Return-Path: <sentto-279987-3166-1003552777-fc=all.net@returns.onelist.com> Delivered-To: fc@all.net Received: from 204.181.12.215 [204.181.12.215] by localhost with POP3 (fetchmail-5.7.4) for fc@localhost (single-drop); Fri, 19 Oct 2001 21:42:08 -0700 (PDT) Received: (qmail 721 invoked by uid 510); 20 Oct 2001 04:39:13 -0000 Received: from n15.groups.yahoo.com (216.115.96.65) by 204.181.12.215 with SMTP; 20 Oct 2001 04:39:13 -0000 X-eGroups-Return: sentto-279987-3166-1003552777-fc=all.net@returns.onelist.com Received: from [10.1.1.224] by n15.groups.yahoo.com with NNFMP; 20 Oct 2001 04:39:35 -0000 X-Sender: fc@red.all.net X-Apparently-To: iwar@onelist.com Received: (EGP: mail-8_0_0_1); 20 Oct 2001 04:39:37 -0000 Received: (qmail 57325 invoked from network); 20 Oct 2001 04:39:37 -0000 Received: from unknown (10.1.10.26) by 10.1.1.224 with QMQP; 20 Oct 2001 04:39:37 -0000 Received: from unknown (HELO red.all.net) (65.0.156.78) by mta1 with SMTP; 20 Oct 2001 04:39:36 -0000 Received: (from fc@localhost) by red.all.net (8.11.2/8.11.2) id f9K4dfB06186 for iwar@onelist.com; Fri, 19 Oct 2001 21:39:41 -0700 Message-Id: <200110200439.f9K4dfB06186@red.all.net> To: iwar@onelist.com (Information Warfare Mailing List) Organization: I'm not allowed to say X-Mailer: don't even ask X-Mailer: ELM [version 2.5 PL3] From: Fred Cohen <fc@all.net> X-Yahoo-Profile: fcallnet Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com Delivered-To: mailing list iwar@yahoogroups.com Precedence: bulk List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com> Date: Fri, 19 Oct 2001 21:39:41 -0700 (PDT) Reply-To: iwar@yahoogroups.com Subject: [iwar] [fc:Undercover.federal.investigators.hacked.government.Web.sites.to.gain.the.trust.of.underground.black.hats.] Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Deep Digital Cover: Undercover federal investigators hacked government Web sites to gain the trust of underground black hats. By Anne Saita, Information Security, 10/19/2001 No URL available. The hardcore porn and explicit language took some getting used to; not to mention the "weird" music and "way-out" ideas. Other than that, William "Bill" Swallow had little trouble impersonating a black hatter during the year he went undercover for the FBI to gather intelligence on the hacker underground. "I had worked undercover operations in the past, and they're all similar. The only difference here is we're dealing with a younger crowd," says the 40-year-old former special agent for the Department of Defense (DoD). "It's just a matter of having the right kind of social engineering skills and talking your way in." "Getting in" for Swallow and his fellow agents proved easier than expected. Despite the paranoia that pervades the digital underground, there's also camaraderie among crackers, who plan attacks by phone, spend much of their time in chat rooms and freely exchange stolen databases. And they love to go after the low-hanging fruit -- especially pornography Web sites. "A lot were of the opinion they could freely hack porn sites because who's going to complain, and who's going to feel sorry for a porn site losing business?" Swallow says. "They'd steal account numbers and credit card files because most of those sites lack any real security." Swallow left the Pentagon a year ago when the sting operation ended. He and former FBI agent Charles Neal formed the Cyber Attack Tiger Team (CATT) at Exodus Communications (www.exodus.com). Jill Knesek, another former FBI agent who worked on the sting, joined them about a month later. Swallow is director of incident response for CATT, which includes a network of 24 U.S., Australian and European "incident responders" charged with tracking down crackers who attack Exodus customers. Swallow says his task is easier than when he tried to track down computer criminals for the government. Then, crimes went unsolved because companies refused to disclose they had been hacked. Conversely, Exodus clients speak up more often because the investigation, and decision to prosecute, is handled internally. And, as a private citizen, he enjoys liberties in collecting evidence that would have bogged him down in red tape as a government investigator. Swallow became a federal agent 14 years ago and wrote out his reports on paper. His knack for computer skills led to an assignment tackling the DoD's computer intrusion cases. That career culminated with the year Swallow led the hacker underground investigation, which grew out of a 1999 operation to find the pro-Serbian hackers behind denial-of-service (DoS) attacks on U.S. and NATO Web sites. When that operation ended, Swallow convinced the FBI to turn the team's focus on domestic computer criminals. Open cases prevent Swallow from discussing some details of the undercover work, including the code names and nyms used by agents. (He also requested we not run his photo with this story.) What he can talk about is how agents used informants to gain access to the underground. He also relates how his "crew" defaced actual government Web sites to gain crackers' trust. Defacements would be mirrored at Attrition.org, providing the reputation boost needed to win over some skeptics. "One way to establish you're bona fide is to convince them you're a black hat yourself," Swallow says, adding that agents only defaced government Web sites -- not commercial or private sites -- and only then after receiving permission from the sites' owners. "It gives you quick notoriety, even if it doesn't show you are technically sophisticated." Once, Swallow was moderating an Internet Relay Chat (IRC) room when a 15-year-old Canadian called MafiaBoy began bragging about just launching a DDoS attack against several popular commercial Web sites, including Amazon.com, eBay and Yahoo! Nobody believed he did it. That youth, now 17, is serving an eight-month sentence in a juvenile detention facility. Swallow believes teen hackers like MafiaBoy don't always realize the damage they cause when a Web site is shut down or system is compromised. "You're taking typical teenaged mentality and bringing it into the virtual world. Only this time, they're armed with power they probably don't understand," he explains. "I think part of not understanding the crimes they're committing is because it's so anonymous and remote." But the former agent does believe crackers grasp the power trip their exploits provide. "A lot of them try to justify what they do. . . . They want to make the Internet open, or a lot of them claim to have political reasons," Swallow says. "A lot of them, I think, just get addicted. Having been there myself for a year, I can tell you it's a very addictive kind of behavior. There's a real power of being able to break into a computer system anywhere in the world." ------------------------ Yahoo! Groups Sponsor ---------------------~--> Get your FREE VeriSign guide to security solutions for your web site: encrypting transactions, securing intranets, and more! http://us.click.yahoo.com/UnN2wB/m5_CAA/yigFAA/kgFolB/TM ---------------------------------------------------------------------~-> ------------------ http://all.net/ Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
This archive was generated by hypermail 2.1.2 : 2001-12-31 20:59:56 PST