[Moderator: Stomach is churning after this article. This Mr Chappell can't even make good stereotypes. I am posting this to the list for amusement mostly.] Forwarded From: "Betty G.O'Hearn" <bettyat_private> http://www.press.co.nz/48/981201c7.htm December 01, 1998 Chch fraud squad out to nail hackers by David Armstrong Catching computer hackers is time-consuming and costly, especially if offenders cannot be prosecuted, but new case-law research could give Christchurch police legal tools to clamp down on electronic vandals and fraudsters. New Zealand has no laws to control electronic trespass and vandalism, says Detective Michael Chappell, of the Christchurch fraud squad, who specialises in information technology crimes. [---] Hackers are socially inept people hell-bent on taking out their frustrations on others. -- Detective Michael Chappell, Christchurch fraud squad [---] However, while researching the setting up of a Computer Crime Unit, he has found English case law of people infecting other people's computers with viruses, who were charged with intentional damage. Mr Chappell will use this precedent for a case he is preparing. After 2½ years investigating hackers and the fraudulent use of computers, he categorises hackers in two groups: socially inept people "hell-bent on taking out their frustrations on others", and those using others' Internet accounts or credit cards to binge-surf the Net for free. PC owners can minimise the chances of becoming victims of damage or fraud, he says. Hacking is not rampant, but the high number of people using the Net raises its awareness. The two incidents reported in recent weeks -- the deletion of 4500 websites on Ihug's server, and the infiltration of Xtra accounts -- caused a stir. Hackers who use someone else's password and ID for Net access can be charged with fraud, says Mr Chappell. Catching them involves analysing phone-use logs and asking Internet service providers (ISPs) to trace connections. Mr Chappell has dealt with six complaints of this nature in Christchurch in the last two weeks. A typical unauthorised access bill is about $300. Hackers can get into accounts by several means, he says. They can run automatic phone-calling software looking for active modems at the other end, or they may run a credit-card number generator and use the result to sign up with an ISP, and run an account for a month or so until they are caught. In the most recent scare, a "sniffer" program, crudely named "Back Orifice", enters a PC as a virus through an e-mail attachment, and reports back details such as passwords. (An antidote can be downloaded from www.symantec.com/avcenter/backorifice.html.) Mr Chappell suspects that some instances of hacking originate from dishonest staff in ISPs. He believes it is no coincidence that most incidents occur on inactive accounts, so account owners do not notice the unusual use for several months. When ID and password lists surface, they circulate around groups, so several hackers can use the same account simultaneously. Mr Chappell sees hacking as a modern form of anarchy. A specialist crime unit will be needed, he says, if the police are to keep up with and stop these wired criminals. "Until we get some adequate statutes, we're hog-tied." Making your PC safer People with PCs connected to the Internet can take precautions to minimise their exposure to hacking, says Mr Chappell. [@] Cancel your ISP account if you no longer use it. [@] Run Web virus detection software. [@] If you receive an e-mail from someone you don't know which has an attached document or executable file, do not run the program until you identify and verify the sender. Preferably delete the e-mail. [@] When you are not connected to the Net, turn off your external modem, or disconnect your phone connection if you have an internal modem. [@] Change your password at least every few weeks, and never disclose it to others. [@] Check your phone bill carefully, looking for unusual Internet activity. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:13:06 PDT