Halting the Hacker: A Practical Guide to Computer Security (2nd Edition)

I l @ ve RuBoard

Hackers will spend a lot of time "surfing the boards": gathering information from hacker bulletin boards , looking for new tools to use to exploit a system, and absorbing "insider information" on the latest security bugs and patches. There are a large number of sites that have "hacker information," but they are not well-advertised. It will take the hacker some effort to find them, but when he does, he will find that hacker tools are available everywhere. In addition, many hackers informally associate and communicate findings, making it easier for "insiders" to learn from each other.

Computer security professionals need to learn the tricks and techniques used by the hacker. Hackers use information from security professionals to improve their craft; security professionals should learn from the exploits of hackers to improve security. Most companies would frown on security personnel interacting with hackers or surfing the hacker bulletin boards (BBSs). However, hackers have become public enough to gain some information without having to dive into the "forbidden" areas of the Net. There are regularly printed magazines like 2600 , a quarterly publication about hacking, as well as electronic journals like Phrack . There are even CD-ROM collections of software and information for hackers and, of course, there are news groups that specialize in the hacker culture. In France3, there is even a hacking academy.

Patrick W. Gregory was sentenced to 26 months in prison and $154,000 in restitution for telecommunications fraud and computer hacking.

Gregory was a member of two computer hacker organizations, "total-kaOs" and "globalHell." By using stolen unauthorized access devices, such as telephone numbers, PIN combinations and credit card numbers , Greg illegally accessed numerous teleconferences provided by such victims as AT&T, MCI, Sprint and others.

Gregory and other co-conspirators used the unauthorized access devices they stole to set up teleconferences so that they could communicate with each other and discuss matters relating to telecommunications theft and computer hacking. Gregory trafficked in authorized access devices by accessing illegal teleconferences using unauthorized PIN numbers he received from friends who belonged to other online hacking organizations, and almost daily organized hacking teleconferences lasting more than six hours.

He and his cohorts also trafficked in credit card information and computer password combinations that allowed them unauthorized access to multiple protected computer systems around the world, in which they would deface websites and intentionally crash systems and delete data. [45]

[45] "Major Investigations: Patrick Gregory, aka 'MostHateD'," National Infrastructure Protection Center .

I l @ ve RuBoard
Related

Категории