m5@vail.tivoli.com (Mike McNally) asks:
... the article included a claim that there have been 250,000 attempted break-ins on DoD computers over the past year.
Does anybody know how they count that?
The number comes from the recent GAO report, which provides it as an estimated upper bound of the number of attacks. Notice how rapidly the press loses the distinction between an estimated upper bound and a hard number. The GAO report claims that 559 attacks were reported on DOD machines last year, and that "only 1 in about 150 incidents" are reported. That comes out to less than 84,000, and I'm not sure where the extra factor of 3 comes from. The GAO report is vage about the distinction between "reported" and "successful" attacks in statistics from different sources, and this may account for some of it. The GAO report also gives statistics from recent penetration work done by DISA. What they did was mount a bunch of attacks on DOD systems and see what happened. They claimed a 65% success rate. Only 4% of the successful attacks were detected, and only 27% of those detected were reported back up the line to the Pentagon. It's an interesting report. It's gao/aimd-96-84, and you can get it via their website at (no kidding) http://www.gao.gov Rick. smith@sctc.com secure computing corporation