t byfield on Wed, 17 Feb 1999 21:19:12 +0100 (CET)

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> new spin on hacktivism

     [heads up, 'hacktivists': here's some new spin coming
     out of nowhere on distributed attacks. it plays quite
     nicely on anxieties about conspiracies, complete with
     buzzword bingo: professional thieves, organized crime,
     secret armies, etc. there's nothing new about burying
     'hostile' applications into web pages: i can think of
     at least one example in which someone built a 'finger'
     CGI into a web page in order to havoc all.net, a site
     run by Fred Cohen, a security guru who'd been irritat-
     ing people on a crypto list. but there *is* something
     new here which reveals a big weakness in 'hacktivism':
     very few of the people who take part in these actions
     understand what they're doing, but they're willing to 
     paper that ignorance over with good intentions. think 
     of an action wrapped in warm fuzzy rhetoric that does
     something different than was claimed--a denial of ser-
     vices attack on the 'good guys' maybe. we'll see this
     kind of thing sooner or later. anyway, file this away
     for future reference, because if you want to continue
     with 'hacktivism,' you'll need to build the technical
     equivalent of what activism has always had--'networks'
     of trusted people with histories of commitment to spe-
     cific causes. cheers, tb]

Thieves Trick Crackers Into Attacking Networks
By Lee Kimber, Network Week
Feb 16, 1999 (9:10 AM)

URL: http://www.techweb.com/wire/story/TWB19990216S0008 

Corporate networks are coming under attack from an army of
amateur crackers working unwittingly for professional
thieves, security experts have warned. They have identified
signs that organized criminals and "professional" crackers
are using trick software that lets teenage enthusiasts --
known as "script kiddies" -- attack networks for amusement.
The software then secretly sends the findings of these
surveys to experienced crackers.

Professional gangs could use this trick to build massive
databases of network insecurities for thieves to exploit.

Consultants cited the hacking group New Order's Aggressor
network-attack software, which invites amateurs to register
for a full copy on the promise that they will receive hidden
tools to mount stronger attacks on their victims.

"We could be looking at half a dozen teenagers doing
cracking on behalf of New Order," warned Internet Security
Systems security expert Kevin Black. "It's: 'Here's a toy to
play with,' then: 'Thank you, soldier.' "

The growth of Java programming skills lies behind another
new trick, where crackers build Java cracking software into
websites. When surfers browse the site, the program returns
the surfer's IP address to network security tools' logs,
leaving the cracker's real location a secret.

Canadian hacking group HackCanada is encouraging crackers to
rewrite the Python network-scanning script Phf in Java so it
can be loaded into Web surfers' browsers during a visit to
an innocuous-looking site.

HackCanada adopted the tactic after a cracker received a
warning from a corporate network administrator who detected
him using the Phf script in its native Python form.

And in a gloomy warning for network administrators, Axent
security consultant David Butler warned teenagers and
students who collected cracking tools to impress their peers
would quickly try them out.

"Cracking attempts rise by a factor or three or four during
school holidays," Butler told a joint Toshiba-Inflo security
presentation earlier this month.

The news came shortly after security experts learned the
freely available password authenticator Tcpwrapper had been
rewritten and redistributed in a form that sends passwords
it finds to an anonymous Hotmail address.

"It's a shift in the mentality of cracking," said Black.
"It's the difference between the men and the boys."

"We have been under constant attack by hackers since
Christmas," said Nokia Telecommunications' Europe, Middle
East, and Africa marketing director Bob Brace. The company
had detected 24,000 cracking attempts since October last
year, he said.

Nokia runs IP440 firewall and NAT with log analysis, so
Brace could see the hackers first tried to ping every IP
address, then probed for specific ports such as the default
ports for Back Orifice (31337 and 1234) and port 80. (Back
Orifice lets crackers gain control of a remote PC and is
often hidden as a trojan in games.)

"I believe much of the probing is automated and some of the
more serious attacks are spread out so they are not easy to
identify in a trace," Brace said.

ΚΚ   www.cmpnet.com
The Technology Network
Copyright 1998 CMP Media Inc.
#  distributed via nettime-l : no commercial use without permission
#  <nettime> is a closed moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@desk.nl and "info nettime-l" in the msg body
#  URL: http://www.desk.nl/~nettime/  contact: nettime-owner@desk.nl