Look past the FBI’s computer “squad” that vows to track down the perps in last week’s Web attack and you’ll see a classic government turf war.
It may be not be openly discussed, but the FBI is probably not the best agency to handle this complex crime, and many in Washington know it. For Aharon Friedman, a 42-year-old scientist-turned-entrepreneur who has testified before Congress on cyber-security matters, the FBI will have a hard time gathering the technical know-how. At times, he adds, the feds seem more interested in a “political/public-relations agenda.”
Some are more confident. Renowned “white-hat hacker” Richard Smith says the agency “is up to the task” at hand, but it was Smith and other good-guy, white-hat hackers who cured the Melissa virus, not the FBI. It’s no wonder that now the FBI has had to resort to such tactics as hiring hackers and deputizing them as “special agents,” according to Friedman.
“The FBI has not had such a great success rate in catching hackers,” says Friedman. Which raises the question of whether the government’s best experts—the data gnomes and code crackers at the National Security Agency—ought to be called in. Of course, most people get spooked just thinking about it.
“The NSA does have more technical competence than the FBI—and in particular, in this area,” says Stewart Baker, the NSA’s former general counsel and now an attorney at the high-powered D.C. firm Steptoe & Johnson. “But it has limitations in its mandate.” By law, the NSA is required to aim its radars and parabolic microphones at other governments, not at domestic deviants. The problem is that the NSA “has difficulty persuading the rest of the world to rely on it,” says Baker. “The FBI is more likely to have good relations with the press in the United States and with law enforcement abroad than the NSA. So for all these reasons, it was considered best to have the FBI lead and to draw on the NSA’s technical capability as necessary.”
In any case, says Friedman, the most viable solution for the long-term is for companies to pay as much attention to security as they do the bottom line.
So far, the suits are clearly asleep at the security gate. In last week’s incident, it was actually Yahoo’s Internet-service provider (ISP), not Yahoo itself, that got hammered. That ISP is Global Center, part of a conglomerate owned and run by veterans of the cable and telephone industries. Do these old tech executives have the answers for today’s challenges? Perhaps not. Over at another Global Center customer, Motley Fool, whose hardware sits only four rows away from Yahoo’s, is Dwight Gibbs. This chief techie geek—his real title—says he’s confident of Global Center, but he knows that vandals could bring down his site just as they did Yahoo.