Behind the Scenes at 'Hackers, Inc.'

[William Knowles <wk () C4I ORG>]

http://www.pcworld.com/pcwtoday/article/0,1510,15132,00.html

So you thought hackers were nerds in dark rooms traveling in
cyberspace to attack companies' computer systems or steal data.

Think again.

A new breed of hackers licensed to hack legally into companies around
the world, ranging from banks in Israel and Britain to e-commerce
companies in Spain, and check their systems' security, is at work in
Sweden.

The Stockholm-based private company Defcom, set up in April last year,
is a pioneer in a shadowy business that may seem more like a scene
from one of legendary American science fiction author William Gibson's
novels than reality.

But Defcom actually gets paid for hiring out its "ethical hackers" to
large companies, mostly in the banking, insurance, and e-commerce
sector around Europe.

"Nine out of ten companies we're employed to check, we can break into
through the Internet," Defcom Chief Executive Thomas Gullberg tells
Reuters. "That's a frightening statistic."

An Online Playground

The Web is becoming an ever more attractive playground for hackers as
e-commerce mushrooms in Europe and the United States, and sensitive
data is transferred over the Internet.

Hackers can break into practically any computer system if they want
to, Defcom says.

It was hard at first to bring hackers together, but Gullberg was
surprised by the willingness on the part of hackers to turn
legitimate.

"We've brought hacking to another stage, made it ethical," Gullberg
says. "We've gathered hackers under one roof. After all they're the
best in the business, they know how it's done."

Defocom's motto, displayed in one of the main hackers' rooms, sums it
up: "It takes one to know one."

The Swedish company--with an office in London--has grown to over 40
staff, of whom about half are professional hackers, aged 23 to 30. One
has a criminal record.

To boost expertise and knowledge it has also hired a police officer
from the IT security division in Sweden's national crimes prevention
unit.

Once appointed by a company to check its security system, the staff
carries out a technical analysis, then travels to the country of the
company and starts hacking.

What makes them different from some other data security firms is that
they actually make changes in their customers' computers to see
whether they can really be hacked into, Defcom says.

"We don't just go to the firewall and prove that we can break it, but
we go into the main computers," Defcom's senior cyberspace hacker, who
asked to remain anonymous, tells Reuters.

"We deliver the truth to clients. The bittersweet truth," Gullberg
says.

Bad for Business

"Security has been a big problem in the business world and it still
is. The Internet is not safe," Gullberg says.

Most illegal hacking in finance centers on stealing credit card
numbers but is expanding quickly into industrial espionage.

Defcom says an underground market known as "information broker" sites
is growing on the Web, where clients could scout around for hackers to
do their dirty work, like breaking into a company to steal corporate
data.

The need for tighter security was underscored last month when hackers
broke into online music retailer CD Universe, a unit of EUniverse and
stole 300,000 credit card numbers, demanding payment of $100,000 not
to use them.

Defcom advises its clients not to publicize their use of its services
as this could be a challenge to the hacking community.

"It's easy to break into the system. Too easy. But often customers
don't know when the companies have had intruders because they cover it
up," the top hacker says.

ISN is sponsored by Security-Focus.COM