[ISN] Paris school offers primer for cyberpirates

From: InfoSec News (isnat_private)
Date: Tue Dec 04 2001 - 00:24:44 PST

  • Next message: InfoSec News: "[ISN] Magic Lantern reality check"

    Forwarded from: bob <bobat_private>
    
    http://www.csmonitor.com/2001/1203/p1s4-woeu.htm
    
    In a classroom off a small alley in eastern Paris, a fiery-haired
    teenager - who goes by the name of Clad Strife - lectures passionately
    about such things as the building of a Trojan horse.
    
    It's not the deceptive vehicle of Greek legend he's describing,
    however, but a software tool for sneaking into computer systems.
    
    The curriculum in this new school, called Zi Hackademy, is raising
    eyebrows in the French capital. While the academy's organizers say
    they're just trying to help people defend themselves by learning the
    tricks of the hacker's trade, some authorities and computer experts
    wonder if the lessons will end up promoting illegal cyberactivity.
    
    The police have placed the school under surveillance. Michelle Bruno,
    a police spokesperson, says detectives are trying to determine whether
    teaching about hacking - as opposed to hacking itself - is illegal.
    
    Since opening its graffiti-splattered doors last month, Zi Hackademy
    has attracted 36 people from around France - a motley group, including
    a grandmother, a French Microsoft executive. and a police officer from
    the provinces. Many say they are here because they want to improve
    their online skills and feel safer on the Internet.
    
    "I don't want to crack any CIA or FBI codes or anything else which is
    illegal," says a director of a large start-up, who declines to give
    his name for publication. "This is just a hobby."
    
    Clad Strife is also publicity-shy; he does not want to give his
    off-line name or age.
    
    Before the day's lesson begins, the teacher explains his goal. "I'm
    going to reveal how I hacked into the website of a large Swiss company
    yesterday," says Strife, whose "day job" is attending high school."It
    took me just two minutes to access the hard disk," he says.
    
    "If I show exactly how easy it was, the students will understand how
    to protect themselves and make sure it never happens to their own
    website."
    
    But cyberexperts worry that some of the students, once they graduate,
    will not be able to resist the temptation of hacking.
    
    Damien Bancal, the author of "Hackers and Pirates on the Internet,"
    says that although he is sympathetic with the school's goal of
    cyber-self-defense, he has warned of the potential dangers of giving
    out the how-to's of hacking.
    
    "If you tell kids how to make a Trojan Horse - software that enables
    them to take control of another computer then they are going to be
    tempted to use it," he told a French newspaper.
    
    Olivier Spinelli, the school's founder, describes himself as an
    idealist trying to provide a public service.
    
    "The shadows only engender monsters," Mr. Spinelli says. "Life must be
    more transparent."
    
    The academy's philosophy is that only if you become a hacker can you
    understand how hackers think and operate. The teachers stress that
    they are the Internet's good guys - or "white hats" - who look for
    lapses in security and alert others to problems so that they can be
    fixed. They say they have nothing in common with the "black hats" -
    virusmongers who crash systems and commit computer fraud.
    
    Not everyone agrees with the "if you can't beat 'em, join 'em"
    approach.
    
    Eric Barbry, a French lawyer specializing in the Internet, says
    hacking is illegal, no matter what the intent.
    
    "Black hats and white hats both enter systems, which is unauthorized,"
    he said. "It's the same as if I would enter your home, even if you
    left your door open. I might just be checking if there are no thieves,
    but I'm still trespassing. So what hackers do once they're inside is
    irrelevant."
    
    The school's biggest problem, however, may be its close association
    with a magazine called "Hackerz Voice," published by Spinelli, who has
    said that hackers are "searching for the truth. After all, Socrates
    was a social hacker."
    
    One recent edition explained how to invent a false credit card number
    for Internet shopping. Another article told readers how to illegally
    modify your mobile-phone settings in order to call at cheaper rates.
    
    The most recent issue featured a "scoop" by one of the school's
    teachers called Fozzy, who disclosed how he was able to read the
    emails of 1.5 million French Internet users.
    
    Publishing such information may soon become illegal. This week, the
    European Commission is set to pass tougher legislation on cybercrime,
    which is expected to become law by the end of the year.
    
    Commission Spokesman Per Haugaard, when told about the Paris school
    for hackers, said: "If a school teaches you how to rob a bank, that's
    illegal, too. Whatever these hackers' romantic intentions, they still
    create an atmosphere of insecurity and make people wary of the
    Internet. That's the worst thing about it."
    
    But for now, classes seem to be thriving at the school, where the
    decor includes a black flag with a grinning skull sporting an eyepatch
    (a nod to the French term for hackers, les cyber pirates). Courses are
    being taught at three levels: "Newbie" for beginners, "Wild" for the
    intermediate, and "Intrusion" for the "elite." A nine-hour lesson
    costs 450 French francs (about $60), payable in advance.
    
    Still, for all their high-tech knowledge, these computer whiz kids
    seem to be able to offer only one payment that is hacker proof.
    
    "If you want to pay by credit card, it's better to call us and tell us
    the number over the phone," the school's website advises. "This site
    is not safe."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Dec 04 2001 - 02:01:03 PST