[Congressional Record Volume 140, Number 9 (Friday, February 4, 1994)]
[House]
[Page H]
From the Congressional Record Online through the Government Printing Office [www.gpo.gov]


[Congressional Record: February 4, 1994]
From the Congressional Record Online via GPO Access [wais.access.gpo.gov]

 
                        COMPUTER NETWORK CRIMES

  Mr. ROTH. Mr. President, our society is rapidly becoming a world of 
instant communications, of masses of information available through 
countless databanks. Last fall, the New York Times and the Wall Street 
Journal reported a major incident--a broad scale electronic break-in of 
these databanks and the companies that rely on them. Soon after these 
reports, it became clear that the University of Delaware was affected. 
Today, the Washington Post reports that there is a rash of break-ins 
underway.
  Over the past 5 years, telecommunications have expanded far beyond 
what Alexander Bell could have dreamed. Telecommunications now reach 
far beyond the telephone. Governments at all levels, corporate America, 
many American families, and academia rely on computer networks to 
conduct their business.
  Every day, more entities are linked to one another. The very term 
network has become a household word. Foremost among the world's largest 
data networks is the Internet, which is funded by the Federal 
Government. The Internet has grown from 215 sites in 1981 to over 2 
million sites today, reaching 15 to 20 million personal computer users.
  The Internet has truly become the backbone of the business community, 
and access to it is considered vital. It increases productivity by 
allowing researchers, scientists, and engineers to collaborate. 
Projects can be completed faster and with fewer people simply because 
the same information can be shared electronically across States and 
continents. Vendors can provide their customers with a higher level of 
service and support because problems can now be solved electronically, 
over the Internet. Time and money can be saved by choosing from 
thousands of free software.
  The proposals of President Clinton and Vice President Gore to create 
a telecommunications superhighway promises much more of the same at 
even greater speeds and volume.
  Mr. President, as the Internet has grown, so to has the problem of 
computer security. Five and a half years ago, a computer virus crashed 
6,000 computers on the Internet. A computer virus is usually what most 
people think of as the computer security problem. But another problem, 
the use of the Internet for corporate espionage, has long been rumored 
to be on the rise. Today's Washington Post report confirms the 
disturbing shift from mischievous to villainous computer crime.
  Mr. President, the teenage hacker who tested the system for fun has 
grown up. Now, a hacker is called a cracker and FBI agents believe that 
a typical cracker is in it for monetary gain.
  Since 1988, computer security breaches has grown dramatically, and 
811 incidents have been reported so far this year. The Computer 
Emergency Response Team, an organization setup to police the Internet, 
estimates a 50-percent increase per year in security violations on the 
Internet. They believe that the reported violations is less than one-
sixth of the actual number.
  At the end of last October, the first open evidence of a massive 
security violation was reported. An organization, named Panix, that 
provides access to the Internet for many New York companies put out a 
message that, and I quote: ``A security incident of very large 
proportion has occurred.'' Panix provided a list of over 100 companies 
and stated, again I quote: ``If your site appears on this list, you 
should be particularly worried.'' One of the owners of Panix told the 
New York Times that the cracker has passwords to perhaps thousands of 
locations.
  Mr. President, many computer experts believe this is the tip of the 
iceberg, and an article in this November 5th's Wilmington, Delaware 
News Journal confirms that view. Apparently, a major computer security 
breach occurred as a result of an attack on the University of 
Delaware's computer. As in the New York incident, access was gained 
through the Internet. As is the case with many of these incidents, the 
instigator may never be tracked down because he went through a 
circuitous route on the network, including Purdue University's 
computers who discovered the attack.
  While it is not clear that any data was stolen, 2,300 students and 
professors at the University of Delaware were forced to go through the 
time-consuming process of changing their passwords.
  Mr. President, these incidents must be controlled. Whether the break-
ins are designed to gain restricted information, such as a company's 
new product ideas, or more mundame information, such as a person's bank 
and health insurance accounts, the activity is at the very least 
disruptive and maybe destructive. The accounting firm of Coopers & 
Lybrand estimates that such computer security violations cost American 
companies about $15 billion per year.
  We need to recognize the potential danger and act accordingly. I must 
point out that this is a highly technical and rapidly changing area. 
Security procedures are changing from passwords to more active 
measures. Last May, I asked the Office of Technology Assessment to look 
at such problems and recommend updates to the Computer Security Act of 
1987. This act is under the jurisdiction of the Governmental Affairs 
Committee, of which I am the ranking member. Senator Glenn, the 
chairman, joined me in that request.
  I intend to pursue hearings on the report and amendments to the 
Computer Security Act this summer. In the meanwhile, my staff has been 
in contact with the Internet security team to make clear and highlight 
the importance of protecting the Internet.

                          ____________________