit.

The FBI site (fbi.gov) runs on Plone and Linux.
Windows infrastructure is where the larger security problems reside.

Dietrich T. Schmitz *Your
28 March, 2012 13:27

Reply 1 Vote
- I see that your penchant for fabricating and posting
  
  false statements has gone unchecked.
  
  I find it interesting that your claim that Linux as a web server is growing at the same time that more sites are becoming hacked.
  
  logic would suggest that it appears that Linux is unsecure as an operating system, as the two seem to be growing the the same time
  :|
  
  Tim Cook
  28 March, 2012 17:12
  
  Reply Vote
  - "Security via obscurity"
    
    No platform is truly secure...
    
    HypnoToad72
    28 March, 2012 17:17
    
    Reply 2 Votes
  - Logic?
    
    Big jump in concluding from a correlation of two independent data sets.
    
    It's people like these the FBI is counting on to protect data;-)
    
    Richard Flude
    29 March, 2012 02:28
    
    Reply 1 Vote
  - @hypnotoad
    
    Agree! Farthermore, it seems that anyone willing to believe otherwise is either lazy or incredibly stupid. As long as there is perceived value, there will be "persons" willing to use various means to try and get a piece (or all) of the value.
    
    Willnott
    29 March, 2012 11:29
    
    Reply Vote
  - He's absolutely correct.
    
    You would have to be an idiot to believe Windows isn't the culprit here. Linux is secure without AV and gives true peace to it's users.
    
    Here is a great article for you: Remember all my posting about TDL-4 ???
    
    http://www.h-online.com/security/features/CSI-Internet-Open-heart-surgery-1350313.html
    
    [i]"An increasing number of rootkits, including a number of TDL variants, use a special technique to get their code executed. Windows maintains a pool of what are known as system worker threads, launched by the system process during boot. These are intended to take work off the hands of other threads, such as threads for handling interrupts. This is done for purposes such as vacating an area of code which locks important system resources whilst executing as quickly as possible, or just to improve the stability of key kernel components."[/i]
    
    BTW, just completely ignore it if you are using Linux.
    
    Linux becomes hacked because admins keep login information on their personal Windows laptops and the laptops get hit with zero-days or infected emails.
    
    Joe.Smetona
    29 March, 2012 15:53
    
    Reply Vote
  - Mister Spock, you seem to know nothing of logic.
    
    You are drawing inferences from an incomplete data set and drawing your own conclusions.
    
    techadmin.cc@...
    12 April, 2012 12:57
    
    Reply Vote
- ZZZZzzzzz....
  
  same-o-same-o
  
  ItsTheBottomLine
  29 March, 2012 07:40
  
  Reply Vote
  - --
    
    [i]"The great enemy of the truth is very often not the lie -- deliberate, contrived
    and dishonest, but the myth, persistent, persuasive, and unrealistic. Belief in
    myths allows the comfort of opinion without the discomfort of thought."[/i]
    
    --John F. Kennedy (1917 - 1963)
    
    Joe.Smetona
    31 March, 2012 10:13
    
    Reply Vote
I believe the days of ...

... computer programs running unchecked, need to end soon. All programs need to be certified, and operating systems should behave like the human body's immune system, and monitor the behaviors of programs, to ensure they all act kosher. When a developer creates a program on his PC, his development system should automatically assign the program a certificate, allowing the program to run on his machine. If the programmer wants to distribute his program, then he should have to submit it to a service, to receive certification, before it is allowed to run on a range of computers.

Two factor authentication, should also help against hackers.

P. Douglas
28 March, 2012 14:02

Reply Vote
- Not a answer
  
  This does nothing for exploitable code which is where the hackers are gaining access from..
  
  Anthony E
  28 March, 2012 15:26
  
  Reply Vote
  - Payloads ...
    
    ... or code / scripts wouldn't be able to be run by hackers because the code wouldn't be certified. Also an OS' immune system (agents) could look out for suspicious behavior, such as individual commands being run, that don't seem kosher.
    
    P. Douglas
    28 March, 2012 16:57
    
    Reply Vote
  - Not really true.
    
    @Anthony E
    
    Most exploits, when found, are patch very quickly. The biggest factor is poorly configured servers and networks. These are the most common, and most easily found holes which hackers look for to exploit.
    
    A properly configured server or network is so much harder to access. The hardest targets are mostly skipped while the easy ones are exploited.
    
    linux for me
    29 March, 2012 07:06
    
    Reply Vote
    - Agreed.
      
      And if I may add... The largest security hole as of late is SQL injection as a primary means to garner further user passwords, and eventually root or near-root access. Does the Linux community not see this? I mean, if one is to believe that a majority of websites run Linux (which I don't argue, explicitly), should not the same community place priority in this area to eliminate this threat by posting an update and then mandating servers recompile this fix into their base? I mean, I'm not even a Linux person, but I respect it, and this seems like a good first step. I'd then add, make it easier for Linux admins to incorporate this update overall. I've heard too many discussions about Linux admins not even considering updates based on the complexity of the procedure involved. That needs to be addressed, and this is advice from an observer.
      
      FuzzyBunnySlippers
      18 July, 2012 04:36
      
      Reply Vote
- Thats a terrible idea
  
  Who makes some central industry to determine what I can and cannot run on my machine that someone else made?
  
  Better idea: use common sense.
  
  Rocktone
  28 March, 2012 17:14
  
  Reply Vote
  - You can always ...
    
    ... use Linux if you want to be able to freely run apps.
    
    P. Douglas
    28 March, 2012 17:27
    
    Reply Vote
- And how do you define "kosher"
  
  The problem is that the application is not meeting the adverted capabilities - would that be "kosher"?
  
  If not, then all windows based systems are not acting "kosher".
  
  jessepollard
  29 March, 2012 04:46
  
  Reply Vote
- from "Enemy of the State".....
  
  And just who will "police" the police?
  
  jrlambert
  29 March, 2012 13:04
  
  Reply Vote
- Who's in control now
  
  To put such restriction in place will end in someone abusing there power.
  Think how easy it would be to shut down a competitor. Big business is able to manipulate the market in different country's now. How easy do you want to make it for them?
  But we know all this.
  
  Difcycle
  29 March, 2012 15:53
  
  Reply Vote
And who does the certifying?

And do we allow computer owners to run uncertified programs if they choose to?
Just wondering.

This was intended as a reply to P. Douglas.

John L. Ries
28 March, 2012 14:11

Reply Vote