June 19, 1997, TechWeb News
Hackers' Dark Side Gets Even Darker
By Douglas Hayward

LONDON -- The hacker community is splitting into a series of distinct
cultural groups -- some of which are becoming dangerous to businesses and
a potential threat to national security, an official of Europe's largest
defense research agency warned Thursday. New types of malicious hackers
are evolving who use other hackers to do their dirty work, said Alan Hood,
a research scientist in the information warfare unit of Britain's Defense
Evaluation and Research Agency (DERA). 

Two of the most dangerous types of malicious hackers are information
brokers and meta-hackers, said Hood, whose agency develops security
systems for the British military.  Information brokers commission and pay
hackers to steal information, then resell the information to foreign
governments or business rivals of the target organizations. 

[So an Information Broker, who hires a hacker is now labeled a
 malicious hacker? Is that to say that a Fortune 500 company who hires
 one is a malicious hacker too?]

Meta-hackers are sophisticated hackers who monitor other hackers without
being noticed, and then exploit the vulnerabilities identified by these
hackers they are monitoring. A sophisticate meta-hacker effectively uses
other hackers as tools to attack networks. "Meta-hackers are one of the
most sinister things I have run into," Hood said. "They scare the hell out
of me." 

[So how do they monitor these hackers in the first place if they
 rely on programs written by the person they are monitoring? Wouldn't it be
 more fair to say that some hackers do this, but it isn't the core of
 their activity?]

DERA is also concerned that terrorist and criminal gangs are preparing to
use hacking techniques to neutralize military, police and security
services, Hood said. 

Other cultural groups evolving within the hacker community include gangs
known as elites, who form closed clubs and look down on those ordinary
hackers who employ commonly used attack tools, Hood said. "These guys
[elites] develop their own tools," Hood said. "They get a camaraderie and
an appreciation of their prowess from their peers." 

Another group -- known as "darksiders" -- use hacking techniques for
financial gain or to create malicious destruction. They reject the classic
motivation for hackers, which is to gain a feeling of achievement and
authority, Hood said. "Hackers don't see electronic trespass as wrong per
se, but the important thing about darksiders is that they cross the line
[drawn by hackers] and start to be bad guys," he said. "That generally
means they do it for gain or to cause harm." 

Users should stop believing they can build security systems capable of
repelling any attack from hackers, Hood added. Instead, organizations
should concentrate on minimizing the damage caused by attacks, and on
deterring hackers. 

[This is possibly the worst advice I have seen in my life. How
 can you suggest that someone not worry about repelling attackers in the 
 first place? And how can you turn around and say they should worry about
 "deterring hackers"? What better way to deter a hacker than to maintain
 a secure system?]

"I don't believe you can stop every hacker forever," Hood said. "All they
need is one new technique you haven't heard about. But what you can do is
minimize the target, by using knowledge and resources." 

According to DERA, users should divide their anti-hacker strategies into
deterrence, protection, detection and reaction. 

Deterrence means making it so difficult for hackers that most give up and
try another target, Hood said. Protection means more than installing
firewalls and security software and procedures; it also means getting to
know your system and removing all but essential content. "Everything you
have on your system is at risk -- you should strip out anything you don't
need," Hood said. 

"Make sure your system does what you want it to do -- no more and no less
-- and make sure you have procedural policies to stop social engineering.
If someone rings up and says they have forgotten their password, the
person at the other end of the phone shouldn't automatically say OK and
give them a new one," Hood said. Social engineering is the term used by
hackers to describe how they obtain passwords, confidential information
and credit by deception. 

Users should install monitoring software, preferably with the ability to
detect attacks in real time, and should react to everything that looks out
of place. DERA employs 14,00 staff and has a budget of $1.5 billion.
Hood's division, the command and information systems division, is
responsible for secure communications and information warfare and employs
more than 500 scientists and engineers.