Hackers Not Wanted for Hack Job

[InfoSec News <isn () C4I ORG>]

http://www.wired.com/news/business/0,1367,39093,00.html

Reuters
9:20 a.m. Sep. 27, 2000 PDT

LONDON -- A British IT company launched an anti-hacking unit Wednesday
but said some of the best qualified candidates -- the hackers -- need
not apply.

Guardian IT Plc said IXsecurity, formed from a Swedish company it
bought last year, would hack into big corporations -- but only with
their consent

The unit, which sees itself as capable as a hacker, is trying to tap
the rapidly growing market for companies keen to protect themselves
from cyber attacks.

These attacks, hitting Internet banks, government and defense
agencies, Web portals and others, have grown more serious as once
stand-alone computer systems become linked permanently to the outside
world, despite firewalls, passwords and other defenses.

"Companies are putting their business-critical systems out on the Web
through an Internet interface and opening themselves up to hackers,"
said Christer Stafferod, IXsecurity's general manager.

Guardian, the second largest data backup company in Europe behind IBM,
hopes to turn IXsecurity into a world leader in the nascent market for
anti-hacking penetration testing.

"We have a strong brand and a massive client list in Europe," said
Stephen Bean, Guardian's marketing director.

IXsecurity's top anti-hacker Ian Vitek, a former security guard, gave
a demonstration of how easy it was to break in.

Human sloppiness means that, armed with basic software, hackers can
often sniff out usernames on a company's server, run through the
commonest passwords and gain access.

All it may take is one user with an obvious password -- such as
"password" or his own username -- and the hacker is in.

Four-fifths of companies IXsecurity tested in Sweden over the last
year were successfully hacked.

But despite their unparalleled skills, hackers -- at least those who
were caught -- won't be welcome to join the company, which hopes to
add another 40 people to its small staff.

"I am not a hacker and we don't hire hackers. No criminals will work
here -- it's a matter of trust for our clients," Vitek said.

He said some rivals even paid hackers' court fines in order to tempt
them into a job, and condemned this as a practice that would encourage
cyber vandalism.

IXsecurity plans to extend services to France and Germany next year.
One-off anti-hacker tests cost around $10,000.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".