[ISN] Study says not all hackers are real computer wizards

From: InfoSec News (isnat_private)
Date: Mon Feb 18 2002 - 22:58:53 PST

  • Next message: InfoSec News: "[ISN] Tinfoil Hat Linux"

    Tina Arceo-Dumlao
    SINGAPORE - Watch enough movies involving cybercrime and you would get
    the impression that crackers (often referred to as computer hackers)  
    have high IQs who just decided to use their intelligence for evil.
    The disturbing truth, however, is that most crackers or hackers are
    just bored, antisocial kids who have little knowledge about the
    Internet but have a lot of time on their hands.
    These individuals' idea of fun is to penetrate the websites of even
    the biggest corporations and leave behind as much damage as they
    could. The bigger the company, the greater the challenge.
    Jeff Portelli, senior vice president of MasterCard International, said
    in a conference here on MasterCard's e-business tools, that studies
    revealed that less than 10 percent of crackers are competent
    programmers. The rest are ordinary individuals with just the most
    basic knowledge of how to work the computer.
    Portelli explained that it was quite easy for people with the time and
    intent to break through a website as the Internet was filled with
    websites where the potential hackers could get step-by-step
    There are over 30 hacker publications in the market, 440 hacker
    bulletin boards and 400,000 websites dedicated to "hacking tips."
    These include hackers.com, securityfocus.com, www-berlin.ccc.de,
    rootshell.com, 2600.com, insecure.org and piracy.com.
    Mark Patrick, MasterCard vice president for interactive services, said
    hacking has become so prevalent that at least one cybercrime is
    committed every 20 seconds. The US government alone said that it would
    likely experience over 300,000 Internet attacks this year.
    Patrick said hackers spend the time and effort to penetrate websites
    because of the intellectual challenge, gang mentality, recognition,
    theft of information, vandalism, blackmail, sabotage -and for the most
    extreme cases-terrorism.
    There are seven phases, he said, to a successful hacker attack.
    First step is the reconnaissance, where the hacker gathers information
    about the target network, followed by the probe and attack of the
    website where the hacker finds weaknesses in the website and deploys
    the required tools.
    The third step is establishing a toehold where the hacker exploits
    weaknesses and enters the website, followed by advancement or gaining
    privileged access and the stealth.
    Once their tracks are covered, the hacker then steals information, the
    most popular of which are lists of credit card numbers. Finally, the
    hacker takes over the website.
    Even the biggest websites have not been spared. These include
    amazon.com, Microsoft, Yahoo and e-Bay. CDNow, one of the largest
    online retail websites, was even forced to close down its operations
    following a particularly brutal hacker attack.
    It is hard to quantify the losses incurred due to hacking but a report
    in 2000 estimated that losses due to hacking of websites could reach
    as high as $1.6 trillion.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Tue Feb 19 2002 - 03:17:22 PST