Hacker's Sentence A Pyrrhic Victory




WASHINGTON -- The sentencing in Los Angeles on Monday of Kevin Mitnick, the nation's most notorious computer hacker, for breaking into Sun Microsystems computers would ordinarily be a cause for celebration by the federal government.


Mitnick, 37, was sentenced to 46 months in prison and ordered to pay $4,125 to the high-tech companies he victimized, a sum that the judge described as a "token'' amount as she completed the last sentencing detail in one of the most publicized computer crime cases in history.


Officials are still smarting from Mitnick's 1983 efforts to break into the Pentagon's computers.


But federal officials are in no mood to celebrate. It has been 16 years since Mitnick - apparently motivated not by money but by the intellectual thrill of reading highly sensitive information - mocked federal computer security. Yet, reeling from a series of recent attacks by hackers, officials fear that they are no closer now to solving the problem and might be losing the war against computer invasions.


"It's not a matter of if America has an electronic Pearl Harbor,'' said Representative Curt Weldon, chairman of the House national security military research and development subcommittee. "It's a matter of when.''


In the past three months alone, anti-government hackers have invaded web pages maintained by the U.S. Senate, the FBI, the Army, the White House, several Cabinet departments and the Idaho National Engineering and Environmental Laboratory, which does work for the Energy Department.


So far, the attacks - which range from notes posted on the White House web site making light of President Bill Clinton's involvement with former White House intern Monica Lewinsky to more ominous assaults that have penetrated the Pentagon's computers - have caused some temporary shutdowns of web sites without compromising U.S. security.


But federal cyber-cops suffered another blow last month when the House Appropriations Committee, responding to privacy concerns raised by civil liberties advocates, denied the Justice Department's request for a Federal Intrusion Detection Network to monitor all government computer networks.


Indeed, Mitnick remains one of the few examples of successful government detection and prosecution of a computer criminal. In a decade-long crime spree, the self-taught hacker faced three federal prosecutions for illegally breaking into dozens of computers in universities and private companies such as Sun Microsystems.


No one has precise figures on the number of assaults on government computers. And government experts are loath to talk about the problem for fear of encouraging even more computer break-ins.


Although experts are uncertain whether the defacement of government web sites is a barometer of the government's vulnerability to more serious computer threats, they all agree that the recent increase in the defacement of the sites is not a good sign.


"These hacks do illustrate that government systems designers have been deficient - whether through laziness or lack of expertise - in protecting the security of their sites,'' said James Dempsey, senior staff counsel for the Center for Democracy and Technology, a Washington-based Internet watchdog.


In the days before the Internet, it was nearly impossible to break into most computers.