Hackers of a Different Color

[InfoSec News <isn () C4I ORG>]

Forwarded by: Kelley <kwalker2 () gte net>

http://www.abqjournal.com/news/248842news02-11-01.htm

ABQjournal.com
Sunday, February 11, 2001
Hackers of a Different Color
By Jennifer McKee Journal Staff Writer

Some are pranksters. Like the group known as "scriptx," which cracked
into a Web site two weeks ago only to post a picture of a jolly fat
man wearing nothing but a Santa hat and a smile.

Some are Romeos. A guy with the online handle "psaux," for example,
cracked into more than 100 Brazilian Web sites in January to tell his
girlfriend, Kica, that he loves and wants her.

These are the folks that computer criminal "MagicFX," the guy the FBI
believes is Jerome Heckenkamp of Los Alamos, hung around with in the
cyberworld.

Hackers, crackers or script kiddies they break into Web sites or play
with the codes that run computers. Some are online good Samaritans who
raid kiddie porn sites and destroy the offending pictures. Some are
"hacktivists" who vandalize with pro-Kashmir, pro-Arab, pro-Israeli,
pro-you-name-it messages.

They are a misunderstood bunch, said Brian McWilliams, a reporter with
InternetRadio, an online news show that tracks both the Internet
industry and its problems. Not all are criminals, he said. And not all
are, technically speaking, "hackers," although mainstream society
tends to lump them under that heading.

They do not fit nicely into stereotypes, said Ross W. Nadel, chief of
the computer hacking and intellectual property unit for the U.S.
Attorney's Office in Northern California, one of a handful of federal
prosecutors specializing in computer crime.

"They're not all the 16-year-old kid in his bedroom, curious, playing
games," Nadel said.

And when they do break the law, they can cause real, quantifiable
damage even though they may not intend to.

Though we've heard about them for more than a decade, hackers are a
whole new animal.

"I do it because I'm bored," a 19-year-old Mexican e-vandal who calls
himself "malcolm-x" said in an e-mail to the Journal. "If I had a
girlfriend things would be different."

"Yeah, I could say that hacking is a social activity, because you send
out a message, you communicate," wrote another, an American hacker who
calls himself Diablo and says he works with a hacking team known as
Pentaguard.  "Hacking and defacing will always remain something only
for da underground.  If the Internet was New York, then the hacking
scene would be some ghetto like Brooklyn or something. This is our
cyber-underground."

The real hackers

Hacking is almost an elite term, McWilliams said.

The term hacker, in its strictest interpretation, refers only to
people who play with computer code the numbers, letters and symbols
that run everything from Windows to eBay. Hackers tend to be older,
gainfully employed and educated.

"There are people who like to take code apart," McWilliams said.
"These are (like) the people who used to take apart bikes or toasters,
just to see how they work."

Most people never see the code running their computer. But certain
computer languages, such as Linux, do not mask their codes behind
user-friendly windows. These programs, instead, leave the code on the
surface so hackers can readily play with it. That's not against the
law, McWilliams said, and, in fact, is considered almost high-brow in
the world of computer know-it-alls.

"Every good programmer or system administrator must also be a good
hacker,"  Diablo wrote.

Cracking is where things get subversive. The term refers to cracking
into Web sites or cracking software copyrights, like messing with code
on programs not designed for it, McWilliams said. Most so-called
hackers could easily pull it off if they wanted.

Just below crackers are script kiddies, the "lowest form" of code
tweakers according to Codeflux.com, a hacker Web site that publishes a
"jargon dictionary."

Crackers might cause problems and even break the law, but at least
they write their own code, or so goes the logic of the scene. Script
kiddies download or buy pre-packaged "scripts" that will scan the
Internet looking for vulnerable Web sites and crack into them. In a
subculture that prides itself on being smarter than the average
person, script kiddies are considered the ultimate poseurs.

Such pre-written cracking codes apparently are easy to come by,
however.  Rapt0r, an Israeli "hactivist," wrote in an e-mail that he
and his hacking team, m0sad, routinely give them away.

Seeking attention

The most visible form of so-called "hacking" is defacing ? breaking
into Web sites and replacing the homepage with messages of the
defacer's own choosing. Defacing is actually "cracking," if you're
keeping track.

Heckenkamp, 21, the Wisconsin native fired recently from his Los
Alamos job after the FBI charged him with computer crimes, is accused
of cracking into eBay and defacing its homepage. He was released on
bond from jail Thursday in California and is awaiting trial.

"It's the moral equivalent of spray-painting," McWilliams said of
defacing.  Indeed, many Web site defacements read like interstate
overpass graffiti.

"Yo admin, 'sup homie?" read one recent defacement from a cracker
group that calls itself Digital Enemy.

"Every hacker has its own reason," Diablo wrote. "For curiosity,
because we can, for the challenge, for fun. Some hack for political
reasons or because they want to share their views."

There is glory in defacements, McWilliams said, and many crackers do
it just for the attention; it showcases not only their Web design
skills and gives a sounding board for their message, but is also
electronic proof that the defacer outsmarted some poor system
administrator.

"Kissing is my hobby and (having sex) is my game," reads another
defacement, cracked by a person who goes by the handle Dr. Hacker.

Most defacers mean no real harm, McWilliams said. Many don't destroy
the old homepage and include links from their defacement to the proper
Web site. Some even offer instructions on how to fix the problem.

"Anything that's .com, .gov or .mil will get you more points,"
McWilliams said, referring to the domains that are home to,
respectively, American commercial, government or military sites.
"Among your peers, it's very cool."

Most crackers usually end up defacing sites nobody would ever see, the
sites most easily cracked. Dr. Hacker, for example, cracked the Web
site of the Magnetic Empire, a small CD wholesaler in Toronto.

A challenge, a cause

Were it not for the work of hacker-tracking Web sites, few people
would ever see the defacers' handiwork. Groups like attrition.org and
others track and post exact copies of hacked Web sites daily. One such
hack-tracker, alldas.org, tracked 69 hacks on Feb. 1 alone, and that
was just the ones it knew about.

Popular, well-known and presumably well-secured sites such as eBay ?
where customers auction off memorabilia and just about anything else ?
are the holy grail of defacers.

Heckenkamp is accused of cracking not only eBay, but several other
big-name sites Qualcomm, Juniper Networks, Exodus Communications,
Lycos, E*Trade and others.

"That's the cracker's dream," McWilliams said, "something that will be
seen by real people instead of their peers."

Growing in popularity are so-called "hactivist" groups like Rapt0r's
team, m0sad. Another, GForce Pakistan, a group of Pakistani students,
was the most prolific cracker team last year, according to
attrition.org statistics. The group typically posts messages detailing
the horrors of the Kashmiri struggle for independence and separation
from India, although one recent defacement consisted of a string of
curse words and assorted statements of bravado telling the world how
tough and untouchable GForce is.

Rapt0r wrote that he met the other members of m0sad at college in
Israel.  At first they merely tweaked with code. Hanging out on
hacker-oriented Israeli computer chat rooms, they met others and
gradually formed m0sad. At first, Rapt0r said, they didn't do any
cracking.

"We wanted to be a computer security group," he wrote. "But then the
conflict with Arabs started in Israel and the TV showed pictures that
we couldn't believe in. The TV shows poor Arabs, but not the Israeli
people that die there every day. We wanted the world to know what
really happens there."

One recent m0sad defacement shows video of what the group says is an
Israeli-sympathizing Palestinian being shot in the face by other
Palestinians. "We do not deface or hack sites of other countries, only
Arabs," Rapt0r wrote.

Tallying the cost

Defacing may be the public's only glimpse at computer crime, but
according to McWilliams and the Justice Department's Nadel, defacers
are not the Internet's most upsetting criminals.

"Credit-card-number theft seems to happen fairly often," McWilliams
said.  "And (the thefts) often go unreported." And that's not the only
problem encountered in finding and prosecuting computer criminals,
Nadel said.  Cyber crime is relatively new; many people still have the
idea that it's a "victimless" crime.

Far from the case, cyber-criminals can cause millions of dollars in
damage, even if they're only attempting to show off, Nadel said.

Some computer criminals don't merely break in to Web sites, they go
further and penetrate a company's computer system. Once inside, they
can destroy or change documents, steal passwords, intercept e-mail and
otherwise wreak havoc. Some will attach so-called "sniffers" to a
system almost imperceptible codes that scan all outgoing and incoming
messages and gain access to proprietary information.

"Like an invisible eavesdropping device," Nadel said.

He estimates total damages in terms of both hours spent cleaning up
after the cyber vandal and the cost of securing the system. In
Heckenkamp's court case, Nadel who is helping to prosecute the Los
Alamos man has pegged damages at $900,000.

But McWilliams disputes the estimates.

"I think those charges are kind of trumped up," McWilliams said. "It's
always amazing the number tossed around by law enforcement on these
crimes."

Many in the cracking community argue that any corporation with lax
enough electronic security especially an online giant like eBay to be
cracked by a college kid deserves what it gets. The FBI, consequently
they argue, shouldn't spend its time or money doing what the company
should have done in the first place. Neither McWilliams nor Nadel
agree with that argument.

"In the real world, we expect the police to be there," McWilliams
said.  Arguing that eBay "asked for it" is like saying people deserved
to be robbed for having locks that criminals can break.

"I don't think you could accuse eBay of being negligent," he said.
"You expect them to take reasonable measures, and computer security is
so complex."

Nadel explained the situation this way: If someone embezzled money
from a bank relatively easily, the bank wouldn't be held responsible.
A crime is a crime, he said, regardless of how hard the criminal had
to work to commit it.

Even defacements, which may appear harmless, are more than
"spraypaint"  when a Web site is your business.

"There have been serious crimes committed that have real impact on
victims," Nadel said.

He declined to talk about the specifics of Heckenkamp's case. An eBay
representative told the Journal that whoever broke into its system
didn't access any credit card numbers or other user information and
did not permanently destroy the Web page.

So far, computer crime cases are so new and infrequent, Nadel said he
doesn't know whether juries still believe the stereotype that computer
criminals are somehow less criminal than traditional burglars and
robbers.

He's confident, however, that as the number of hacking cases grows,
the public will start to see computer criminals as bona fide
lawbreakers not just kids too smart for their own good.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".