[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Disorder saves the day
From:       mea culpa <jericho () dimensional ! com>
Date:       1998-06-30 7:51:29
[Download RAW message or body]


[Moderator: 'Disorder' is the name of the conference, NOT an individual.]


Forwarded From: Nicholas Charles Brawn <ncb05@uow.edu.au>

(url:  http://www.smh.com.au/computers/content/980630/news/news2.html)
     
  Disorder saves the day
  
     Who you gonna call when your IT systems get raided? SUE LOWE talks
     to the new security consultants.
     
       SECURITY
     The ethical hacker. It sounds like the oxymoron of the late '90s,
     but according to the three co-founders of Disorder, a start-up
     company intent on teaching Australia's private and public
     organisations about IT security from a hacker's perspective, being
     a well-behaved hacker is very much in vogue.
     
     "Hacking is one of those words people argue about a lot," says
     Stephen James, who at 28, is the oldest of Disorder's management.
     
     "A hacker is someone who breaks into systems but once inside they
     don't cause any harm. What they do is illegal and we certainly
     don't condone it - but once inside they don't steal or modify data,
     they don't install viruses and so forth. Crackers do. Crackers
     break in and break the system."
     
     James has been running his own security auditing consultancy, ITAC,
     for the past four years. His company has been contracted by banks,
     stock exchanges and government departments to find, and help fill,
     the holes in their IT systems.
     
     Before that he spent 5 years as a senior security auditor with
     Price Waterhouse in the United States, making him roughly 19 when
     he started. It's obviously a good age. James's two partners in
     Disorder, Damien Mascord and Nick Brawn are both 19, both in their
     first year of computer science courses at university, and both have
     been poking into IT security holes for at least four years.
     
     Brawn complains the term hacker has been "Hollywood-ised" by the
     media.
     
     "You read about the hacks on the Internet, with Web pages destroyed
     and all this porn put up. That's just like ... to me, plain
     childishness.
     
     "There are kids with far too much time on their hands and for the
     most part there's no technical skill exhibited in the attack."
     
     But not all hacks - or are these cracks? - are considered juvenile.
     Brawn refers to recent attacks on government sites in Indonesia,
     staged purely to promote the cause of civil rights.
     
     "Three or four weeks ago there was an attack in response to the
     nuclear tests in India. The research site was hacked ... it was a
     protest," he says.
     
     As recognition of the "ethical hack" the perpetrators scored an
     interview with Wired magazine.
     
     At the other end of the bad guys scale are "Warez pups". Brawn
     describes them as "kids who have obscene fun in trading
     copyrighted, commercial software: games, productivity tools,
     Microsoft products. Some claim to be hackers but what they do is
     just immature."
     
     All three deny being bad guys turned good. Mascord and Brawn
     maintain they've gained their experience by finding all the holes
     in their own "vanilla" (straight out of the box) Unix servers,
     plugging up the holes, then seeing if their mates could break in.
     
     Disorder's immediate goal is to bring to Australia a trend that has
     gained significant notoriety in the US. The hacker-run security
     conference.
     
     In the best traditions of DEF CON (DEF CON 6.0 will be held in Las
     Vegas at the end of next month), Australia's first SecCON will be
     held in Sydney on July 16 and 17.
     
     Guest speakers will include encryption and virus specialists,
     authors on the Australian "underground", even a couple of police
     sergeants.
     
     David Caldwell, a detective senior sergeant with the Victorian
     Computer Crime Squad, says he's completely comfortable about
     sharing the podium with a bunch of hackers with an average age of
     22.
     
     "That's quite normal," he says. "A typical profile of a hacker is
     that they have a very good education, they've grown up with
     computers, and are between 13 and 29."
     
     But he too, has problems with the term hacker.
     
     "It describes such a wide range of activities. Some of it just a
     political statement. It's a '60s thing using current Year 2000
     technology," he says.
     
     There is, however, a lot more than political protest going on.
     
     Last year, computer-based crime was almost non-existent, or at
     least not being reported. Whereas, says Caldwell, "in the first six
     months of this year we were getting three to five reports a week."
     
     Reports of credit card-related fraud far outnumbered corporate IT
     system intrusions, but "that's not because they're not happening".
     But rather "reluctance about reporting them".
     
     Last year the computer crime unit surveyed 500 companies on IT
     security issues. Of the 54 per cent that responded "all had
     experienced intrusions in the last 12 months, but only 19 per cent
     had reported them".
     
     The most frequent reason given, says Caldwell "was lack of
     confidence in law enforcement agencies. I don't take it
     personally."
     
     Even where unauthorised access had occurred, hackers and crackers
     still escaped most of the blame. "90 per cent were traced back to
     employees, consultants or contractors," he says.
     
     SecCON details are available via the Web site or from IBC
     Conferences on (02) 9290 1133.
     



-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

[prev in list] [next in list] [prev in thread] [next in thread]