t byfield on Wed, 17 Feb 1999 21:19:12 +0100 (CET) |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
<nettime> new spin on hacktivism |
[heads up, 'hacktivists': here's some new spin coming out of nowhere on distributed attacks. it plays quite nicely on anxieties about conspiracies, complete with buzzword bingo: professional thieves, organized crime, secret armies, etc. there's nothing new about burying 'hostile' applications into web pages: i can think of at least one example in which someone built a 'finger' CGI into a web page in order to havoc all.net, a site run by Fred Cohen, a security guru who'd been irritat- ing people on a crypto list. but there *is* something new here which reveals a big weakness in 'hacktivism': very few of the people who take part in these actions understand what they're doing, but they're willing to paper that ignorance over with good intentions. think of an action wrapped in warm fuzzy rhetoric that does something different than was claimed--a denial of ser- vices attack on the 'good guys' maybe. we'll see this kind of thing sooner or later. anyway, file this away for future reference, because if you want to continue with 'hacktivism,' you'll need to build the technical equivalent of what activism has always had--'networks' of trusted people with histories of commitment to spe- cific causes. cheers, tb] Thieves Trick Crackers Into Attacking Networks By Lee Kimber, Network Week Feb 16, 1999 (9:10 AM) URL: http://www.techweb.com/wire/story/TWB19990216S0008 Corporate networks are coming under attack from an army of amateur crackers working unwittingly for professional thieves, security experts have warned. They have identified signs that organized criminals and "professional" crackers are using trick software that lets teenage enthusiasts -- known as "script kiddies" -- attack networks for amusement. The software then secretly sends the findings of these surveys to experienced crackers. Professional gangs could use this trick to build massive databases of network insecurities for thieves to exploit. Consultants cited the hacking group New Order's Aggressor network-attack software, which invites amateurs to register for a full copy on the promise that they will receive hidden tools to mount stronger attacks on their victims. "We could be looking at half a dozen teenagers doing cracking on behalf of New Order," warned Internet Security Systems security expert Kevin Black. "It's: 'Here's a toy to play with,' then: 'Thank you, soldier.' " The growth of Java programming skills lies behind another new trick, where crackers build Java cracking software into websites. When surfers browse the site, the program returns the surfer's IP address to network security tools' logs, leaving the cracker's real location a secret. Canadian hacking group HackCanada is encouraging crackers to rewrite the Python network-scanning script Phf in Java so it can be loaded into Web surfers' browsers during a visit to an innocuous-looking site. HackCanada adopted the tactic after a cracker received a warning from a corporate network administrator who detected him using the Phf script in its native Python form. And in a gloomy warning for network administrators, Axent security consultant David Butler warned teenagers and students who collected cracking tools to impress their peers would quickly try them out. "Cracking attempts rise by a factor or three or four during school holidays," Butler told a joint Toshiba-Inflo security presentation earlier this month. The news came shortly after security experts learned the freely available password authenticator Tcpwrapper had been rewritten and redistributed in a form that sends passwords it finds to an anonymous Hotmail address. "It's a shift in the mentality of cracking," said Black. "It's the difference between the men and the boys." "We have been under constant attack by hackers since Christmas," said Nokia Telecommunications' Europe, Middle East, and Africa marketing director Bob Brace. The company had detected 24,000 cracking attempts since October last year, he said. Nokia runs IP440 firewall and NAT with log analysis, so Brace could see the hackers first tried to ping every IP address, then probed for specific ports such as the default ports for Back Orifice (31337 and 1234) and port 80. (Back Orifice lets crackers gain control of a remote PC and is often hidden as a trojan in games.) "I believe much of the probing is automated and some of the more serious attacks are spread out so they are not easy to identify in a trace," Brace said. �� www.cmpnet.com The Technology Network Copyright 1998 CMP Media Inc. --- # distributed via nettime-l : no commercial use without permission # <nettime> is a closed moderated mailinglist for net criticism, # collaborative text filtering and cultural politics of the nets # more info: [email protected] and "info nettime-l" in the msg body # URL: http://www.desk.nl/~nettime/ contact: [email protected]