| |
 |
Hacking the hackers
|
Wu Yan
ACCORDING to the China News Weekly, a new breed of law enforcers in the country has started to peep on the Web. The magazine explores the responsibilities of the force, such as tackling email crime, fighting pornography, cyber terrorist activities and economic fraud.
The local version of the establishment is the Computer Security Monitoring Department of the Shenzhen Municipal Public Security Bureau.
In speaking of Shenzhen's computer security situation, Li Zhengxiang, director of the department, emphatically said many local websites lack awareness of security and take no measures to protect their networks. "Their safeguarding ability is low," he said. "We want to appeal to them to heighten their security awareness and further strengthen management of their computer systems. They really need to establish a dynamic management system including administrative and technical elements."
Qiao Zhi, Li's superior and also deputy chief of the Science and Technology Telecommunication Department of the Shenzhen Municipal Public Security Bureau, said: "The issue of Internet security is an important issue these days. Technology is important. But security management is no less important. Computer data is more and more closely related to many aspects of people's daily lives."
Global headache
In the United States, a 15 year-old boy has been charged with breaking into at least three National Aeronautics Space Administration (NASA) computer systems and posting images related to a well-known hacking group in January. Authorities said the boy also broke into a US Department of Energy system at Sandia National Laboratories in Albuquerque, New Mexico that same month.
One case that drew much attention involved the theft of some 300,000 card numbers from CDUniverse.com in December 1999. In that episode, a teenage Russian hacker released thousands of the numbers online when the music e-tailer refused to meet his US$100,000 extortion demand. \
High-profile attacks in 2000 included the coordinated denial of service of attacks against Yahoo, eBay, Buy.com and several other websites in February, as well as the virus that invaded Microsoft Corp's internal network in November.
It's also local
Although Shenzhen is less developed than some places when it comes to commercial use of the Internet, many of local websites which mainly serve to release information covering different aspects of social life have been hacked.
In one case, a 12-year-old student penetrated an education website and altered its homepage. The boy changed the homepage into an article containing his grievances about the current educational system.
Some hackers attack computer network for the purpose of mischief. About three years ago, a local employment website was penetrated by someone who replaced its homepage. In addition, he (or she) turned all "males" into "females" and changed all current jobs of the applicants into "professional hacker".
Late last year, at a conference examining the supervision and security of computer networks, a SZ vice-mayor disclosed that a home page of one of the city governmental websites had been changed to a pornographic picture.
No system is hacker-proof
"There is no computer in this world that can't be gotten into," Kevin Mitrick, the most notorious hacker the world has ever seen, once said.
Computer technology can never be perfect. At each stage of its development, there will be breaches to be exploited. At the same time, hackers continuously improve their skills.
Therefore, attacking and counter-attacking, destruction and protection of computer networks is an unceasing process.
While the Internet police and other law enforcement institutions are trying their best to catch and punish those hacking criminals, computer users must increase their own awareness.
"Oh, we really haven't thought much of that," said a department manager of a local grand hotel when asked about safety arrangement of the computers in his department.
A host of good hackers
Shenzhen Anluo Science & Technology Inc is one of China's top computer security solution providers. But rather than be full of cops and guards, it is composed of a group of so-called top hackers in China headed by a guy called Frankie. He divided hackers into three types: the white hats, or good guys, the black hats, or bad guys, and the gray hats, who are both good and evil. He says he and his colleagues are white-hat hackers.
When the US bombed the Chinese Embassy in Yugoslavia in 1999, some of them broke into some US Governmental websites as angry demonstrators. When Taiwan's Lee Teng-hui was propagating his On Two Countries later that year, they attacked 19 official websites in Taiwan. They achieved great success and were hailed as heroes by many of their compatriots.
Anluo reports that in the year of 2000, the whole world saw a total loss of US$15 billion to computer break-ins and other deficiencies in computer security. And a survey conducted last year found that over 90 per cent of the country's computers have security loopholes.
Having quit their careers as individual spontaneous hackers, Frankie and his friends have taken to providing anti-hacking products and services.
Echoing Li Zhengxiang's notion, Frankie said: "The shame is that the question of Internet security has not been given sufficient attention. You know, last year, of the total fees used to build websites in the country, less than five per cent went to the area of security." He added that e-commerce will never really develop until people can feel secure enough to shop online.
New concept and products
Under the guidance and supervision of both national and local public security agencies, Anluo is developing both a new concept and products to safeguard computer networks.
"The new concept lies in an emphasis on a dynamic integrated anti-hacking system rather than individual products, though we do provide such products," said Frankie, adding that no individual product can save computers from being attacked once and for all. "So ours is a dynamic checking and securing system," he added.
So far, Anluo has invented two unique products: Scan Server - a network security online auditing system, and NetSentry Intrusion Detection System.
By taking a full survey of a network system from a hacker's point of view, Scan Server can discover weak spots in the system. Its attack-to-defend working approach assures that it can detect all technical and non-technical vulnerabilities. It is also able to lay open many technology loopholes that foreign security products cannot detect. Some loopholes that Chinese hackers discovered are not published on the Internet but have been included into this system. So, the product adapts to China's actual situation in regard to networked computers, according to the company brochure.
NetSentry is another security tool Anluo has developed. When an intrusion or something suspicious happens, NetSentry can inform an administrator in time by means of voice alarm, email notification, ICQ alert or running the appointed program. So the administrator will be able to know what has happened and then deal with the incident effectively.
"What we are doing is developing the latest anti-attack tools. Our technology will always be better than that of the black-hat hackers. We will always stay ahead of them," Frankie concluded confidently.
|
|
|
|
