Information Security News mailing list archives
Hackers use their quest for 'trophies' to clog Web
From: William Knowles <wk () C4I ORG>
Date: Fri, 11 Feb 2000 11:29:21 -0600
http://orlandosentinel.com/automagic/news/2000-02-11/NWSHACK11021100.html Hackers use their quest for 'trophies' to clog Web Chris Cobbs of The Sentinel Staff Published in The Orlando Sentinel on February 11, 2000 . Hackers who shut down big Web sites may be the same type of youthful offenders who throw eggs or spray graffiti on a building, computer experts say. These cyberoffenders, some of whom are teenage boys barely old enough to shave, are not motivated by a desire for profit, but by the urge to show off and wreak digital havoc. "It's called 'trophy hunting' when irresponsible people deploy the tools to deny service to Web sites,' " said Steve Gorrell, program manager for Norton Internet Security 2000, a software package designed to protect home users from cyberintrusions. "These hackers want the bragging rights in their community. They want to be able to boast about bringing down a big Web site." This week's orchestrated hacker attacks resulted in disruptions of service at such major Web sites as Yahoo!, Buy.com, CNN, Amazon.com, E*Trade, eBay and ZDNet. Armed with computers and software programs, such as "Tribe Flood Network," a hacker or hacker group flooded the Web servers that are the backbone of prominent Internet sites. "It's like an intellectual challenge, being able to prove yourself to the hacker community and show you know how to penetrate any defense," said Peter Kasabov, chief operating officer and technical expert for Connextions.net, an Orlando-based e-commerce company. "There are people who would be happy doing this stuff 24 hours a day," he said. "When they compromise a Web site, they get recognition in the hacker community via forums, news groups and other forms of communication. But outsiders usually don't find out who they are." When he heard of the attack on Yahoo!, former hacker William Knowles didn't believe it. "I thought someone at Yahoo! had tripped over a wire, knocked out the site and decided to blame it on hackers," he said. The 31-year-old reformed hacker, who works for a California Web security firm, now views this week's attacks in a different light. "This could be the electronic Pearl Harbor," he said. "It's a real wake-up call. Companies have spent a lot of money to create Web sites and get into e-commerce. Now they need to take steps to secure their business in order to keep the public trust." If the war on hackers isn't intensified, the next step could be even worse. "I'm afraid this could be a harbinger of things to come, like electronic blackmail," said Knowles, who works for New Dimensions International, a San Diego-area company that presents seminars to government agencies and businesses. "The next step might be a group threatening to shut down a site or steal all their data if they don't get a big payoff. I wouldn't put it past anyone [hackers]." A lone teenager with a modestly equipped computer and friends in the hacker community could find the necessary software tools posted on the Internet, experts said. "The tools are available all over the place," said Frank Keeney, a Web security expert based in Pasadena, Calif. "You could download them and have them up and running in a matter of minutes." Knowles described a procedure that would allow a hacker to use, for example, a Britney Spears picture to trick an unsuspecting home user and then take over his computer. Using a special software program, "a hacker could create a file called 'Britney Spears pix.' A person on the Web would see it, click on it and the file would send computer code that would bury itself in the person's computer. . "Once you get the software on a machine, you have a pipeline to servers. In fact, a scenario like that could have gone down this week." Hackers don't appear to be afraid of being detected and sent to prison, Knowles said. "Most of these guys don't feel they will ever get caught," he said. "They're like 16-year-olds riding around on their motorcycles without a helmet. They're just fearless. It's very strange to me that our national computer infrastructure could be taken down by a bunch of 16-year-olds, but it's a fact of life." Many companies and Web sites, whose budgets last year were geared to Y2K disaster preparations, will now shift money into strengthening their cyberdefenses, Keeney said. In the future, security may be tightened at Web sites, said Dyan Dyer, president of Command Antivirus, a Jupiter firm. "Because the Internet is an open system, everybody is invited to the party," she said. "We may have to move to a new modality with people required to enter passwords, user IDs and account numbers to access a site." Web-based businesses also may emulate T. Shipley, a Maitland online gift retailer that has taken out an insurance policy with J.S. Wurzler Underwriting Managers. "It's just good business," said Tom Shipley, president and chief executive officer. "You protect a brick-and-mortar store with insurance against fire and other events. You need the same sort of protection against Internet fraud." Posted Feb 10 2000 10:04PM ISN is sponsored by Security-Focus.COM
Current thread:
- Hackers use their quest for 'trophies' to clog Web William Knowles (Feb 14)