From: Rick Smith <smith@sctc.com>
To: cypherpunks@toad.com
Message Hash: 5fd4cfc245cfa89dc9d39ea506856822fda7317b17fc617b6ec2e191338c256e
Message ID: <199606271857.NAA10915@shade.sctc.com>
Reply To: N/A
UTC Datetime: 1996-06-28 02:22:36 UTC
Raw Date: Fri, 28 Jun 1996 10:22:36 +0800
From: Rick Smith <smith@sctc.com>
Date: Fri, 28 Jun 1996 10:22:36 +0800
To: cypherpunks@toad.com
Subject: Re: CIA Fears UmpTeen InfoNukes
Message-ID: <199606271857.NAA10915@shade.sctc.com>
MIME-Version: 1.0
Content-Type: text/plain
m5@vail.tivoli.com (Mike McNally) asks:
> ... the article included a claim that there have been
>250,000 attempted break-ins on DoD computers over the past year.
>Does anybody know how they count that?
The number comes from the recent GAO report, which provides it as an
estimated upper bound of the number of attacks. Notice how rapidly the
press loses the distinction between an estimated upper bound and a
hard number. The GAO report claims that 559 attacks were reported on
DOD machines last year, and that "only 1 in about 150 incidents" are
reported. That comes out to less than 84,000, and I'm not sure where
the extra factor of 3 comes from. The GAO report is vage about the
distinction between "reported" and "successful" attacks in statistics
from different sources, and this may account for some of it.
The GAO report also gives statistics from recent penetration work
done by DISA. What they did was mount a bunch of attacks on DOD
systems and see what happened. They claimed a 65% success rate. Only
4% of the successful attacks were detected, and only 27% of those
detected were reported back up the line to the Pentagon.
It's an interesting report. It's gao/aimd-96-84, and you can get it
via their website at (no kidding) http://www.gao.gov
Rick.
smith@sctc.com secure computing corporation
Return to June 1996
Return to “Rick Smith <smith@sctc.com>”
1996-06-28 (Fri, 28 Jun 1996 10:22:36 +0800) - Re: CIA Fears UmpTeen InfoNukes - Rick Smith <smith@sctc.com>