Y2K's Real Lessons

I am reporter. Hear me crow. Not only was New Year's Eve a nonevent for hackers as I suggested it might be in my Dec. 13 column, "Evil-Code-Fix Myth" (www.computerworld.com/home/print.nsf/all/991213D0B2), but Y2K hacking activity was actually lower than normal.

Take the International Computer Security Association (ICSA), a software testing and security services vendor in Carlisle, Pa., which monitored more than 1,000 client sites. Says Peter Tippet, founder and chief technology officer: "We had two calls, neither of which were related to hacking or security incidents."

But before you clip my December column for your Y2K dartboard, think of this:

Prevention is better than a cure. As a result of press warnings, vigilant Computer Emergency Response Teams (CERT) worldwide kept watch for Y2K security incidents from Dec. 30 through Jan. 3.

"It would be the worst opportunity to try and hack into a system because the attacker would be noticed instantaneously. So you could say all this work was preventative," says a sleepy Ken Van Wyk after pulling 12-hour shifts for three days. Van Wyk is the CTO and vice president at the security services firm Para Protect Inc. in Alexandria, Va.

For anyone wondering, here's what really went on over our New Year's weekend.

And it's a snoozer:

Tippet's top man, David Kennedy, who runs the ICSA's Recon group, spent the night monitoring incoming data from his home. But mostly he just watched football. He was asleep by 1:30 in the morning.

Mike Young, manager of the data security department at the online auction site QXL.com in London, worked 10 19-hour shifts preparing for new Y2K viruses he'd read about. "We closed down our link to the Net, put up redirects through our firewalls and had log monitors running," Young explains.

When the big weekend arrived, Young and his staff passed the time drinking "good champagne" and watching the fireworks on TV at the office.

Things were "quite slow" at critical U.S. Army networks across the country, according to Jeffrey Hormann, commander of the Army's Computer Crime Investigative Unit in Fort Belvore, Va.

Yes, scans, pings, Internet Control Messaging Protocol probes and denial-of-service attempts were reported. Between Dec. 31 and Jan. 3, the SANS Institute posted 32 such incidents. And Carnegie Mellon University's CERT in Pittsburgh received about 30 incident reports per day, which is normal, according to Jeffrey Carpenter, senior Internet security technologist at the Carnegie Mellon CERT.

So besides watching those journalists who printed claims made by fear-mongering vendors eat humble pie, consider this:

1. Wouldn't it be great if we could monitor our networks this carefully all the time? Attackers wouldn't have a chance.

2. It's better to be overprepared than underprepared.

Think of this as a fire drill that may have helped stave off hacker attacks worldwide.

Deborah Radcliff is a Computerworld contributing writer in Northern California.

Contact her at derad@aol.com

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about AOLCarnegie Mellon University AustraliaCERT AustraliaFireworksICSAMellonSANS InstituteThe SANS Institute

Show Comments