http://news.bbc.co.uk/2/hi/technology/3246375.stm By Jo Twist BBC News Online technology reporter 14 November, 2003 A simple search reveals a plethora of resources, tools, and personal homepages, most claiming to "hack" for legitimate reasons, within the law. But there is also an entire underground network of hackers honing their tools and skills with malicious damage in mind. "Ten years ago, 'hackers' used to mean people who tinker with computers. "Nowadays hacking means malicious hacking. The definition has changed, so get over it," Peter Tippett, founder and chief technical officer at TruSecure told BBC News Online. Being 'k3wl' The underground network is vast, with thousands of individuals and groups, ranging from lurkers who are intrigued by hacker chat to "script kiddies" who try out hacker tools for a laugh. Newsgroups, internet relay chat and increasingly, peer-to-peer chat and instant messaging, are buzzing with constant hacker chatter. Net security companies like TruSecure in the US, have the job of keeping an eye on these groups to work out which weak net spot they are planning to attack next. It currently tracks more than 11,000 individuals in about 900 different hacking groups and gangs. "There are 5,500 net vulnerabilities that could be used theoretically to launch an attack, but only 80 or 90 are being used," says Mr Tippett. "Only 16 of 4,200 of vulnerabilities actually turned into attacks last year." A team of human and computer bots - artificial intelligence programs - count the vulnerabilities that pop up all over the web daily and measure the risk of security attacks for TruSecure's 700 or so customers. But that is not enough for 21st century net security, says Mr Tippett. A separate team at TruSecure has a more mysterious job. It is the elite group of hacker infiltrators, codename IS/Recon (Information Security Reconnaissance). Their daily job is to "see what the bad guys say to each other and what they claim to have done" by gaining respect and building online relationships with groups with names like Hackweiser and G-force Pakistan, Mr Tippett explains. "These are the groups of people who attack websites, write viruses, attack code, steal credit cards, and generally do nasty things," he says. IS/Recon is like the net's A-Team, with the only difference being the team members are not renegades gone good. "We refuse to hire hackers, that would be crazy," says Mr Tippett. "We don't do anything illegal, but we impersonate hackers." They are all good with technology, according to Mr Tippett, but some of them have a valuable background in psychology. This helps in understanding group behaviour and how minds work, as well as helping them to act like hackers. "The team has an average of five or six people on them, each with 20 to 30 personalities," explains Mr Tippett. "They usually stay on the team for a year or two then move on to something else." In that time, they use their net personae to get to know the hackers so they can build up detailed profiles of them. "They spend a year listening and watching - lurking - before they ever say a word in the group." Which, says Mr Tippett, gives IS/Recon the time to develop different hacker personae around the lingo, rituals and behaviour that is expected in the underground. Using "k3wl" instead of "cool" and making sure the "a" is always replaced by "4" may seem insignificant habits any teenager living in an SMS world might do. But by talking the talk and virtually walking the walk, IS/Recon has gained the trust of nearly 100 different groups. The trick is to gain enough trust to get certain individuals in the groups to "blab" and answer questions about who is who and what they are doing. "They tell us a lot about what's going on and what that person is about in order to demonstrate how cool they are to us." The holy grail for the team is to get hold of a copy of a tool a hacker is developing. Once tested and taken apart in the lab, preventative measures can be put in place before it is used. Jigsaw puzzle The hours spent gathering 200 gigabytes of information a day, are invaluable in helping to catch the small proportion of hackers who do the net severe damage. Pieces of information about groups and individuals are put together like a giant jigsaw in TruSecure's mammoth database, nicknamed the "brain". It graphically shows the big players, where they live, who they know, who they hate, what tools they have developed, and even whether they have a cat. This has enabled the team to help out with 54 investigations by law enforcement agencies. IS/Recon gave the FBI over 200 documents about the Melissa virus author after they were asked to get closer to suspects. Although they did not know his real name, they knew his three aliases and had built a detailed profile of the author. The team's work also helped identify the author of the high-profile LoveSan virus. "We could say what dorm and what floor the author of the LoveSan virus was on," Mr Tippett says. "Unfortunately, there are very few countries that have laws good enough to follow through if someone turns out to be coming from there." - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Nov 14 2003 - 09:37:34 PST