[ISN] Chch fraud squad out to nail hackers

From: mea culpa (jerichoat_private)
Date: Wed Dec 02 1998 - 20:45:33 PST

  • Next message: mea culpa: "[ISN] Computerworld victim of spoof"

    [Moderator: Stomach is churning after this article. This Mr Chappell
     can't even make good stereotypes. I am posting this to the list 
     for amusement mostly.]
    
    Forwarded From: "Betty G.O'Hearn" <bettyat_private>
    
    http://www.press.co.nz/48/981201c7.htm
    
    December 01, 1998
    Chch fraud squad out to nail hackers
    by David Armstrong
    
    Catching computer hackers is time-consuming and costly, especially if
    offenders cannot be prosecuted, but new case-law research could give
    Christchurch police legal tools to clamp down on electronic vandals and
    fraudsters. 
    
    New Zealand has no laws to control electronic trespass and vandalism, says
    Detective Michael Chappell, of the Christchurch fraud squad, who
    specialises in information technology crimes. 
    
    [---]
    Hackers are socially inept people hell-bent on taking out their
    frustrations on others. -- Detective Michael Chappell, Christchurch fraud
    squad
    [---]
    
    However, while researching the setting up of a Computer Crime Unit, he has
    found English case law of people infecting other people's computers with
    viruses, who were charged with intentional damage. Mr Chappell will use
    this precedent for a case he is preparing. 
    
    After 2 years investigating hackers and the fraudulent use of computers,
    he categorises hackers in two groups: socially inept people "hell-bent on
    taking out their frustrations on others", and those using others' Internet
    accounts or credit cards to binge-surf the Net for free. 
    
    PC owners can minimise the chances of becoming victims of damage or fraud,
    he says. 
    
    Hacking is not rampant, but the high number of people using the Net raises
    its awareness. 
    
    The two incidents reported in recent weeks -- the deletion of 4500
    websites on Ihug's server, and the infiltration of Xtra accounts -- caused
    a stir. 
    
    Hackers who use someone else's password and ID for Net access can be
    charged with fraud, says Mr Chappell. Catching them involves analysing
    phone-use logs and asking Internet service providers (ISPs) to trace
    connections. 
    
    Mr Chappell has dealt with six complaints of this nature in Christchurch
    in the last two weeks. A typical unauthorised access bill is about $300. 
    
    Hackers can get into accounts by several means, he says. They can run
    automatic phone-calling software looking for active modems at the other
    end, or they may run a credit-card number generator and use the result to
    sign up with an ISP, and run an account for a month or so until they are
    caught. 
    
    In the most recent scare, a "sniffer"  program, crudely named "Back
    Orifice", enters a PC as a virus through an e-mail attachment, and reports
    back details such as passwords. (An antidote can be downloaded from
    www.symantec.com/avcenter/backorifice.html.) 
    
    Mr Chappell suspects that some instances of hacking originate from
    dishonest staff in ISPs. He believes it is no coincidence that most
    incidents occur on inactive accounts, so account owners do not notice the
    unusual use for several months. 
    
    When ID and password lists surface, they circulate around groups, so
    several hackers can use the same account simultaneously. 
    
    Mr Chappell sees hacking as a modern form of anarchy. A specialist crime
    unit will be needed, he says, if the police are to keep up with and stop
    these wired criminals.  "Until we get some adequate statutes, we're
    hog-tied." 
    
    Making your PC safer
    
    People with PCs connected to the Internet can take precautions to minimise
    their exposure to hacking, says Mr Chappell. 
    
     [@] Cancel your ISP account if you no longer use it. 
    
     [@] Run Web virus detection software. 
    
     [@] If you receive an e-mail from someone you don't know which has an
    attached document or executable file, do not run the program until you
    identify and verify the sender. Preferably delete the e-mail. 
    
     [@] When you are not connected to the Net, turn off your external modem,
    or disconnect your phone connection if you have an internal modem. 
    
     [@] Change your password at least every few weeks, and never disclose it
    to others. 
    
     [@] Check your phone bill carefully, looking for unusual Internet
    activity. 
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:13:06 PDT