Forwarded from: Robert G. Ferrell <rgferrellat_private> >Forwarded from: Lance Spitzner <lanceat_private> > >On Mon, 30 Jun 2003, InfoSec News wrote: > > > But Barrett, technical director at Information Risk Management, > > questioned how any hacker could own 600 computers at any one time. > > > > From his experience working with the police, he said that hackers > > typically control no more than 12 systems at any time. > > > > "The sheer mechanics of 600 computers - no. How can you control 600 > > computers?" he said. Well, it depends on what you mean by "control." Logistically, it would be very difficult to dictate every process running on 600 nodes. However, simply to compromise and install a backdoor for possible future use, or run some automated data collection utility that doesn't require centralized feedback is relatively simple on that scale. However, I take issue with the bald statement that "the average hacker 'owns' between 600 and 800 systems at any time." That's really misleading. How do you define 'average hacker?' The 'average' script kiddie who defaces Web pages for kicks? The 'average' IRC packet monkey who gets off on kicking people he doesn't like from other people's channels? The 'average' identity thief lying in wait to steal Privacy Act information from eCommerce sites? The 'average' security consultant looking to boost his/her media presence? The 'average hacker' doesn't root anyone's boxes but his own. RGF Robert G. Ferrell rgferrellat_private - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Jul 02 2003 - 05:11:37 PDT