Our website uses cookies to store information on your computer. You may delete and block all cookies from this site, but parts of the site will not work as a result. Find out more about how we use cookies.
(Accept cookies and do not show this message again)
Shout99 - News matters for freelancers
Search Shout99 - News matters for freelancers
(Advanced Search)
   Join Shout99  About Shout99   Sitemap   Contact Shout99 18th Jun 2024
Forgot your password?
Shout99 - Freelancers, FO35, Section 660
New Users Click Here
Shout99 - Freelancers, FO35, Section 660
Shout99 - Freelancers, FO35, Section 660
Front Page
Freelancers' Shop...
Ask an Expert...
Direct Contracts
Press Links
Question Time
The Clubhouse
Conference Hall...
  EBT Discussion
News from Partners


Business Links

Shout99 - Freelancers, FO35, Section 660
Shout99 - Freelancers, FO35, Section 660

News for the
Construction Industry

Hardhatter.com - News for small businesses in the construction industry

Powered by
Powered by Novacaster
The Good, the Bad and the Ugly of business hacking
by David Michaux at 15:57 16/07/01 (Conference Papers)
Hacking has taken a distinctly commercial turn as entrepreneurial outfits of contractors across Europe are hiring themselves out to business and Government sites to highlight their security flaws. One such contractor, David Michaux, owner of the Brussels-based ScanIT security company, explains the growing trend of 'ethical hacking'...

Hackers and crackers are often referred to across the world as THE big menace for e-business and the e-society. They are often painted with the same broad brush as several other groups, like virus writers, as waging a cyber war on the internet. Is this threat real or do we need more differentiation when talking about hacking?

From our point of view hackers are the people who break into computer systems and crackers are something that you eat! In the good old days a cracker was someone who broke software copy protection code, and a hacker was someone who found holes in systems that would allow him/ her to explore other peoples systems. Since then things have changed as the use of computer systems has grown and the material kept on machines has become more valuable. The people attacking the systems have also changed.

It is for this reason that we break down the types of 'hackers' into the following categories:

The Good

Individuals and organisations that conduct security research and publish their findings. The people who find vulnerabilities and help them get fixed, the people who develop security tools and techniques. Companies such as ourselves who test security implementations to make sure that they are true and complete. This is done by examining the systems and looking for any software that is known to have security weaknesses, then informing the customer so that they can close the hole.

The Bad

People who break into computer systems for criminal financial gain, espionage or politically motivated reasons. Despite what people think this does exist, and there are examples that can be found such as the famous City bank hack and the recent UK cash-point hack that was successfully nipped in the bud before any substantial harm was caused.

The Ugly (the script kiddies)

Kids who have nothing better to do with their time than to take advantage of security weaknesses in order to boost their reputation. This is usually done using tools that are available on the internet. A good example of these types of people are the website defacers. Once they have compromised the security of a site they work like graffiti artists, painting the website with their logo and publishing their achievements on websites like www.attrition.org.

The Council of Europe is drafting the first international convention against cyber crime at the moment. One of the goals is to make hacking a crime and to allow the use of 'hacker tools' only for legitimate purposes. Will this provision foster security on the Internet?

The simple answer is 'No'.

Guns don't kill people, people kill people. The internet is out of control and people who want to hack into a system will always find a way. Currently, the most up-to-date mailing list for security problems is 'Bugtrack' which is mailed freely to subscribers on a daily basis (usually over 200 mails a day). If the type of legislation proposed by the Council of Europe were to be passed then it would make services like 'Bugtrack' illegal- this in turn would spell disaster for the whole security industry.

Outlawing hacking tools will make it difficult for IT professionals to secure their systems. If you cannot try out the hack you cannot know if you are protected from it. It will also make education in security nearly impossible.

Using hacking tools or anything at all to break into other peoples computers is already illegal. Making the tools themselves illegal will actually prevent people from using them legitimately.

David will be happy to answer any questions you may have about his paper and will provide further information about the services ScanIT can offer.

David Michaux

Printer Version
Mail this to a friend
Copyright 1999-2018, Shout99.com | All Rights Reserved
Privacy Notice and Terms of Use