Date: Fri 01-May-1998
Date: Fri 01-May-1998
Publication: Bee
Author: CURT
Quick Words:
iinfo-Internet-Brand-hackers
Full Text:
INTERNET INFO FOR REAL PEOPLE: Hack Attack
By Bob Brand
Breaking into computer systems is called hacking. Unless the "perp" has
permission, it is a crime. The Feds are turning up the heat. In March 1997, a
Massachusetts teenager successfully slipped past security barricades at Bell
Atlantic, brought down the airport control tower at the Worcester, Mass.,
airport for six hours, disrupted the telephone service in Rutland and broke
into a Worcester pharmacy computer. This kid accepted a plea bargain. He is
currently serving two years' probation and is forbidden to access computer
networks. In addition, he must complete 250 hours of community service, pay
Bell Atlantic $5,000 restitution and forfeit the hardware and software used in
the attack.
The good news is that Bell Atlantic has now shored up its defenses so that
this invasion cannot occur again.
The Double-Edged Sword
Attacks by hackers on government, university and corporate systems are on the
rise. Just recently MOD ("Masters of Downloading") broke into Pentagon
computers. Frequently, the press sensationalizes these incidents with a
portrait of a self-styled MacGyver who can break into large, secure
super-computers with a paper clip, a butane cigarette lighter and a Swiss Army
knife. This plays on the image of Matthew Broderick nearly starting World War
III in the 1983 movie War Games or Tom Cruise hanging from the wires
reprogramming a computer in Mission Impossible. While some of these "teenage"
hacks have been disruptive (even potentially life threatening), they often
uncover severe security breaches in systems that terrorists or
country-sponsored espionage agents can exploit for much greater damage.
In any event, law enforcement agencies are sending a strong and clear message
to both current and future hackers: "If you break in and we catch you, be
prepared to pay."
Kevin Mitnick
The super-heated media-hyped notorious serial cracker (a hacker who breaks in
to commit malicious acts) is 34-year-old hacker Kevin Mitnick. He has become
the poster boy for teen hackers. After a three-year chase, he was captured in
North Carolina in February 1995. He has attained folk hero status, in part,
because of sensationalized reporting in The New York Times . He is cooling his
keyboard in a Los Angeles jail awaiting trial. He faces 25 counts of wire and
computer fraud and a host of other charges. Mitnick has been immortalized in
Takedown , written by New York Times reporter John Markoff and The Fugitive
Game by Jonathan Littman. Some hackers get caught, change their ways and move
on to more productive lives. Not Mitnick. This latest series of charges, if
the government can provide the evidence, could put him behind bars for a long
time.
The Good Guys
In a secret warehouse somewhere outside of Boston, a seven member techno-nerd
squad of hackers often works until dawn. These guys work by day and hack by
night. Unlike Mitnick and his ilk, the seven members of LOpht (pronounced
loft), break into systems for the purpose of finding security flaws. In a 1997
"Mudge, " a professional cryptographer teamed up with another LOpft colleague
to steal the entire registry of Windows NT passwords. This was done with
software they created. They, now, sell the program that performs this dubious
achievement from their website. The $50 program, LopftCrack 2.0, can be given
a free test drive for 15 days. Scary! Once loaded on a network, LopftCrack 2.0
lays in wait, like a deadly predator, for a password (pw) to travel across the
wire. It takes a digital "picture" of the pw as it passes by and stores the
prize for the hacker to retrieve. The website boasts 48,000 downloads to date.
The software is made available to computer system administrators so they can
protect their networks.
Wild Growth
Jack Rickard of Boardwatch Magazine states there are now over 4,500 ISPs
(Internet Service Providers) in North America alone. With so many newcomers to
the ranks of the ISP marketplace, security against sophisticated intrusion is
a problem. Malicious hackers can break into unsuspecting networks and launch
attacks to other parts of the Internet. The flaws found by the LOpft group can
only be neutralized if the software manufacturers promptly plug the security
holes and the network administrators install the patches. Sadly, the hectic
growth of the Internet and other networks combined with overworked and often
understaffed ISPs and network administrators means that fresh holes in
security open as quickly as others are closed. We will continue to hear about
break-ins from hackers and crackers.
URLs (Uniform Resource Locators) of interest:
http://www.l0pht.com/
http://www.washingtonpost.com/wp-srv/frompost/april98/hacker4.htm
http://www.chicago.tribune.com/splash/article/0,1051,SAV-9804120386,00.html
http://us.imdb.com/Title?WarGames+(1983)
http://us.imdb.com/Title?Mission%3A+Impossible+(1996)
(This is the 101st of a series of elementary articles designed for surfing the
Internet. Next, "Juno and John Dvorak" is the subject on tap. Stay tuned.
Until next week, happy travels through cyberspace. Previous issues of Internet
Info for Real People (including links to sites mentioned in this article) can
be found: http://www.thebee.com. Please e-mail comments and suggestions to:
rbrand@JUNO.com or editor@thebee.com.)