TechCenter The Hacker: A Growing Network Security

August 1999

TechCenter The Hacker: A Growing Network Security Threat

The security aspects of a network can overwhelm any information services department. It seems that every week there are some new "holes" in a program or operating system that need to be patched before that vulnerability is used by someone for unethical or malicious reasons. The damage caused by a hacked network can range from the intruder "looking around" to causing a complete system crash with loss of data.

There are two groups within the hacking community. One sees itself as doing a service to the computer industry by pointing out security flaws, and the other uses the security flaws to, at times, do damage to a system.

A "cracker" is someone who discovers and announces security flaws in programs or operating systems so that these flaws can be addressed before anyone exploits them to cause damage. Crackers do not attempt to cause damage or steal information from the system.

A "hacker" not only discovers flaws in programs, but also takes advantage of them to promote him or herself, steal data, or simply damage the system. Many hacking groups have targeted crackers because they do not agree with the service that crackers provide to corporate America.

Recently, hackers have responded to FBI crackdowns on their activities by either successfully attacking government sites or causing administrators to bring sites down in order to ward off an attack. Two of the most notable sites that were hacked are the White House and the Department of the Interior. These attacks are likely to go on as long as the government continues confiscating equipment, searching homes, and jailing hackers (actions that hackers see as unjust) .

One of the most famous hackers, Kevin Mitnick, was recently imprisoned on several counts of fraud and theft. His incarceration seems to have given the hacking community a cause. A few months ago, there was a widely publicized case of the New York Times website being hacked. This attack was supposedly done in the name of Kevin Mitnick because John Markoff, a reporter at the Times, was instrumental in helping the authorities apprehend Mitnick. Markoff also wrote a book called Takedown, which Miramax Films made into a movie. Hackers nearly put Miramax on their "hit list" because they felt the movie did not accurately portray Kevin Mitnick and what actually occurred.

In recent months, there have been unified efforts by hackers as well as a growth in cracker groups trying to prevent hackers from doing damage. Much like viruses, hackers have become a daily concern for system administrators. System security is becoming a specialized area because administrators need to continuously research and load updates onto networked systems.

Below is a listing of different hacking websites that provide more details on this topic, including some measures that can be instituted to minimize the likelihood of a successful attack. For more information, please contact NYSSCPA Manager of Technology and Information Systems Kevin Lewis at (212) 719-8340, (800) 633-6320, or klewis@luca.com. *

Firewall/Security Software

Check Point Firewall Software: www.checkpoint.com

SecureIT Inc: www.secureit.com

Hacking/Cracking Groups

AntiOnline Computer Security, Hacking and Hackers: www.antionline.com

Crack dot Com: www.crack.com

L0pht Heavy Industries: www.l0pht.com

Microsoft's Security Page: www.microsoft.com/security

Hacking Publications/Media

2600: www.2600.com

Takedown Movie Page: www.takedown.com

The Official Free Kevin Mitnick Page: www.kevinmitnick.com/home.html