[ISN] Disorder saves the day

From: mea culpa (jerichoat_private)
Date: Tue Jun 30 1998 - 00:51:29 PDT

  • Next message: mea culpa: "[ISN] AOL Hacker Pleads Guilty"

    [Moderator: 'Disorder' is the name of the conference, NOT an individual.]
    Forwarded From: Nicholas Charles Brawn <ncb05at_private>
    (url:  http://www.smh.com.au/computers/content/980630/news/news2.html)
      Disorder saves the day
         Who you gonna call when your IT systems get raided? SUE LOWE talks
         to the new security consultants.
         The ethical hacker. It sounds like the oxymoron of the late '90s,
         but according to the three co-founders of Disorder, a start-up
         company intent on teaching Australia's private and public
         organisations about IT security from a hacker's perspective, being
         a well-behaved hacker is very much in vogue.
         "Hacking is one of those words people argue about a lot," says
         Stephen James, who at 28, is the oldest of Disorder's management.
         "A hacker is someone who breaks into systems but once inside they
         don't cause any harm. What they do is illegal and we certainly
         don't condone it - but once inside they don't steal or modify data,
         they don't install viruses and so forth. Crackers do. Crackers
         break in and break the system."
         James has been running his own security auditing consultancy, ITAC,
         for the past four years. His company has been contracted by banks,
         stock exchanges and government departments to find, and help fill,
         the holes in their IT systems.
         Before that he spent 5 years as a senior security auditor with
         Price Waterhouse in the United States, making him roughly 19 when
         he started. It's obviously a good age. James's two partners in
         Disorder, Damien Mascord and Nick Brawn are both 19, both in their
         first year of computer science courses at university, and both have
         been poking into IT security holes for at least four years.
         Brawn complains the term hacker has been "Hollywood-ised" by the
         "You read about the hacks on the Internet, with Web pages destroyed
         and all this porn put up. That's just like ... to me, plain
         "There are kids with far too much time on their hands and for the
         most part there's no technical skill exhibited in the attack."
         But not all hacks - or are these cracks? - are considered juvenile.
         Brawn refers to recent attacks on government sites in Indonesia,
         staged purely to promote the cause of civil rights.
         "Three or four weeks ago there was an attack in response to the
         nuclear tests in India. The research site was hacked ... it was a
         protest," he says.
         As recognition of the "ethical hack" the perpetrators scored an
         interview with Wired magazine.
         At the other end of the bad guys scale are "Warez pups". Brawn
         describes them as "kids who have obscene fun in trading
         copyrighted, commercial software: games, productivity tools,
         Microsoft products. Some claim to be hackers but what they do is
         just immature."
         All three deny being bad guys turned good. Mascord and Brawn
         maintain they've gained their experience by finding all the holes
         in their own "vanilla" (straight out of the box) Unix servers,
         plugging up the holes, then seeing if their mates could break in.
         Disorder's immediate goal is to bring to Australia a trend that has
         gained significant notoriety in the US. The hacker-run security
         In the best traditions of DEF CON (DEF CON 6.0 will be held in Las
         Vegas at the end of next month), Australia's first SecCON will be
         held in Sydney on July 16 and 17.
         Guest speakers will include encryption and virus specialists,
         authors on the Australian "underground", even a couple of police
         David Caldwell, a detective senior sergeant with the Victorian
         Computer Crime Squad, says he's completely comfortable about
         sharing the podium with a bunch of hackers with an average age of
         "That's quite normal," he says. "A typical profile of a hacker is
         that they have a very good education, they've grown up with
         computers, and are between 13 and 29."
         But he too, has problems with the term hacker.
         "It describes such a wide range of activities. Some of it just a
         political statement. It's a '60s thing using current Year 2000
         technology," he says.
         There is, however, a lot more than political protest going on.
         Last year, computer-based crime was almost non-existent, or at
         least not being reported. Whereas, says Caldwell, "in the first six
         months of this year we were getting three to five reports a week."
         Reports of credit card-related fraud far outnumbered corporate IT
         system intrusions, but "that's not because they're not happening".
         But rather "reluctance about reporting them".
         Last year the computer crime unit surveyed 500 companies on IT
         security issues. Of the 54 per cent that responded "all had
         experienced intrusions in the last 12 months, but only 19 per cent
         had reported them".
         The most frequent reason given, says Caldwell "was lack of
         confidence in law enforcement agencies. I don't take it
         Even where unauthorised access had occurred, hackers and crackers
         still escaped most of the blame. "90 per cent were traced back to
         employees, consultants or contractors," he says.
         SecCON details are available via the Web site or from IBC
         Conferences on (02) 9290 1133.
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:07 PDT