Re: [ISN] Expert slams outlandish hacker claims

From: InfoSec News (isnat_private)
Date: Wed Jul 02 2003 - 02:45:45 PDT

  • Next message: InfoSec News: "[ISN] New Wireless Mail List"

    Forwarded from: Robert G. Ferrell <rgferrellat_private>
    
    >Forwarded from: Lance Spitzner <lanceat_private>
    >
    >On Mon, 30 Jun 2003, InfoSec News wrote:
    >
    > > But Barrett, technical director at Information Risk Management,
    > > questioned how any hacker could own 600 computers at any one time.
    > >
    > >  From his experience working with the police, he said that hackers
    > > typically control no more than 12 systems at any time.
    > >
    > > "The sheer mechanics of 600 computers - no. How can you control 600
    > > computers?" he said.
    
    Well, it depends on what you mean by "control." Logistically, it would
    be very difficult to dictate every process running on 600 nodes.  
    However, simply to compromise and install a backdoor for possible
    future use, or run some automated data collection utility that doesn't
    require centralized feedback is relatively simple on that scale.
    
    However, I take issue with the bald statement that "the average hacker
    'owns' between 600 and 800 systems at any time." That's really
    misleading.  How do you define 'average hacker?' The 'average' script
    kiddie who defaces Web pages for kicks?  The 'average' IRC packet
    monkey who gets off on kicking people he doesn't like from other
    people's channels? The 'average' identity thief lying in wait to steal
    Privacy Act information from eCommerce sites? The 'average' security
    consultant looking to boost his/her media presence?
    
    The 'average hacker' doesn't root anyone's boxes but his own.
    
    RGF
    
    Robert G. Ferrell
    rgferrellat_private
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Jul 02 2003 - 05:11:37 PDT