[ISN] Hacking away at cyber underworld

From: William Knowles (wkat_private)
Date: Sun Apr 29 2001 - 03:10:17 PDT

  • Next message: JohnE37179at_private: "Re: [ISN] FW: Got to Love Maryland...Got to Love Microsoft..."

    http://www.ireland.com/newspaper/finance/2001/0427/fin46.htm
    
    Jamie Smyth
    April 27, 2001
    
    Deep in the bowels of an office block on Dublin's Harcourt Street, Mr
    Patrick Hynes is waging war on cybercrime. Armed with a laptop and the
    latest intrusion protection software, Mr Hynes spends his days
    scanning computer networks and servers for hackers.
    
    Hackers, or crackers as they are known in the US, at best are
    mischievous individuals who illegally infiltrate computer networks
    just for kicks. These socalled "scriptkiddies" deface websites in a
    similar manner to how graffiti artists spray-paint a wall.
    
    A more sophisticated breed of hacker also stalks the Web seeking
    opportunities for fraud, extortion and even cyberterrorism. These
    technologically savvy individuals can break through security features
    such as firewalls to wreak havoc on corporate and governmental
    networks.
    
    It may sound like the stuff of science fiction, but hackers are
    continuously probing company websites and computer networks, according
    to Mr Hynes. To prove his point, he logs onto his Internet server,
    specially configured to identify hackers, and quickly runs a scan.
    
    "Here's one," says the 28year-old head of Ernst & Young's Security and
    Technology Services Profiling and Attack and Penetration Teams, which
    was recently set up in Dublin.
    
    "This guy has been trying to copy files and there are another two who
    have been scanning our systems."
    
    By using a software programme designed to track the movement of
    Internet users called a "TCP wrapper" Mr Hynes can identify the
    general location of users trying to connect with his own computer
    systems.
    
    Within minutes of logging on his computer he has located the Internet
    protocol address code for four potential infiltrators who have tried
    to connect with his system that day.
    
    "The guys who tried our systems are from from Seoul in South Korea,
    Iowa and San Jose in the US, and Taiwan," he says.
    
    These codes tell him which Internet service provider (ISP) the users
    have registered with in their home countries. In theory, this should
    enable Mr Hynes to make a quick phone call to the ISPs to establish
    their full names and addresses.
    
    Mr Hynes is head of an Ernst & Young team being assembled in Dublin to
    offer intrusion protection advice and services to corporate clients. A
    so-called "white hat" hacker, he performs simulated attacks on Irish
    firms' systems to test for security weaknesses.
    
    A co-instructor and developer of the Ernst & Young "extreme hacking"
    course in Chicago, Mr Hynes has several years' experience of the
    international hacking world and is training Irish technologists to
    track hackers.
    
    The global nature of the Internet means that Irish companies are as
    likely to be targeted by international hackers as they are by local
    cybercriminals and this makes prosecutions difficult, says Mr Hynes.
    
    Brazilians, Russians and Koreans are considered to be among the most
    prolific hackers. Inadequate legal frameworks and the sheer cost of
    tracking hackers to such distant jurisdictions makes it less likely to
    obtain prosecutions, he says.
    
    "You may not always get cooperation," adds Mr Hynes.
    
    None of the four hackers probing Ernst & Young's special hacking site
    breached its security systems, which have been purpose-built to
    repulse such attacks. But the same isn't true for most Irish
    companies, he says.
    
    "Irish companies tend to be at least one or two years behind their US
    counterparts," he says. "Many Irish companies think they are secure
    but, when we check their systems, it turns out they are very
    vulnerable and there is a certain amount of naivety."
    
    Successful hack attacks can be extremely damaging for companies as
    they often lead to a complete loss of confidence among clients, says
    Mr Hynes.
    
    The issue is of such crucial importance that firms often will not
    admit that their security systems have been breached. Last week it
    emerged that hundreds of thousands of pounds have been stolen from at
    least four UK Internet banks by hackers.
    
    However, none of the banks admitted the fraud, prompting Mr Bill
    Hughes, director general of the UK national crime squad, to call for
    more businesses to report cybercrime.
    
    "When businesses say they are not being `hacked' they are not telling
    the truth. Everyone has been attacked," according to Mr Hughes. "It is
    how businesses deal with it that is the question. As soon as they
    realise it is not bad for business, and we can do something about it,
    they will do something about it."
    
    Fraud is just one motivating factor that drives hackers, according to
    Ernst & Young's Mr Hynes. So-called "hactivism" - hacking for
    ideological reasons - is growing in popularity, he says. This month an
    infamous US cracker group, PoizonBOx, defaced at least 100 Chinese
    websites following the spy plane stand-off between the US and China.
    
    In retaliation, Chinese hackers are vowing a planned weeklong all-out
    crack attack on US websites and networks, which will begin next
    Tuesday, May 1st. Rather than seeking to break into some systems,
    "hacktivists" can employ spamming techniques (sending multiple
    e-mails) to try to bring down organisations' websites, says Mr Hynes.
    
    Favourite targets of such ideologically motivated cybercriminals are
    international trade and governmental organisations, he says.
    
    But probably the most prevalent type of hacker are so-called
    scriptkiddies - typically teenagers and twenty-somethings, who hack
    for fun and to show off to their peer group, says Mr Hynes.
    
    "These kids often wear black, stop shaving and look really scruffy.
    They use pseudonyms such as rain forest puppy and write hacking tools
    which they make available on the Web," Mr Hynes says.
    
    Although they often use basic hacking tool-kits, the results can be
    devastating.
    
    The dramatic shut-down of Eircom's ISP (Eircom.net) following a
    successful hack attack perpetrated by a teenager last year
    demonstrated how even major companies can fall victim to such attacks.
    
    The best way for businesses to avoid this type of disaster is to keep
    online security on their minds and make it part of the culture of the
    firm, says Mr Hynes.
    
    Buying sophisticated security software is only part of the solution,
    he adds. Firms have to constantly monitor their security and simulate
    hacking scenarios to keep secure.
    
    
    
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email LISTSERVat_private with a message body of
    "SIGNOFF ISN".
    



    This archive was generated by hypermail 2b30 : Sun Apr 29 2001 - 04:35:37 PDT