bbc.co.uk
Home
TV
Radio
Talk
Where I Live
A-Z Index
Front Page | UK | In depth
Life of crime banner
A seven-part series of exclusive features focusing on different aspects of crime.
arrowIntroduction
arrow Yob culture
arrowElectronic tagging
arrowMiscarriages of justice
arrowOrganised crime
arrowCybercrime
arrowDrug courts
arrowPolice and firearms
Perspectives
arrowWho are the cyber-criminals?
arrowCops on the cyber-beat
arrowEthical hackers and black hats
Talking Point
arrow Are you concerned about cybercrime?
Forum
arrowAnn Widdecombe and Simon Hughes answer your questions
arrowLord Bassam answers your questions
survey
Are you put off using the internet for shopping and banking by the risk of computer crime?
Survey results 1
Should there be more controls over access to the internet to prevent fraud, pornography and paedophilia?
Survey results 2
Links
arrow NCIS
arrow National Infrastructure Protection Center
arrow Computer Security Institute
arrow Cybercrime.gov (US)
arrow eSecurityOnline
arrow iDEFENSE
arrow Electrohippies collective

The BBC is not responsible for the content of external internet sites


Jan Babiak
Jan Babiak: Too many organisations don’t take hacking seriously

E-activist Paul Mobbs
E-activist Paul Mobbs encourages legal protest via the internet
Ethical hackers banner

Many companies are now so worried about the threat from cybercrime that they now employ consultants to test the security of their computer networks. Typically, the request comes from the very top. The board of directors authorises an attempt to hack into the company's system. The employees, including the IT staff, are not told about the impending attack.

After a few days, the consultants present their report. The blood drains from the faces of the directors when they realise how much information these "ethical hackers" have been able to access. In some cases, money has been moved between accounts, as a demonstration of what a criminal hacker or "black hat" might be able to get away with.

Jan Babiak, a security expert at business advisers Ernst & Young, says her teams have more than 400 software tools at their disposal. They include automated telephone diallers that search for computer tones, password crackers, and encryption devices to help unscramble coded information.

Cracking in action

She shows me the cracker in action on the password file of a typical computer network. The asterisks on the screen rapidly change into the passwords of the company's employees. The software can usually provide 60-70% of the organisation's passwords in around half an hour.

Jan Babiak says hacking has a longer history than people imagine, dating back to the 1960s when rogue programmers tried to skim off money for their account.

"It's evolved now to be quite a sophisticated area ranging from denial of service, the vandalism of sites, to actual financial gain, to messing with the reputation of an organisation, or through some kind of vendetta or revenge motive, and in addition of course you've still got the employee factor.

"There are still far too many organisations that don't take it seriously. When my team goes in and hacks, we get in virtually every time. And if you go onto some of the websites that the black hat hackers work, or just some of the information sites, you will see that hundreds of organisations get hit every month. So organisations that are naively saying that they don't get hacked are probably just not aware that it is going on."

Biometrics: Your body, your identity

Jan Babiak says there is no question that in some cases companies have lost millions through cybercrime, not just through hacking in from the outside, but from employees working within an organisation and recognising the opportunities for siphoning off cash.

The ability for hackers to crack passwords means that in future major companies are likely to make use of "biometrics" to make it more difficult to access their computers by impersonating employees.

Techniques now being refined include a "retina read" of the computer user's eyes, voice recognition, and fingerprint identification, all of which make it more difficult for employees to share their passwords - wittingly or unwittingly.

But it is still necessary to anticipate the lengths that a determined cyber-criminal may go to.

The latest fingerprint ID devices can check for a pulse - to ensure that the digit has not been removed from its owner - and voice-recognition software can now detect attempts to edit together a verbal password.

Giving power to the people?

The threat to corporations and governments online does not just come from hackers, or "crackers" as they are more properly known in the computer industry. The internet has given rise to a new form of political protest known as "hacktivism" or "e-activism".

Audio“It’s people power in action, electronic people power” Paul Mobbs, Electrohippies   Real 56K
Quicktime

Campaigners on a whole range of issues have targeted the computer networks of their opponents to make their views heard. Sometimes such action takes the form of defacing a website. On other occasions, a company may receive thousands of e-mails from protestors all over the world, clogging up its system.

Some campaigners are prepared to use tactics that are illegal. But others, like the group Electrohippies, say people can make a point online and stay within the law. Paul Mobbs from the group says people can use the internet as a democratic tool.

"People can go home, sit at their computer and take part in global action to lobby for change quite easily," he says.

"It’s not, as is often portrayed, just one crazed person on the internet. For a proper democratic action that is perfectly legal, that doesn’t involve any cracking, it can take thousands, if not tens of thousands of people to make it work. If it is a well-supported campaign every person need only send one email to cause a company problems. The old excuse that it is just a rabble doesn’t then apply. You can say ‘Hang on, this is just 10,000 ordinary people expressing their views’."

Mr Mobbs points out that actions are illegal if they seek to crack a computer system and change its program purpose. He cites recent denial of service attacks on eBay and Yahoo as examples of illegal activities which his group would condemn.

"The whole idea of the internet as a broad base of public debate is really spoilt and misused by that sort of action," he says.

^^ Back to Top
 © MMV | News Sources | Privacy