This would might be worth getting some comments on from your Egypt 2600
list

regards

XXXXX

- - ---------------------------
 

Have you seen this article
http://news.bbc.co.uk/1/hi/technology/3246375.stm?

I wrote to the journalist who wrote it (I know her quite well) and
explained that I thought it was a load of crap. I've included what I
wrote to her below.

Anyway, she agreed and said she would like to publish a response from
a hacker/hacking community. She asked me if I wanted to write it, but
I don't classify myself as a hacker these days and anyway I think
there's a conflict of interest in there somewhere.

However, if you want to write a response (or know someone who does)
let me know. I can either give you her email address for you to mail
anonymously or you can send it to me and I can forward it on.

Let me know.

XXXXX

- - ---------------------------

Hey Jo,

I just read your article "Cracking the hacker underground"
(http://news.bbc.co.uk/1/hi/technology/3246375.stm).


As a former hacker myself, I felt the article contained a lot of
marketing 'hype' from the security company - it was a shame there was
no alternative view point or counter-argument from actual 'hackers'.

Reading through their methodology of how they infiltrate hacker
groups, I find it difficult to believe that they are as successful as
they claim to be.

They claim they do not commit any illegality themselves

The whole hacking community works on a basis of trust. The currency
of trust is trading exploits. You tell me a 'hack'/'exploit' you've
done or which boxes you own (hacked into and now control) and I'll
tell you mine. As the trust develops you communicate more
incriminating stuff. And hackers normally want proof (exchanging the
usernames/passwords of accounts they own, showing log files only
obtainable inside systems, etc) - which leaves me wondering how these
people have managed to gain the trust of hackers without ever
committing any illegality or incriminating themselves.

They spend a lot of time lurking, monitoring the traffic within the
communities

Hacking communities are 99% of the time behind closed doors. If
anyone's going to utilise strong encryption and access control, it's
hackers. You can't just 'monitor' conversations (be they chat rooms,
message forums, instant messages, etc) - you would need to be invited
(given encryption keys, etc). Thinking about the communities I still
keep elements of contact with, they're often BBS style systems which
are invitation only. Messages are strongly encrypted with a key only
the genuine recipients know. Finally, group membership is monitored
regularly - if you 'go dead' (lurk) then you get cut off as you no
longer serve any benefit to that community.

It's very easy to see if someone is lurking (being in a chat room for
long periods of time without saying anything, or downloading every
forum message without ever contributing). This kind of activity would
be soon picked up and their access removed (or even hacked back,
attacked in some other way, etc)

Using "k3wl" etc

This is utter crap, if I was chatting online with someone who said
something was "k3wl" he would stick out like a saw thumb. This is not
the current language of hackers.

I can only conclude that they are either hyping their services big
time, or they simply miss major and important hacking groups because
their techniques are such that any knowledgeable group would be able
to circumvent or simply detect and take the appropriate action to
avoid further breaches of security.

Finally, I also feel there is something to be said for freedom of
privacy. The US, the UK and most other western countries base their
justice on innocent until proven guilty. Most people in most hacking
groups haven't been charged with anything. Therefore the concept of
monitoring their every communication, amounting to 9Gigs of data
(that's a lot of data!) seems inappropriate for a private company
(which doesn't appear to be working on behalf of the security services
in an official capacity). I would even argue that in some cases the
legality of this very activity could be challenged - which brings me

back to my first counter point!

Anyway, I'm not sure how the story was sourced and to what extent you
were able to interview the company directly - however I did feel
strongly enough up about it to write you this (now lengthy, sorry)
email!


Cheers
XXXXX

- - --------------------------

I tend to agree with your comments, except to point out that there are
many "hackers" and "virus authors" who either work alone or who do not
brag about their exploits in chatrooms.

Jo Twist (or the "sub editors") certainly missed several important and
relevant points relevant to a UK audience e.g.

The Microsoft $5 million bounty for information leading to the arrest
and conviction of virus/worm authors.

What is TruSecure's attitude to this ? Are they as a company hoping to
collect some of the bounty ? What safeguards have they introduced since
the offer of the bounty so that their team of infiltrators/agent provocateurs
are not tempted to entrap people or to manufacture "evidence" in order
to try to collect the Microsoft bounty ?

The BBC article should also have mentioned that such a "bounty" would
have limited effect in the UK, as criminals, or even their families or
loved ones, are *not* permitted to profit from crime (the proceeds can
be confiscated by court order). Even more importantly, if there is a
hint that "witnesses" are likely to benefit financially either from tabloid
newspapers or from Microsoft, and are only eligible to be paid on condition
of getting a conviction, then their "evidence" is tainted and inadmissable
and the company offering the money could be in Contempt of Court and
liable to *unlimited fines*

The mention of providing "evidence" to the FBI about the author of the
Melissa virus should have then had an explanation of the fact the David
Smith was then used by the FBI as an "infiltrator/agent provocateur"
just like TruSecure's team, where he managed to trap Simon Vallor,
from North Wales who was convicted of distributing some viruses.

http://www.wired.com/news/technology/0,1282,60492,00.html

The article should also have mentioned that *writing* a computer virus
i.e. being a "virus author" is not illegal, it is only when they are
released into the wild and start changing data on systems without permission
that something illegal occurs.

The "big brain" illustrations should have prompted a comparison with
professional, UK written "intelligence anlaysis and visualisation" software
such as Analysts Notebook or Watson used by most European and many US
police forces and intelligence agencies.

http://www.i2.co.uk/Products/Analysts_Notebook/default.asp

Helping out on 54 "investigations" whilst allegedly tracking 11,000 people
seems to be a pretty poor rate of return. If the screenshot evidence
is to be believed, apparently linking The Cult of the Dead Cow with say
New Jack City, then it looks as if all that they are doing is a bit of
crude web link analysis.

If they publish reports or a database to their 700 clients listing London
2600 as a "hacker group" then then they are in danger of having a libel
action brought against them.

The article claims that the jackpot would be to get hold of a software
tool still under development so that it could be analysed back in their
labs. This is illegal reverse engineering under the USA DMCA !

TruSecure is most famous for its association with Russ Cooper, the founder
of the NTBugtraq security list, available on the web at:
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/


YYYYY
 

=============

Egypt2600.net