[Moderator: Stomach is churning after this article. This Mr Chappell
can't even make good stereotypes. I am posting this to the list
for amusement mostly.]
Forwarded From: "Betty G.O'Hearn" <betty@infowar.com>
http://www.press.co.nz/48/981201c7.htm
December 01, 1998
Chch fraud squad out to nail hackers
by David Armstrong
Catching computer hackers is time-consuming and costly, especially if
offenders cannot be prosecuted, but new case-law research could give
Christchurch police legal tools to clamp down on electronic vandals and
fraudsters.
New Zealand has no laws to control electronic trespass and vandalism, says
Detective Michael Chappell, of the Christchurch fraud squad, who
specialises in information technology crimes.
[---]
Hackers are socially inept people hell-bent on taking out their
frustrations on others. -- Detective Michael Chappell, Christchurch fraud
squad
[---]
However, while researching the setting up of a Computer Crime Unit, he has
found English case law of people infecting other people's computers with
viruses, who were charged with intentional damage. Mr Chappell will use
this precedent for a case he is preparing.
After 2½ years investigating hackers and the fraudulent use of computers,
he categorises hackers in two groups: socially inept people "hell-bent on
taking out their frustrations on others", and those using others' Internet
accounts or credit cards to binge-surf the Net for free.
PC owners can minimise the chances of becoming victims of damage or fraud,
he says.
Hacking is not rampant, but the high number of people using the Net raises
its awareness.
The two incidents reported in recent weeks -- the deletion of 4500
websites on Ihug's server, and the infiltration of Xtra accounts -- caused
a stir.
Hackers who use someone else's password and ID for Net access can be
charged with fraud, says Mr Chappell. Catching them involves analysing
phone-use logs and asking Internet service providers (ISPs) to trace
connections.
Mr Chappell has dealt with six complaints of this nature in Christchurch
in the last two weeks. A typical unauthorised access bill is about $300.
Hackers can get into accounts by several means, he says. They can run
automatic phone-calling software looking for active modems at the other
end, or they may run a credit-card number generator and use the result to
sign up with an ISP, and run an account for a month or so until they are
caught.
In the most recent scare, a "sniffer" program, crudely named "Back
Orifice", enters a PC as a virus through an e-mail attachment, and reports
back details such as passwords. (An antidote can be downloaded from
www.symantec.com/avcenter/backorifice.html.)
Mr Chappell suspects that some instances of hacking originate from
dishonest staff in ISPs. He believes it is no coincidence that most
incidents occur on inactive accounts, so account owners do not notice the
unusual use for several months.
When ID and password lists surface, they circulate around groups, so
several hackers can use the same account simultaneously.
Mr Chappell sees hacking as a modern form of anarchy. A specialist crime
unit will be needed, he says, if the police are to keep up with and stop
these wired criminals. "Until we get some adequate statutes, we're
hog-tied."
Making your PC safer
People with PCs connected to the Internet can take precautions to minimise
their exposure to hacking, says Mr Chappell.
[@] Cancel your ISP account if you no longer use it.
[@] Run Web virus detection software.
[@] If you receive an e-mail from someone you don't know which has an
attached document or executable file, do not run the program until you
identify and verify the sender. Preferably delete the e-mail.
[@] When you are not connected to the Net, turn off your external modem,
or disconnect your phone connection if you have an internal modem.
[@] Change your password at least every few weeks, and never disclose it
to others.
[@] Check your phone bill carefully, looking for unusual Internet
activity.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Tue Dec 8 08:57:19 1998