Motivation to Hack

[William Knowles <wk () C4I ORG>]

Published by ITworld.com, the IT problem-solving network
http://www.itworld.com/newsletters

---------------------------------------------------------------------

Motivation to Hack
By Carole Fennelly

Every system connected to the Internet is exploitable by someone with
sufficient motivation. The most common motivation is ego-gratification
and it drives all the script-kidiots to deface Web sites -- digitally
spray-painting their name on the Internet and brag to their friends.  
Usually, the sites they hit are pretty easy targets and the defacement
is a yawn to the rest of us.

A more compelling motivation is retaliation. JP Vranesevich, founder
of AntiOnline and a pariah in the hacker community, inevitably had his
security compromised by a determined hacker. Word of the AntiOnline
intrusion spread very quickly; the intention clearly was to embarrass
Vranesevich, not steal or subvert information.

I recently received an advance copy of Adam Penenberg's new book
"Spooked: Espionage in Corporate America"  
(http://www2.bestbookbuys.com/cgi-bin/bbb.cgi?ISBN=0738202711). It
addresses a chilling motivation for penetrating systems: espionage.  
Adam writes, "The U.S. Chamber of Commerce believes espionage has led
to losses to corporate shareholders of about $25 billion a year in
intellectual property."

As the character Deep Throat said in "All the President's Men", follow
the money. Money is probably the most persuasive motivator. Yes, there
are those people who can't be bought but sadly, the majority of people
have their price. Corporate espionage is a multi-billion dollar
industry.  Many companies maintain an entire division devoted to
gathering Competitive Intelligence (CI) and in some countries,
governments sponsor corporate espionage. Much of "Spooked" details the
conventional methods of intelligence gathering and cites specific
corporate espionage cases. With this much effort and expense put into
conventional intelligence gathering techniques, it's obvious that the
spy community will take advantage of the intelligence gathering
opportunities the Internet provides.

Microsoft:  The company that everyone loves to hate For years,
Microsoft has been a favorite target of hackers. Talk about bragging
rights! Despite their reputation for poor software security, Microsoft
takes their network security pretty seriously. Thus, Microsoft haters
were delighted by the recent news of Microsoft's own network being
penetrated. So, why didn't someone take credit, even under a
pseudonym? Microsoft, not a hacker bulletin board, reported the
intrusion. Whoever did this kept it very quiet. Why?  
http://www.hackernews.com/arch.html?102700

Microsoft has reverted to their usual PR spin -- down playing the
situation by saying they knew about the hackers all along and were
monitoring them. A news article on the Microsoft site states: "The
hacker may have viewed the source code for a single future product
under development. Our investigation has confirmed that it has not
been modified or corrupted in any way. We have no evidence to suggest
that the hacker gained any other access to any other source code."
http://www.microsoft.com/technet/security/001027.asp

The fact that they have "no evidence" does not prove the source code
used to produce Microsoft software wasn't copied. Even if Microsoft
audited every machine of every internal and remote user (assuming each
machine had auditing capabilities turned on), there is no way to
ascertain the source code wasn't copied.

I once worked at a research facility of a foreign company that was
penetrated by a group out of the Netherlands. After we learned of the
penetration and went through the logs on the backup tapes, we realized
the intruders had been in the system for at least 6 months. Why were
they so quiet? Because the best thefts are the ones you never know
about and information theft is big business.

Inevitably, Competitive Intelligence groups will recruit hackers to
work for them. The only question is:  Can they be trusted to keep
their mouths shut?

About the author(s)
----------------
Carole Fennelly: Carole Fennelly is a partner in Wizard's Keys
Corporation, a company specializing in computer security consulting.
She has been a Unix system administrator for almost 20 years on
various platforms, and provides security consultation to several
financial institutions in the New York City area. She is also a
regular columnist for SunWorld (http://www.sunworld.com). Visit her
site (http://www.wkeys.com/) or reach her at
carole.fennelly () sunworld com.

--------------------------------------------------------------------
RESOURCES

Security Information Website Hacked 
http://www.vnunet.com/News/1113199

Statement from AntiOnline
http://www.antionline.com/cgi-bin/News?type=antionline&date=10-30-2000&story=hackz.news

Attrition Mirror
http://www.attrition.org/mirror/attrition/2000/10/28/www.antionline.com/

Microsoft says it knew of hacker all along
http://www.cnn.com/2000/TECH/computing/10/30/microsoft.hackers.ap/index.html

If Hackers Were Smart by Brian Martin
http://www.hackernews.com/bufferoverflow/99/stateofnet.html

Hacker attacks Microsoft's network 
FBI is investigating the theft
http://www.itworld.com/jitw/unxsec_nl/cma/ett_article_frame/0,,1_3212.html

Was hack attack Microsoft's own fault? 
Observers criticize software giant?s attitude towards security 
http://www.itworld.com/jitw/unxsec_nl/cma/ett_article_frame/0,,1_3226,00.html

Microsoft says it had eye on hacker all along
http://www.itworld.com/jitw/unxsec_nl/cma/ett_article_frame/0,,1_3287.html

--------------------------------------------------------------

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".