Hackers use their quest for 'trophies' to clog Web

[William Knowles <wk () C4I ORG>]

http://orlandosentinel.com/automagic/news/2000-02-11/NWSHACK11021100.html

Hackers use their quest for 'trophies' to clog Web

Chris Cobbs
of The Sentinel Staff
Published in The Orlando Sentinel on February 11, 2000 .

Hackers who shut down big Web sites may be the same type of youthful
offenders who throw eggs or spray graffiti on a building, computer
experts say. These cyberoffenders, some of whom are teenage boys
barely old enough to shave, are not motivated by a desire for profit,
but by the urge to show off and wreak digital havoc.

"It's called 'trophy hunting' when irresponsible people deploy the
tools to deny service to Web sites,' " said Steve Gorrell, program
manager for Norton Internet Security 2000, a software package designed
to protect home users from cyberintrusions. "These hackers want the
bragging rights in their community. They want to be able to boast
about bringing down a big Web site."

This week's orchestrated hacker attacks resulted in disruptions of
service at such major Web sites as Yahoo!, Buy.com, CNN, Amazon.com,
E*Trade, eBay and ZDNet.

Armed with computers and software programs, such as "Tribe Flood
Network," a hacker or hacker group flooded the Web servers that are
the backbone of prominent Internet sites.

"It's like an intellectual challenge, being able to prove yourself to
the hacker community and show you know how to penetrate any defense,"
said Peter Kasabov, chief operating officer and technical expert for
Connextions.net, an Orlando-based e-commerce company.

"There are people who would be happy doing this stuff 24 hours a day,"
he said. "When they compromise a Web site, they get recognition in the
hacker community via forums, news groups and other forms of
communication. But outsiders usually don't find out who they are."

When he heard of the attack on Yahoo!, former hacker William Knowles
didn't believe it.

"I thought someone at Yahoo! had tripped over a wire, knocked out the
site and decided to blame it on hackers," he said.

The 31-year-old reformed hacker, who works for a California Web
security firm, now views this week's attacks in a different light.
"This could be the electronic Pearl Harbor," he said.

"It's a real wake-up call. Companies have spent a lot of money to
create Web sites and get into e-commerce. Now they need to take steps
to secure their business in order to keep the public trust."

If the war on hackers isn't intensified, the next step could be even
worse.

"I'm afraid this could be a harbinger of things to come, like
electronic blackmail," said Knowles, who works for New Dimensions
International, a San Diego-area company that presents seminars to
government agencies and businesses.

"The next step might be a group threatening to shut down a site or
steal all their data if they don't get a big payoff. I wouldn't put it
past anyone [hackers]."

A lone teenager with a modestly equipped computer and friends in the
hacker community could find the necessary software tools posted on the
Internet, experts said.

"The tools are available all over the place," said Frank Keeney, a Web
security expert based in Pasadena, Calif. "You could download them and
have them up and running in a matter of minutes."

Knowles described a procedure that would allow a hacker to use, for
example, a Britney Spears picture to trick an unsuspecting home user
and then take over his computer. Using a special software program, "a
hacker could create a file called 'Britney Spears pix.' A person on
the Web would see it, click on it and the file would send computer
code that would bury itself in the person's computer. .

"Once you get the software on a machine, you have a pipeline to
servers. In fact, a scenario like that could have gone down this
week."

Hackers don't appear to be afraid of being detected and sent to
prison, Knowles said.

"Most of these guys don't feel they will ever get caught," he said.
"They're like 16-year-olds riding around on their motorcycles without
a helmet. They're just fearless. It's very strange to me that our
national computer infrastructure could be taken down by a bunch of
16-year-olds, but it's a fact of life."

Many companies and Web sites, whose budgets last year were geared to
Y2K disaster preparations, will now shift money into strengthening
their cyberdefenses, Keeney said.

In the future, security may be tightened at Web sites, said Dyan Dyer,
president of Command Antivirus, a Jupiter firm. "Because the Internet
is an open system, everybody is invited to the party," she said. "We
may have to move to a new modality with people required to enter
passwords, user IDs and account numbers to access a site."

Web-based businesses also may emulate T. Shipley, a Maitland online
gift retailer that has taken out an insurance policy with J.S. Wurzler
Underwriting Managers.

"It's just good business," said Tom Shipley, president and chief
executive officer. "You protect a brick-and-mortar store with
insurance against fire and other events. You need the same sort of
protection against Internet fraud."

Posted Feb 10 2000 10:04PM

ISN is sponsored by Security-Focus.COM