Security News > 1999 > October > Study Says Hacker Sites Fuel Crime

Study Says Hacker Sites Fuel Crime
1999-10-25 18:26

From: William Knowles http://www.apbnews.com/newscenter/internetcrime/1999/10/19/hacking1019_01.html CARLSBAD, Calif. (APBnews.com) [10.19.99] -- Web sites offering instructions and software for computer hacking are helping to fuel the growth of cybercrime, according to a survey by a high-tech research firm. Computer Economics Inc., an information technology consulting company, expects computer-related crime, fueled by a proliferation of Web sites devoted to hacking, to cost consumers and businesses more than a trillion dollars worldwide in damages and lost revenue this year. The unscientific survey was released Monday. 'A haven for computer criminals' "The Internet has always been a haven for computer criminals," said research analyst Adam Harriss. "The technologically savvy hackers have been online swapping tips and programming for decades, but now the information is being posted and sold at low cost in a form that even the techno-illiterate can understand. Causing damage to machines and infiltrating systems has become as easy as putting together a child's Christmas toy." He said the survey took a week to conduct and was completed earlier this month. It focused on Web sites that in addition to providing information also offered hacking software tools. Harriss said he looked at a "representative" sample of more than 40 Web sites, which included large Web sites as well as personal home pages. "We found an amazing number of sites that do [provide software], and we found sites that sold virus software, all types of stuff," said Harriss. Flawed and alarmist? Supporters of sites that post hacking information and software call the survey flawed and alarmist. "They make it sound as though this is a new phenomenon. Underground information archives have existed long before the Internet. ... This is not something new," said Space Rouge, editor of the Hacker News Network. Harriss says the problem is that now there are many more hacking Web sites that provide hacking tools, compared to the days of dial-up computer bulletin board systems. The low cost of computer crime software and hardware combined with the dramatic expansion of the Internet into new, lesser-developed regions of the world promises to exacerbate the hacking problem, he said. Free speech issues involved While one part of the hacking debate is about technology, there are also issues of free speech concerning the availability this information and software. A disclaimer that's typically posted on hacker-related sites says that the information posted is for educational purposes only. "I completely respect freedom of speech, but then there are times when this information, whether it's given out in the best intent, can be accessed by people who are malicious in their intent," said Harriss. He said the survey was done mainly as an "alert" to show what is available online. There are no suggestions or recommendations about what should be done about these sites. Manuals outline infiltration, pirating Harriss said some sites tout hacking manuals as guides that help users "search for company secrets," software that's purported to "screw up all types of computer disks," and software that could be used to pirate other programs -- described as "a must for anyone who doesn't want to pay full price for software." Manuals and software about hacking and computer crime, such as creating viruses, counterfeiting, piracy and various types of fraud, typically run from $8 to $60, says the survey. Some of what the survey found online includes: A manual that tells Microsoft users how to avoid the $10 to $35 per incident fee for tech support after the 90 days of free support has run out. Software and instructions to circumvent any Internet sites that are restricted by a "parental block." Software, priced at $50, to remotely infiltrate the hard drives of people in chat rooms and copy their software. A disk, costing $42, containing over 4,000 live viruses including CIA, Michaelangelo, JerusalemB, Dark Avenger, Darth Vader, Kool Aid, AIDS, Rape, Keydrop, Null and Quiet. An $8 guide to making a profit from software bootlegging. A complete guide to hacking a Novell network for $25, with texts included. Instructions for $30 about how to break into any Eudora account. More people online, more crime Space Rouge says there are many holes in the survey's findings. "They fail to mention that demo versions of perfectly legit software are also available at little or no cost that do much more damage than what they mention. I am surprised that they only mention stuff that has a price tag, as opposed to finding stuff that is freely available on the Web," he said. Weld Pond, a member of the software security group L0pht Heavy Industries, said there may be more cybercrime simply because more people are online. "The rise in e-crime is due to the fact that more and more people are connected to the Internet using the same old insecure software that hasn't changed much in the last three years. Personal OS's are buggy and insecure. Mail clients, Web browsers, chat programs are all shipping with problems and being used by more and more people, but this report is trying to blame the very people shouting 'Look how insecure it is,'" said Weld. He said users should be demanding secure software. "Unless customers have the ability to test their systems for weaknesses, they are at the mercy of black hats everywhere, be they script kiddies or professional crackers. Unless customers put pressure on their vendors to write more secure software, nothing will change. The availability of hacking tools allows people to see for themselves where the problems lie," said Pond. What's posted is 'protected speech' Mike Godwin, a fellow at the Yale Center for Internet Studies and former counsel of the Electronic Frontier Foundation, said there is no research that links more hacking sites to cybercrime activities. "It is totally speculative. It's not at all clear that the people using the sites and the people committing the crimes are the same people," said Godwin. He said the information posted on these Web sites is "protected speech." "The Supreme Court said about 30 years ago that even the mere advocacy of illegal activity is itself protected speech. ... As long it's not aimed at facilitating a particular crime at a particular time and place, it's protected," said Godwin. ISN is sponsored by Security-Focus.COM


News URL

http://www.apbnews.com/newscenter/internetcrime/1999/10/19/hacking1019_01.html