Page 306


Undergound. Go to Table of Contents.

   very different message, a message which says: Don't get caught.

  

   The principle of deterrence has not worked with hackers at this level.

   I'm not talking here about the codes-kids--the teeny-bopper, carding,

   wanna-be nappies who hang out on IRC (Internet relay chat). I'm

   talking about the elite hackers. If anything, law enforcement

   crackdowns have not only pushed them further underground, they have

   encouraged hackers to become more sophisticated than ever before in

   the way they protect themselves. Adversity is the mother of invention.

  

   When police officers march through the front door of a hacker's home

   today, they may be better prepared than their predecessors, but they

   will also be facing bigger hurdles.  Today, top hackers encrypt

   everything sensitive. The data on their hard drives, their live data

   connections, even their voice conversations.

  

   So, if hackers are still hacking, who are their targets?

  

   It is a broad field. Any type of network provider--X.25, cellular

   phone or large Internet provider. Computer vendors--the manufacturers

   of software and hardware, routers, gateways, firewalls or phone

   switches. Military institutions, governments and banks seem to be a

   little less fashionable these days, though there are still plenty of

   attacks on these sorts of sites.

  

   Attacks on security experts are still common, but a new trend is the

   increase in attacks on other hackers' systems. One Australian hacker

   joked, `What are the other hackers going to do? Call the Feds? Tell

   the AFP, "Yes, officer, that's right, some computer criminal broke

   into my machine and stole 20000 passwords and all my exploitation code

   for bypassing firewalls".'

  

   For the most part, elite hackers seem to work alone, because of the

   well-advertised risks of getting caught. There are still some

   underground hacking communities frequented by top hackers, most notably

   UPT in Canada and a few groups like the l0pht in the US, but such groups

   are far less common, and more fragmented than they used to be.

  

   These hackers have reached a new level of sophistication, not just in

   the technical nature of their attacks, but in their strategies and

   objectives. Once, top hackers such as Electron and Phoenix were happy

   to get copies of Zardoz, which listed security holes found by industry

   experts. Now top hackers find those holes themselves--by reading line

   by line through the proprietary source code from places like DEC, HP,

   CISCO, Sun and Microsoft.

  

   Industrial espionage does not seem to be on the agenda, at least with

   anyone I interviewed. I have yet to meet a hacker who has given

   proprietary source code to a vendor's competitor. I have, however, met

   a hacker who found one company's proprietary source code inside the

   computer of its competitor. Was that a legal copy of the source code?

   Who knows? The hacker didn't think so, but he kept his mouth shut

   about it, for obvious reasons.

  

   Most of the time, these hackers want to keep their original bugs as

   quiet as possible, so vendors won't release patches.

  

   The second popular target is source code development machines. The top

   hackers have a clear objective in this area: to install their own

   backdoors before the product is released. They call it `backdooring' a