FYI Harsh Kapoor --------------------- International Herald Tribune Paris, Wednesday, February 2, 2000 Hacking Into Your Computer Has Been Privatized By David Ignatius The Washington Post WASHINGTON - So you think your computer communications are safe and secure? Experts in the security business confide that most computer networks are wide open to attack by dedicated hackers. Want to break into one of Switzerland's most famous private banks and look at its accounts? Not a problem. Want to break into the computer of a key government agency of a big European country and read messages tasking its security officers? Not a problem. Want to crack corporate networks and read the e-mail traffic? Not a problem. In fact, that is so easy that it isdone routinely. We are not talking here about electronic intercepts by the U.S. National Security Agency or black-bag jobs by the CIA. These operations are conducted by the growing global network of private security consultants, using sophisticated hacking tools. An example of the hackers' tool kit is something called a ''packet sniffer.'' Once the hacker gains access to electronic transmissions passing through a computer network (which is not as hard as you might think), the sniffer allows him to read the electronic bundles of information - those little 1s and 0s streaming over the Net - and translate them into readable computer files. An apprentice hacker can download the software needed for a packet sniffer from one of many sites on the Net. What is happening, in effect, is the privatization of some of the most powerful tools traditionally used by intelligence agencies, which allow them to overhear our conversationsand read our mail. The new privateers are mostly former spies and law enforcement officers, from Washington to Paris to Moscow to Canberra, who are out now and offering their skills on the open market. They are working with former colleagues and liaison contacts around the world, and with the hacker underground, to get the information they need. ''The Cold War is over,'' explains one member of this private security brotherhood. ''People in police and security services are just trying to make money.'' One ripe source of information is the hundreds of agents overseas who were dumped by the CIA in the budget cuts of the mid-1990s. Many of them are free-lancing now. If you want access to this network, you can start by contacting one of the high-powered Washington or New York law firms. They will contact a private security firm, which will contact a consultant, who will contact another consultant, who will work with hackers, cops, second-story artists - whoever is needed to get the job done. Typically, the person who initiates a request for information at one end of the chain has no idea who actually obtains it, or what methods were used. The sources are shielded by what are known in the spy world as ''cut-outs.'' If you saw the 1998 movie ''Ronin,'' you have an idea of how the security brotherhood works. The Ronin are modern-day equivalents of samurai warriors who have been decommissioned after a war and are wandering the landscape looking for work. The movie's plot is fanciful, but the portrait it draws of a fraternity of ex-spooks for hire is quite accurate. Companies which want to protect themselves against these electronic attacks should consider investing in counterintelligence. An example of what is available comes from Michael L. Puldy, who heads IBM's Emergency Response Service. He runs a group of about 100 people worldwide who help IBM clients clean up the damage from electronic break-ins and try to prevent them from happening in the first place. Mr. Puldy says companies are much more vulnerable to electronic attack than they realize. They may think they are protected by so-called ''fire walls'' that screen who gets into the network. But if the fire wall software is installed right out of the box, it usually contains default passwords and other trapdoors that allow smart hackers to get in. Mr. Puldy's group mainly does electronic ''perimeter checks,'' looking for holes in a company's network, along with installing ''intrusion detection monitors'' which sense when a hacker is trying to break in. IBM also offers a more aggressive ''Ethical Hacking Service,'' which for a fee will break into your system and show just how vulnerable it is. Mr. Puldy says IBM's ethical hackers can penetrate more than 75 percent of the systems they attack. Once inside, they can find password files, break into the corporate e-mail server and read everyone's mail, and sometimes even get into the CEO's hard drive. Packet sniffers are the enemy. Mr. Puldy says cable modems are especially vulnerable, because it is easy to read the other computers on a neighborhood cable loop. ''If you're on the neighborhood ring, you can put a sniffer on the cable and watch everything I do on my computer - stock trades, passwords, e-mails, everything.'' It is harder to crack ''digital subscriber line'' or DSL technology that is used to provide high-speed connections over telephone lines - but not impossible. ''Given enough time and effort, you can break into anything you want to,'' Mr. Puldy says. Civil libertarians still focus on privacy threats from government, but they are way behind the time. Like everything else in the global economy, snooping has been privatized. ---------------------------------- Send mail for the 'huridocs-tech' list to 'huridocs-tech@hrea.org'. Mail administrative requests to 'majordomo@hrea.org'. For additional assistance, send mail to: 'owner-huridocs-tech@hrea.org'. Archives of previous messages posted to the list can be found at: http://www.hrea.org/lists/huridocs-tech/markup/maillist.html
[Reply to this message] [Start a new topic] [Date Index] [Thread Index] [Author Index] [Subject Index] [List Home Page] [HREA Home Page]