Return-Path: <sentto-279987-4970-1026483570-fc=all.net@returns.groups.yahoo.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 12 Jul 2002 07:30:09 -0700 (PDT) Received: (qmail 28736 invoked by uid 510); 12 Jul 2002 14:27:45 -0000 Received: from n14.grp.scd.yahoo.com (66.218.66.69) by all.net with SMTP; 12 Jul 2002 14:27:45 -0000 X-eGroups-Return: sentto-279987-4970-1026483570-fc=all.net@returns.groups.yahoo.com Received: from [66.218.67.200] by n14.grp.scd.yahoo.com with NNFMP; 12 Jul 2002 14:19:30 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_7_4); 12 Jul 2002 14:19:30 -0000 Received: (qmail 35624 invoked from network); 12 Jul 2002 14:19:30 -0000 Received: from unknown (66.218.66.217) by m8.grp.scd.yahoo.com with QMQP; 12 Jul 2002 14:19:30 -0000 Received: from unknown (HELO red.all.net) (12.232.72.152) by mta2.grp.scd.yahoo.com with SMTP; 12 Jul 2002 14:19:30 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id g6CEKUD23104 for iwar@onelist.com; Fri, 12 Jul 2002 07:20:30 -0700 Message-Id: <200207121420.g6CEKUD23104@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 12 Jul 2002 07:20:30 -0700 (PDT) Subject: [iwar] [fc:Hackers.warn.of.'crackers'] Reply-To: iwar@yahoogroups.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 8bit X-Spam-Status: No, hits=0.1 required=5.0 tests=PORN_10,DIFFERENT_REPLY_TO version=2.20 X-Spam-Level: South Florida Business Journal Hackers warn of 'crackers' Ed Duggan Worried about computer security? There is good reason to be. In the mid-1990s, New York's Citibank lost $10 million to Russian cyberbandits. The red-faced bank recovered all but $400,000, but lost millions more in high-profile business as a result of the negative publicity. While banks and other businesses don't publicize cyber-attacks, a few become known. St. Petersburg-based Republic Bank of Florida confirmed that its firewalls had been breached in April and a file containing 3,600 online banking customers' names and addresses was taken. The $2.5 billion asset bank was unaware of the attack until the hacker contacted it. Meet Mack and Jack not their real names. They are hackers or whiz kids of the computer. Mack, 17, is a student, Jack, 29, is in business. Neither wants his name used, nor to be identified. Blame it, they say, on media paranoia about crashed network systems, looted bank accounts and violations of privacy. None of that stuff is done by hackers, they say. Crackers do those evil things. It's not their fault people don't know the difference. "Hackers find and build things, crackers break them," said Mack, defining the difference between a hacker and a cracker as white hat/black hat. He explained that hackers who discovered system bugs and flaws and then reported them to network administrators ended up getting blamed for them. They credit hackers' bad reputation to the embarrassment caused a supposed professional when a hacker finds flaws. "Hackers just want to learn; they have an uncommon curiosity about everything," Jack said. "Crackers, on the other hand, perform illegal acts. If companies only realized the risks they face from crackers, they would secure their systems." Those illegal acts are costly. Annual cyber-attack losses to U.S. businesses have grown from $120 million about the time of the Citibank attack to an estimated $456 million last year in the latest FBI-commissioned study. But that may only scratch the surface of what the true losses were. "The study was done under contract for the FBI and is the most recent information available," FBI spokesman Bill Carter said. The study, released in April, was carried out by the San Francisco-based Computer Security Institute. It confirmed that the threat from computer crime and other information security breaches continues unabated and that the financial toll is mounting. Among the findings: 90 percent of the 503 survey respondents computer security practitioners in U.S. corporations, government agencies, financial institutions, medical institutions and universities reported security breaches within the past 12 months. 80 percent acknowledged financial losses due to computer breaches, but fewer than half were able or willing to put a dollar amount on the losses. 34 percent of those attacked reported them to law enforcement. The survey disputes the conventional wisdom that most hack attacks are done by juveniles on joy rides in cyberspace. While companies and government agencies are defending against increasing numbers of nuisance attacks from hackers, those conducting the survey say sophisticated "pros" are the cause of real losses. Network security experts tend to agree. "We see thousands of scans and trolls from around the world daily on our managed security service for computer networks," said Christopher Day, chief technology officer for Asgard Holdings, a Fort Lauderdale-based security firm with clients in the manufacturing, financial and governmental fields. A computer network scan is like an intruder shining a flashlight in a dark room, or rattling the doorknobs in a hallway. A troller is more serious, with the intruder using sophisticated software tools to poke into corners looking for system vulnerabilities. It gets the immediate attention of Asgard's managed security system, which oversee its clients' computer networks. "Unless they are particularly obnoxious, we just monitor them [scans and trolls]," Day said. "If we see them showing up on a number of client systems, we can electronically tag them." An electronic tag can lock out the intruder, but only until a new address is used. A tougher penalty and a generally effective tool is to file a complaint with the intruder's Internet service provider. "Some clients have blocked off huge chunks of the Internet where the Internet service providers originate in the Pacific Rim," Day said. "That stops both incoming spam and intruders." There are individuals within the hacking community that do cause vandalism. They are known as script kiddies. They are to computing what graffiti is to art. "While a hacker will try to learn as much about a system as possible all perfectly legal script kiddies will deface Web sites and destroy data, earning points with their friends," Mack said. "They are usually young, and not very intelligent, not realizing that they are being monitored in and out of a site. They follow a software script for mischief that they have found on the Web and they are generally shunned by the mature hacker." Jack has been there. "Probably every hacker has done that once, at one time or another," he said. "Most of us learn that it is both rude and unnecessary. But hackers even the script kiddies are not what businesses need to worry about." According to the two hackers, people are the weakest link in any system, followed by weak encryption systems and confidential data including credit card numbers thrown in trash bins. "Most encryption systems the next big thing can be broken by a computer," Mack said. "Those used by typical businesses can be broken by a standard computer; those used by banks and government agencies, by a university computer." Asgard picks up a number of customers as a result of script kiddies at play. The profitable, privately held company is on track to reach $3 million in revenues this year with an estimated 30 to 40 percent growth rate next year, Day said. "Three different companies approached us in one week because they were having problems with their networks," he said. "Upon investigation, we found that all three of their network servers had been taken over by script kiddies. The servers were being used to store porn, MP3s, pirated software, cracked DVDs and files." In addition to slowing the compromised systems and exposing one company's customers to pornography on its site, the script kiddies could have used the servers to attack other servers in a denial of service, or as originators of spam. The systems were quickly cleaned and sanitized by Asgard and the firms are now regular clients with fully managed security systems in place. "There is no system that is 100 percent secure except a dead system," Day said. "We strive to make intrusions so difficult that the troller or cracker will move on to an easier target. It's like parking a locked up Hyundai next to a Ferrari with the keys in the ignition. No one bothers the Hyundai." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Save on REALTOR Fees http://us.click.yahoo.com/Xw80LD/h1ZEAA/Ey.GAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2002-10-01 06:44:31 PDT