Study says not all hackers are real computer wizards

[InfoSec News <isn () c4i org>]

http://hoovnews.hoovers.com/fp.asp?layout=displaynews&doc_id=NR20020217670.2_26ed000c82ac96e7

Tina Arceo-Dumlao
02/18/2002 

SINGAPORE - Watch enough movies involving cybercrime and you would get
the impression that crackers (often referred to as computer hackers)  
have high IQs who just decided to use their intelligence for evil.

The disturbing truth, however, is that most crackers or hackers are
just bored, antisocial kids who have little knowledge about the
Internet but have a lot of time on their hands.

These individuals' idea of fun is to penetrate the websites of even
the biggest corporations and leave behind as much damage as they
could. The bigger the company, the greater the challenge.

Jeff Portelli, senior vice president of MasterCard International, said
in a conference here on MasterCard's e-business tools, that studies
revealed that less than 10 percent of crackers are competent
programmers. The rest are ordinary individuals with just the most
basic knowledge of how to work the computer.

Portelli explained that it was quite easy for people with the time and
intent to break through a website as the Internet was filled with
websites where the potential hackers could get step-by-step
instructions.

There are over 30 hacker publications in the market, 440 hacker
bulletin boards and 400,000 websites dedicated to "hacking tips."

These include hackers.com, securityfocus.com, www-berlin.ccc.de,
rootshell.com, 2600.com, insecure.org and piracy.com.

Mark Patrick, MasterCard vice president for interactive services, said
hacking has become so prevalent that at least one cybercrime is
committed every 20 seconds. The US government alone said that it would
likely experience over 300,000 Internet attacks this year.

Patrick said hackers spend the time and effort to penetrate websites
because of the intellectual challenge, gang mentality, recognition,
theft of information, vandalism, blackmail, sabotage -and for the most
extreme cases-terrorism.

There are seven phases, he said, to a successful hacker attack.

First step is the reconnaissance, where the hacker gathers information
about the target network, followed by the probe and attack of the
website where the hacker finds weaknesses in the website and deploys
the required tools.

The third step is establishing a toehold where the hacker exploits
weaknesses and enters the website, followed by advancement or gaining
privileged access and the stealth.

Once their tracks are covered, the hacker then steals information, the
most popular of which are lists of credit card numbers. Finally, the
hacker takes over the website.

Even the biggest websites have not been spared. These include
amazon.com, Microsoft, Yahoo and e-Bay. CDNow, one of the largest
online retail websites, was even forced to close down its operations
following a particularly brutal hacker attack.

It is hard to quantify the losses incurred due to hacking but a report
in 2000 estimated that losses due to hacking of websites could reach
as high as $1.6 trillion.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.