[ISN] As Internet Use Multiplies, So Does Hacker Menace

From: mea culpa (jerichoat_private)
Date: Mon Feb 08 1999 - 22:05:37 PST

  • Next message: mea culpa: "[ISN] Group of Hackers Arrested in Buryatia"

    Forwarded From: Nelson Murilo <nelsonat_private>
    Monday February 8 12:52 PM ET
    As Internet Use Multiplies, So Does Hacker Menace
    By Lydia Zajc
    TORONTO (Reuters) - Attention computer administrators and everyone with a
    credit card: you're not safe, your information is getting easier to find,
    and hackers -- those computer cowboys who break into systems for thrills,
    sheer artistry, money or revenge -- are everywhere. 
    Those in the know agree there isn't a network, Web site or system secure
    enough to keep out hackers, who have been breaking into computers over
    phone lines since the late 1970s and now use the Internet. 
    ``There's no such thing as a perfectly safe computer, so someone will
    always get into it,'' said Brian O'Higgins, chief technology officer at
    Richardson, Texas-based Entrust Technologies Inc. (Nasdaq:ENTU - news),
    which can convert data into code for safe transmission. 
    Observers conclude that with the exploding growth of the Internet and
    sales in cyberspace, there are more opportunities to worm into a company's
    system and abuse the information found there, such as credit card numbers. 
    The number of hacker incidents is difficult to track. But in a poll
    released last year the San Francisco-based Computer Security Institute
    found a dramatic rise in computer crime, ranging from stolen laptops to
    Internet heists, from a year earlier. 
    Sixty-four percent of corporations and other organizations reported
    security breaches vs. 16 percent in 1997, it said. 
    Most organizations fear a violator from without: a lone young male sitting
    in his basement, a stereotypical social misfit with the high-powered brain
    and computer, and loads of curiosity to boot. 
    ``It's an instance of mischievous behavior that's probably age-old in
    human nature,'' said analyst David Breiner at investment bank Volpe Brown
    Whelan & Co. ``But the core of it is the dark side of human nature in the
    information age.''
    One highly public incident was the defiling last fall of The New York
    Times' Web site. A group calling itself ``Hacking for Girlies'' replaced
    the newspaper's home page with offensive pictures of nudes and discussion
    about legendary hacker Kevin Mitnick, who faces a trial in California on
    computer-related fraud charges. 
    Hacker motives range from the excitement of a challenge -- be it technical
    or intellectual -- and financial gain, to industrial espionage. But the
    most dangerous motive is revenge by a disgruntled employee, Breiner said. 
    Professional hacker consultants, who are hired to test corporate computer
    security by mounting attacks on them, agree. 
    Accounting and consulting firm Ernst & Young security consultant Matunda
    Nyanchama, whose company just set up its first Canadian computer attack
    and penetration lab, says the greatest danger comes from your own
    ``About 80 percent of risks associated with an (information technology)
    environment come from within,'' Nyanchama said. ''But what we find is that
    the clients tend to -- I think, partly, because of the press -- look at
    these hackers out there on the Internet.''
    In one case, a sour senior staff member was secretly leaking confidential
    information to a rival firm, Nyanchama said. The staff members' company
    was confounded by the competitor, who was constantly beating them at their
    own game. 
    Robert Clyde, general manager of security management at Rockville,
    Md.-based information security company Axent Technologies Inc., has been
    on the scene for 20 years and has seen a shift in hacker inspiration. 
    The hacker mentality -- which used to be ``look but don't touch'' and
    included help from ``white hat'' good-guy hackers who point out a
    company's weak points -- has expanded, Clyde said. It now also includes
    the desire for cold hard cash or even ''cyber-terrorism,'' such as
    crashing a system. 
    Now, there are indications organized crime has filtered in through some
    nations which ignore the electronic transfer of U.S. funds, Clyde said. 
    For example, an ``inside/outside'' job means a company hires a computer
    expert to build a network. For a small fee from a corrupt group, the
    administrator will deliberately make a dumb mistake, leaving an electronic
    hole through which others can siphon money to private bank accounts. 
    And even though some hacking cases are well known, such as the assault on
    U.S. Pentagon computers by an Israeli teen-ager called ``Analyzer'' and a
    friend (who were caught last year), companies often have been penetrated
    and didn't tell the public. Or, the companies might not have realized it. 
    Many banks have already been hit to some extent, Entrust's O'Higgins said. 
    One way to ensure relative safety, O'Higgins adds, is encryption:  coding
    information to make sure it can't be read without an electronic key. One
    financial institution came to Entrust in a panic after losing some 350,000
    potential credit card numbers following the theft of a computer. 
    Clyde attends some of the various hacker conventions, whose participants
    include ``white hats,'' government agents and people with their teeth
    filed into points to resemble vampires. But, he adds, ``the scary ones are
    the ones who aren't like that, (instead) they're pretty professional and
    do it for the money. These guys don't get caught.''
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:18:27 PDT