L.
Taylor
-
August 21, 2000
Problem
Fighting cybercrime is complex and time-consuming. One case can involve
a multitude of computer systems, networks, and administrators, and requires
the cooperation of all system owners, and sometimes many nations, in order
to find the perpetrator. Due to their love of technology, their education,
training, and experience, it is not uncommon for security industry professionals
to be far more qualified and adept at resolving cybercrime than law enforcement.
Though
the FBI thrives on reaping assistance from industry security professionals,
many industry security experts are reluctant to help the Federal law enforcement
agency when it comes to cybercrime. Though it makes it a lot more difficult
for the FBI to track cybercriminals without the help and cooperation of
private industry, savvy security experts are not lining up to help. This
lack of respect that industry professionals have for the FBI results in
cases taking longer to crack, and many going unresolved. It also often
leaves the Department of Justice looking like a three-ring circus.
Background
Typically, when the FBI requests assistance from a security professional,
the kind of assistance they require is extensive which is to be expected,
given the circumstances. They need to understand the network topologies,
the systems affected, the points of entry, and need to locate, collect,
and analyze all the corresponding log files. All this data gathering and
analysis takes time.
Private
industry exists in order to create revenue. In this burgeoning Internet
economy, information technology resources are scarce. Inside of that IT
circle, information security resources are still more scarce. Taking time
out from daily security duties to assist the FBI in a case that may not
have directly impacted their own company's bottom line can actually end
up costing a company a significant amount of lost revenue. It's often
more cost effective to tell law enforcement, "No, no logs on any of our
systems that would be useful to you" than spend hours, days, or weeks,
combing through log files, systems, and backup tapes, only to hand them
over to a law enforcement agency that in many cases does not know what
to do with them.
Unless
log files have been subpoenaed, and therefore must be turned over as evidence,
there is often no return on investment when a company spends hours combing
through log files for data that may or may not be helpful or appreciated.
It
is not unusual for a company to charge $200 an hour for security consulting
services. If a security consultant spends a whole day assisting an FBI
agent, this can amount to $1600.00 a day in lost revenue for the consultant's
employer. For a service provider, a day without a security engineer can
also open them up to potential lawsuits, lost customers, and lost future
revenue streams. In short, it costs companies exorbitant amounts of money
to assist the FBI. Because companies allocate resources to assisting the
FBI and other law enforcement agencies, they need to have this "free consulting"
respected and rewarded.
In
the course of our study, we communicated with a wide-selection of industry
security experts from around the country. Some of these experts are ex-FBI
employees. In doing so, we would like to retell some of the experiences
that have been communicated to us, and would like to share certain trends
that we have identified that seem to hamper the cybercrime investigation
process.
Why
We Don't Help the FBI
Case 1: A Security Director at a well-known Internet company was
plagued with some serious domain hijacking problems. Domain hijacking
is when someone who does not own the dot-com name takes it over through
technical DNS manipulations, and uses it for their own, sometimes subversive,
purposes. In essence, this is kidnapping a domain name. This Director
spent a significant amount of time and resources identifying the perpetrator
of the attacks, down to documenting the name, address, and phone number.
This information was turned over to the FBI's Wasington, D.C. headquarters
office to investigate.
The
Director justified the case by presenting a considerable amount of evidence
that supported $2-3million worth of damages. The domain that was hijacked
was a very well known and lucrative domain name. A week after the incident,
the Director met with the FBI and submitted the initial report. In the
next 9 months, the only thing he heard was that according to the FBI agents,
the work the director's team had done saved the FBI several months of
time. The information in the Incident Report submitted to the FBI included
the suspect's name, address, parent's names, and almost everything required
to obtain a timely prosecution.
After
nine months, someone from the FBI contacted the Director, asking him to
re-submit the report, telling him that the report needed to be submitted
in person. (The Director had submitted the report in person nine months
earlier in the initial meeting.) The FBI agent said he would come to the
Director's facility to pick up the report. The Director was waiting for
the agent with yet another copy of this same Security Incident
Report.
When
this FBI agent arrived, he already had the report in his hands (due to
the in-person submission nine months earlier). He handed it to the Director,
and then said, "Now I need you to give it back to me so I can testify
that you submitted this report in person." The FBI agent handed the report
that the Director had written nine months previously back to him, and
instructed the Director to now give it back to the FBI agent. The FBI
agent then thanked the Director and said that now the FBI could begin
looking into the case. As of June 2000, the Director has still not heard
anything back from the FBI.
Questions
that come to mind are the following:
- Why is
the FBI not willing to receive reports from the public and private sector
electronically? The likely reason is that they do not use strong encryption
and therefore cannot adequately authenticate the original document owner.
- After
spending an enormous amount of time and resources identifying the perpetrator,
why was this Director not contacted for 9 months? Typically, professionals
who take the time to submit detailed reports are interested in seeing
a case come to closure.
- Was the
case even investigated? Not to the Director's knowledge.
- Was the
case documented in an Incident Tracking Database?
- Were
charges pressed? Was anyone prosecuted? Not according to the Director.
- Is this
perpetrator now hijacking other domain names?
The Director
has told TEC that he will not be taking the time to research and hand-over
evidence to the FBI in future incidents. His perception is that, "The
FBI is woefully under-equipped."
In the IT
world, things happen quickly - this includes engineering developments
and security breaches. The IT sector cannot afford to play bureaucratic
reporting games to the FBI that in the long run produce no results. The
FBI needs to be digitally equipped to securely accept information sent
to them electronically. A trend that we noticed in talking to information
security experts is that the wheels of justice are very slow.
Case 2:
An Internet dot-org group (a non-profit Internet company) that was being
managed by security experts was trying to assist the FBI in the February
9th, distributed denial of service attacks. They went through the trouble
of putting up a private link, just for the purpose of providing information
and evidence to the FBI. They provided the FBI with IRC chat logs, and
names and contact information of people who had actually confessed to
participating in the crime. The dot-org group said that the FBI chose
to not even access the link with the details of the crime.
Questions
that come to mind are the following:
- Why did
the FBI choose not to access the electronic evidence?
- Was the
information entered into an Incident Response Database?
- Has the
perpetrator been instigating new denial of service attacks?
Looking at
Cases 1 and 2, we may surmise that if evidence is not presented in person,
the FBI is not interested in reviewing it.
Case 3:
An Internet dot-org group identified multiple perpetrators of web-site
defacement - digital graffiti. They presented this information to the
FBI, and never heard anything back.
Questions
that come to mind are the following:
- Was the
information entered into an Incident Response Database?
- Was the
case even investigated?
- Has the
perpetrator been defacing more web-sites?
Case 4:
A seasoned security professional became aware that his name was included
on a database of "well-known hackers" that was later sold to the FBI by
a competitor. The security professional has never engaged in unethical
hacking activities, and feels that his name was libelously and inappropriately
included in this database of "well-known hackers" for spiteful, competitive
reasons. Since the FBI purchased this database that was established without
verification, the security professional feels that the FBI in conjunction
with the begrudging competitor, may have potentially damaged his professional
reputation. In light of this transgression, the security professional
is no longer interested in assisting the FBI.
Questions
that come to mind are the following:
- How can
a professional find out if his/her name is being erroneously catalogued
in an FBI database?
- What
sort of verification processes does the FBI use when purchasing non-qualified
information?
- What
other kinds of non-qualified information of criminal activity does the
FBI purchase?
Case 5:
A security expert spent an enormous amount of time doing forensic work
and analysis in tracking down a well-publicized hacking incident. The
information was reported to the FBI, only to have the FBI take credit
for doing the expert analysis, while never paying a cent for consulting
services.
Case 6:
A security contractor who was working for a federal agency had the website
that he was administering defaced by a cyber vandal. Instead of helping
him identify the perpetrator, the FBI questioned him for hours, suggesting
that a colleague of his had participated in the incident. Although it
was never proven, the FBI insisted there had been some sort of duplicity
on the contractor's part, insinuating that he himself was somehow involved
in the crime in question. The real perpetrator was never identified, and
the security contractor no longer wants any association with the FBI.
Case 7:
A well-known ISP refuses to install the "Carnivore" surveillance tracking
device citing implementation and administration issues.
Questions
that come to mind are the following:
- Why doesn't
the FBI realize that asking one entity to invade the privacy of others
does not usually build relationships or trust? Most ISPs have contractual
privacy agreements with their customers that they must abide by. Installing
a device such as the Carnivore would in many cases be a breach of customer
contractual agreements.
- If the
FBI wants an ISP to perform some sort of service for them, why are they
not willing to become a legitimate paying customer and pay for implementation,
administration, and overhead costs?
Inside
the FBI
One security
professional told us that he found it easy to work with the FBI, but conceded
that he did this by circumventing the bureaucratic processes and accessing
resources through back doors at very high levels. He went on to say that
the FBI's cybercrime task force is clearly under-equipped.
The FBI does
not always do a good job of "marketing" what it does well. Naturally,
bad news always receives more attention in the press than good news. Our
research has indicated that one thing that the FBI does well is investigate
cyberpedophilia. Though many incidences of cyberpedophilia go unreported,
of the cases that are reported, the FBI has an impressive track record
of apprehending the perpetrators most of the time. Almost all cyberpedophilia
arrests lead to people going to jail. The FBI (and U.S. Customs) prosecutions
in this area have approximately a 99% success rate.[1] Keeping America's
children safe is an initiative that an overwhelming majority of security
professionals support and are often eager to help in this area.
[1] Source:
Parent's Guide to Protecting Your Children
in Cyberspace, by Parry Aftab
Recommendations
for Resolution
- If the
FBI requires the assistance of private industry to conduct investigations,
they should pay for it like everyone else. Providing free services to
Federal agencies is not something that businesses are setup to do. Managing
security incidents is a business. If the FBI needs to outsource, they
should be paying for this service. If the FBI pays for the necessary
IT services they require, they will likely see a resounding change in
the willingness of information security professionals to assist them.
The FBI does not manage incidents - they investigate and prosecute suspects
that may cause such incidents.
- The FBI
needs to start giving credit where it is due. If an industry professional
does all the leg work in tracking down a cybercriminal for free, they
should be credited appropriately for their expert analysis and the time
they contribute. Begging others for clues, and then taking the technology
credits for doing the expert analysis done by someone else does not
go over well with industry professionals.
- Industry
professionals who understand information security, also understand technology
privacy implications more than most people. They are somewhat leery
of involving government agencies in general due to the belief that in
the future, true privacy will be available only for those with the privilege
of a technology education.
- Lawmakers
need to understand technology in order to regulate it. Most lawmakers
and Federal agencies are to a large degree, technology illiterate. Knowledge
helps one gain respect. Law enforcement needs to build productive relationships
with America's IT security community to better increase their knowledge
base.
- Our research
indicates that the metropolitan FBI offices are fighting and managing
cybercrime somewhat independently of each other, each having their own
processes for investigations. These processes need to be standardized
across all FBI offices in order for the FBI to become truly effective.
Private industry needs to understand the investigation process in order
to provide better assistance. A former employee of the FBI commented
that the FBI cybercrime unit is surprisingly decentralized.
- On occasions,
when private industry has proactively sought out the FBI for assistance,
it has been reported that various FBI offices seem uninterested in assisting
private industry - an attitude that has an off-putting effect. If an
information security engineer has had a previous experience where the
FBI has shown no interest in providing assistance, the FBI can expect
a similar attitude from the information security engineer in the future.
Secure Mobile ERP—Is It Possible? | SAP HANA—One Technology to Watch in 2012 (and Beyond) | Demystifying SAP Solution Manager | Cloud Assets: A Guide for SMBs—Part 3 | I Want My Private Cloud | The Sum of All Malware Fears: Siemens on Stuxnet | Managing the Overflow of E-mails | Security Risk Assessment and Management in Web Application Security | Are You Adequately Protecting Your IT Infrastructure Components Inside the Firewall? | Enterprise Resource Planning Giants Eye the Shop Floor | The Pain and Gain of Integrated EDI
Part One: The Pain of Integrated EDI | The Next Phase of Supplier Performance Management in the Retail Industry | Who Else is Using Your Wireless Network? | Information Security Firewalls Market Report
Part Two: Current Market Trends and User Recommendations | Information Security Firewalls Market Report
Part One: Market Overview and Technology Background |
The Instant Supply Chain Challenge | Inovis Delves into PIM by Snatching QRS
Part Five: Challenges and User Recommendations | Inovis Delves into PIM by Snatching QRS
Part Four: Market Impact | Inovis Delves into PIM by Snatching QRS
Part Three: QRS Background | Inovis Delves into PIM by Snatching QRS
Part Two: QRS Marketing | Automated Enterprise: Many High-ROI Opportunities | Secure Transfers of Large Files Over the Internet Using YouSendIt | Fed Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply?
Part Two: Challenges and User Recommendations | Feds Warms Up to ERP Spending, but Will Contractors and Their ERP Vendors Comply?
Part One: Event Summary and Market Impact | International Trade Logistics Challenge Automated Global E-Trading | Product Review: GFI's LANguard Network Security Scanner | The Best ACT! Is Still to Come | HIPAA-Watch for Security Speeds Up Compliance
Part Two: Phase III and IV, and Product and User Recommendations | HIPAA-Watch for Security Speeds Up Compliance
Part One: Vendor and Product Information | EAM Versus CMMS: What's Right for Your Company? Part One | GXS Acquires HAHT Commerce or More Synchronized Retail B2B Data
Part Four: Challenges and User Recommendations. | GXS Acquires HAHT Commerce for More Synchronized Retail B2B Data
Part Three: Market Impact | GXS Acquires HAHT Commerce for More Synchronized Retail B2B Data
Part Two: HAHT Commerce | Using PKI to Protect Your Business Information | Sales and Operations Planning
Part One: Identifying and Forecasting Demand | The CyberAngel: Laptop Recovery and File Encryption All-in-One | Evaluating Enterprise Software-Business Process or Feature/Function-Based Approach? All the above, Perhaps?
Part Three: Knowledge Bases and User Recommendations | InsideOut Firewall Reporter Unravels the Mysteries of Your Firewall Logs | SCE Leaders Partner To See Beyond Their Portfolio
Part Three: Challenges and User Recommendations | When the Bigger Fish Eats the Smaller to Become a Bigger Fish | The Future of Secure Remote Password (SRP)
Part Two: Overcoming Obstacles to Success | The Future of Secure Remote Password (SRP) | Integrated Security: A New Network Approach
Part Two: The Shift Toward Integration | Integrated Security: A New Network Approach | Vendor Analysis: Kaspersky Anti-Virus Products Examined | Increasing the Value of Your Enterprise Through Improved Supply Chain Decisions
Part 3: Conclusion | 6 Immediate Business Improvements Offered by an Online SRM System:
Part 3: Other Points to Consider | Hosting Horrors! | Legacy Single Sign-On: Novell, Evidian, IBM, PassGo, or Computer Associates? | Fourth Shift's evolution Within SoftBrands' DemandStream | The Intranet Has Come a Long Way: Where is it Going Next? | The 'Joy' Of Enterprise Systems Implementations
Part 4: User Recommendations | The 'Joy' Of Enterprise Systems Implementations
Part 3: Causes of Failures | The 'Joy' Of Enterprise Systems Implementations
Part 2: Implementation Key Success Factors | The 'Joy' Of Enterprise Systems Implementations
Part 1: Inexorable Statistics | OKENA Brews Up a StormSystem that Secures All Applications | Appointment Scheduling - Achieving the Positive Ripple Effect
Part 2: A Solution | Siebel Rallies Its Integration Alliance Troops
Part 2: Market Impact | Siebel Rallies Its Integration Alliance Troops
Part 1: Recent Announcements | Incident Handling and Response Capability: An IT Security Safeguard
Part 2: Establishing the Capability | Incident Handling and Response Capability: An IT Security Safeguard
Part 1: Are You Ready to Support an Incident Response Capability? | Outsourcing Security
Part 3: Selecting a Managed Security Services Provider | Outsourcing Security
Part 2: Measuring the Cost | Outsourcing Security
Part 1: Noting the Benefits | Vendor Review: SecureWave Protects Microsoft Operating System Platforms | Thanks to a Smart Little Company called Lexias, CIOs Can Now Empower their Users to Assist in eBusiness Security | Feds Buckle Down on Customer Information Security | Identix Leads Biometric Authentication | Bootcamp for the Pros; Why Ernst & Young Will Lead Security Auditing Standards | Vendor Analysis: Interliant's Security Vulnerability Assessment | OKENA Pioneers Next-Generation Intrusion Prevention | PipeChain Adds Pragmatism Onto Simplicity | Social Engineering Can Thwart the Best Laid Security Plans | Application Single-Sign On: Netegrity, Securant, or Evidian? | Lost Your Laptop? The CyberAngel® Brings It Back | InsideOut Makes Firewall Reporting Useful | Optimizing The Supply Chain Network And Reducing Distribution Costs - Part 2 An Andersen Point Of View | The Retail Industry: Improving Supply Chain Efficiency Through Vendor Compliance - An Andersen Point Of View | Optimizing The Supply Chain Network And Reducing Distribution Costs - An Andersen Point Of View | PRISM Users Get A Dedicated, Independent Web Community | ERP Trivia - Every Why Should Have Its Wherefore
Part 2: ERP Key Success Factors | ERP Trivia - Every Why Should Have Its Wherefore
Part 1: ERP Trends | The SOAP Opera Progresses - Helping XML to Rule the World | Nortel and Clarify: Was There Ever Synergy Enough to Support this Marriage? | New Era of Networks Gets Blinded By the NEON | SCT Corporation Means (e)Business For Process Manufacturing | EAI Market Consolidation Continues With Peregrine Acquisition of Extricity | A New Era Dawns for Sybase | Performance Management Simplified by MSPs | Tibco Takes a Pragmatic Approach to Multicasting | Talarian and NextSet Team for B2B Solutions | Manugistics Lays Groundwork For Talus Integration | QueryObject Partners With Cognos | Quantum Snaps Off Its NAS Group | Tempest Creates a Secure Teapot | E*Trade Ignores Private Security Warning, But Public Hullaballoo Gets Response | Navision Executes At a Slower Pace | eMachines to Ship Appliance | Sun Buys Cobalt | My Network Engineers are Talking about Implementing Split DNS. What Does that Mean? | VA Linux Releases NAS Server | eConnections Expands Web With IPNet | New Internet Appliances Coming from Compaq | Lipstream Speaks to Kana | Human-Machine Interaction Company Ramps Up Firewall Product Line | Security Information Market Heading for Growth | Alibris Charged with Intercepting Email | Remedy Welcomes You To Your New Office. Now Get To Work! | Peregrine Welcomes Loran to Its Nest In Network Management Matrimony | i2 Paints Broad Strokes at eDay | Cart32 in Need of Duct Tape | More Marketplace Success For Manugistics? | Deutsche Telekom to Acquire VoiceStream Wireless | Firewall Cowboyz Set the Stage to Free Innocent Convict | Lasership.com Looks To Descartes For Same-Day Delivery Help | Symantec Swallows AXENT; Takes on Network Associates | Novatel Wireless and Diversinet Team Up to Provide Security for Wireless Modems | Concur Gives Up The Boast | Red Hat Releases Clustering Software | Windows 2000 Bug Fixes Posted | Baltimore Technologies Doubles Revenues, Offers World-Class PKI Hosting | The Whys and Hows of a Security Vulnerability Assessment | Earthlink Leads the Way in DSL Security | PKI and Biometrics Ready for Take-Off | AT&T Has a Thing for Media | Secure Transport of EDI and XML for Trading Exchanges | Compaq and IBM Alliance for Storage | Can You Trust Entrust? | Marketing and Intelligence, Together at Last | Standard & Poor's Announces Security Certification | Evaluating the Total Cost of Network Ownership | Check Point Leads Firewall Market | Dell Snags Motorola’s Grzelakowski to Lead Wireless Business Unit | Fighting Cybercrime on the Internet | NetWare for Small Business – NetWhy? | Let Your Hard Drives Tell You Where they Are! | New Storage Array from Sun | E&Y Spins-Off eSecurity Online and Unveils Security Vulnerability Assessment Services | Technology Project Selection and Management in Community Banks | ASP Infrastructure: The Party Has Started | With Record Revenues, AXENT Puts Down a Solid Fist | NAI Will Pay Trend $12.5 Million Resulting from Law Suit | Sub7 Tells Chat Rooms All Your Stuff; F-Secure Leads the Battle | Cobalt Releases Linux "Clustering" Software | E-Cash Rollout Replaces Amex | More Infrastructure Support for CyberCarriers | Intranets: A World of Possibilities | GSA Schedule Partnership Gets Network-1 in the Door | Los Alamos Loses Top-Secret Information, Again! | Standard & Poor's Exposes Customers' Security | The AS/400 Takes You Securely Where You Want to Go | Multi-mode ADSL Heads for the Mountain | Applix Still Shows a Presence in the OLAP Market | Cisco’s Complete Network in a Box | Trend Micro Steps into PDA/Wireless AntiVirus Information Market | Manugistics To Help Amazon.com In Global Expansion | Gateway & AOL Follow Crusoe’s Footprints | Microsoft Tech Ed 2000 Win2K Attendee Network Fails Miserably | CryptoSwift Takes Rainbow Revenues Up 620% | Layer 3 or Bust | Ariba Gains Legs Courtesy of Descartes | Eppraisals.com Gives Lante High Marks | Secure in a Foundry | Smart Shoppers Go Abroad for Affordable Information Security Programs | Anti-Virus Advisories: Rating Them | The Arrow Now Points To Cisco | Network Appliance to Ship Sub-$10K Caching Hardware | The 7 Habits of Highly Effective Security | Compaq Reorganizes Again | 1 Little GB, 2 Little GB, ..., 10 Little Gigabit | Fischer’s Prio! SecureSync ~ A Solution to Enterprise Directory Chaos | Just One Hop Away From San Jose | Will Solomon Finally Satisfy Great Plains’ Insatiable Appetite? | Abandon All Insecurity, Ye Who Enter Here | Extreme Networks BlackDiamond Product of the Year | Top 10 Excuses For Not Securing Your Website or Network | AMD Server Plans De-Railed | Ernst & Young Leads Big 5 in Security | 6 Days After Advisory Posted, AboveNet Gets Hit | Cisco to Become a Player in the DWDM | Napster Cooks up Soup-to-Gnutella Network Management Challenges | Voice-Over-Broadband Standards on the Horizon | A Firewall is Cheaper Than a Lawyer | Gigabit Transceivers ~ the Next Generation | USinternetworking and AT&T are Working the System | NeoModal Launches Corporate Ship On Promising Journey | Analysis of TeleCommunication Systems, Inc. Release of Menu Driven Wireless Web Capability For SMS | Navision Software a/s: Mid-market iNvasion | MCI WorldCom: “It’s not an age, it’s an attitude” | Fixing Security Backdoors:
Red Hat 1, Microsoft 0 | WAP Forum Specifies RSA’s RC5 Encryption For Wireless | Netpliance Responds Quickly to Hardware Hack | SynQuest, Ford Deliver a Novel Application for Inbound Logistics | Strategic Partners or Merger on the Horizon? | SynQuest Teams With InterWorld for Internet Sales and Fulfillment | USi to Offer Managed Messaging for U.S. Feds | Security Stocks Burn Rubber | Mirapoint ~ ISP Messaging Solution in a Box? | Navision Becoming More Visible | A Forum for Wireless Standards…About time isn’t it? | DSL Provider Scoops up Netscreen Firewall Goldmine | Cyclone Untangles Digital Partnerships | Security Begins on Your Desktop | Network Associates Hopes to Rekindle the Flame | Novell Uses XML, LDAP, NDS to Manage AD, IOS, etc. | Hacker Publication Gets Top Defense Attorney | HP Reorganizes Storage Group, Addresses NAS-cent Market | Concur eWorkplace Projects Vision Onto Desktop | How 3Com, Became 1Com | Saudi Arabian Network Security Provokes Local Considerations | Cisco: IPv6 is Coming, Eventually | Gosh, There’s a Bug in Windows 98 | Robust Systems are Built from the Bottom Up | IBM is Not Enough; Ariba Announces Strong Partnership with Amex | USinternetworking: One Suite ASP | DOJ Keeps Low Profile on Curador; Protect Your IIS Server Today! | Information/Internet Appliances | Agilera.com – A new era for the web? | Security Breach: Now What? | PeopleSoft's CEO Steps Down | Descartes Evolution Yields Revenue Growth But No Profits | PeopleSoft, Lawson To Resell Integration Tools | MAPICS, Inc. to Acquire Pivotpoint, Expanding e-business Offerings for Mid-Sized Manufacturing Establishments | Microstrategy Moves Up with e-Business | Seagate Technology Refocuses its Software Business | The New Manugistics Debuts eBusiness Products | Concur's Customers Can Network Now | AT&T's Ecosystem | E-commerce Grass Getting Greener | Commerce One Meets GM: Web Now Has A Really Big Parts Department | Dynamic Ariba Trades Up | AMERICAN EXPRESS Selects TRADEX To Build New Business to Business Commerce Network | So Does your e-Business Provider have Internationally Recognized Tools in its Digital Business Consulting Toolkit? | 3Com Will Route Customers to In-house Web Design Firm | Total Uptime Guarantees? It Must Be A New Millennium! | Adsmart Blazes Vertical B2B Trail | Expedia Relaxes Registration Requirement | Be There or Be Square? David and Goliath Team on bCentral Auction Site | Ariba to Leave Integration to Specialists | Bank is First Mover in Canadian E-Commerce | Concur Scores A Bingo | Commerce One: Connectivity Improved | GE Comes to Lunch. Want to Guess Who the Appetizer Will Be? | News Analysis: Dot.Coms Getting Bred By Scient: Will Scient Spawn Into a Giant or Will Andersen Have the Edge? | Why Not Take Candy From Strangers? More Privacy Problems May Make Ad Agencies Nutty | Sendmail, Inc. and Disappearing, Inc. Team Up to Add Enhanced Security | Dell to Acquire ConvergeNet International | Palm Tries to Take the Desktop in Hand | Cisco Tries to Cache In By Buying Software Start-Up Tasmania Networks | Is Your Financial Transaction Secure? | Compaq, HP, IBM, Intel and Microsoft Create New PC Security Alliance | Expect Boom in Electronic Signatures | Secure Your Search Engine | President Proposes Security of Medical Records | Sendmail Takes Security to the Next Level with Version 3.0 for NT | CheckPoint & Nokia Team Up to Unleash a Rockin' Security Appliance | Trend Micro Anti-Virus Server for Microsoft Exchange ~ A Secure Choice For Enterprise Wide Anti Virus Protection. | Security Snafu at NetBank | Freeware Vendor's Web Tracking Draws Curses | The "S" in SAP Doesn't Stand for Security (that goes for PeopleSoft too) | Content Technologies releases MIMEsweeper PolicyPlus | Hackers Will Be Out in Full Force On New Year's Eve | Analysis of Virgin Net's Hacker Scare | Network Associates RePositions Itself as a Security E-Village | Lexiguard™: The Coming "Adobe Acrobat" of Encryption | CyberPeepers from Korean Sites Peek at U.S. Networks | Would You Hire a Hacker? What Would Your Mother Say? | @Home Scans Own Customers | CIOs Need to Be Held Accountable for Security | New Market for Security Insurance | At Least Your Boss Can't Read Your Home E-mail, Right? Wrong! | PrettyPark Virus Litters Cyberspace | Compaq and Samsung in Deal to Save Alpha | Packard Bell / NEC Leads Secure Etoken Deployment | Congress Acknowledges Outdated Banking Laws | SSA: Evolving into systems integrator to survive | JBA: Will it remain "@ctive Enterprise"? | Advanced Planning and Scheduling: A Critical Part of Customer Fulfillment | WorldCom SPRINTs, Nokia/Visa Pays Bill, & Service Providers Gear for Wireless Tsunami | How Secure is Your E-Mail? | Trend Virus Control System - A Centralized Approach to Protection | An Analysis of Trend Micro Systems - Who They Are and Where They're Going | Network Engines, Inc. - Double the CPUs for Web Serving | Server Appliances - "Caching" In on Internet's Growth | VPNs Are Hot, but What Are They? | ATM Machines Hacked in Moscow | How To Mitigate Holiday Cybercrime | Surf's Up at Akamai |