New hackers wreak havoc

[InfoSec News <isn () c4i org>]

http://www.azcentral.com/news/articles/breaking/1016hacker16.html

John Yaukey
Gannett News Service
Oct. 16, 2001 

When Maurice Paynter installed his new Internet security software, he
got a sobering look at modern life online.

"I realized I'm being attacked constantly," he said.

The software, which records attempts by hackers to infiltrate the host
computer, showed Paynter was being scanned for openings 30 to 40 times
a day. Scarcely a day passes now that his software doesn't detect a
virus.

According to watchers of malicious codes, hacking is becoming
pandemic, a national pastime for computer enthusiasts tempted to test
their skills against the establishment.

Since 1998, the number of hacking attacks and virus releases has
increased sevenfold. Viruses are being produced at a rate of a dozen
or more per day, with some causing tens of millions of dollars in
damages and lost productivity.

To make matters worse, many hackers are employing more intentionally
destructive tools and tactics, some so callous that even their fellow
code crackers have denounced them as a different breed.

Shortly after the Sept. 11 terrorist attacks, some hackers exploited
the catastrophe to spread a virus using what appeared to be an e-mail
pleading for peace. When the message was opened, the virus loaded onto
the recipient's computer and damaged files.

In what is perhaps the most disturbing trend, hackers are infiltrating
well-known news sites, including Yahoo! and the Orange County
Register, and rewriting stories. These "subversion of information"
attacks raise a host of concerns in the wake of Sept. 11, when news
sites were a major source of information.

"There used to be a strong ethic among hackers - get in and look
around, but do no harm," said William Knowles, a 32-year-old
Chicago-based computer security analyst and a former "benign" hacker.
"That's been lost on the younger masses."

Experts say it's changing the Internet the way crime changes a
neighborhood.

People are now constantly on alert for suspicious e-mail and other
applications that could potentially harbor malicious code. It has
gotten so bad that several Internet service providers have been
threatening to disconnect customers who don't use protective
anti-virus software.

Viruses get meaner

The modern hacker has a selection of tools and strategies to choose
from, including viruses and worms that typically spread over networks
and clog computers, and attacks, which they can launch against Web
sites to disable them or change their contents.

Viruses and worms have typically been considered dangerous because
once downloaded, say unwittingly from an e-mail attachment, they often
destroy valuable files - and many still do that.

But new strains are being designed to add extra sting.

Consider the recent SirCam virus. It arrives in the form of a
seemingly harmless e-mail attachment. If opened by the recipient, it
sends itself to every name in the victim's address book. There's
nothing special about that. But SirCam doesn't stop there. Before
forwarding itself on, it raids your "My Documents" folder, where
people often store their most sensitive material, and randomly selects
a file that it sends out with the infected e-mail. Maybe it's a
meaningless file; maybe it gets you fired or divorced.

But before a virus can do damage it has to enter a computer or
network, and hackers have taken infiltration methods to new levels as
well.

Most viruses and worms enter computers when infected e-mail is
downloaded.

But the recent Nimda virus was a different animal altogether,
infecting e-mail, network servers, which regulate digital traffic, Web
sites and shared disk drives, where it automatically copied itself
without the need for anyone to download it.


Culture of hacking

Hacking wasn't always this destructive.

In fact, it started at MIT in the 1960s as a perfectly innocent
pastime, aimed at tweaking higher performance out of some of the first
mainframe computers to appear on college campuses.

In the 1970s, college students known as "phone phreaks" turned their
fascination with technology to hacking long-distance telephone
networks for free calls. Apple computer founders Steve Jobs and Steve
Wozniak were among hacking's early gurus.

By the 1980s, as academic and defense research computer networks began
rapidly expanding into what would become the Internet, the hobby had
started turning dark. Phone phreaks turned to hacking these networks,
exchanging passwords and techniques on some of the first electronic
message boards.

It wasn't until 1988 that hacking shook the establishment with the
Morris worm.

Created by Cornell graduate student Robert Morris Jr., the worm
program spread through 6,000 academic and defense computers,
paralyzing many.

The spindly, bespectacled Morris typified the new computer nerd and
showed the world what a few lines of renegade code could do. Morris
told prosecutors he never intended to crash computers, but only to
expose security flaws.

Until recently, this has been the credo of the hacker: Expose
weaknesses so software venders will fix them. But as the Internet
exploded and a new generation raised on computers has taken to
hacking, the hobby has degenerated into what old school hackers call
"crass vandalism" perpetrated by "script kiddies."

"This is point-and-click hacking," said a San Francisco-area "white
hat" hacker who calls himself Pauly Morf. "It requires no skill or
understanding of network vulnerabilities. I have no respect for it or
this generation."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.