| [Taken from Network News magazine, 1 March 2000] | |
|
Serious hackers send in the foot soldiers to do their dirty work | |
|
There is some bad news, and there is some really bad news. The recent rash of internationally co-ordinated Denial of Service crack attacks has brutally highlighted the need for e-business security. However, there is currently no way of fighting off such attacks and such problems are going to get worse. The cracker community is simultaneously growing in size and dumbing down in focus. While not so long ago it was populated, in the main, by skilled but unethical or socially dysfunctional coders, its ranks are today being swelled by people would [sic] wouldn't know the difference between trin00 and a ham sandwich. The evil menace is extending its tentacles [oogah boogaaah!!] to encompass malicious morons who couldn't tie their own shoelaces without a grownup to help them, let alone launch stealth attacks on corporate networks. | |
| It's as easy as one, two, three | |
|
The latest generation of so-called script kiddies amuse themselves by downloading pre-written applications and chucking them blindly at systems. Becoming a cracker today is - at least in theory - as easy as pulling down some code from a website. A more worrying development is that real hackers, who engineer the code in the first place, are capable of manipulating these kiddies. It is becoming more and more common for the experienced cracker to give away applets as rewards for those who are prepared to do their twisted bidding. It is also common for this freebie code to contain hidden functionality that sends information about sites' vulnerability back to the author without the knowledge of the intermediary. Like heroin dealers in a school playground, these cyber-terrorists will offer their cracking candy to get kids hooked on hacking. For today's network manager the danger posed by hackers, crackers and I'm-too-sad-for-my-anorak saddos[?!?], has never been greater. | |
| It pays to be paranoid | |
|
But here is the really bad news. There is no such thing as a secure, hack-proof network. [Hmmm.] IT managers who believe their systems are iron clad have been drinking too much tape-head cleaner. The only way to deal with the growing hacker menace is to be totally pragmatic and keep up to date with the latest techniques. While trin00 may be a problem today, you can be sure that it will be fixed. But there will be a host of other nasties waiting for us. Just because you're paranoid, it doesn't mean that they're not out to get you. It's all to do with black swans. [ Yes, clearly. ] Austrian philosopher, Sir Karl Popper, argued that nothing can be verified - only tentatively refuted. He said that a statement like 'all swans are white' would be valid, but only until a black swan turned up in your pond scoffing Hovis. In this way a system is only secure until it is proved to be insecure. The grim reality is that we cannot have total security, just levels of insecurity. | |
| The worst news of all is that this "article" was written by the magazine's News Editor. His name is Robert Jaques, and I'm sure he's much less puerile when not frenzied by irrational fear and anger. Get well soon Robert! | |
| Back to thread0 | |