Security News > 2000 > February > Behind the Scenes at 'Hackers, Inc.'
http://www.pcworld.com/pcwtoday/article/0,1510,15132,00.html So you thought hackers were nerds in dark rooms traveling in cyberspace to attack companies' computer systems or steal data. Think again. A new breed of hackers licensed to hack legally into companies around the world, ranging from banks in Israel and Britain to e-commerce companies in Spain, and check their systems' security, is at work in Sweden. The Stockholm-based private company Defcom, set up in April last year, is a pioneer in a shadowy business that may seem more like a scene from one of legendary American science fiction author William Gibson's novels than reality. But Defcom actually gets paid for hiring out its "ethical hackers" to large companies, mostly in the banking, insurance, and e-commerce sector around Europe. "Nine out of ten companies we're employed to check, we can break into through the Internet," Defcom Chief Executive Thomas Gullberg tells Reuters. "That's a frightening statistic." An Online Playground The Web is becoming an ever more attractive playground for hackers as e-commerce mushrooms in Europe and the United States, and sensitive data is transferred over the Internet. Hackers can break into practically any computer system if they want to, Defcom says. It was hard at first to bring hackers together, but Gullberg was surprised by the willingness on the part of hackers to turn legitimate. "We've brought hacking to another stage, made it ethical," Gullberg says. "We've gathered hackers under one roof. After all they're the best in the business, they know how it's done." Defocom's motto, displayed in one of the main hackers' rooms, sums it up: "It takes one to know one." The Swedish company--with an office in London--has grown to over 40 staff, of whom about half are professional hackers, aged 23 to 30. One has a criminal record. To boost expertise and knowledge it has also hired a police officer from the IT security division in Sweden's national crimes prevention unit. Once appointed by a company to check its security system, the staff carries out a technical analysis, then travels to the country of the company and starts hacking. What makes them different from some other data security firms is that they actually make changes in their customers' computers to see whether they can really be hacked into, Defcom says. "We don't just go to the firewall and prove that we can break it, but we go into the main computers," Defcom's senior cyberspace hacker, who asked to remain anonymous, tells Reuters. "We deliver the truth to clients. The bittersweet truth," Gullberg says. Bad for Business "Security has been a big problem in the business world and it still is. The Internet is not safe," Gullberg says. Most illegal hacking in finance centers on stealing credit card numbers but is expanding quickly into industrial espionage. Defcom says an underground market known as "information broker" sites is growing on the Web, where clients could scout around for hackers to do their dirty work, like breaking into a company to steal corporate data. The need for tighter security was underscored last month when hackers broke into online music retailer CD Universe, a unit of EUniverse and stole 300,000 credit card numbers, demanding payment of $100,000 not to use them. Defcom advises its clients not to publicize their use of its services as this could be a challenge to the hacking community. "It's easy to break into the system. Too easy. But often customers don't know when the companies have had intruders because they cover it up," the top hacker says. ISN is sponsored by Security-Focus.COM
News URL
http://www.pcworld.com/pcwtoday/article/0,1510,15132,00.html