IBM Successfully Hacks A Client's Computer Network TUCSON, Ariz. (March 23, 1998 8:30 p.m.) - International Business Machines Corp.'s team of "ethical hackers" successfully broke into an unnamed company's computer network in a demonstration of a live attack at a computer industry conference. IBM's team of ethical hackers, who work at its research division in Yorktown Heights, N.Y., are paid security professionals called IBM's Global Security Analysis Lab, who are hired by corporate customers to detect security flaws. A "large transportation" company, who would not be identified for security reasons, agreed to let IBM try to penetrate its network in a demonstration and discussion of hacking at the PC Forum conference. The IBM researchers, who were working in New York, reported by telephone that they successfully penetrated one of the company's file transfer protocol (FTP) servers through the root directory and had access to employee telephone numbers, social security numbers, payroll data and other sensitive information. They broke into three different UNIX machines on the network. "Most people think hacks are random attacks," said Charles Palmer, head of IBM Research's Global Security Analysis Lab. "They are very organized probes." The IBM team started working on this company's network Sunday evening, he said. Palmer said IBM charges between $15,000 to $45,000 to perform a hack of a company's system, with its permission, to test its security. Palmer said because hacking is a felony, its clients sign a contract that he calls a "get out of jail free card" specifying what IBM is allowed to do. The IBM team, which has an 80 percent success rate in electronic break-ins, is not a team of reformed hackers and Palmer warned the audience that hiring former hackers can be very dangerous, and not worth the risk. IBM hires former hackers. If they claim otherwise, they are either lying or don't know it themselves. He said IBM has also had a 90 percent success rate with a physical break-in, where IBM researchers have literally walked out of a company's offices carrying computers, while the security guard held the doors open for them. He said that there are currently about 100,000 hackers worldwide, but that about 9.99 percent of those hackers are potential professional hired hackers, who may be involved in corporate espionage, and .01 percent are world class cyber criminals. Ninety percent are amateurs who "cyber" joyride." That means 9,999 are "potential professional hired hackers"? Seems a bit high, or the standards have gone down. "There are about 100 people in the world I would not want touching my computer," Palmer said, adding that hack attacks are on the rise, with the attack on the Pentagon computers by five teenagers being a very recent example. IBM then offers a series of services to help a company solve its security problems, through IBM's services business, or other companies. "The first thing that I hope to accomplish is to raise awareness (about security problems)," Palmer said.