FBI executive assistant director Shawn Henry admitted to The Wall Street Journal on Tuesday that despite recent arrests, the United States is not winning the war against hackers. As it stands now, the current private and public approach to fending off hackers is "unsustainable" because they're just too weak to stand up against these "talented" hackers.
Henry, who plans to leave his position at the FBI after serving for over two decades, said that the best way to fend off hackers is to change the way companies use computer networks. Right now they're a risk to national security and the economy operating vulnerable networks. On a whole, they're unknowingly costing the taxpayer huge amounts of money.
"I don't see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it's an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security,'' Henry told the paper.
James A. Lewis, a senior fellow on cybersecurity at the Center for Strategic and International Studies, paints an even darker picture of the nation's present stance against hackers. "I think we've lost the opening battle [with hackers]," he told the paper. "There's a kind of willful desire not to admit how bad things are, both in government and certainly in the private sector, so I could see how [Mr. Henry] would be frustrated."
Adding to that, Lewis said that he didn't believe there was a single secure, unclassified computer network residing in the United States.
2011 was huge year for Anonymous and LulzSec as they hacked networks and websites, defaced web pages, and dumped sensitive data on the BitTorrent network. Just this week alone the resurrected LulzSecReborn, a new group of hackers avenging the arrests of the original LulzSec gang, hacked into MilirarySingles.com and CSS Corp, dumping usernames, passwords, email addresses and more via Pastebin.
As reported on Tuesday, the administrators for MilitarySingles saw no evidence that LulzSec breached its security, but the group linked to a message they stored on the MilitarySingles server, proving them wrong. This has become an increasing problem -- companies unaware that their systems have been accessed and their data dumped on an external, public network.
"We have found [company] data in the middle of other investigations,'' Henry said. "They are shocked and, in many cases, they've been breached for many months, in some cases years, which means that an adversary had full visibility into everything occurring on that network, potentially.''
In his years working with companies to build up their defenses, he found that many company executives recognized the severity of their problem while many others did not. Yet while those defenses were eventually strengthened, hackers still found a way inside. The government and companies alike seem to be outsmarted and outpaced despite their collective efforts.
"We've been playing defense for a long time. ...You can only build a fence so high, and what we've found is that the offense outpaces the defense, and the offense is better than the defense,'' he said.
To read the full interview, head here.
UPDATE: The FBI contacted Tom's Hardware Guide and provided a clarification. "Mr. Henry was not discussing hackers in particular when he spoke to the Wall Street Journal. He made these comments with regard to all computer intruders to include state actors, organized crime and hackers."