Review shows hackers accessed 155 federal computer systems

WASHINGTON (AP) _ At least 155 federal computers systems - some with sensitive research information or personal data on Americans - were temporarily taken over by hackers last year, according to a review that found widespread lax computer security.

The government's lack of safeguards against domestic and foreign attackers who struck 32 federal agencies last year is ``chilling,'' one congresswoman said.

``I think it would come as quite a surprise for most Americans to learn the extent to which these federal civilian agencies are the target of attacks by foreign and domestic sources bent on espionage or other malicious actions,'' Rep. Billy Tauzin said at a House Oversight and Investigations hearing Thursday.

A month ago, subcommittee chairman Rep. James Greenwood demanded updates from 15 federal agencies to check their compliance with federal security regulations. Very few had done even cursory checks of the integrity of their defenses, he said.

``We are not surprised or pleased by what we are finding,'' Greenwood said.

The committee also released a February computer security study by overseers at the Health Care Financing Administration, which controls Medicare. The report found numerous weaknesses that permitted unauthorized access to the medical information of Medicare recipients, Tauzin said.

``I can envision incredible fraud opportunities with that scenario, as well as privacy problems,'' he said.

Ronald L. Dick, director of the FBI's National Infrastructure Protection Center, said there are currently 102 open investigations of computer intrusions into government systems, and the bureau is keenly aware of the rise of state-sponsored hacking.

``The range and motives associated with who are perpetrating these acts makes the full gamut,'' Dick said, adding that some do it for sport and others are ``state-sponsored activities concerned with trying to perform information warfare.''

``We've been hearing a lot of very chilling testimony here,'' said Rep. Diana DeGette. ``With all of this activity going on, I'm wondering why we haven't seen an incident of cyberterrorism yet.''

``Eventually we are going to see it,'' replied Dick, but adding that since 80 percent of incidents go unreported, it could be happening now.

Security expert Tom Noonan highlighted some of the shortfalls of government security, noting that only 5 to 10 percent of federal agencies use automatic security detection programs, and that the average salary among security experts at his company is dlrs 80,000, far more than what most federal employees make.

``Computer security experts are scarce, they're in short supply, and they're expensive,'' said Noonan, the president of Atlanta-based Internet Security Systems.

Showing an African Web site, Noonan explained that many of the tools to break into government computers are easy to find and free.

``You've got a whole smorgasbord here to fill your palate,'' Noonan said. ``You don't have to be very experienced, you don't have to have a high IQ in order to attack our government.''

___
On the Net: National Infrastructure Protection Center

Internet Security Systems