Re: [ISN] ICSA employes an undercover hacker spy.

From: mea culpa (jerichot_private)
Date: Sat Jul 04 1998 - 20:48:42 PDT

  • Next message: mea culpa: "Re: [ISN] ICSA employes an undercover hacker spy."

    Reply From: Brian Macke <macket_private>
    
    Forgive my shady memory, but wasn't there an article on this list less
    than a month ago stating that ICSA didn't hire "black hats", or as the
    article put it "reformed hackers"?
    
    [Moderator: 6-15-98 "First-Ever Insurance Against Hackers", an article by
     Therese Poletti from Reuters says:
    
     "Then, ICSA tests a client's security by using typical hacker methods,
      through its 100 or so employees, none of whom are reformed hackers."
    
     Ya know.. it says "not reformed". This means they could hire unreformed
     hackers still active in the scene. Wonder which it is...]
    
    
    It seems like ICSA's been shaving with Occam's razor lately if they're
    willing to hire someone that stalks hackers in the shady back rooms of the
    Internet (i.e. The guy reads BUGTRAQ. Big Friggin' Deal.) - yet won't hire
    someone who might have done some bad things in their past. Maybe they just
    prefer to have their hackers be script-kiddies?
    
    
    > Forwarded From: William Knowles <erehwont_private>
    > 
    > [Forbes Digital Tool, By Adam L. Penenberg] (http://www.forbes.com)
    
    > ICSA [...] hired J3 (not his real name [)]
    
    Really now? I'm glad that Forbes clarified that point.
    
    > J3 is very busy. Recently, a group of European hackers released 
    > a Trojan horse-like program that would enable them to set up 
    > backdoors in geeky programs known only to network administrators, 
    > such as "named" programs related to domain name servers, a basic 
    > component of any network connected to the larger Internet. J3 
    > found out about it in the course of his monitoring, passed it 
    > on to ICSA, and the company informed CERT (Computer Emergency 
    > Response Team) which posted an advisory.
    
    Can anyone verify this story? It sounds all too hokey to be true. The BIND
    vulnerability was one of those annoying hacks that didn't see first light
    on BUGTRAQ, or even USENET. It was my understanding that CERT got first
    word from people who got hit, and was without verifiable source to begin
    with. They're notifications were quite humourous for their lack of
    concrete evidence of WHAT was happening.
    
    > "I'm proud of a lot of the work we do," J3 says. "I've found a
    > company's entire password file posted to a web site, or that 
    > hackers have root in a network or that a merchant site with a 
    > database of credit cards has been compromised. I then contact 
    > the companies and warn them."
    
    Before or after they front the $20,000 blood money for ICSA?
    
    > J3, who works mostly nights since the Internet never sleeps, 
    > isn't just a full-time worker. He's also a graduate student 
    > working on his Ph.D. in psychology. And his area of study?
    >  
    > Hackers, of course.
    
    Love the Scooby Doo ending. Wish all Security incidents ended with a
    punchline.
    
    > -o-
    > Subscribe: mail majordomot_private with "subscribe isn".
    > Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    > 
    
    -Brian James Macke					macket_private
     Unix SysAdmin/Security Specialist			Telegroup, Inc.
        "In order to get that which you wish for, you must first get that which 
         builds it."			-- Unknown
    
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:55 PDT