Net Gains (Oct 30, 98)
Note: All external links mentioned in this article were working when published, but some may no longer be active.
More on hacking
Last week's column about the VSNL hack and the email hoax spurred a lot of email enquiries and complaints. Since there were so many questions about hacking, this week let's take a closer look at hacking and see what the VSNL hack means to us.
The term "hacker" as we know and understand it today is used for someone who breaks into a computer system uninvited. To put it simply, a hacker is an electronic intruder. Just like an intruder would break into a house, a hacker breaks into a computer or a network of computers. If the door of the house is locked properly (your computer has security systems to prevent unauthorised access), the intruder will have to try various keys till he can break in (or the hacker will have to try different ways / passwords to hack into the system). A computer system with insufficient security could be compared to a house that is not locked, or has a easy-to-break lock - this way you're virtually inviting the hacker / intruder inside with a big "Welcome" written across the doormat.
The Asian edition of Fortune magazine did a cover story on hacking way back in Feb 1997. This one though had a twist. They hired WheelGroup Corp., - a security firm that conducts "external assessments" of security systems for clients - to break into the computer systems of a well-known Fortune 500 company in the US. This Operation Nutcracker as they called it was conducted with the company's consent to be a guinea pig for the experiment, with a big consulting firm monitoring the entire operation. Within two days, they got root access to the company's computers - that meant access to powers allotted to only a couple of system administrators of those machines. Which meant that they could do virtually anything - delete files, make copies of sensitive data - why they even sent email to one manager from another manager's account telling him to give a US$5,000 bonus to an employee. And the recipient fell for it too!
Coming back to our shores, the VSNL hack earlier this month was incidentally not the first of it's kind - there have been numerous occasions when VSNL's servers have been hacked in the past. While the hackers have maintained that it was easy to break in since VSNL has poor security for its servers, VSNL has consistently maintained that they maintain high security standards. Now obviously, one of the two is not true - you be the judge.
In the early years of hacking, it was a hobby that nerds indulged in like any other hobby - for the pure thrill of it! Or maybe to have fun at someone else's expense, say by putting up a "Happy Birthday Sweetheart" message up for everyone to see. Or on a more serious note, to expose loopholes in computer security - like the D.O.D.D. and Eddie incident in Jan this year, where two college students hacked into the VSNL student's account server and displayed an anti-VSNL message instead of the default welcome message. But others who have hacked into the VSNL servers have not been as nice. Passwords have been stolen, valuable Internet time has been unofficially used, and passwords even changed making the real user run around from pillar to post to gain access to his account once again.
But the latest attack by the "Divine Hackers" had damaging side-effects. They put up homepages with VSNL subscriber lists and announced this to over 25,000 users to "prove their capabilities". As a result, these databases are now in the hands of unscrupulous people who are misusing it to send unsolicited junk mail.
Morty Rosenfeld, a young computer hacker in the US was sent to prison when he was caught. But after he completed his prison term, his local ISP (his equivalent of VSNL), has given him free Internet access in exchange for security advice and the latest gossip about hackers that they use to stay one step ahead of the hackers. Now that's constructive. Is anybody here listening ?
Back to Net Gains 1998 archives.
© Lyndon Cerejo: email | www.strategist.net | search site | sitemap