Hackers often claim that they fulfil a grand and noble purpose, but a European hacker (or cracker, as the hackers would term him) has lent a whole new twist to the practice and the topic of information security.
There`s a nasty little trend in the industry of companies knowing full well that they have security flaws in their products and not doing much about them, or failing to advise users.
Ian Melamed, MD, Ian Melamed Secure Computing
Identifying himself as Bulgarianboy, the hacker effectively shut down a US Internet service provider (ISP), Eagle Network, for 11 days. The hacker held Eagle Network ransom for a variety of political and monetary demands, chiefly that the Web site of Californian-based antiwar.com, which it hosts, be taken offline.
Bulgarianboy took control of the company`s router and crippled it, preventing technicians from regaining control of the device. It was damaged beyond repair, which in theory is impossible; this is one of the very few instances of hardware being damaged by an attack.
The mechanisms he used:
- First he set up a password sniffer to gain access to the system. Then he used a buffer overflow to overload the server.
- With the router`s administrative password in hand, he instructed it to block all external access. His control was complete and terminal: the router has had to be replaced.
- Bulgarianboy was untraceable, covering his tracks so fast that he evaded all attempts at detection, but he was tracked as far as Amsterdam. There`s a school of thought that says if the rest of the world finds out how he took control of the router, the entire Internet could be at risk.
- Perhaps the ultimate endorsement of the view that the world is being overrun by cybercrime comes from Interpol, which confesses it is "overwhelmed" by the wave. "We hadn`t expected the explosion to happen as it did," said the organisation`s secretary general Raymond Kendall at a conference in London.
- Kendall said the rise in electronic crime has crippled government law enforcement agencies, reducing their ability to respond to offences. Interpol and a number of industry watchers have subsequently called for concerted collaboration between industry and government, across national borders, with appropriate funding if the problem is to be tackled. Agreed, but the best way is for companies to begin tackling their internal security issues; and there`s no better starting point than to move out of ostrich-head-in-sand mode. After all, it is this mode that has seen SA end up with such an appalling Aids rate.
- Nokia has incorporated McAfee anti-virus in its network security appliance. Nokia`s Intel-based box is used by enterprises which run their own network security systems and ISPs. Adding McAfee allows users to automatically download anti-virus updates from the Web to the security box. Gee, seems as if lots of companies are battling with the issue of seamless anti-virus updates.
- Sounds like the sort of thing we do on Nelson Mandela`s birthday: giving criminals a cellphone. But in fact it`s a good notion: Israel-based Dmatek, a developer of electronic monitoring technologies, has launched a cellular-based monitoring system, claimed to be the first of its kind. It will allow the tracking of criminals rendering community service. Cellular technology permits the precise pinpointing of where signals are coming from, so it would advise when a criminal has gone missing and show where he can be picked up. Can`t you just hear the bleeding heart brigade complaining already about violations of human rights?
- There`s a nasty little trend in the industry of companies knowing full well that they have security flaws in their products and not doing much about them, or failing to advise users. So US watchdog CERT is assuming this role, and in terms of its new policy, it will give software companies just 45 days to fix these flaws before it goes public with reported defects. A certain company whose products we all use will probably have some strong thoughts on this issue.
- A punishment to fit the crime... Young Canadian Steven Boudrias may not use the telephone until 2003 after he broke into the voicemail system of the Montreal Urban Community police. He will first spend 18 months in jail. The phone is like a drug and its use an addiction for the 20-something who says it`s "like a sickness for me". You have lots of soulmates in Sandton City, Steven.
(Sources: Computer Wire, Silicon.com and ZDNet)
Share
