Date: Fri 01-May-1998

Publication: Bee

Author: CURT

Quick Words:

iinfo-Internet-Brand-hackers

Full Text:

INTERNET INFO FOR REAL PEOPLE: Hack Attack

By Bob Brand

Breaking into computer systems is called hacking. Unless the "perp" has

permission, it is a crime. The Feds are turning up the heat. In March 1997, a

Massachusetts teenager successfully slipped past security barricades at Bell

Atlantic, brought down the airport control tower at the Worcester, Mass.,

airport for six hours, disrupted the telephone service in Rutland and broke

into a Worcester pharmacy computer. This kid accepted a plea bargain. He is

currently serving two years' probation and is forbidden to access computer

networks. In addition, he must complete 250 hours of community service, pay

Bell Atlantic $5,000 restitution and forfeit the hardware and software used in

the attack.

The good news is that Bell Atlantic has now shored up its defenses so that

this invasion cannot occur again.

The Double-Edged Sword

Attacks by hackers on government, university and corporate systems are on the

rise. Just recently MOD ("Masters of Downloading") broke into Pentagon

computers. Frequently, the press sensationalizes these incidents with a

portrait of a self-styled MacGyver who can break into large, secure

super-computers with a paper clip, a butane cigarette lighter and a Swiss Army

knife. This plays on the image of Matthew Broderick nearly starting World War

III in the 1983 movie War Games or Tom Cruise hanging from the wires

reprogramming a computer in Mission Impossible. While some of these "teenage"

hacks have been disruptive (even potentially life threatening), they often

uncover severe security breaches in systems that terrorists or

country-sponsored espionage agents can exploit for much greater damage.

In any event, law enforcement agencies are sending a strong and clear message

to both current and future hackers: "If you break in and we catch you, be

prepared to pay."

Kevin Mitnick

The super-heated media-hyped notorious serial cracker (a hacker who breaks in

to commit malicious acts) is 34-year-old hacker Kevin Mitnick. He has become

the poster boy for teen hackers. After a three-year chase, he was captured in

North Carolina in February 1995. He has attained folk hero status, in part,

because of sensationalized reporting in The New York Times . He is cooling his

keyboard in a Los Angeles jail awaiting trial. He faces 25 counts of wire and

computer fraud and a host of other charges. Mitnick has been immortalized in

Takedown , written by New York Times reporter John Markoff and The Fugitive

Game by Jonathan Littman. Some hackers get caught, change their ways and move

on to more productive lives. Not Mitnick. This latest series of charges, if

the government can provide the evidence, could put him behind bars for a long

time.

The Good Guys

In a secret warehouse somewhere outside of Boston, a seven member techno-nerd

squad of hackers often works until dawn. These guys work by day and hack by

night. Unlike Mitnick and his ilk, the seven members of LOpht (pronounced

loft), break into systems for the purpose of finding security flaws. In a 1997

"Mudge, " a professional cryptographer teamed up with another LOpft colleague

to steal the entire registry of Windows NT passwords. This was done with

software they created. They, now, sell the program that performs this dubious

achievement from their website. The $50 program, LopftCrack 2.0, can be given

a free test drive for 15 days. Scary! Once loaded on a network, LopftCrack 2.0

lays in wait, like a deadly predator, for a password (pw) to travel across the

wire. It takes a digital "picture" of the pw as it passes by and stores the

prize for the hacker to retrieve. The website boasts 48,000 downloads to date.

The software is made available to computer system administrators so they can

protect their networks.

Wild Growth

Jack Rickard of Boardwatch Magazine states there are now over 4,500 ISPs

(Internet Service Providers) in North America alone. With so many newcomers to

the ranks of the ISP marketplace, security against sophisticated intrusion is

a problem. Malicious hackers can break into unsuspecting networks and launch

attacks to other parts of the Internet. The flaws found by the LOpft group can

only be neutralized if the software manufacturers promptly plug the security

holes and the network administrators install the patches. Sadly, the hectic

growth of the Internet and other networks combined with overworked and often

understaffed ISPs and network administrators means that fresh holes in

security open as quickly as others are closed. We will continue to hear about

break-ins from hackers and crackers.

URLs (Uniform Resource Locators) of interest:

http://www.l0pht.com/

http://www.washingtonpost.com/wp-srv/frompost/april98/hacker4.htm

http://www.chicago.tribune.com/splash/article/0,1051,SAV-9804120386,00.html

http://us.imdb.com/Title?WarGames+(1983)

http://us.imdb.com/Title?Mission%3A+Impossible+(1996)

(This is the 101st of a series of elementary articles designed for surfing the

Internet. Next, "Juno and John Dvorak" is the subject on tap. Stay tuned.

Until next week, happy travels through cyberspace. Previous issues of Internet

Info for Real People (including links to sites mentioned in this article) can

be found: http://www.thebee.com. Please e-mail comments and suggestions to:

rbrand@JUNO.com or editor@thebee.com.)