Re: clear and present danger

From Bronc Buster <>
Date Mon, 30 Aug 1999 20:26:26 -0400 (EDT)
In-reply-to <>

[: hacktivism :]

Now this is more of what I am talking about. It's totaly BS, and we need
to contact the person who wrote this and inform him of his errors. You are
100% right when you say he did NO reasearch and didn't talk to anyone.

How about some contact info on this guy. Anyone?

I also forwared this to the cDc (cult of the dead cow) and some other
interested parties. This is just total sad...

   Bronc Buster

On Mon, 30 Aug 1999, jesse hirsh wrote:

> [: hacktivism :]
> the following article, submitted for your scrutiny, was brought to our
> attention today by one of our toronto members. i'm going to type it up for
> this list, just so you can all see the type of misalignment that goes on,
> and the crap that gets printed in the 'business' press, that spins out
> information for sale, or for buy.
> the article itself is titled "clear and present danger" it was authored by
> erik heinrich, and appeared in a publication called INFOSYSTEMS EXECUTIVE
> dated may 1999. there is a header at the top of the page that reads
> 'analysis' and a subtitle that reads: "WHETHER IT'S A POLITICAL AGENDA,
> THAT MUCH MORE EVIL." a caption reads: "We are seeing a convergence
> between hackers, activists and anarchists.".
> please disregard the absurdity of this article. the author made no effort
> whatsoever to contact us, to verify the information, or to even consider
> its bearing on reality. also please excuse my typing errors. i'm just
> going to type straight through, so there may be a few mistakes. ok, here
> begins the body of the article:
> - stupid article by erik heinrich begins now:
> You may have never heard of the Hong Kong Blondes but they know who you
> are if you do business in China. And they want to mess up your computer
> networks. Why? The Hong Kong Blondes belong to a new breed of terrorists
> known as hacktivists. They don't break into computer networks to prove
> they are techno geniuses. These are righteous crackers with a political
> agenda who attack the IT infrastructure of their enemies in the name of a
> cause. In the case of the Hong Kong Blondes, an underground association of
> overseas Chinese students, anyone or anything deemed to undermine China's
> pro-democracy movement is a legitimate target.
> 	The Hong Kong Blondes have successfully penetrated Chinese
> networks with the help of people in the Communist Party, and they are
> reputed to have disabled a Chinese communications satellite. But unlike
> Zorro, the Blondes don't leave a calling card when they attack non-Chinese
> targets for fear of police reprisals.
> 	That means if you do business with China and your systems go down,
> you can never be sure whether it's just badluck, the work of a stand-alone
> hacker, or an attack by the Blondes.
> 	Other known hacktivist organizations include the Groupe Segfault,
> Toronto's Tao Collective, and the U.S. based Cult of the Dead Cow. They
> are people with hardline activist agendas.
> 	"What we're seeing is a convergence between hackers, anarchists,
> and political activists," says David McMahan, a security specialist with
> Toronto's CanCERT, a private-sector agency dedicated to national computer
> security. "But because 99% of the vandalism [in cyberspace] is hacker
> exploits, the serious guys are obscured."
> 	Hacktivists are a major headache for large public and private
> sector computer networks. But they are just one part of a larger threat
> that is redefining the rules of the game for CIOs who want to keep their
> computer systems safe from intrusion by bad guys. And while their efforts
> on this front are in the preliminary stages, CERTs (Computer Emergency
> Response Teams) around the world say terrorist organizations are preparing
> to make information war against governments, and the corporations who are
> friendly to them. The question is when, not if.
> 	Then, there are cyber spies. These people are hacking their way
> into databases to obtain company secrets. Sometimes they work into
> databases to obtain company secrets. Sometimes they work from the inside,
> sometimes not. They are usually called on by companies when more
> conventional methods of obtaining competitive secrets, such as bribery and
> blackmail, fail to get results.
> 	Just how big a threat is corporate espionage? A
> PricewaterhouseCoopers /InformationWeek survey of 1,600 IT professionals
> from 50 countries conducted last year, found 73% of companies reported a
> security breach or act of corporate espionage in the previous 12 months.
> 	"There is no answer as to how big a problem this is," says Marcia
> Wetharup, spokesperson for the Canadian Security Intelligence Service
> (CSIS) in Ottawa. "It's multi-faceted and some cases go unreported." Who
> are these spies?
> 	"These are serious dudes," says Chris Andersen, national director
> of the information security service of Ernst & Young in Canada. "They're
> no script kiddies who spray your web site with graffiti. It's a different
> threat when someone like that is after your organization because they will
> use evry trick in the book to get what they want."
> 	Examples of companies who have been burned by corporate espionage
> are difficult to come by, in part because many are unwitting victims, and
> in part because those who are not don't want to air their dirty laundry
> for fear of losing customers and hurting their reputations. Still, two
> cases came to light in 1998 in Canada. Ottawa-based Mitel Corp. charged
> Van Tran, a 41 year-old Vietnamese R&D specialist who worked in the
> company's telephone systems division, in March of last year with selilng
> research secrets to a small company in his homeland.
> 	The information was relayed via fax and e-mail. And while this is
> not exactly a case of cyber espionage it illustrates just how easy it can
> be to steal company secrets, be they schematics of proprietary technology,
> marketing plans or pricing strategies.
> 	"It was a wakeup call," says Darrell Booth, head of security at
> Mitel, who admits his company might have never uncovered the scam had it
> not been for anonymous tip from an employee.
> 	"I don't think we could prevent such a thing from happening
> again," concedes Booth, adding the only thing that has really changes is
> that his company has remounted its efforts to make sure managers follow
> existing information-protection guidelines.
> 	In 1998, Newbridge Networks Inc. of Kanata, Ont. charged an
> employee with sending details of the company's phone system platforms for
> midseized companies. The documents were photocopied and sent by mail.
> "It's more prevalent than most companies are willing to let on," says
> Booth. Adds Andersen of Ernst & Young, "Most companies have not
> considered espionage as a clear threat that needs to be managed. They just
> react and hope for the best."
> 	What should CIOs do to protect their systems and intellectual
> property from cyber espionage and terrorism? It's a complicated question
> with few clear answers.
> 	Andersen advises his clients to go through four steps. One, do an
> inventory of the 20 or 30 key pieces of information in your organization.
> Understand what it's used for and how important it is. Two, identify the
> people who want to get their hands on it, including insiders. Three, gauge
> your risks against the security measures in place. Four, fix the security
> holes.
> 	Sometimes this can be as simple as making sure people in marketing
> can't get into the R&D server.
> 	"Unless the security analysis is done against a backdrop of what
> you are trying to protect, you will probably implement the wrong tools or
> implemetn the right ools in the wrong way," warns Anderson. "You have to
> understand the need or you will not deliver the solution you want."
> 	Here's another piece of good advise: When your vendo r offers a
> software patch, install it immediately.
> 	Brampton, Ont. - based Nortel Networks uses hackers-for-hire to
> test robustness of its network defenses. The hackers bombard the company's
> servers and operating systems with the latest scripts and exploits.
> Sometimes they find holes. "We work hard at building appropriate security
> walls," says Keith Powell, Nortel's CIO. "But as fast as you put them up,
> people find ways around them."
> 	Powell says he takes the threat posed by hacktivists, cyber
> terrorists and spies working from the outside seriously. But he fears
> internal hackers the most. "People on the inside are very technically
> competent," says Powell. "And they enjoy the challenge of getting
> somewhere they are not supposed to."
> 	Mark Gembicki, of consultancy WarRoom Research, says the audit
> trails for internal intrusions are simply better, and the perpetrators are
> easier to find. But many external intrusions are never found, and those
> that are usually go unreported.
> 	The hact is that CIOs have to wake up to the fact that hackers are
> not just nerdky kids from the 'burbs who get their kicks from Web page
> vandalism and the crashing of Web servers. Hacktivists, cyber terrorists
> and cyber spies are serious criminals.
> - stupid article by erik heinrich ends here
> so here's my question to you the reader:
> should we (as a group or as a list) be countering this tripe? should we go
> silent as this crap is flooded through the mainstream? any thoughts?
> [: hacktivism :]
> [: for unsubscribe instructions or list info consult the list FAQ :]
> [: :]

[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: :]