Spazrat. SlutPuppy. Sharkdogg. Sweetcakez…
What is this garish population which stalks the fringes of the Web, moving invisibly in the margins of our lives?
According to Carolyn Meinel, author of The Happy Hacker: "These are the kids who used to make stink-bombs. Now they do the Net."
In New Zealand last week, electronic stink-bombs were raining down as thick as Leonids. Hackers and crackers were having a field-day.
There's supposedly a difference between the two subsets - broadly speaking, crackers do it for spite, hackers to prove it can be done - but one very often shades into the other.
Kevin Mitnick [www.kevinmitnick.com/home.html] is the dark lord of the first, and his nemesis, Tsutomu Shimomura, the patron saint of the second. Read of their shadowy but epic struggle at www.gulker.com/ra/hack/index.html.
Mitnick has been imprisoned without trial or bail [or a computer] for nearly four years, while his supporters continue to demonstrate their support in the only way they know: hacking high-profile websites [the celebrated New York Times hack of earlier this year by H4ck1ng for G1rl13z - www.antionline.com/archives/pages/www.nytimes.com - is the best-known].
At least they can portray their activities as a 'crusade'. Recent local practitioners of the secret art march under no such banner.
Ihug's loss of over 4500 user homepages appears to have been just cyber-hooliganism, roughly the equivalent of smashing every shop-window along Ponsonby Road. The borrowing [if that's the word] of Xtra's user passwords was an act of private revenge from a disenchanted former customer - a recent Wired survey showed that a majority of hackers are or were associated with the object of their attentions. Love turns to hate.
This was what's known as a "sniffer attack", in which a knowledgeable hacker positions an unobtrusive programme conveniently adjacent to any machine which authenticates passwords and siphons them all up. Scripts for these are widely available on the Web [stein.cshl.org/~lstein/talks/WWW6/sniffer].
Interestingly, the individual in question might quite like to help Xtra put some putty in the cracks, for hacking is a jungle where the poachers steadily turn into gamekeepers.
With the fox well and truly among them, the ISP chooks set up a frightful racket, changing passwords and generally subjecting their hen-houses to frantic inspection.
How effective the measures will be is uncertain, because security shakeups like this tend to provoke bored hackers into probing their weak spots. Even the online hackers' bible, RootShell [www.rootshell.com/beta/news.html], was recently unable to prevent itself being badly cracked simply because, like the CIA site [Mt. Everest of the Web], it was there.
It will also be interesting to learn, if we do, whether fears that some local ISP's and their customers have been infected with Back Orifice are well-founded. Described by its creators, a hackers' group called the Cult of the Dead Cow [www.cultdeadcow.com], as "a remote administration tool", it allows you to secretly turn someone else's machine into your electronic zombie.
The Wired survey claims that "79% of Australian ISP's are infected with Back Orifice".
Worse, it now boasts a range of plug-ins like Saran Wrap 1.1 [installs and runs BO inside any application], SpeakEasy 0.1b [secretly logs into an IRC server to broadcast the host's IP address at regular intervals, allowing anyone to rush in and nuke it], and Silk Rope 2.0 [a sophisticated trojanised wrapper for BO which can secrete itself in just about any auto-install file]. As for ButtSniffer 0.9… don't even ask.
Thank God, then, for local Web-services outfit Webfusions [www.webfusions.co.nz], which is offering access to HouseCall, Trend Micro's free scanning service which requires no install and sniffs out the sniffers.
It may have taken most of the afternoon to scan my 45,000 networked files, but at the end of it I knew I could call my computers my own, if only for the time being: HouseCall can only report current status.
Ironically, it's rumoured that in the course of their activities some hackers wind up with their own systems enslaved by one of their cyber-rivals.
Caveat hackor…
BOOKMARKS
BEST GUIDE: Researching Companies Online
Locate high-level company information, financial details, contacts, sales prospects - this step-by-step interactive tutorial uses a variety of free Internet resources to find all this and more. Currently it focuses on U.S. resources, but will be adding international sites in the near future. An excellent guide to penetrating the Internet labyrinth.
Advisory: includes techniques for "canvassing public opinion" - read "trawling UseNet for scuttlebutt"…
home.sprintmail.com/~debflanagan/index.html
MOST OCKER: Australian Internet Awards 1998M
A 19-category extravaganza… no, let me rephrase that: there are 19 categories in these awards, and most of the clicks are dull, dull, dull. A must-see for local web designers, if only to make them feel good about themselves. ["Wine of Australia", for example, doesn't approach our own Corbans site]. My pick? I couldn't really make one, although I quite liked Retrogrrl's slow but snazzy homepage, and cricketers will enjoy the Southern Redbacks' effort. Otherwise…
Advisory: no cultural cringe required.
www.webawards.info.au
Email: petersinclair@email.com
Web Walk: Papering over the cracks
AdvertisementAdvertise with NZME.
