[ISN] Experts say computer hacker menace growing

From: mea culpa (jerichoat_private)
Date: Fri Feb 12 1999 - 22:10:37 PST

  • Next message: mea culpa: "[ISN] REVIEW: "Intrusion Detection", Terry Escamilla"

    Forwarded From: William Knowles <erehwonat_private>
    
     TORONTO (February 11, 1999 10:23 p.m. EST http://www.nandotimes.com) 
    Attention computer administrators and everyone else armed with a credit
    card: you are not safe on the Internet, your information is getting easier
    to find, and hackers -- computer cowboys who break into systems for
    thrills, sheer artistry, money or revenge -- are everywhere.
     
    Those in the know agree there is no network, Web site or system secure
    enough to keep out determined hackers, who have been breaking into
    computers over phone lines since the late 1970s and now use the Internet.
     
    "There's no such thing as a perfectly safe computer so someone will always
    get into it," said Brian O'Higgins, chief technology officer at
    Texas-based Entrust Technologies Inc., which converts data into code for
    safer transmission. 
     
    Experts say that with the exploding growth of the Internet and sales in
    cyberspace, there are more opportunities to worm into a company's system
    and abuse the information found there, such as credit card numbers.
    
    The number of hacker incidents is difficult to track. But in a poll last
    year the San Francisco-based Computer Security Institute found a dramatic
    rise in computer crime, ranging from stolen laptops to Internet heists,
    from a year earlier. It said 64 percent of corporations and other
    organizations reported security breaches, up from 16 percent in 1997.
     
    Most organizations fear a violator from without: a lone young male sitting
    in his basement, a stereotypical social misfit with the high-powered brain
    and computer and loads of curiosity to boot.
    
    'DARK SIDE OF HUMAN NATURE IN INFORMATION AGE'
    
    "It's an instance of mischievous behavior that's probably age-old in human
    nature," said analyst David Breiner at investment bank Volpe Brown Whelan
    & Co. "But the core of it is the dark side of human nature in the
    information age."
     
    One highly public incident was the defiling last year of The New York
    Times Web site. A group calling itself "Hacking for Girlies" replaced the
    Times' home page with pictures of nudes and discussion about legendary
    hacker Kevin Mitnick, who faces trial in California on computer-related
    fraud charges.
    
    Hacker motives range from the excitement of a challenge -- be it technical
    or intellectual -- to financial gain and industrial espionage. But the
    most dangerous motive is revenge by a disgruntled employee, Breiner said.
    
    Professional hacker consultants who are hired to test corporate computer
    security by mounting attacks on them agree.
    
    Accounting and consulting firm Ernst & Young security consultant Matunda
    Nyanchama, whose company just set up its first Canadian computer attack
    and penetration lab, says the greatest danger comes from your own
    colleagues.
    
    "About 80 percent of risks associated with an (information technology) 
    environment come from within. But what we find is that the clients tend to
    -- I think, partly, because of the press -- look at these hackers out
    there on the Internet."
    
    In one case, a sour senior staff member was secretly leaking confidential
    information to a rival firm, Nyanchama said. The staff members' employer
    was confounded by the competitor, who constantly beat them at their own
    game.
     
    SHIFT IN HACKER INSPIRATION
    
    Robert Clyde, general manager of security management at Rockville,
    Md.-based information security company Axent Technologies Inc., has been
    on the scene for 20 years and has seen a shift in hacker inspiration.
    
    The hacker mentality, which used to be "look but don't touch" and included
    help from "white hat" good-guy hackers who point out a company's weak
    points, has expanded, Clyde said. It now also includes the desire for cold
    hard cash or even "cyber-terrorism," such as crashing a system.
    
    Now there are indications organized crime has filtered in through some
    nations that ignore the electronic transfer of U.S. funds, he said. For
    example, an "inside/outside" job means a company hires a computer expert
    to build a network. For a small fee from a criminal group the expert will
    deliberately make a dumb mistake, leaving an electronic hole through which
    others can siphon money to private bank accounts.
    
    Some hacking cases are well known, such as the assault on Pentagon
    computers by an Israeli teenager known as "Analyzer" and a friend, who
    were both caught last year. But companies often are penetrated and do not
    tell the public. Or they may not have realized it themselves.
     
    Many banks have already been hit to some extent, Entrust's O'Higgins said.
    One way to ensure relative safety, he said, is encryption:  coding
    information to make sure it cannot be read without an electronic key. One
    financial institution came to Entrust in a panic after losing some 350,000
    potential credit card numbers following the theft of a computer.
    
    Clyde attends some of the hacker conventions whose participants range from
    "white hats" and government agents to people with their teeth filed into
    points to resemble vampires.
    
    But he said, "the scary ones are the ones who aren't like that... 
     
    They're pretty professional and do it for the money. These guys don't get
    caught."
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:18:52 PDT