Study Says Hacker Sites Fuel Crime

[mea culpa <jericho () DIMENSIONAL COM>]

From: William Knowles <erehwon () kizmiaz dis org>

http://www.apbnews.com/newscenter/internetcrime/1999/10/19/hacking1019_01.html

CARLSBAD, Calif. (APBnews.com) [10.19.99] -- Web sites offering
instructions and software for computer hacking are helping to fuel the
growth of cybercrime, according to a survey by a high-tech research firm.

Computer Economics Inc., an information technology consulting company,
expects computer-related crime, fueled by a proliferation of Web sites
devoted to hacking, to cost consumers and businesses more than a trillion
dollars worldwide in damages and lost revenue this year. The unscientific
survey was released Monday.

'A haven for computer criminals'

"The Internet has always been a haven for computer criminals," said
research analyst Adam Harriss. "The technologically savvy hackers have
been online swapping tips and programming for decades, but now the
information is being posted and sold at low cost in a form that even the
techno-illiterate can understand. Causing damage to machines and
infiltrating systems has become as easy as putting together a child's
Christmas toy."

He said the survey took a week to conduct and was completed earlier this
month. It focused on Web sites that in addition to providing information
also offered hacking software tools.

Harriss said he looked at a "representative" sample of more than 40 Web
sites, which included large Web sites as well as personal home pages.

"We found an amazing number of sites that do [provide software], and we
found sites that sold virus software, all types of stuff," said Harriss.

Flawed and alarmist?

Supporters of sites that post hacking information and software call the
survey flawed and alarmist.

"They make it sound as though this is a new phenomenon. Underground
information archives have existed long before the Internet. ... This is
not something new," said Space Rouge, editor of the Hacker News Network.

Harriss says the problem is that now there are many more hacking Web sites
that provide hacking tools, compared to the days of dial-up computer
bulletin board systems.

The low cost of computer crime software and hardware combined with the
dramatic expansion of the Internet into new, lesser-developed regions of
the world promises to exacerbate the hacking problem, he said.

Free speech issues involved

While one part of the hacking debate is about technology, there are also
issues of free speech concerning the availability this information and
software. A disclaimer that's typically posted on hacker-related sites
says that the information posted is for educational purposes only.

"I completely respect freedom of speech, but then there are times when
this information, whether it's given out in the best intent, can be
accessed by people who are malicious in their intent," said Harriss.

He said the survey was done mainly as an "alert" to show what is available
online. There are no suggestions or recommendations about what should be
done about these sites.

Manuals outline infiltration, pirating

Harriss said some sites tout hacking manuals as guides that help users
"search for company secrets," software that's purported to "screw up all
types of computer disks," and software that could be used to pirate other
programs -- described as "a must for anyone who doesn't want to pay full
price for software."

Manuals and software about hacking and computer crime, such as creating
viruses, counterfeiting, piracy and various types of fraud, typically run
from $8 to $60, says the survey.

Some of what the survey found online includes:

A manual that tells Microsoft users how to avoid the $10 to $35 per
incident fee for tech support after the 90 days of free support has run
out.

Software and instructions to circumvent any Internet sites that are
restricted by a "parental block."

Software, priced at $50, to remotely infiltrate the hard drives of people
in chat rooms and copy their software.

A disk, costing $42, containing over 4,000 live viruses including CIA,
Michaelangelo, JerusalemB, Dark Avenger, Darth Vader, Kool Aid, AIDS,
Rape, Keydrop, Null and Quiet.

An $8 guide to making a profit from software bootlegging.

A complete guide to hacking a Novell network for $25, with texts included.

Instructions for $30 about how to break into any Eudora account.

More people online, more crime

Space Rouge says there are many holes in the survey's findings.

"They fail to mention that demo versions of perfectly legit software are
also available at little or no cost that do much more damage than what
they mention. I am surprised that they only mention stuff that has a price
tag, as opposed to finding stuff that is freely available on the Web," he
said.

Weld Pond, a member of the software security group L0pht Heavy Industries,
said there may be more cybercrime simply because more people are online.

"The rise in e-crime is due to the fact that more and more people are
connected to the Internet using the same old insecure software that hasn't
changed much in the last three years. Personal OS's are buggy and
insecure. Mail clients, Web browsers, chat programs are all shipping with
problems and being used by more and more people, but this report is trying
to blame the very people shouting 'Look how insecure it is,'" said Weld.

He said users should be demanding secure software.

"Unless customers have the ability to test their systems for weaknesses,
they are at the mercy of black hats everywhere, be they script kiddies or
professional crackers. Unless customers put pressure on their vendors to
write more secure software, nothing will change.  The availability of
hacking tools allows people to see for themselves where the problems lie,"
said Pond.

What's posted is 'protected speech'

Mike Godwin, a fellow at the Yale Center for Internet Studies and former
counsel of the Electronic Frontier Foundation, said there is no research
that links more hacking sites to cybercrime activities.

"It is totally speculative. It's not at all clear that the people using
the sites and the people committing the crimes are the same people," said
Godwin.  He said the information posted on these Web sites is "protected
speech."

"The Supreme Court said about 30 years ago that even the mere advocacy of
illegal activity is itself protected speech. ... As long it's not aimed at
facilitating a particular crime at a particular time and place, it's
protected,"  said Godwin.

ISN is sponsored by Security-Focus.COM