ScienCentral News
 
environment general science genetics health and medicine space technology May 24, 2003 
home NOVA News Minutes archive login

is a production of
ScienCentral, Inc.
Making Sense of Science

Also of Interest
Mighty Mini Motor (video)

Smart Robots (video)

Protein Machine (video)

Instant Waterproofing (video)

Secret Sensor (video)

Rainbow X-Ray Vision (video)

Driving Blind (video)

Smart Ink (video)

Strong Stuff (video)

M.D. on a Chip (video)

Bio Detector (video)

Watching Living Brains (video)

Nano Designer (video)

Satellite Steering (video)

Virtually Vulnerable (video)

NOVA News Minutes
Visit the NOVA News Minutes archive.
ScienCentral News and Nature
Nature genome promo logo
Don’t miss Enter the Genome
our collaboration with Nature.
Best of the Web!
Popular Science Best of the Web 2000
Selected one of Popular Science’s 50 Best of the Web.
Get Email Updates
Write to us and we will send you an email when a new feature appears on the site.
Keeping Secrets
June 28, 2000
image: Los Alamos Natl Lab

Following the arrest late last year of Los Alamos National Laboratory scientist Wen Ho Lee and the more recent disappearance—and then reappearance—of two hard drives with classified nuclear weapons information from the same lab, computer security is on everyone’s mind. The Department of Energy’s (DOE) reaction has been to crack down on security at all national labs, regardless of the nature of their research.

While the DOE maintains that this is a necessary measure as protection from ever more sophisticated hackers, some scientists may find it an overreaction that hampers their research.

Information for everyone?

On the one hand, the Internet has opened up vast possibilities for researchers by allowing them to post data on publicly-accessible domains. They have quick access to material that used to take months to appear in scientific journals—if it appeared at all. But the DOE’s mandate may threaten this golden age of data information.

Internet connection: animated

Donald Fleming, Chief Information Officer at Brookhaven National Laboratory, says that his lab has been devoting a lot of attention to computer security regardless of the DOE concern. "We are concerned about the integrity of our scientific research data," he says. "It is true that these other events have lended some additional emphasis and urgency to addressing cybersecurity issues."

But it’s not just the threat of data theft or even carelessness with data within the labs that is cousing concern. Like all government labs, Brookhaven may be a target for hackers just because it has "dot-gov" in its name.

This graph shows the number of website defacements each month from January of 1999 (left) to May 2000 (right). The number of defacements ranges from zero (lowest) to 700 (top).
image: Attrition.org

"The bad guys range from at the bottom of the totem pole—what we call ’script kiddies,’" says Flemming, "up to people in universities that have fairly sophisticated ways of attacking insitutions, and finally governments that are sponsoring things like trying to obtain commercial secrets and understand things about our defense programs and so forth."

It is possibly the ’script kiddies’—school-age children who break into computer systems for the thrill of it, often with programming that is simply copied from websites—that have really brought the issue of hacking back to the forefront, what with recent high profile attacks on sites like Yahoo!, CNN and E-trade. According to attrition.org, there were more that 3,500 website defacements (1) in 1999, and the figure is on pace to double this year.

At cross purposes

Hackers

The term "hacker" didn’t start out with a negative connotation. It started at the Massachusetts Institute of Technology and originally meant someone who was very skilled in computers and able to manipulate their programs. But because knowledge is power, some of these experts eventually turned their talents to criminal activity.

By the time the Computer Fraud and Abuse Act was passed in 1986, hacking was serious business. The Computer Emergency Response Team, based at Carnegie-Mellon University, was formed in 1988 to investigate the growing number of attacks on computer networks.

Recently, the System Administration Networking and Security (SANS) Institute released a list of the "Ten Most Critical Internet Security Threats" in the hopes of giving system administrators a hand with security. Somes notorious hackers, such as Kevin Mitnick, have attempted to turn their expertise around to help companies strengthen security, but some consider trusting such individuals too risky.

Brookhaven scientists work with other researchers from all over the world, and until now, security has been relatively low. But Fleming says that is changing, and that Brookhaven is taking steps to significantly increase its security. Collaborative research and computer security, however, may be mutually exclusive.

"Scientific research—the collaborative research environment—is premised on openness, and security is premised on restricted access, and those two are in tension with each other," says Fleming. "And what you are forced to do is to make tradeoffs between openness and access in order to address your security requirements."

To address these concerns, Brookhaven hosted a two-day conference beginning yesterday on computer security and open research. Participants included not only scientists, but also cybersecurity experts from the commercial sector.

In a way, it’s a shame that resources now being devoted to computer security are being diverted away from developing better products and research, Fleming says. But that may be the price society has to pay to travel on the information superhighway.


(1) - Attrition defines "defacements" as the unauthorized modification of the default-displayed webpage. They don’t archive home pages (too hard to separate the hoaxes from the real thing), sub-pages (ditto), or free sites (ditto). They have to verify it, the exception being sites that have been defaced and widely reported. And so, Attrition does not track computer crime (’unauthorized penetration of a site’) per se, but a very specific sort of crime that is, for obvious reasons, verifiable.

Elsewhere on the web:

Computer Security Information from the Center for Information Technology

Computer Security News Daily

Computer Security Resource Clearinghouse

Journal of Computer Security

Attrition

The Hacker Quarterly

Hackers Hall of Fame

The Hackers Home Page



by Jill Max


About Search Login Help Webmaster
ScienCentral News is a production of ScienCentral, Inc.
in collaboration with the Center for Science and the Media.
248 West 35th St., 17th Fl., NY, NY 10001 USA (212) 244-9577.
The contents of these WWW sites © ScienCentral, 2000-2003. All rights reserved.
The views expressed in this website are not necessarily those of the NSF.
NOVA News Minutes and NOVA are registered trademarks of WGBH Educational Foundation and are being used under license.