[ISN] Set a hacker to catch a hacker

From: InfoSec News (isnat_private)
Date: Mon Jan 28 2002 - 01:02:14 PST

  • Next message: InfoSec News: "[ISN] [defaced-commentary] No more mirrors, this is the end ;/"

    http://www.vnunet.com/News/1128657
    
    By James Middleton 
    [25-01-2002]
    
    Pimpshiz, the hacker who rose to notoriety in 2000 during a
    pro-Napster defacement spree, has gone straight. Although his case is
    still pending in the US judicial system, Robert Lyttle, as he is now
    known, is trying to make a break as a security expert.
    
    With a string of website defacements under his belt including
    military, FBI, and Nasa sites, Lyttle has started up a security
    company, Sub-Seven Software. He believes that the security industry
    could do with a word of advice from the dark side of the hat.
    
    "Only a hacker can defeat a hacker. The threat of digital malice seems
    only to grow. Reports show that, even when new security measures are
    deployed, computer crimes do not decrease; often they increase," he
    said.
    
    "The year 2001 catapulted to over 20,000 defacements from a mere 5,000
    reported in the year 2000. Figures shown should not be taken lightly
    considering that there are thousands of other incidents that aren't
    being recorded," he added, predicting that numbers will increase this
    year.
    
    Lyttle explained that the increasing availability of pre-packaged
    exploit scanners and denial of service tools was helping 'hackers' to
    gain even more of an upper hand.
    
    "It doesn't take a genius to launch a worldwide attack, but only a few
    easily acquired resources," he said. "With this in mind, some hackers
    are beginning to realise that they are already equipped with the
    knowledge to accomplish larger and more destructive missions. All of
    this is leading to nothing but more insecurity towards a secure
    digital space."
    
    Lyttle maintained that, if it weren't for high profile hackers, there
    would be no drive to create stronger security. "Stealing credit cards
    and launching denial of service attacks do not require a large amount
    of skill," he said.
    
    Apparently it's even possible to make a living from digital fraud.  
    "Making a profit, earning a buck from everything illegal done, is
    their speciality. Is it hard? No. Are we all possible victims? Yes.  
    What you should be worrying about are the companies that store your
    vital information," he warned.
    
    Lyttle claimed that "it is extremely hard to live a legal life on the
    internet and, because of this, people will become accustomed to
    illegal activities".
    
    Whether this involves using someone else's serial number to register
    software, burning a copy of a CD for your mate or downloading a
    copyrighted song as an MP3, people "won't know the difference between
    good and bad, which makes the internet a scary place to think about".
    
    "The internet was not raised with super-strict legal guidelines in
    mind which makes it what it is today - a widely illegal locale," said
    Lyttle. "There is no remedy for this; re-establishing the internet is
    quite impossible. Only improvements and adjustments in the system can
    be applied to help its users live a legal digital life."
    
    The hacker reckons that living an illegal life on the internet is "no
    big deal". Bringing a website to its knees, stealing identities and
    snooping secret documents is so run of the mill that "the hackers you
    hear about in the news are the community that is in full control over
    the internet: the ones who are considered semi-smart but, in reality,
    do not possess any true knowledge or morals".
    
    But Lyttle said that defending yourself digitally is extremely easy.  
    "For the past five years I've used the same antivirus scanner. It's
    called my brain. It only takes common sense to make sure that you
    aren't about to step into a self-initiated catastrophic situation," he
    explained.
    
    He suggested that the vast majority of successful attacks happen
    because people don't think before they open strange files. "Don't
    watch your important documents get wiped before your eyes; instead use
    your judgement," he said.
    
    As a parting shot, Lyttle made a scathing attack on the hackers'
    adversary, the FBI. It was probably not a good move seeing as he
    hasn't been sentenced yet, but he insists that the authorities are not
    clued up enough to fight the hacker menace.
    
    Speaking from experience, Lyttle said: "I came into the room knowing
    what they were going to say to me. [They underestimated me], creating
    vulnerabilities in themselves therefore allowing me to have the upper
    hand at all times."
    
    Lyttle admits that he may not possess the upper hand in court. But it
    looks like he is the one "being beaten down, the one being hassled
    with court fees and other miscellaneous complications".
    
    The reality is quite different, he says. "Diversion, question and
    assumption. This is what wins the chess game. To take a hacker out you
    must beat him\her at their own strategic game," he concluded.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jan 28 2002 - 04:06:55 PST