WELLESLEY, MASSACHUSETTS, U.S.A., 1998 MAY 28 (Newsbytes) -- By Jacqueline Emigh, Newsbytes. Network "cracking" is evolving in a more malicious direction, while adding specialty areas like "fracking" and "crypting" in the process, said a member of a new anti-cracking unit at Cambridge Technology Partners (CTP), during CTP's "New Hack Tour." [The term for a phone hacker is "phreak", and their art is known as "phreaking".] Really, "cracker" -- rather than "hacker" -- is the word to use in describing individuals who break into networks, said Wyly Wade of CTP's Enterprise Security Systems Group, during a meeting with Newsbytes at the CTP-sponsored conference. "Hacker" actually refers to anyone who writes program code, even an end user who scripts Microsoft Word macros, Wade told Newsbytes. Emerging derivatives of the term "cracker" include "fracker," meaning a person who breaks into phone networks, and "crypter," a specialist in cracking cryptographic algorithms, Wade added. [The correct term is "cypherpunk", not "crypter".] The earliest crackers engaged in the practice for "humanitarian" reasons, such as the desire to help companies build better products, according to Wade. The humanitarians were the joined by those who cracked networks to "further the free exchange of information." Later on came groups like the PLO, which breaks into networks "purely for profit;" and finally, people whose motives are entirely malicious. Many of the newest breed of crackers are kids who are unaware of cracking's roots, said Wade, one of eight members of a new anti- cracking Internet security team at CTP. CTP, a systems integration and software development specialist based in Cambridge, Massachusetts, formed the new group, known as "Core," in response to customer requests. CTP takes a "partnering" stance with its customers, meeting whatever IT (information technology) requirements need to be addressed, Wade maintained. With Internet security a rising concern among customers, the new "Core" group stays about a year ahead of the industry at large in keeping on top of new security threats, Newsbytes was told. The job is challenging, because new "incursions," or security holes, keep showing up every day, according to Wade. A few of the more popular methods of cracking being discussed at this week's conference include the FTP (file transfer protocol) bounce attack, protocol tunneling, and tactics such as SYN flooding, which result in "denial of service." [The article says cracking is breaking into networks, but turns around and talks about the FTP bounce attack and SYN flooding. Neither are active attacks to BREAK IN to a network.] In the FTP bounce attack, crackers manipulate FTP PASV mode, using PORT and QUOTE to send scripts that allow them to gain access to unauthorized FTP servers, speakers said during conference sessions. Protocol tunneling calls for encapsulating, or hiding, one protocol inside of another, such as a telnet inside a ping request. [The FTP bounce attack is designed to bypass access restrictions based on rulesets or ACLs.] Many tactics can be used to bring denial of service, including SYN flooding, ghost routing, and service loops, for instance. In this type of attack, users typically do not even realize a server has been hit, instead believing that the server must be busy, or down for maintenance, for example. Wade pointed out that new viruses continue to fester, as well. Viruses are already showing up in the 32-bit environment, although some people said this would never happen. And these perennials of cyberspace are certain to land on new 64-bit platforms, as well, Wade predicted. Cambridge Technology Partners is located at http://www.ctp.com on the World Wide Web. =-= [Only a few gripes with this article. :) Firstly, I believe the commonly accepted term for a "phone hacker" was a phreak, not as this article suggests, a "fracker". Secondly, I believe the term "cypherpunk" is the accepted description for someone who is a "specialist in cracking cryptographic algorithms", though that might be smearing the term somewhat. Sounds like they're trying to whip up some new buzzwords. :) -Nick]