[ISN] Control phreaks

From: InfoSec News (isnat_private)
Date: Thu May 16 2002 - 00:16:11 PDT

  • Next message: InfoSec News: "[ISN] Sustainable Computing Consortium "foolish" if it doesn't embrace open standards"

    [I like the one quote "I've never seen a cyber-criminal drive up in a
    Porsche, but I've seen lots of people in the computer industry making
    lots of money". Apparently this fellow has never heard about being
    caller #102 and winning the Porsche. :)  - WK]
    by Stefanie Marsh 
    May 15, 2002
    They are often described as 'cyber-vandals', yet hackers claim they
    are driven not by malice, but by intellectual curiosity and a hunger
    for power
    If he were so inclined, kp could hack into your bank account, access
    your personal e-mails or shut down your computer from a distance. At a
    push, he claims, he could hack into your medical records and insert
    the letters HIV+ under the "any serious illnesses" category. "That
    would seriously f*** up your insurance policy, wouldn't it? Perhaps
    even your life," he says. So far he hasn't "seriously f***ed up"  
    anybody's life but the knowledge that he could gives him a warm glow.  
    It's nice to know that all those years in front of his computer have
    yielded him such power.
    By day kp is a reasonably well-paid systems operator. The moment he
    gets home, he becomes a black-hat hacker - or cyber-criminal, -vandal
    or -terrorist, if you prefer. Black-hat hackers such as kp (his
    "handle") use their computer knowledge with malicious intent. Why does
    he do it? "Because I'm morally bankrupt and I don't give a f*** about
    being caught," he says. kp already has a criminal record for obtaining
    goods fraudulently. This was more than ten years ago when, aged 16,
    his friend "Enigma" taught him how to hack into the phone network and
    obtain free calls. Despite the upset with the law, "phone phreaking"  
    remains kp's true love. He claims to have control over 50,000 lines.  
    His aim: to dominate the entire network. kp talks fondly about the
    time he shut down the lines between England and Scotland for three
    seconds. "I can listen in on calls, reroute them, anything. I could
    shut down the emergency services. I wouldn't do it, but you've got to
    realise how serious an issue this is."
    Bob Ayers, head of the computer security company @stake, agrees that
    hacking is serious but prefers the term "delinquent little weasel
    b*****s" to black hats. As a former project director for the US
    Department of Defence, Ayers has spent almost 20 years trying to put
    people like kp behind bars.
    "People think of these cyber criminals as cute little blond boys who
    break into computers to change their grade in mathematics," he says.  
    "That just isn't accurate. They are thugs. They ruin your credit
    ratings, steal identities, steal intellectual property or deface
    websites so they can brag to their friends."
    Although the FBI has identified the average black hat as 26 years old,
    white and male, Ayers points out that there are anomalies. He recalls
    being called in to one British financial institution whose computer
    system had been attacked by a particularly lethal virus, introduced
    into the company by an employee: not, as it turned out, a hard-done-by
    underling, but a senior manager bent on discrediting the head of
    What Ayers fails to acknowledge is the significant proportion of black
    hats whose motives are relatively "innocent". Teenage newcomers or
    "script-kiddies", might get their intellectual kicks from trespassing
    on a company's network without any malicious intent. Dr K, once a
    black-hat hacker and now author of The Complete Hacker's Handbook,
    thinks the vast majority of black hats are under 16 and "poking
    about". Furthermore, "if you can't keep a teenager out of your
    network, whose fault is that?"
    "Computer crime is exaggerated," he says, often by those who might
    profit from reinforcing the security of a company's network. "I've
    never seen a cyber-criminal drive up in a Porsche, but I've seen lots
    of people in the computer industry making lots of money. The best
    security experts have all been black hats at some point." (Ayers
    insists that few black hats swap sides.)
    However, kp has no intention of quitting. For his next stunt, he plans
    to sabotage the enormous video screens at a football stadium by
    interrupting the live coverage with a huge picture of his best
    friend's backside. He looks down on the "scriptkiddies" for their
    greenness, and cyber-activists (many of whom use kp's programs to hack
    into sites) for bringing politics back into illegal hacking.
    "There are a lot of people who feel that they need to justify their
    actions and adopt a critical political stance: 'I'm Leninist. I
    believe the state should be smashed", that kind of thing. They lack
    the guts to do it for the sake of doing it.
    "Hacking for me is a control thing. The initial buzz is the most
    amazing feeling, but you know that you're not going to be happy unless
    you gain more control. I'm still going to be hacking when the police
    break down my door."
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu May 16 2002 - 03:41:37 PDT