[ISN] Know your enemy

[InfoSec News]

http://www.computerweekly.com/articles/article.asp?liArticleID=133966

6 October 2004

A young Asian hacker who easily penetrated the databases of several
large US corporations, and whose exploits made him a top target for
the FBI, offers advice for dealing with foreign cybercriminals.

"Knowing what makes your antagonist tick is the key to getting the
result you want," he says.


Do you think it is more difficult to hack into US corporate networks
today than it was four years ago?

If we are talking about the network that existed four years ago and
exists now, then it would probably be more difficult, especially if
during those years a given target had experienced trespasses by
hackers.

If it is a recently developed network, then chances to get access are
probably better.

In general it is easier for hackers to get access to networks in
countries with growing and well-developed economies, because such
companies have resources to expand their networks.

In third-world countries the companies do not have the ability or
resources to expand the networks, so they have to fine-tune them and
work with what they have.


Should US companies worry about hackers in Russia and other countries?

Hackers from countries where the economy is less developed than the US
are more motivated by money than by pride when they start trespassing
on US companies - as opposed to US hackers, who are motivated more by
pride than money. (There are many other ways that you can make money
in the US.)

Also, money is a stronger motivator than pride. That's why people
motivated by money are more dangerous. Hackers are businesspeople [if
they are motivated by money]. In most cases, they are probably just
having difficulties in their countries finding and exploring
opportunities to work.

If a company that is hacked into can explore with a hacker his or her
talents in a more peaceful way, the victim can only benefit. If these
hackers are businesspeople, they can be redirected by being offered a
better deal than the one they might get by creating pressure through
hacking.

I deeply believe in this point. It is hard, however, to generalise too
much because every case involves different kinds of people and
different circumstances.


What security measures offer the best protection against hackers?

Keep the hackers occupied if you recognise them as a threat. This
might be similar to what some countries have done with their nuclear
scientists - Russia, for example, keeps them under close supervision
and treats them well, but above all keeps them busy professionally.


Is there a certain type of network that is particularly easy to hack?

There are two types. First, those that develop custom software. They
usually invest money in developing the features that software
provides, but often forget about securing parts of this software.

The second type is where there is a breach in the company's
infrastructure. It is not the hacking per se that is dangerous; what
should concern the company is being taken advantage of by the use of
that information.

For example, if one got account numbers of users of PayPal, the hacker
could then contact the users in huge numbers and attempt various kinds
of fraud.


Will security technologies ever be able to keep hackers out, or will
hackers always find a way into corporate networks?

Software and hardware can be improved to protect against trespasses.  
But then hackers will concentrate on security breaches in the
infrastructure of a company, or do "social engineering".

The ultimate goal is to obtain information for subsequent use, and
hacking is just one of the many ways to obtain it.


Written by CSO staff