Organised exploitation of the information super-highway

[InfoSec News <isn () C4I ORG>]

http://www.janes.com/security/terrorism/news/jir/jir000627_1_n.shtml

Forwarded By: security curmudgeon <jericho () attrition org>

Janes Intelligence Review
27/06/00


The threat of the lone computer hacker is giving way to the more
alarming trend of hacker collectives and the advent of organised
cyber-insurgency. Leah James and Jestyn Cooper report.

Chernobyl came and went; Melissa caused some consternation, but it was
not until the arrival of I Love You that the virus phenomenon made a
deep impression on computer users around the world. Within 36 hours of
its impact being registered, the so-called Love Bug had infected an
estimated five million machines. It was not that this was the most
damaging virus to date, nor the most innovative, but it did succeed in
drawing unprecedented attention to the dangers associated with the
Internet and e-mail.

The Love Bug was accredited to a single, disenchanted Filipino
computer student. Given the extent of the chaos he created, could not
similar means be employed, perhaps to even greater effect, by
criminals, terrorists or even rogue states, such as Libya or North
Korea? How prepared are law enforcement agencies around the world to
meet this potential threat? Despite several years of progress, the
capabilities of the hacker are undeniably superior.

The lone hacker

It has long been held that, in terms of a threat to IT systems, the
protagonist would be an individual, skilled and knowledgeable, but at
odds with the society surrounding them: typically, a college-educated,
twenty-something male who found the challenge of accessing otherwise
secure IT networks motivation enough. To complete the stereotype,
these young, alienated hackers would invariably be complemented by
less opportunistic and more idealistic computer experts, whose
disruptive tendencies were but an expression of the computer users
commitment to the freedoms of information and speech.

To a greater or lesser extent, each of these classic hacker
definitions probably account for the majority of those engaged in such
activities today. The proliferation of do-it-yourself manuals, both
online and in hard copy, offering guidance on a variety of techniques
to disrupt even apparently sophisticated networks, has only increased
the attractiveness of their domain. Despite the release of over 200
viruses each month in the USA alone, the hackers "propensity for
expensive mischief" remains little more than that. Lacking
co-ordination, they rarely cause anything more than a headache for
businesses and the IT security firms that protect them.

The greater danger comes from those with more experience,
determination and guile, to whom notoriety (or, as has been alleged in
certain instances, financial reward) is often the primary goal. Kevin
Mitnick is regarded as a martyr to hackers. A spate of attacks on some
of the largest Internet sites, including Amazon.com and CNN, followed
the end of a case against him that covered 25 counts of computer and
wire-fraud. David Smith, a computer programmer and the source of the
Melissa virus, faces up to 10 years imprisonment and a US$100,000
fine. Their exploits encourage those with more malicious intent.

[...]

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".