The true cost of these three capers will never be adequately tabulated. Some questions will remain unanswered. Certainly, they amounted to an extraordinary series of shakedown cruises for investigators in law enforcement and the military. Along the way, they broke new ground and cultivated it. For example, they honed their investigative skills, developed new forensic tools, and established protocols for handling multi-agency and multi-country investigations. But perhaps the most striking common denominator in all three cases is that the juvenile hackers involved used known vulnerabilities for which CERT advisories had been issued and patches were available.
Whats the point? Law enforcement and the military are clearly getting better at investigating, making arrests, and prosecuting such crimes, but the organizations targeted are not getting any better at preventing them. In Chapters 15, 17, and 18, I will discuss some of the reasons for this strange state of affairs.