 |
Net Gains (Oct 30, 98) |
Last week's column about the VSNL hack and the email hoax spurred
a lot of email enquiries and complaints. Since there were so many
questions about hacking, this week let's take a closer look at
hacking and see what the VSNL hack means to us.
The term "hacker" as we know and understand it today
is used for someone who breaks into a computer system uninvited.
To put it simply, a hacker is an electronic intruder. Just like
an intruder would break into a house, a hacker breaks into a computer
or a network of computers. If the door of the house is locked
properly (your computer has security systems to prevent unauthorised
access), the intruder will have to try various keys till he can
break in (or the hacker will have to try different ways / passwords
to hack into the system). A computer system with insufficient
security could be compared to a house that is not locked, or has
a easy-to-break lock - this way you're virtually inviting the
hacker / intruder inside with a big "Welcome" written
across the doormat.
The Asian edition of Fortune magazine did a cover story on hacking
way back in Feb 1997. This one though had a twist. They hired
WheelGroup Corp., - a security firm that conducts "external
assessments" of security systems for clients - to break into
the computer systems of a well-known Fortune 500 company in the
US. This Operation Nutcracker as they called it was conducted
with the company's consent to be a guinea pig for the experiment,
with a big consulting firm monitoring the entire operation. Within
two days, they got root access to the company's computers - that
meant access to powers allotted to only a couple of system administrators
of those machines. Which meant that they could do virtually anything
- delete files, make copies of sensitive data - why they even
sent email to one manager from another manager's account telling
him to give a US$5,000 bonus to an employee. And the recipient
fell for it too!
Coming back to our shores, the VSNL hack earlier this month was
incidentally not the first of it's kind - there have been numerous
occasions when VSNL's servers have been hacked in the past. While
the hackers have maintained that it was easy to break in since
VSNL has poor security for its servers, VSNL has consistently
maintained that they maintain high security standards. Now obviously,
one of the two is not true - you be the judge.
In the early years of hacking, it was a hobby that nerds indulged
in like any other hobby - for the pure thrill of it! Or maybe
to have fun at someone else's expense, say by putting up a "Happy
Birthday Sweetheart" message up for everyone to see. Or on
a more serious note, to expose loopholes in computer security
- like the D.O.D.D. and Eddie incident in Jan this year, where
two college students hacked into the VSNL student's account server
and displayed an anti-VSNL message instead of the default welcome
message. But others who have hacked into the VSNL servers have
not been as nice. Passwords have been stolen, valuable Internet
time has been unofficially used, and passwords even changed making
the real user run around from pillar to post to gain access to
his account once again.
But the latest attack by the "Divine Hackers" had damaging
side-effects. They put up homepages with VSNL subscriber lists
and announced this to over 25,000 users to "prove their capabilities".
As a result, these databases are now in the hands of unscrupulous
people who are misusing it to send unsolicited junk mail.
Morty Rosenfeld, a young computer hacker in the US was sent to
prison when he was caught. But after he completed his prison term,
his local ISP (his equivalent of VSNL), has given him free Internet
access in exchange for security advice and the latest gossip about
hackers that they use to stay one step ahead of the hackers. Now
that's constructive. Is anybody here listening ?