CNET también está disponible en español.

Ir a español

Don't show this again

Christmas Gift Guide
Internet

Congress set to crack down on hackers

As software giant Microsoft finds itself the latest victim of hackers, Congress agrees on compromise legislation to aid in the investigation of cybercrime and provide more funds for the FBI.

Congress has been wrestling with cybercrime legislation ever since the denial-of-service attacks on online retailers such as eBay and Amazon.com earlier this year, and such legislation now seems especially timely with the latest hacker attack, this time on software giant Microsoft.

Holding up the process has been the online industry itself, which often is reluctant to acknowledge attacks for fear it will encourage new ones and discourage business.

Just this week, however, some compromises have occurred in Congress that could quickly lead not only to tougher laws on hackers but also to increased authority and funding for federal law enforcement agencies, in particular the FBI.

Two cybercrime bills, originally introduced by Senate Judiciary Committee chairman Orrin Hatch, R-Utah, and two other Republican committee members, were seen by some in the high-tech community as giving law enforcement too much power to search records and confiscate equipment. The industry also felt the bills threatened the jurisdiction of local governments to grant federal investigators so-called trap-and-trace authority to track an online transmission from end to end under one warrant.

Two weeks ago, a compromise between Hatch and the highest-ranking Democrat on the committee, Patrick Leahy, D-Vt., led to a bill that contains more due-process rights for parties in an investigation, particularly third-party online providers who may not have been aware of any wrongdoing. The bill also would authorize $100 million for the FBI to create a national cybercrime support center.

Leahy spokesman David Carle said the bill has been paired with another Leahy bill giving grants to states and local governments for training in how to fight cybercrime. That pair of bills has been attached to an unrelated bill regarding medals of honor due to be voted on at any time.

"It could pass as early as tonight," Carle said.

The FBI is already expected to get about $50 million in funding to fight cybercrime as the result of another spending bill due for a vote soon, with about half of that amount targeted specifically at the FBI's cybercrime program, Digital Storm.

In February, the Web was staggered by an unprecedented series of attacks that temporarily blacked out a half-dozen of the largest e-commerce and portal sites. Authorities probing the source of those attacks on Yahoo, eBay, CNN.com and other Web sites pursued leads that pointed to schools, including the University of California at Santa Barbara.

How a denial of service attack works The attackers used a method called "distributed denial of service" attacks, which involve sending such large amounts of traffic to a Web site that it buckles under the load and becomes inaccessible to the outside world.

This week's foray against Microsoft was of a different nature. In this case, a hacker broke into the software maker's network in what a company representative called an act of "industrial espionage."

While only a fraction of the FBI's current investigations involve cybercrime, Kevin DiGregory, deputy assistant attorney general for the Justice Department, has testified on Capitol Hill that it is a rapidly growing area of concern that includes threats not just to commerce but also to national security.

On the flip side of that perspective are privacy advocates who are concerned about the growing power of federal law enforcement agencies in cyberspace. Of particular concern is the FBI's Carnivore program, which involves a packet sniffer that can examine email headers and other data not subject to a warrant as it searches for material being transmitted by someone under investigation.

Fears regarding the potential abuse of Carnivore have led to an investigation of the program by an institution selected by the Justice Department, but critics have questioned whether it will be an objective investigation.