Skip to main content

FBI: We're Not Winning War Against Hackers

FBI executive assistant director Shawn Henry admitted to The Wall Street Journal on Tuesday that despite recent arrests, the United States is not winning the war against hackers. As it stands now, the current private and public approach to fending off hackers is "unsustainable" because they're just too weak to stand up against these "talented" hackers.

Henry, who plans to leave his position at the FBI after serving for over two decades, said that the best way to fend off hackers is to change the way companies use computer networks. Right now they're a risk to national security and the economy operating vulnerable networks. On a whole, they're unknowingly costing the taxpayer huge amounts of money.

"I don't see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it's an unsustainable model. Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security,'' Henry told the paper.

James A. Lewis, a senior fellow on cybersecurity at the Center for Strategic and International Studies, paints an even darker picture of the nation's present stance against hackers. "I think we've lost the opening battle [with hackers]," he told the paper. "There's a kind of willful desire not to admit how bad things are, both in government and certainly in the private sector, so I could see how [Mr. Henry] would be frustrated."

Adding to that, Lewis said that he didn't believe there was a single secure, unclassified computer network residing in the United States.

2011 was huge year for Anonymous and LulzSec as they hacked networks and websites, defaced web pages, and dumped sensitive data on the BitTorrent network. Just this week alone the resurrected LulzSecReborn, a new group of hackers avenging the arrests of the original LulzSec gang, hacked into and CSS Corp, dumping usernames, passwords, email addresses and more via Pastebin.

As reported on Tuesday, the administrators for MilitarySingles saw no evidence that LulzSec breached its security, but the group linked to a message they stored on the MilitarySingles server, proving them wrong. This has become an increasing problem -- companies unaware that their systems have been accessed and their data dumped on an external, public network.

"We have found [company] data in the middle of other investigations,'' Henry said. "They are shocked and, in many cases, they've been breached for many months, in some cases years, which means that an adversary had full visibility into everything occurring on that network, potentially.''

In his years working with companies to build up their defenses, he found that many company executives recognized the severity of their problem while many others did not. Yet while those defenses were eventually strengthened, hackers still found a way inside. The government and companies alike seem to be outsmarted and outpaced despite their collective efforts.

"We've been playing defense for a long time. ...You can only build a fence so high, and what we've found is that the offense outpaces the defense, and the offense is better than the defense,'' he said.

To read the full interview, head here.

UPDATE: The FBI contacted Tom's Hardware Guide and provided a clarification. "Mr. Henry was not discussing hackers in particular when he spoke to the Wall Street Journal. He made these comments with regard to all computer intruders to include state actors, organized crime and hackers."

Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then, he’s loved all things PC-related and cool gadgets ranging from the New Nintendo 3DS to Android tablets. He is currently a contributor at Digital Trends, writing about everything from computers to how-to content on Windows and Macs to reviews of the latest laptops from HP, Dell, Lenovo, and more. 

  • erunion
    Tom's failed to quote this part of the original article:

    "His comments weren't directed at specific legislation but came as Congress considers two competing measures designed to buttress the networks for critical U.S. infrastructure, such as electrical-power plants and nuclear reactors."

    FBI director wants to nationalize the internet. Who's surprised?
  • frozonic
    finally they speak with the truth: THEY ARE NOT WINNING THE WAR AGAINST HACKERS.
  • "War" against hackers? Bwahaha, what's up with Americans and all their so-called "wars"?!
  • aoneone
    do you fink they r winning the war against good ol' drugsola? because you kno... i likes drugsola...
  • dimar
    What would it take to make piece with the hackers? What are the main reasons hackers do what they do? Surely only tiny percent of hackers do it for fun.
  • DroKing
    Good I dont want FBI or any lazy fat Organization to win a way so we can continue to propser in our freedom before they aim to take all of our AMERICAN RIGHTS away. We must fight them.
  • shardey
    Now the DEA should come out and say that they are not winning the war on drugs.
  • dextermat
    Not winning the war against hackers, not winning the war against drugs, not winning the war against terrorism, not not winning the war against the bad economy....

    epic fail! US.

    Just keep wasting public money away until the elastic comes back slapping you in the face!!!
  • jhansonxi
    I recently read an interesting book, The Alexandria Project, that is a fictional account of hackers infiltrating government networks on behalf of a foreign government.

    One problem with computer security is the common belief that security is a product that you buy to make your computer safe. Computers are not toasters and safe usage requires more knowledge on the part of the user.

    One concern with any government-sponsored security solution is that gives them (and their political supporters) more power over you.
  • memadmax
    The only computer safe against hackers is one that is disconnected from the internet....

    And even then, that still leaves the "human" element as a security risk.