http://www.techweb.com/se/directlink.cgi?WIR1997061910 June 19, 1997, TechWeb News Hackers' Dark Side Gets Even Darker By Douglas Hayward LONDON -- The hacker community is splitting into a series of distinct cultural groups -- some of which are becoming dangerous to businesses and a potential threat to national security, an official of Europe's largest defense research agency warned Thursday. New types of malicious hackers are evolving who use other hackers to do their dirty work, said Alan Hood, a research scientist in the information warfare unit of Britain's Defense Evaluation and Research Agency (DERA). Two of the most dangerous types of malicious hackers are information brokers and meta-hackers, said Hood, whose agency develops security systems for the British military. Information brokers commission and pay hackers to steal information, then resell the information to foreign governments or business rivals of the target organizations. [So an Information Broker, who hires a hacker is now labeled a malicious hacker? Is that to say that a Fortune 500 company who hires one is a malicious hacker too?] Meta-hackers are sophisticated hackers who monitor other hackers without being noticed, and then exploit the vulnerabilities identified by these hackers they are monitoring. A sophisticate meta-hacker effectively uses other hackers as tools to attack networks. "Meta-hackers are one of the most sinister things I have run into," Hood said. "They scare the hell out of me." [So how do they monitor these hackers in the first place if they rely on programs written by the person they are monitoring? Wouldn't it be more fair to say that some hackers do this, but it isn't the core of their activity?] DERA is also concerned that terrorist and criminal gangs are preparing to use hacking techniques to neutralize military, police and security services, Hood said. Other cultural groups evolving within the hacker community include gangs known as elites, who form closed clubs and look down on those ordinary hackers who employ commonly used attack tools, Hood said. "These guys [elites] develop their own tools," Hood said. "They get a camaraderie and an appreciation of their prowess from their peers." Another group -- known as "darksiders" -- use hacking techniques for financial gain or to create malicious destruction. They reject the classic motivation for hackers, which is to gain a feeling of achievement and authority, Hood said. "Hackers don't see electronic trespass as wrong per se, but the important thing about darksiders is that they cross the line [drawn by hackers] and start to be bad guys," he said. "That generally means they do it for gain or to cause harm." Users should stop believing they can build security systems capable of repelling any attack from hackers, Hood added. Instead, organizations should concentrate on minimizing the damage caused by attacks, and on deterring hackers. [This is possibly the worst advice I have seen in my life. How can you suggest that someone not worry about repelling attackers in the first place? And how can you turn around and say they should worry about "deterring hackers"? What better way to deter a hacker than to maintain a secure system?] "I don't believe you can stop every hacker forever," Hood said. "All they need is one new technique you haven't heard about. But what you can do is minimize the target, by using knowledge and resources." According to DERA, users should divide their anti-hacker strategies into deterrence, protection, detection and reaction. Deterrence means making it so difficult for hackers that most give up and try another target, Hood said. Protection means more than installing firewalls and security software and procedures; it also means getting to know your system and removing all but essential content. "Everything you have on your system is at risk -- you should strip out anything you don't need," Hood said. "Make sure your system does what you want it to do -- no more and no less -- and make sure you have procedural policies to stop social engineering. If someone rings up and says they have forgotten their password, the person at the other end of the phone shouldn't automatically say OK and give them a new one," Hood said. Social engineering is the term used by hackers to describe how they obtain passwords, confidential information and credit by deception. Users should install monitoring software, preferably with the ability to detect attacks in real time, and should react to everything that looks out of place. DERA employs 14,00 staff and has a budget of $1.5 billion. Hood's division, the command and information systems division, is responsible for secure communications and information warfare and employs more than 500 scientists and engineers.