The threat posed by hacker hype

Discussion in 'ten-forward' started by Smokey, Jul 11, 2003.

Thread Status:
Not open for further replies.
  1. Smokey

    Smokey Registered Member

    Joined:
    Apr 1, 2002
    Posts:
    1,513
    Location:
    Annie's Pub
    After a widely publicized hacking contest failed to cause as much damage as expected last weekend, computer security experts are advocating a novel response for Internet hackers out for a digital joy ride: ignore them.

    Security firms frequently notify companies about attacks in which hackers can steal data, crash systems or do other nefarious acts. But excess publicity of relatively low-risk threats, such as Web site defacements, can do more harm than good, experts said.

    Becoming immune

    Web site defacements, the electronic version of graffiti, cause more of a nuisance than real damage to computer networks, and they occur every day, experts said.

    "It's the boy-who-cried-wolf phenomenon," said Bruce Schneier, chief technology officer at network monitoring firm Counterpane Internet Security. Hyping non-threats "dulls people to the real threats."

    The Information Technology-Information Sharing and Analysis Center (ISAC), run by Atlanta-based Internet Security Systems Inc., and New York's Cyber Security and Critical Infrastructure Coordination center issued warnings last week about a Web site defacement challenge scheduled for Sunday.

    Only 500 to 600 smaller Web sites recorded defacements during the contest, said Pete Allor, ISAC director of operations. That's less than the 3,000 or so sites that are defaced on a heavy hacking day, he noted.

    Zone-H, the organization that archives Web site defacements, said its Web site was knocked offline for part of Sunday after being flooded with traffic in a so-called "denial of service" attack.

    Feeding the frenzy

    One group of security experts protested the hype, posting on their Web sites a spoof defacement that read: "I panicked over the Defacement Challenge scare and all I got was this lousy defacement."

    The notice also gave a "reality check," pointing out that good security practices should be followed every day and "Massive attacks on the Internet are like conspiracy theories: those that are predicted don't occur and those that occur were never predicted."

    "I'm sick of somebody saying they're going to do something, then the mass media reports on it and that feeds the hysteria," said Richard Forno, a security consultant and author.

    "The media does feed the frenzy," Schneier said. "Rumors wouldn't get spread widely if it wasn't for the media."

    Attempts to sell products

    Hackers hoping for publicity are only part of the problem, said Rob Rosenberger, editor of VMyths.com, a site devoted to clearing up myths and hoaxes related to viruses and other security events.

    Security companies also benefit from threats that scare customers into buying more products, said Rosenberger, whose Web site, widely respected for its skepticism, has run out of money and faces an uncertain future. "This industry thrives very heavily on (media) ink."

    Exaggerated threats could cause the public to lose faith in both security companies and the media, said Russ Cooper of security firm TruSecure. "When members of our industry who are supposed to be trustworthy and credible make silly claims then it does harm to the whole industry."

    Source: CNN
     
Thread Status:
Not open for further replies.