High-stakes hacking, Euro-style

[William Knowles <wk () C4I ORG>]

http://www.msnbc.com/news/479105.asp

By Bob Sullivan
Oct. 23, 2000

In the United States, a hacker is usually viewed as a teen-age,
blue-haired nuisance who defaces Web sites. Maybe he ends up in court,
and even in handcuffs but he doesnt end up hanging from a tree. Not
the case in Europe, where a legendary 27-year-old German computer
hacker was found hung by his own belt in a Berlin park two years ago.
On that side of the Atlantic, a place where stealing Internet access
is sometimes a necessity and computer hardware is often archaic,
hacking is hardly a game.

YOU DONT HAVE to look much farther than the Chaos Computer Club to see
that the stakes are higher in Europe for computer hackers. Tron, a CCC
member, was one of the great young computer minds in Europe. He was
the first to take apart telephone cards and remodel the computer chips
inside to make the cards self-charging meaning free phone calls,
forever.

In November of 1998, Tron Boris Floricic was found dead in a Berlin
park. Police ruled it a suicide, but family, friends and the CCC say
foul play was involved.

Perhaps Tron refused to share his secrets with the Russian mafia,
speculated one member of the computer underground who asked not to be
identified. Or perhaps he just broke into the wrong computer.

No clear evidence was ever made public that supported the suggestion
of foul play in Floricics case. But even the possibility of the
assassination of a computer hacker something U.S. hackers havent had
to face keeps the European computer underground a bit more sober.

WHATS DIFFERENT ACROSS THE POND

The difference between the American and European hacking worlds will
be a hot topic this week in Amsterdam, as the first international
version of Def Con, the annual hacking convention in Las Vegas, gets
underway.

It is difficult, of course, to make sweeping statements about computer
hackers across all of Europe. But there is a general impression that
metered access to the Internet, antiquated hardware and fewer
get-rich-quick job opportunities make hacking in Europe a much more
serious affair. For starters, Europeans hackers are usually on a
mission.

They are good phreakers because they have to be, said a hacker called
ktwo, a Canadian-based security consultant who works in Eastern Europe
several months of the year. Phreaking is stealing telephone services.
Necessity is the mother of invention, right? They have a need for
Internet access and they dont want to pay million-dollar phone bills.

They also generally tend to forgo high-profile Web defacements and
self-promotional notes to the media; instead, Europeans often attach
their work to human rights or environmental causes. Hacker conventions
there often include as many political speeches as technical seminars.

U.S. hackers are basically proving things to themselves for ego.
European hackers include a significant number of individuals motivated
by political, religious, and cultural deeply held beliefs, said
GartnerGroup computer security analyst William Malik.

In contrast, many of the computer attackers who manage to get media
attention in the U.S. tend to be script kiddies who spend their time
defacing Web pages. Of all the Web site defacements archived by
Attrition.org since 1995, nearly 3,400 have targeted sites Web sites
ending with .com, generally U.S. commercial sites. During that time,
only 34 .fr French sites were targeted, 98 .de German sites, and 22
.ie Irish sites.

NOT OUT FOR FAME

Among so called white hat hackers computer security experts who find
vulnerabilities and make their work public the motivation is very
different on the other side of the Atlantic. According to Russ Cooper,
who publishes many of the security flaws on his NTBugTraq mailing
list, European writers are generally after career advancement rather
than public adulation.

In America, its about getting fifteen minutes of fame, Cooper said.
There its about getting a better job, about building your career.
Cooper pointed to a recent case in which a white hat found a flaw in
Microsoft software, noting that what he wanted out of Microsoft was
not free software but a letter to add to his resume.

MORE DISCIPLINED, MORE DANGEROUS

There is also a sense that classically trained European computer
scientists are more disciplined that computer security experts in the
U.S., who often are largely self-taught. Europeans must make the most
of the limited computer equipment they have, forcing them to push the
limits of their hardware.

Plus, computer security professionals make lower wages than their U.S.
counterparts, giving them incentive to use their skills for their own
gain.

Its their ability to code which makes them more dangerous, and they
are more dangerous, said a security consultant who protects computers
at a large U.S.-based brokerage. While many hackers in the U.S. cut
and paste snippets of computer code to attack companies, Europeans
hackers are much more likely to develop unique attack code on the
spot, he said. Programmers from Bulgaria, from Russia, they are good.

And they pick big targets. In August, Eircom, Irelands largest
Internet service provider, had to change passwords for all its 240,000
customers after a hacker gained access to the companys systems. One
day later, a virus writer adapted the notorious ILOVEYOU program to
steal account numbers from United Bank of Switzerland customers.

Lofty targets are a long-standing tradition in Europe. Tom Talleur,
now a consultant with KPMG, was in charge of new technology security
at NASA nearly two decades ago when he says the Chaos Computer Club
issued a bounty for anyone who could break into the Command and
Control Center for the U.S. Space Shuttle program.

The Chaos Computer Club did not respond to e-mail interview requests.
Asked if anyone ever got into the Space Shuttle computers, Talluer
would only say Not that Im aware of.

In a well-known televised incident, the CCC demonstrated its ability
to exploit Quicken personal financial software in 1997 by using the
software to transfer funds between accounts without use of a password.
Similar to high-profile U.S. hacker groups like the Cult of the Dead
Cow, the CCC views itself as a research group which publicizes
security problems in an attempt to call attention to them.

The CCC is probably the most well-known European hacker organization.
In fact, club member Andy Mueller-Maguhn was recently elected to the
board of the Internet Corporation for Assigned Names and Numbers, the
organization that oversees the running of the Internet. CCC members
must agree not to hack for commercial gain and to disclose security
problems they discover.

ORGANIZED CRIME, TERRORISM

In the murky virtual world of the cybercrime, such overt examples of
computer hacking are hard to come by; the underground is full of
unproven tall tales and wild rumors. But both Talleur and Malik think
organized crime and even government sponsorship are behind the flavor
of Europes volatile computer underground.

We know that suspected members of organized crime and terrorist
organizations have been making contact with members of the Chaos
Computer Club in Berlin at their summer conference, Malik said. The
biggest concern is the pool of talented hackers in the Balkans where
the former Soviet Union concentrated its programming expertise.

For example, he said, during the Kosovo crisis Balkan hackers forced
the U.S. military to stop giving out details on personnel because of
fear the details would lead to harassment or offer hints for hacking.

Thats why we stopped seeing Capt. John Doakes from Omaha, Neb.,
commander of the 451st wing and instead saw NATO commander, bomber
wing.

Jeff Moss, who runs the Las Vegas version of Def Con and is hosting
the European version this week, thinks economic motivation plays a big
role in the ferocity of Euro attacks.

There is not a lot of startup fever in Russia, he said. And there are
a lot of computer-skilled people. Sometimes the only employment is in
shady areas.

But Talluer thinks the big difference between European and U.S.
hackers is the prevalence of state-sponsored attacks. While working at
NASA he would often attempt to chase down computer attackers based in
Europe. Usually, local authorities assisted in the hunt. But on at
least one occasion, he was met by investigators who were intentionally
unhelpful.

The agency was overtly cooperative, but when you sit down with someone
for a beer and you get the wink, and then they say If we called you in
the U.S. and you checked into it and found out it was your CIA doing
it, would you tell us?

TOO MANY HACKER MOVIES?

While the underground readily offers up these kinds of stories, the
tales are often short on details so short that there are those who
think they are the product of hackers, and journalists, with an
overactive imagination.

What you see there is almost all nickel and dime stuff, said a
security expert named Ktwo, who works in Eastern European countries
several months each year. Free phone calls, free cable, free satellite
TV, that kind of thing. Stealing money from a financial organization,
or valuable information from a Western company, is difficult to
accomplish, and even more difficult to profit from.

Its not as easy as anyone thinks, he said. Say you get insider
information from a Western company, how is that of value? Who do you
sell it to? Its a really complex game.

And the suggestion that computer criminals in Europe hit on loftier
targets than their counterparts in the U.S. is a mistake, according to
security consultant Joel de la Barza of Securify.com. He assists in
computer crime investigations.

I think there are more attempts in the U.S. to break in and take
money, he said. But in America there is a lot of background noise.


*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".