________________________________________________________________________________ Inside the Hacker's Web The computer genius whose virus crippled global websites has defended his creation. Arnold Kemp and Burhan Wazir Sunday February 13, 2000 The Observer The man who calls himself Mixter is a German who has been in trouble with the law, but claims to be on the side of the angels. He is the inventor of the cyberweaponry which last week brought chaos to at least seven of the world's most important websites. In an electronic interview with the New York Times, Mixter, who identified himself only as a 20-year-old German from the Hanover area, said last week's attacks had been 'stupid and pointless'. He defended his publishing of the cyber disruption program 'Tribal Flood Network' on the Internet four months ago as a necessary step in the evolution of defensives measures which the Web must develop against the army of black-hat (malign) hackers motivated by mischief, spite, greed or, more honourably, by a desire to keep the Internet free from commercial and political control. While Mixter said he was 'not trying to play down the negative aspects and dangers of this decision', he called last week's attacks 'an inevitable price to pay to be able to develop counter-measures and fixes'. He said that security sites on the Internet were posting details which meant that 'everyone has an equal chance of informing himself about them and coming up with counter-measures'. This was 'only fair' because everyone on the Net could be affected by security issues. But security experts, and even other hackers, criticised his explanation as disingenuous. One said it was like 'leaving a loaded gun in a room full of kids'. Significantly, two of the computers believed to have been used to launch the 'denial of service' attacks - so called because they swamp target sites with millions of messages, causing them to crash - were located at universities in California, spiritual home of the Web as a liberating and democratic force. A desktop computer at the University of California at Santa Barbara was used for the attack on CNN on Tuesday, while eBay was hit the same day by data transmitted in part from an Internet router at Stanford University. Investigators were also 'zeroing in' on locations in Oregon. Another source was said to be a computer in Germany, since disconnected. The US Justice Department wants much tougher penalties for malign or mis chievous hacker attacks. FBI investigators - spurred on by the direct interest of President Clinton, who has called a 'summit' in Washington this week - are searching for the origins of the attacks. The 'cybervandals' planted 'daemons' (disk and execution monitors) on hundreds of unwitting 'zombie' computers. They were programmed to launch 'co-ordinated packet flooding denial of service attacks'. The US National Infrastructure Protection Centre posted a warning about 'Tribal Flood Network' earlier this month. It said it was 'highly concerned' because it had been reported on so many systems and appeared to be 'undergoing active development, testing and deployment'. Mixter is one of thousands of computer virtuosi who inhabit an ambiguous world in which good may masquerade as evil and vice versa. The computer industry has an established tradition of hiring 'tiger teams' of professional hackers who attack systems to test their security. But that tradition has grown to embrace unauthorised attacks in which programmers find a way to invade or cripple a system, publish the details of the vulnerability and often accompany them with software that exploits the weakness. The terms 'white hats', 'black hats' and 'grey hats' are used to classify hackers, but the lines are often vague. White-hat hackers grew out of the tiger teams. Since the Seventies, a number of US government laboratories have deployed special groups of employees who try to bring down systems in 'digital war games'. Charles Palmer, manager of network security and cryptography at IBM Research, leads a squad of white hats who are paid by companies to attack their computer systems. 'A white hat does it when asked, under contract, with a "Get out of jail free" card,' Palmer said. 'We'll do the job, evaluate it, and tell the customer what we're doing.' The grey-hat hackers straddle both worlds, sometimes acting like malicious hackers but in pursuit of some greater good, real or imagined. Mixter says he is a grey-hat hacker who recently turned white hat. He said the conversion came when he crossed a few 'legal borders' in 1998 and 1999 and fell foul of German law officials. Now, Mixter said, 'I am a white hat, the definition meaning that I am trying to contribute to improving security by doing what I do, and completely acting within the law and hacking ethics.' Mark Rasch, a former federal prosecutor who is now a vice-president at Global Integrity, a computer security consulting firm in Reston, Virginia, said: 'There's always been a hacker ethos, and even the bad guys have thought there are some things you can do and some things that are off limits, 'I think we've reached a point where this kind of activity is almost universally decried as being off limits.' Still, he added, even if Mixter had posted with the intent that attackers would use them, 'it's wrong, but probably not a crime'. A member of the hacker group Cult of the Dead Cow, who goes by the handle Death Veggie, condemned the attacks as 'digital vandalism'. 'It doesn't take any skill, and it's purely destructive,' Death Veggie said. 'Once a hacker starts becoming really destructive, they stop being a hacker and become a criminal.' Yet the Cult of the Dead Cow itself produced a program that enables a hacker to control another computer from a remote location. Palmer consorts with such groups but refuses to recruit from their ranks, even if they claim to have gone straight. 'I don't hire reformed hackers because, let's just say, I've never really found one,' he said. 'It's like hiring an arsonist to be your fire marshal. Can you ever really sleep at night?' At the same time, Palmer occasionally attends Defcon, an annual three-day hacker gathering in Las Vegas. He said: 'A lot of these guys get enough money to keep them in pizza. So many of them are so talented and a lot of these kids are absolutely gifted.' Rasch, who was the lead prosecutor in a high-profile computer crime case from 1988-90, said he did not entirely agree with his former employer, the Justice Department, which is calling for stiffer penalties. 'There isn't a single case that we can point to and say, "If only the penalties were greater, the person would not have done this",' he said. The denial of service attacks did not compromise data or sensitive commercial information like credit card details. But perceptions of Internet security took another hit on Friday when a small California Internet company said an unrelated hacker attack on its system last week had apparently gained access to consumer credit card numbers. RealNames, a business in San Carlos, California, said the extent of the damage was hard to assess because the attack had come through mainland China, and the connection appeared to have shut down while the hackers were downloading data. 'Our best guess is that this was done by a traditional hacker, whose goal is not to steal but to prove that he has the ability to steal,' said RealNames chief executive Keith Teare, whose company sells an Internet address system. Clinton's summit is expcted to increase co-operation in a young industry that is growing fast but has not made security a priority. The industry, in turn, wants to give advice to federal regulators who are seen as too unsophisticated. Additional reporting by Katie Hafner of the New York Times What drives the digital destroyers White-hat hackers Since the Seventies, government laboratories and some corporations have deployed special groups of employees who test computer security by trying to compromise a system or bring it down in 'digital war games'. Black-hat hackers Adhere to the philosophy that information should be free - including information about security weaknesses. For these people, 'breaking into a system or exposing its weaknesses is a good thing because truth and knowledge must win out,' says Dan Farmer, a network security specialist. Grey-hat hackers These straddle both worlds, sometimes acting like malicious hackers, but in pursuit of some greater good, whether real or imagined. Three days of web mayhem Hackers paralysed seven service providers last week with a blizzard of signals. Monday: Yahoo Tuesday: CNN, eBay, Buy.com, Amazon Wednesday: E*Trade, ZDNet © Copyright Guardian Media Group plc. 2000 ________________________________________________________________________________ no copyright 2000 rolux.org - no commercial use without permission. is a moderated mailing list for the advancement of minor criticism. more information: mail to: majordomo@rolux.org, subject line: , message body: info. further questions: mail to: rolux-owner@rolux.org. archive: http://www.rolux.org