Glenn Chapman in Las Vegas
August 07, 2006
ORGANISED crime is winning the internet security war, specialists warned
at the world's foremost gathering of computer hackers in Las Vegas.
The online peril is no longer brilliant young social outcasts penetrating
networks for notoriety; it is international crime rings swiping billions
of dollars with keystrokes and malicious computer codes, cyber cops
Ironically, potential champions in the battle for internet privacy were
sought among the thousands of hackers that made pilgrimages to the US
gambling centre nicknamed "Sin City" for the three-day DefCon 14
Online evil doers were crime rings working out of countries such as
Russia, Romania and Brazil, and their nefarious technical skills were
keeping ahead of computer security experts, veterans of the cyber-crime
"We are getting our butts kicked, there is no doubt about it," said Dan
Hubbard, vice president of security research at Websense. "There is a lot
more of a bond and a sharing of tools in their society than in ours."
DefCon, in its 14th year, was a neutral ground where hackers, computer
security professionals and US government agents exchanged expertise,
according to organisers.
"The hacker is the good guy," Joe Grand, who described himself as an
inventor by day and a hardware hacker by night, said. "A hacker is someone
interested in figuring out how to make things work."
Kenneth Geers explained that he was at DefCon to glean new hacking tactics
and recruit talent to join him at his job hardening the US military's
"If we are not getting into the weeds and hearing what the hackers are
saying about weaknesses and vulnerabilities, we are absolutely screwed,"
Mr Geers said. "We seek out rock star hackers because they live and
breathe this stuff"
For Mr Geers, the goal was to prevent aircraft carrier's communications
from being routed to enemies or missile guidance systems from being
Online onslaughts were a relentless reality for ordinary computer users,
said Gadi Evron, who managed internet security for the Israeli government
before going to work for the firms SecuriTeam and Beyond Security.
"A lot of it involves the mafia," Mr Evron said.
"This is not about kiddies, hackers who sit around and tinker. It is about
using the internet for real crime."
More than two billion dollars will be stolen this year by online
"phishing," using fake website and bogus emails to trick people into
revealing personal information then used for identity theft, Mr Evron
That loss will be multiplied by attacks involving the secret implanting of
computer codes that can do things such as record keystrokes used for
online banking or take remote control of computers, Mr Evron said.
There is such a glut of stolen credit card data that it can be bought
online for three dollars each, said special agent Andrew Fried of the US
Internal Revenue Service.
Fried estimated that one in five home computers in the country was
infected with malicious computer code, or "malware."
"We have gone to houses and done search warrants only to find people's
computers were being used without them knowing it," Fried said. "Most of
what I see is systems being compromised to be taken over."
Armies of zombie computers can be used to attack websites of companies
that depend on internet business for their revenues, the specialists
Criminals commanding such "botnets" can demand money from the companies in
exchange for not crippling their online business.
"The whole idea of extortion on the internet is funny to me," Mr Evron
said. "They won't protect you. If you pay them they will probably attack
you anyway, and they will be back."
Cyber crime ranks only behind terrorism and counter-intelligence as top
priorities at the Federal Bureau of Investigation, special agent Thomas
Grasso said during the panel discussion.
Collaboration with counterparts such as Interpol and Scotland Yard are
vital to combat crime rings that often take refuge in countries with scant
police resources, Mr Grasso said.
The law and computer security technology have lagged behind criminal
techniques on the internet, Mr Grasso said.
"The internet is not safe and your email is not safe," Mr Evron said.
"It is an arms race and all we can do is enter that arms race from all
Visit the InfoSec News store!