OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
[ISN] Hackers, cybercops continue cat-and-mouse game

From: William Knowles (wkC4I.ORG)
Date: Fri Apr 21 2000 - 00:19:47 CDT

http://www.techserver.com/noframes/story/0,2294,500195381-500266546-501388832-0,00.html

By LAURENT BELSIE, The Christian Science Monitor

ST. LOUIS (April 21, 2000 12:09 a.m. EDT http://www.nandotimes.com) -
Computer hackers cruising the Internet these days should check their
rear-view mirrors. Those flashing lights might not be the modem. They
could be the technology police.

With increased personnel, better know-how and higher-profile cases,
law-enforcement agencies from the United States to Europe are joining
forces to crack down on Internet crime. If savvy teenagers once could
drive rings around technologically flat-footed cops, the police are
catching up.

And they have a message for today's teens: Internet hacking is no
longer a prank; it's a serious crime.

The arrest this week of a 15-year-old in Montreal in connection with
the wide-ranging attack on Internet sites such as Yahoo! and eBay
earlier this year is only the latest sign of the tougher stance.

While the young hacker made a number of simple blunders that led
cybercops to him, the arrest comes at a key time. Just as police are
trying to get the word out to teens, older activists are starting to
copy their methods in order to launch their own politically motivated
Web attacks.

If the trend catches on, the new cybercops may be called on to break
up electronic civil disobedience actions much as their predecessors
broke up antiwar protests in the Vietnam era.

"There are many motivations" for hacking, says Peter Hussey, executive
vice president of Baltimore Technologies, an electronic-security
company with its U.S. headquarters in Needham, Mass. While many teens
do it strictly for the technological challenge, others "actually want
to cause financial harm to the targets."

Little is known so far about the motivations for "Mafiaboy," the
hacker arrested this week. He's the first person charged in connection
with February's attacks. Canadian police have only charged him with
hacking CNN's Web site. Finding other perpetrators who covered their
tracks better will be hard.

For many teens, hacking represents the lure of a high-tech joy ride.
Many defend their actions, saying they're simply exploring. By finding
gaps in company security systems, hackers can teach companies a lot,
they add.

"They like to believe that the work that they are doing is performing
a service and allowing business to fix (problems)," says Jim Finn, a
former hacker and now top executive at Unisys's information-security
consulting group in Burlington, Mass.

Hackers make a distinction between their exploration and the willful
destruction of "crackers." But with millions of dollars of e-commerce
sales at stake, Internet companies take an increasingly dim view of
both practices. So do government officials.

"It is important, first of all, that we ... let young people know that
they are not going to be able to get away with something like this
scot-free," Attorney General Janet Reno said Wednesday. "There's got
to be a penalty."

Under Canadian law, juvenile Internet offenders could get as many as
two years of detention. In the United States, laws vary by state. In
New Hampshire, for example, the 17-year-old hacker "Coolio" could face
up to 15 years in prison and a $4,000 fine. He has been charged with
vandalizing an anti-drug Web site.

Despite a continuing shortage of network-savvy agents, the Justice
Department is beefing up its Internet-crime expertise. Its
computer-crime and intellectual-property section now boasts 18
prosecutors, more than three times the number it had in 1996. The
department is spending some $100 million on fighting computer crime
this year and wants to increase that total by one-third next fiscal
year.

Federal agents aren't only getting better at tracking Internet crime,
but joining forces with law-enforcement agencies around the world.
This week's Montreal arrest involved the FBI and the Royal Canadian
Mounted Police. Last month, the FBI and the Mounted Police teamed with
British police to arrest two teens charged with operating an
international credit-card scam.

While the warning about hacking may be getting out to teens, adults
are quickly picking up their methods. These activists - or
"hactivists" - are targeting Web sites with which they disagree. Last
fall, for example, one group hijacked China's Web site, which touted
its human rights, and replaced it with another, proclaiming the
Chinese had no rights.

Since then, some activists have become more aggressive, using the same
tactics - which deny Web surfers access to the site - that hackers
used in February. That same month, the Federation of Random Action
launched a denial-of-service attack against Occidental Petroleum to
protest plans to search for oil in the ancestral land of a Colombian
tribe.

The Web site of another group, the Electrohippies, explains the
possibilities of e-disobedience: "What we're out to do is ... (extend)
the philosophy of activism and direct action into the 'virtual' world
of electronic information exchange and communications."

*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".