Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[ISN] Hackers' Paradise
From: InfoSec News (isnC4I.ORG)
Date: Wed Apr 11 2001 - 01:19:43 CDT
APRIL 16, 2001, VOL.157 NO.15
In a small, hot room in Caloocan city, one of Manila's shoddy suburbs,
a 21-year-old man-child perches on a chair and turns the fan up to
high. Yellow paint peels from the walls. There is no running water.
The bed is a dirty mattress on a steel frame. But enthroned on a
makeshift table sits a workstation worthy of a cash-rich start-up. The
man leans toward his crisp, new 19-inch monitor and gets down to
business. He surfs to the archive of an online florist and peruses
someone's recent order for roses, complete with a mushy love letter.
But this man, a hacker who uses the online handle Eyestrain, isn't
interested in the saccharine prose. He is focused instead on swiping
the buyer's credit card details. "See? It's that simple," he says, as
he cuts and pastes the number onto his desktop. Eyestrain, who doesn't
want his real name revealed, says he paid for all of his computer
equipment with pilfered numbers he lifted off the Net.
Eyestrain is a far cry from the black-garbed, straggly haired hacker
that has become a pop culture clichE. His short, black hair is gelled
carefully in place and his fashion sense is more eager-intern than
Neuromancer. But Eyestrain is as crafty as the iconic hacker when he
jacks in as a dark-side programmer jamming code. The Philippines has a
vast underworld of hackers, rooting through the Internet's depths
while typical Web users surf the surface. But most of them, like
Eyestrain, aren't so much malicious as stifled. They have skills, some
creative flair and a streak of cybercourage. And the main reason that
hacker gangs like the Locusts and the Abu Sayaff Boyz (unrelated to
the terrorist group) battle for control of hacked servers is because
with all their computer chops, they can't get a mainstream job in the
impoverished Philippines. The result: a particularly virulent breed of
hackers, at least a thousand strong, with real grievances, a blurry
sense of right and wrong and a knack for stealing passwords and
The poster boy of Filipino hackerdom is Onel de Guzman, the
23-year-old Manila resident blamed for allegedly unleashing last
year's Love Bug virus, which wiped out files and paralyzed Internet
access from Pakistan to the Pentagon. De Guzman was unemployed: he
learned to hack partly by sneaking into other people's accounts to
access the Internet, which he couldn't otherwise afford. That's
typical: hackers in the Philippines tend to be overtrained,
underutilized minds trying to satisfy their creative yearnings but
kept from doing so by a variety of factors. Besides the stinging
poverty that has translated into few programming gigs, political
instability and the wrong kind of computer training have kept the
country from following India as a beneficiary of low-cost Internet
spin-off jobs, either in software or services like call centers or
technical support help desks. Some 350,000 students are enrolled in
computer colleges across the Philippines, but there are far fewer jobs
to match their skills.
Another factor is more sociological than financial. The country's top
universitiesthe University of the Philippines, Ateneo de Manila, De La
Salle Universityare dominated by students from rich and middle-class
families who attended the top high schools. They eventually percolate
into the Elite jobs available for graduates. For less-pedigreed
programmers, the pickings can remain lean all their lives.
Born to a poor family in Lucena City in the southern Philippines,
Eyestrain first tapped a keyboard when he was 12. His school had just
received its first computer, and it was love at first byte. "I
couldn't get enough," he says. "As soon as I sat down at it, I got
it." He skipped lunch hours and stayed late after school to get a turn
at the terminal. Neither of his parentshis dad is a machinist, his mom
a store clerkhad even used a typewriter. Hungry for more than he could
learn in his small hometown, Eyestrain went to Manila at age 17 to
attend Systems Technology Institute, a technical college that offers
low-cost programming courses. The classes were disappointing:
Eyestrain found that he knew more than his teachers. "They exempted me
from classes and got me to help administer the computers," he recalls.
He tried another computer school, but soon gave up on receiving a
formal education in programming. Without the family or the academic
background to get into a computer science degree program at one of the
country's Elite institutions, he drifted home.
Chatting online with some Manila friends in 1999, Eyestrain decided to
return to the capital. He got off the bus with $150 in his pocket and
hopes of finding work as a programmer or system administrator. But
without a degree, finding computer work has been impossible. Ieta Chi,
general manager at Trend Microsystems, an antivirus company that
employs more than 280 people at its Manila office, says his desk is
flooded with applicants like Eyestrain. "We can't really afford to
waste time seeing people who haven't even finished school," Chi says.
Instead of returning to his backward hometown, however, Eyestrain
stayed in Manila and became a cyberthief. By hacking into several
e-commerce websites, he has built up a database of hundreds of credit
card numbers. To use them without risking arrest, he set up a mailing
system through a chat room, a kind of Net Bandits Clearing House. It
works like this: "I order two monitors, they get sent to an address in
Tacoma, Washington, that the guy I met in the chat room has access to,
and then he forwards me one monitor and keeps the other for himself,"
says Eyestrain, with a sheepish smile on his face. The address isn't
attached to the accomplice and each credit card is only used once.
Almost all of his hardware has been illicitly gained, and now
Eyestrain is using some of it to commit even more cybercrime, burning
pirated CDs that he sells for $1.20 each. Hardly the job of his
dreams, but it's easy and gives him plenty of time for hacking.
More than 40 Philippine websites have been hacked in the past year,
including those of the nation's navy and air force, popular portal
Yehey.com and AMA computer college. On many of the sites hackers have
left obscene messages berating the system administrator for sloppy
security while also heaping scorn on rival hackers, in a boasting
battle similar to those between rappers. "When creativity expresses
itself in an immature way, it can often be destructive," says Randy
David, a sociology professor at the University of the Philippines.
That's especially true, he points out, in a class-ridden country where
hackers have the chance to lash out at powerful institutions they
consider repressive. "In cyberspace it doesn't matter if you're a
Roxas, a Lopez or a Zobel," he says, ticking off the Philippines'
leading families. "No one knows your identity. You can't begin to
imagine the impact this has on a hierarchical society like ours."
Eyestrain's friend Hiiro, a more stereotypical geek with Coke-bottle
spectacles and a microchip key-chain dangling from his belt, doesn't
dabble in credit cards and says he has "knocked some sense" into his
pal. (Tapping into other people's Internet accounts, however, is still
considered fair game.) Both men would prefer to go legit and offer
their services as security advisers to local ISPs. They're not getting
far. "They just ignore us," says Hiiro. When their user databases get
hacked and they find a few thousand missing credit card numbers, these
websites and isps may regret that decision.
ISN is hosted by SecurityFocus.com
To unsubscribe email LISTSERVSecurityFocus.com with a message body of