Re: clear and present danger

From Bronc Buster <bronc@2600.com>
Date Mon, 30 Aug 1999 20:26:26 -0400 (EDT)
Cc tao-org@tao.ca
In-reply-to <Pine.LNX.4.05.9908301834090.6171-100000@tao.ca>


[: hacktivism :]


Now this is more of what I am talking about. It's totaly BS, and we need
to contact the person who wrote this and inform him of his errors. You are
100% right when you say he did NO reasearch and didn't talk to anyone.

How about some contact info on this guy. Anyone?

I also forwared this to the cDc (cult of the dead cow) and some other
interested parties. This is just total crap...how sad...

regards,
   Bronc Buster
  bronc@2600.com


On Mon, 30 Aug 1999, jesse hirsh wrote:

> [: hacktivism :]
> 
> 
> the following article, submitted for your scrutiny, was brought to our
> attention today by one of our toronto members. i'm going to type it up for
> this list, just so you can all see the type of misalignment that goes on,
> and the crap that gets printed in the 'business' press, that spins out
> information for sale, or for buy.
> 
> the article itself is titled "clear and present danger" it was authored by
> erik heinrich, and appeared in a publication called INFOSYSTEMS EXECUTIVE
> dated may 1999. there is a header at the top of the page that reads
> 'analysis' and a subtitle that reads: "WHETHER IT'S A POLITICAL AGENDA,
> MONETARY GAIN OR JUST PLAIN MALICE, THE NEW BREED OF HACKER IS GETTING
> THAT MUCH MORE EVIL." a caption reads: "We are seeing a convergence
> between hackers, activists and anarchists.".
> 
> please disregard the absurdity of this article. the author made no effort
> whatsoever to contact us, to verify the information, or to even consider
> its bearing on reality. also please excuse my typing errors. i'm just
> going to type straight through, so there may be a few mistakes. ok, here
> begins the body of the article:
> 
> 
> - stupid article by erik heinrich begins now:
> 
> You may have never heard of the Hong Kong Blondes but they know who you
> are if you do business in China. And they want to mess up your computer
> networks. Why? The Hong Kong Blondes belong to a new breed of terrorists
> known as hacktivists. They don't break into computer networks to prove
> they are techno geniuses. These are righteous crackers with a political
> agenda who attack the IT infrastructure of their enemies in the name of a
> cause. In the case of the Hong Kong Blondes, an underground association of
> overseas Chinese students, anyone or anything deemed to undermine China's
> pro-democracy movement is a legitimate target.
> 	The Hong Kong Blondes have successfully penetrated Chinese
> networks with the help of people in the Communist Party, and they are
> reputed to have disabled a Chinese communications satellite. But unlike
> Zorro, the Blondes don't leave a calling card when they attack non-Chinese
> targets for fear of police reprisals.
> 	That means if you do business with China and your systems go down,
> you can never be sure whether it's just badluck, the work of a stand-alone
> hacker, or an attack by the Blondes.
> 	Other known hacktivist organizations include the Groupe Segfault,
> Toronto's Tao Collective, and the U.S. based Cult of the Dead Cow. They
> are people with hardline activist agendas.
> 	"What we're seeing is a convergence between hackers, anarchists,
> and political activists," says David McMahan, a security specialist with
> Toronto's CanCERT, a private-sector agency dedicated to national computer
> security. "But because 99% of the vandalism [in cyberspace] is hacker
> exploits, the serious guys are obscured."
> 	Hacktivists are a major headache for large public and private
> sector computer networks. But they are just one part of a larger threat
> that is redefining the rules of the game for CIOs who want to keep their
> computer systems safe from intrusion by bad guys. And while their efforts
> on this front are in the preliminary stages, CERTs (Computer Emergency
> Response Teams) around the world say terrorist organizations are preparing
> to make information war against governments, and the corporations who are
> friendly to them. The question is when, not if.
> 	Then, there are cyber spies. These people are hacking their way
> into databases to obtain company secrets. Sometimes they work into
> databases to obtain company secrets. Sometimes they work from the inside,
> sometimes not. They are usually called on by companies when more
> conventional methods of obtaining competitive secrets, such as bribery and
> blackmail, fail to get results.
> 	Just how big a threat is corporate espionage? A
> PricewaterhouseCoopers /InformationWeek survey of 1,600 IT professionals
> from 50 countries conducted last year, found 73% of companies reported a
> security breach or act of corporate espionage in the previous 12 months.
> 	"There is no answer as to how big a problem this is," says Marcia
> Wetharup, spokesperson for the Canadian Security Intelligence Service
> (CSIS) in Ottawa. "It's multi-faceted and some cases go unreported." Who
> are these spies?
> 	"These are serious dudes," says Chris Andersen, national director
> of the information security service of Ernst & Young in Canada. "They're
> no script kiddies who spray your web site with graffiti. It's a different
> threat when someone like that is after your organization because they will
> use evry trick in the book to get what they want."
> 	Examples of companies who have been burned by corporate espionage
> are difficult to come by, in part because many are unwitting victims, and
> in part because those who are not don't want to air their dirty laundry
> for fear of losing customers and hurting their reputations. Still, two
> cases came to light in 1998 in Canada. Ottawa-based Mitel Corp. charged
> Van Tran, a 41 year-old Vietnamese R&D specialist who worked in the
> company's telephone systems division, in March of last year with selilng
> research secrets to a small company in his homeland.
> 	The information was relayed via fax and e-mail. And while this is
> not exactly a case of cyber espionage it illustrates just how easy it can
> be to steal company secrets, be they schematics of proprietary technology,
> marketing plans or pricing strategies.
> 	"It was a wakeup call," says Darrell Booth, head of security at
> Mitel, who admits his company might have never uncovered the scam had it
> not been for anonymous tip from an employee.
> 	"I don't think we could prevent such a thing from happening
> again," concedes Booth, adding the only thing that has really changes is
> that his company has remounted its efforts to make sure managers follow
> existing information-protection guidelines.
> 	In 1998, Newbridge Networks Inc. of Kanata, Ont. charged an
> employee with sending details of the company's phone system platforms for
> midseized companies. The documents were photocopied and sent by mail.
> "It's more prevalent than most companies are willing to let on," says
> Booth. Adds Andersen of Ernst & Young, "Most companies have not
> considered espionage as a clear threat that needs to be managed. They just
> react and hope for the best."
> 	What should CIOs do to protect their systems and intellectual
> property from cyber espionage and terrorism? It's a complicated question
> with few clear answers.
> 	Andersen advises his clients to go through four steps. One, do an
> inventory of the 20 or 30 key pieces of information in your organization.
> Understand what it's used for and how important it is. Two, identify the
> people who want to get their hands on it, including insiders. Three, gauge
> your risks against the security measures in place. Four, fix the security
> holes.
> 	Sometimes this can be as simple as making sure people in marketing
> can't get into the R&D server.
> 	"Unless the security analysis is done against a backdrop of what
> you are trying to protect, you will probably implement the wrong tools or
> implemetn the right ools in the wrong way," warns Anderson. "You have to
> understand the need or you will not deliver the solution you want."
> 	Here's another piece of good advise: When your vendo r offers a
> software patch, install it immediately.
> 	Brampton, Ont. - based Nortel Networks uses hackers-for-hire to
> test robustness of its network defenses. The hackers bombard the company's
> servers and operating systems with the latest scripts and exploits.
> Sometimes they find holes. "We work hard at building appropriate security
> walls," says Keith Powell, Nortel's CIO. "But as fast as you put them up,
> people find ways around them."
> 	Powell says he takes the threat posed by hacktivists, cyber
> terrorists and spies working from the outside seriously. But he fears
> internal hackers the most. "People on the inside are very technically
> competent," says Powell. "And they enjoy the challenge of getting
> somewhere they are not supposed to."
> 	Mark Gembicki, of consultancy WarRoom Research, says the audit
> trails for internal intrusions are simply better, and the perpetrators are
> easier to find. But many external intrusions are never found, and those
> that are usually go unreported.
> 	The hact is that CIOs have to wake up to the fact that hackers are
> not just nerdky kids from the 'burbs who get their kicks from Web page
> vandalism and the crashing of Web servers. Hacktivists, cyber terrorists
> and cyber spies are serious criminals.
> 
> 
> - stupid article by erik heinrich ends here
> 
> 
> so here's my question to you the reader:
> 
> should we (as a group or as a list) be countering this tripe? should we go
> silent as this crap is flooded through the mainstream? any thoughts?
> 
> 
> 
> 
> 
> 
> [: hacktivism :]
> [: for unsubscribe instructions or list info consult the list FAQ :]
> [: http://hacktivism.tao.ca/ :]
> 


[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]