IBM Successfully Hacks A Client's Computer Network 

TUCSON, Ariz. (March 23, 1998 8:30 p.m.) - International Business Machines 
Corp.'s team of "ethical hackers" successfully broke into an unnamed 
company's computer network in a demonstration of a live attack at a 
computer industry conference.

IBM's team of ethical hackers, who work at its research division in 
Yorktown Heights, N.Y., are paid security professionals called IBM's 
Global Security Analysis Lab, who are hired by corporate customers to 
detect security flaws.

A "large transportation" company, who would not be identified for security 
reasons, agreed to let IBM try to penetrate its network in a demonstration 
and discussion of hacking at the PC Forum conference.

The IBM researchers, who were working in New York, reported by telephone 
that they successfully penetrated one of the company's file transfer 
protocol (FTP) servers through the root directory and had access to 
employee telephone numbers, social security numbers, payroll data and 
other sensitive information. They broke into three different UNIX machines 
on the network.

"Most people think hacks are random attacks," said Charles Palmer, head of 
IBM Research's Global Security Analysis Lab. "They are very organized 
probes." The IBM team started working on this company's network Sunday 
evening, he said.

Palmer said IBM charges between $15,000 to $45,000 to perform a hack of a 
company's system, with its permission, to test its security. Palmer said 
because hacking is a felony, its clients sign a contract that he calls a 
"get out of jail free card" specifying what IBM is allowed to do.

The IBM team, which has an 80 percent success rate in electronic 
break-ins, is not a team of reformed hackers and Palmer warned the 
audience that hiring former hackers can be very dangerous, and not worth 
the risk.

IBM hires former hackers. If they claim otherwise, they are either
lying or don't know it themselves.

He said IBM has also had a 90 percent success rate with a physical 
break-in, where IBM researchers have literally walked out of a company's 
offices carrying computers, while the security guard held the doors open 
for them.

He said that there are currently about 100,000 hackers worldwide, but that 
about 9.99 percent of those hackers are potential professional hired 
hackers, who may be involved in corporate espionage, and .01 percent are 
world class cyber criminals. Ninety percent are amateurs who "cyber" 
joyride."

That means 9,999 are "potential professional hired hackers"? Seems a
bit high, or the standards have gone down.

"There are about 100 people in the world I would not want touching my 
computer," Palmer said, adding that hack attacks are on the rise, with the 
attack on the Pentagon computers by five teenagers being a very recent 
example.

IBM then offers a series of services to help a company solve its security 
problems, through IBM's services business, or other companies.

"The first thing that I hope to accomplish is to raise awareness (about 
security problems)," Palmer said.