All products featured on WIRED are independently selected by our editors. However, we may receive compensation from retailers and/or from purchases of products through these links.
SAN FRANCISCO -- Almost every day, Internet news sites break stories about newer and ever-more-dangerous breaches in computer security. But unless the story involves a virus named after a good-looking tennis star, it probably won't make the national news.
This worries Kevin Poulsen, a former hacker who now works as the editorial director of SecurityFocus.com. He was one of the speakers at the RSA Conference, a gathering of security professionals being held here this week.
Poulsen said that because several of the biggest hacking stories don't make the headlines, the public is mostly ignorant about what's been hacked, and what companies are doing to bolster security.
He cited last June's hack of the University of Washington Medical Center -- in which the admissions records of 4,000 hospital patients were stolen -- as a story that didn't make as big a media splash as it should have.
"The hospital didn't report the hack," Poulsen said, "and since law enforcement wasn't notified, nobody knew about it until the hacker himself contacted me. He was frustrated that they weren't doing anything to track him down."
That's one of the problems in the world of computer security: Many companies aren't inclined to report break-ins. Poulsen said that in some instances companies don't know the extent of the damage, and thus aren't even sure it's a serious enough breach to be reported to the authorities. Other times, companies just might not want the negative publicity.
After he reported the story on SecurityFocus many months after it had occurred, other media picked it up, but they missed the most important aspect, Poulsen said: "If it hadn't been for the hacker, we wouldn't have known anything. There could be any number of similar situations that we don't know about."
But there has been relatively little press on this silence of the hacked, said Poulsen.
There have also been few stories on hackers who have tried to take over entire pieces of network infrastructure, like the electric grid or the phone system. In the mid-1990s, for example, a group of hackers called the "Phonemasters" stole thousands of calling card numbers and broke into the systems that route telephone calls.
They managed to break into the Equifax credit-reporting databases, and also got access to the power grid and the air-traffic control system.
"And since so many things are done through the phone system, these kinds of hacks can be very dangerous," Poulsen said. "And even if your computer security is very good, you can't do very much without electricity -- as you guys in California are finding out."
The Phonemasters case was only reported as it neared its very last stages -- after the FBI spent four years hunting down the group and the hackers had been convicted.
Another trend that has gone largely unreported is how easy it is to bring down computer networks these days. Tech sites have spent a lot of virtual ink on stories about virus-making kits like the VBS Worm Generator, but the national media haven't noted the situation.
"(Hackers) are producing very clean, easy-to-use interfaces -- and these interfaces are making hacking look legitimate," Poulsen said. New Applications like SubSeven and Share Sniffer put a nice face on breaking into other people's computers, and Poulsen fears that the clean image could make cracking a kind of national sport.
"I was at a conference last year where they were showing a robot that painted graffiti on the sidewalk," Poulsen said. "(The exhibitors) would grab passersby and give them a chance to try it -- and they found that more than half of these people who wouldn't otherwise do graffiti would write with this robot. That's because the effect of what they were doing was masked by the interface."
Now, it's pretty clear why some computer security stories -- like the Anna Kournikova virus -- make headlines, while most equally important stories are ignored: They're not very sexy.
Poulsen noted that in Hollywood and on TV, computer experts are still treated as side-show freaks, and another under-reported story is that most shows and films about hackers are pretty bad.
"They made a movie about Kevin Mitnick, which wasn't released in the U.S. I had to go to Amazon.fr to get a DVD of it. And I have to say -- they made the right decision in not releasing it here," he said.
