[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] IBM Successfully Hacks A Client's Computer Network
From: jericho () dimensional ! com
Date: 1998-03-27 9:28:55
[Download RAW message or body]
---------- Forwarded message ----------
From: Simon Gardner <juniper@cix.compulink.co.uk>
TUCSON, Ariz. (March 23, 1998 8:30 p.m.) - International Business Machines
Corp.'s team of "ethical hackers" successfully broke into an unnamed
company's computer network in a demonstration of a live attack at a
computer industry conference.
IBM's team of ethical hackers, who work at its research division in
Yorktown Heights, N.Y., are paid security professionals called IBM's
Global Security Analysis Lab, who are hired by corporate customers to
detect security flaws.
A "large transportation" company, who would not be identified for security
reasons, agreed to let IBM try to penetrate its network in a demonstration
and discussion of hacking at the PC Forum conference.
The IBM researchers, who were working in New York, reported by telephone
that they successfully penetrated one of the company's file transfer
protocol (FTP) servers through the root directory and had access to
employee telephone numbers, social security numbers, payroll data and
other sensitive information. They broke into three different UNIX machines
on the network.
"Most people think hacks are random attacks," said Charles Palmer, head of
IBM Research's Global Security Analysis Lab. "They are very organized
probes." The IBM team started working on this company's network Sunday
evening, he said.
Palmer said IBM charges between $15,000 to $45,000 to perform a hack of a
company's system, with its permission, to test its security. Palmer said
because hacking is a felony, its clients sign a contract that he calls a
"get out of jail free card" specifying what IBM is allowed to do.
The IBM team, which has an 80 percent success rate in electronic
break-ins, is not a team of reformed hackers and Palmer warned the
audience that hiring former hackers can be very dangerous, and not worth
the risk.
He said IBM has also had a 90 percent success rate with a physical
break-in, where IBM researchers have literally walked out of a company's
offices carrying computers, while the security guard held the doors open
for them.
He said that there are currently about 100,000 hackers worldwide, but that
about 9.99 percent of those hackers are potential professional hired
hackers, who may be involved in corporate espionage, and .01 percent are
world class cyber criminals. Ninety percent are amateurs who "cyber"
joyride."
"There are about 100 people in the world I would not want touching my
computer," Palmer said, adding that hack attacks are on the rise, with the
attack on the Pentagon computers by five teenagers being a very recent
example.
IBM then offers a series of services to help a company solve its security
problems, through IBM's services business, or other companies.
"The first thing that I hope to accomplish is to raise awareness (about
security problems)," Palmer said.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic