Justice offers a victim's perspective on hacking
- By John Breeden II
- Apr 28, 1997
Boster offered 11 rules for agencies to live by when running a Web site:
Justice hires highly skilled, reputable individuals rather than companies to work on its
Web servers. Boster said the department only lets workers who pass stringent background
checks touch the equipment.
Three full-time workers at Justice continually change security configurations on Web pages
and monitor industry for advancements in security technology.
"I would guess that not many organizations have taken that step," he said.
"I think that's a mistake. Security is not a part-time job."
Justice's improved Web pages passively encourage hacker invasions.
"We are designing the site so if someone tries to penetrate, we are going to let them
in and watch them," Boster said. The security monitoring force then will capture the
"Just because it's new does not mean it's good," he said. "Don't bow to
pressure." And if the existing system ain't broke, don't fix it until something
better hits the street, he added.
Departments need a central location that instantly can shut down a site if it is
hacked. Controlling a single access point is much easier than managing a distributed,
heterogeneous network with numerous dial-up connections.
Efforts to implement a firewall security system also can be like wearing blinders, Boster
Justice's main security rested on placing data behind a firewall. But Boster said back
doors such as dial-up connections on desktops give an invader an easy route to bypass the
Boster said industry and government need to change the current culture of mistrust and
work together on security. Agency officials have been reluctant to share fears because
they were afraid of being exploited, he said.
Despite being personally offended by the attack on Justice, Boster said it made him build
a more secure server and focus on issues that will benefit the entire government.
"It was not a fun couple of weeks," he said. "But you have to capsize a
couple of times before you become a real sailor."
John Breeden II is a freelance technology writer for GCN.