|
|
|
| Contact Us | Links | Classified | Home |
| Business
News Business Roundups Australia Canada Europe United States Careers Classified Feature Article Information Technology New Technology Education News World Facts Book Reviews Archives/Research Tell your friends about this page |
|
Hackers for hire keep firms safe Digital hit-and-run Computer attacks and cyber-crime is becoming more virulent, and corporate
systems managers should move quickly to plug holes in their networks. Burglars often leave fingerprints, are seen by eyewitnesses, or trip up and reveal their connection to stolen items. Electronic criminals, however, can mask their identity by forwarding email through anonymous re-mailing servers or through encryption, and what they steal, damage, or just view without authorization can go long unnoticed. White-hat hackers - the good guys - are hired to hack into a client's network and expose its weaknesses so they can be fixed. The value of such legitimate hacking was underscored in February when Internet vandals shut down some marquee Web sites by flooding them with requests for information. These digital hit-and-run attacks - a technique known as denial of service - jammed Web sites like Amazon.com, eBay and Yahoo! by sending meaningless messages that tied up the sites computers for hours. In such attacks, a hacker hides tools, known as daemons, on hundreds or even thousands of innocent third-party computers. The daemons can be triggered later from a remote location to launch simultaneous attacks on a single target, such as Yahoo! or eBay. The attacking daemons give false addresses so they are harder to trace. Tracking down the culprits may take time as investigators wade through hundreds of computer records. The nation's top law officials have said the hackers involved were sophisticated enough to falsify their digital fingerprints. Attorney General Janet Reno said such a disguise technique ``makes it difficult, and sometimes impossible, to hold the perpetrator criminally accountable.'' The electronic assault showed that companies rushing to do business online need computer gatekeepers who are well versed in the art of hacking. Secure Computing Corp, a San Jose, California, based company is a leading provider of complete network security solutions, spanning firewalls, identification, authentication, extranet Web access, and network security services. "We have a very competitive marketplace with some established players. We believe our strategy of focusing on providing safe, secure extranets sets us apart," said John McNulty, Chairman and CEO. Mr McNulty says the exciting aspect of the companies market is that it obviously going to grow as the Internet grows. Thin line between Hacker and Cracker Although hacking has been broadly described as an illegal practice, many who have used computers to subvert and manipulate networks distinguish hacking from 'cracking.' Experts say that hackers are not criminals but are mischievous, inquisitive and who apply their skills to gain knowledge - characteristics of scientists rather than criminals. Crackers, on the other hand, have malicious intentions, and, they are loathed by devout hackers who for years have tested the limits of computers as an avocation, experts say. Those who wish to straddle the thin line between hacker and cracker risk falling over the fence. If you break in without authorisation it might be a misdemeanor depending on which state, province or country the firm is based in. Negligent, unintentional damage is a misdemeanor punishable by 6 months to a year in prison and a $100,000 fine. If you break into a site with a view to taking or obtaining something it's a felony. If the damage is intentional, the penalties range from six months to five years in prison and a fine of up to $250,000 for the first offense, and up to 10 years in prison for the second offense. Victims can sue for restitution. The U.S. penalties apply even to foreigners if they use a U.S. computer system in the attack. The important thing is - it's still a crime - whether you were doing it for the thrill or with more serious intentions. e-Security consultants run attack-and-penetrate exercises on clients' networks if that is what the client requires. They love their jobs. Many started messing with the dynamics of computers before they were teenagers and now they work until late at night, hacking, to show how vulnerable a Web site can be without the right security. Their jobs involved using publicly available tools to find potential vulnerabilites. Tools such as PalmPilots or ISDN lines. But for all the fun that such computer jockeys enjoy on the right side of the law, woe betide those who cross over. Annual cybersecurity conference So says Jennifer Stisa Granick, a San Francisco-based criminal defense lawyer who specializes in cybercrimes. Ms Granick spoke last year at Black Hat Briefings, an annual cybersecurity conference in Las Vegas. Her clients include arch-hacker Kevin Poulsen, who in the early 1990s ran riot through Pacific Bell's computer system, electronically swiped a Porsche from a radio station, and evaded pursuing Feds for 17 months before winding up behind bars on a four-year sentence. Ms Granick says many hackers get into trouble because of poor judgement not because of some malicious intent. But as cybercrime is an unknown quantity, they usually get the book thrown at them. Some of the most brilliant computer minds are blackballed from the industry. Often, they are barred from even owning or having access to computers. A teen-age hacker in New York, sentenced to five years without a home computer will need approval to even touch a terminal for work or school, a judge ruled last month. Unlawful possession of credit card information, unauthorized intrusions into Web pages, and sending out viruses are among the most commonly prosecuted transgressions. The FBI also urged Congress last month to consider expanding use of federal racketeering ``RICO'' laws - traditionally used against the mafia and drug cartels - to apply against organized and persistent hackers. It also urged Congress to lower the $5,000 minimum in damages that victim companies must suffer before attackers can be prosecuted under federal computer crime laws. The Internet generally remains a safe place to do business. As safe, in fact, as doing business over the phone or in person. Writer: Lindsey Wood © Copyright 2001. Galt Western Personnel Ltd. Unless otherwise specified, you may reprint this article, quote from it, use it in research or projects, duplicate it or distribute it. Credit of authorship and source MUST be given to galtglobalreview.com. Ownership of Copyright remains with Galt Western Personnel Ltd.
Business
News / Business Roundup - Australia / Canada / Europe / United
States / Careers / Classified / Information
Technology / New Technology / Education
News / World Facts / Book
Reviews / Archives/Research
|