http://www.techweb.com/se/directlink.cgi?WIR1997061910 Hackers' Dark Side Gets Even Darker By Douglas Hayward LONDON -- The hacker community is splitting into a series of distinct cultural groups -- some of which are becoming dangerous to businesses and a potential threat to national security, an official of Europe's largest defense research agency warned Thursday. New types of malicious hackers are evolving who use other hackers to do their dirty work, said Alan Hood, a research scientist in the information warfare unit of Britain's Defense Evaluation and Research Agency (DERA). Two of the most dangerous types of malicious hackers are information brokers and meta-hackers, said Hood, whose agency develops security systems for the British military. Information brokers commission and pay hackers to steal information, then resell the information to foreign governments or business rivals of the target organizations. Meta-hackers are sophisticated hackers who monitor other hackers without being noticed, and then exploit the vulnerabilities identified by these hackers they are monitoring. A sophisticate meta-hacker effectively uses other hackers as tools to attack networks. "Meta-hackers are one of the most sinister things I have run into," Hood said. "They scare the hell out of me." DERA is also concerned that terrorist and criminal gangs are preparing to use hacking techniques to neutralize military, police and security services, Hood said. Other cultural groups evolving within the hacker community include gangs known as elites, who form closed clubs and look down on those ordinary hackers who employ commonly used attack tools, Hood said. "These guys [elites] develop their own tools," Hood said. "They get a camaraderie and an appreciation of their prowess from their peers." Another group -- known as "darksiders" -- use hacking techniques for financial gain or to create malicious destruction. They reject the classic motivation for hackers, which is to gain a feeling of achievement and authority, Hood said. "Hackers don't see electronic trespass as wrong per se, but the important thing about darksiders is that they cross the line [drawn by hackers] and start to be bad guys," he said. "That generally means they do it for gain or to cause harm." Users should stop believing they can build security systems capable of repelling any attack from hackers, Hood added. Instead, organizations should concentrate on minimizing the damage caused by attacks, and on deterring hackers. "I don't believe you can stop every hacker forever," Hood said. "All they need is one new technique you haven't heard about. But what you can do is minimize the target, by using knowledge and resources." According to DERA, users should divide their anti-hacker strategies into deterrence, protection, detection and reaction. Deterrence means making it so difficult for hackers that most give up and try another target, Hood said. Protection means more than installing firewalls and security software and procedures; it also means getting to know your system and removing all but essential content. "Everything you have on your system is at risk -- you should strip out anything you don't need," Hood said. "Make sure your system does what you want it to do -- no more and no less -- and make sure you have procedural policies to stop social engineering. If someone rings up and says they have forgotten their password, the person at the other end of the phone shouldn't automatically say OK and give them a new one," Hood said. Social engineering is the term used by hackers to describe how they obtain passwords, confidential information and credit by deception. Users should install monitoring software, preferably with the ability to detect attacks in real time, and should react to everything that looks out of place. DERA employs 14,00 staff and has a budget of $1.5 billion. Hood's division, the command and information systems division, is responsible for secure communications and information warfare and employs more than 500 scientists and engineers. -o- Subscribe: mail majordomot_private with "subscribe isn". Today's ISN Sponsor: Dimensional Communications (www.dim.com)
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:52:06 PDT