Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security

BusinessWeek on Hacker Hunters 155

Posted by timothy from the what-about-hacker-gatherers? dept.
prostoalex writes "You keep hearing about FBI, Secret Service or other law enforcement authorities involved in pursuing international cybercrime gangs, but who are those people and how does the cyberlaw enforcement work? Business Week talks about hacker hunters and people they're after. A large portion of the article is dedicated to describing the global scope of such activities with Russia, Eastern Europe and China leading the ranks for criminal hideouts."
This discussion has been archived. No new comments can be posted.

BusinessWeek on Hacker Hunters More

BusinessWeek on Hacker Hunters

Comments Filter:

  • The "H" word (Score:5, Interesting)

    by rbanffy ( 584143 ) on Sunday May 22, 2005 @01:34PM (#12605667) Homepage Journal
    Could we please try to restore the word "hacker" a more positive meaning on mainstream media?

    • Re:The "H" word (Score:5, Insightful)

      by rastakid ( 648791 ) on Sunday May 22, 2005 @01:40PM (#12605698) Homepage Journal
      Could we please try to restore the word "hacker" a more positive meaning on mainstream media?

      *sigh* Could we just once please stop this endless discussion?

      What does it matter what a hacker and a cracker is? As if a programmer gets more attention once the media start to call him a hacker and call the phishers crackers. Also: definitions can change, you know that?
      • > What does it matter what a hacker and a cracker is? As if a programmer gets more attention once the media start to call him a hacker and call the phishers crackers. Also: definitions can change, you know that?

        Definitions can change, and it is acceptable that they change depending upon certain circumstances. The problem with the misuse of the term "hacker" is that it imposes cultural violence.
        • The problem with the misuse of the term "hacker" is that it imposes cultural violence.

          Yeah, I remember the last time my coworkers found out I was a hacker*, and executed me on the spot after an hour or two of being beaten with blunt instruments! Damn, that was kind of a shitty day.

          * In both senses.
      • Also: definitions can change, you know that?

        That depends on what your definition of "definition" is. And what the meaning of the word "is" is.

      • Re:The "H" word (Score:3, Insightful)

        by Tlosk ( 761023 )
        I think you would be 100% more successful if you as a group decide to call yourselves something else and abandon the term hacker for what it has become.

        You are the people with the motivation because you are the ones who will benefit from a more positive definition.

        So quit pissing into the wind and just come up with a neologism for the positive aspects (old aspects) of the term hacker.

        If you're a masochist then keep on trying to convince people who won't benefit one way or the other to change their behavi
        • I think you would be 100% more successful if you as a group decide to call yourselves something else and abandon the term hacker for what it has become.

          That may be true. But it will never happen, because it is in the very nature of a hacker not to care what ignorant people think.

          • Re:The "H" word (Score:4, Insightful)

            by DogDude ( 805747 ) on Sunday May 22, 2005 @03:49PM (#12606352)
            it is in the very nature of a hacker not to care what ignorant people think.

            It's also in the very nature of a hacker to know *everything* and to be a pompous ass that nobody listens to, anyway.
          • The problem with ignorant people is that there are so many of them [cambridge.org]

            Seriously, go on fighting if you want, but you've already lost.

            • Re:The "H" word (Score:4, Insightful)

              by Edward Faulkner ( 664260 ) <ef@NospaM.alum.mit.edu> on Sunday May 22, 2005 @05:00PM (#12606790)
              You misunderstand me. I'm not fighting one way or the other. I'm stating a fact. Hackers won't change, because hackers don't care.

              I can assure you there are many people who use "hacker" and "to hack" frequently in their everyday language, and if you suggested that they abandon the term simply because John Q. Public uses it differently, they'd laugh at you.

              All language is context sensitive. Know your audience and you'll be understood. It's pointless to critize BusinessWeek, but it's similarly pointless to criticize people who use the term among themselves for the older meaning.
            • At least Merriam-Webster still has the complete set of definitions [webster.com].

              -chris

      • Re:The "H" word (Score:3, Insightful)

        by GMFTatsujin ( 239569 )
        What does it matter what a hacker and a cracker is?

        Does it matter what the difference between an African-American and a nigger is? Or a terrorist and a freedom fighter? Or a republic and a democracy?

        Yes. Yes, it does. In the hope for a better world, language is our greatest asset.

    • Could we please try to restore the word "hacker" a more positive meaning on mainstream media?

      Could we please move on to things that matter a wee bit more?

    • The public's conception of 'hacker' has already been formed due to the media, both news and movies.

      True, it may have been due to mis-information, but i doubt we can change that now.

    • Stop the shit (Score:5, Insightful)

      by imsabbel ( 611519 ) on Sunday May 22, 2005 @02:03PM (#12605820)
      Well, why not whine about that gay now mean homosexual and not jolly or that spam should only used to descripe some kind of food.

      • Well, why not whine about that gay now mean homosexual and not jolly or that spam should only used to descripe some kind of food.

        Spam now or has ever referred to a kind of food?!?
      • I find it sad that my younger relatives now use the term 'gay' to describe anything that they think is wrong (unjust, unfair, absurd).

        Everytime I hear someone say "That's gay!" it makes me cringe. How's that for brainwashing the young?

        • You cringe? Why? Why is this any worse than the redefinition of the word to mean homosexual? I'd say that effort was worse, because it was a deliberate, coordinated "re-branding", cynically co-opting a positive, happy word. I, for one, refuse to refer to homosexuality or homosexuals as "gay". Why should I allow myself to be manipulated? Instead, I don't use "gay" at all. As far as I'm concerned, all that the homosexual advocates have accomplished is the pointless destruction of a word. While I don't
        • I think that's a natural evolution of the word... I know I always say "That's GAY!" when things are wrong... but it's like a yo mumma joke, I'm not actually thinking about your mother, neither do I think that Microsoft Word has sex with other same-sex programs...

          On a similar note, people commonly use "you're a faggot for having that" which means 'I'm jealous of you for having that' around here. Go figure.

    • Re:The "H" word (Score:3, Interesting)

      by daigu ( 111684 )

      It's like an other epithet. It needs to run its course - become hackneyed and then it can be reclaimed by the culture. Nigger, queer are fairly recent examples where the derogatory have been partially reclaimed. If you want an older example, try looking up the history of Quakers - a once derogatory term that the community uses to talk about itself 350 years later.

      Bottom line: You are never going to get people to use the hacker/cracker differentiation. You almost have to be a hacker to even understand it.

    • No!

      Given that the positive-meaning hacker is virtually unknown amongst the non-technical, you're always going to be outnumbered vastly on this.

      Why not use a different word, which won't have the negative connotations, instead of trying to order back the tide?
    • Could we please try to restore the word "hacker" a more positive meaning on mainstream media?

      Yes, we can try. But we can't succeed.

      I'm on your side, though. I remember writing a letter to my hometown newspaper 20 years ago asking them to please understand what a "hacker" really was. But it was hopeless then, and it's hopeless now.

      So face it, this is a battle we cannot win. Save your energy for the ones where we have a chance.

  • Hacker Hunter U (Score:5, Interesting)

    by panxerox ( 575545 ) * on Sunday May 22, 2005 @01:35PM (#12605673)
    Looks like the Ruskis have this available as a course (if you want to go to Siberia) Hacker Hunter U [pravda.ru],

  • What about Brazil? (Score:2, Funny)

    by Anonymous Coward
    Isn't Brazil one of the world's biggest hideouts for hackerS?

  • Hacker hunters are evil. (Score:2, Funny)

    by Anonymous Coward
    We MUST put a stop to hacker hunting. Please join PETH today.

    People for the Ethical Treatment of Hackers(PETH) is the hackers only hope. W0n'7 j00 h31p?

  • misquote from the story (Score:4, Funny)

    by peculiarmethod ( 301094 ) on Sunday May 22, 2005 @01:36PM (#12605678) Journal
    The alleged ringleaders went quietly, but one suspect jumped out a second-story window. Agents nabbed him on the ground.

    Actually, I know the guy, and it wasn't the bust that did it.. he wasn't even aware of the encroaching officers.. he just failed AGAIN at getting a first post on slashy.

  • Pfft. They care so much. (Score:5, Informative)

    by lithium bandit ( 654379 ) on Sunday May 22, 2005 @01:39PM (#12605694) Homepage
    As someone who works in the security field and comes across hacked systems all the time, I'll believe they give a damn when they start returning my calls. Sounds like PR to get someone more funding. Trying to get someone at the FBI to care when you come across bot networks at an ISP, bank, or even a power company is next to impossible.
    • My dad's office (law firm) was hacked about a year ago. Actually, it was more of their phone system that was hacked. It is somehow hooked into their computer system, I don't know the details. Anyways, they got a bill one day and there were tons of calls to the Middle East. They called the FBI and surprisingly an agent showed up. It probably had to do with the fact that the calls were to the middle east. They didn't do anything though other than take some notes. I expected more but I guess not having to pay
    • As someone who works in the security field and comes across hacked systems all the time, I'll believe they give a damn when they start returning my calls. Sounds like PR to get someone more funding. Trying to get someone at the FBI to care when you come across bot networks at an ISP, bank, or even a power company is next to impossible.

      The FBI needs more funding. They only have 5 billion dollars. That is not even 1 dollar for every person in the world. ;)

      What would worry me more than the FBI tracking h

    • Re:Pfft. They care so much. (Score:5, Informative)

      by 5cary ( 632356 ) on Sunday May 22, 2005 @02:03PM (#12605816)
      And as one of the "Hacker Hunters" (pffft), I can tell you that it's not the FBI (or any other LE agents) that don't care.

      There's *no* point in an agent taking a case or even wasting his/her time returning your call (one of many every day) when he/she already knows that an Assistant United States Attorney (AUSA) won't take the case for prosecution. The threshold set by AUSAs can amazingly high for damages in most cases. Where I work, it is around $50,000 before they'll even talk to you. There's just too much already out there.

      Criminal Investigations are all about prosecution. They all have too many cases as it is, all of which they hope to get prosecuted. There's no way an agent will waste their time on an unprosecutable intrusion.

      Unprosecutable because:
      1) damages don't meet the threshold.
      2) the system was unpatched and "invited" the hacker in - I hate this the most.
      3) the system was not bannered "..by clicking ok, you agree to give up your expectation of privacy"... - also a stupid reason, but the case law is there.
      4) the hostile systems are difficult to obtain evidence from (read: overseas, unfrienldy).
      5) the hostile is obviously a script kiddie (stupid warez, IRC, etc.). Experience shows that the effort put forth to go after these idiots is not worth the 30 days probation a juvenile gets in MOST cases - damage dependant.

      Experience will tell you what kind of effort your phone call is worth to an investigator. After he delete's your message, there are probably 3 or 4 more waiting to make their own report.

      The agency I work for forwards intrusion reports to us via e-mail. I ignore 90% of them. If I responded to them all (or even half), I'd NEVER have the time to go after the important ones. That's life.
      • Criminal Investigations are all about prosecution. They all have too many cases as it is, all of which they hope to get prosecuted. There's no way an agent will waste their time on an unprosecutable intrusion.

        I suppose that's one point of view I hadn't given much consideration towards. But the fact is, I'll make a call to report an intrusion. If I get a response at all it's usually just "Fax us details". No one ever responds to the fax.

        Now I suppose they might not respond because they don't thin
        • Hm. Makes one wonder if there's any way that corporate IP people would consider sharing information.

          Seems unlikely, since companies don't like admitting that they've been compromised (unless forced to do so -- there's a relevant California law regarding customer data, IIRC), but if they pooled information on this sort (e.g. attack methods, pwn3d machines that they were attacked through, any apparent targets, etc) they might be able to better judge when it's worth spending resources on pursuing some possib

      • Re:Pfft. They care so much. (Score:1, Interesting)

        by Anonymous Coward
        5cary (632356) stated

        Unprosecutable because:
        1) damages don't meet the threshold.
        2) the system was unpatched and "invited" the hacker in - I hate this the most.
        3) the system was not bannered "..by clicking ok, you agree to give up your expectation of privacy"... - also a stupid reason, but the case law is there.
        4) the hostile systems are difficult to obtain evidence from (read: overseas, unfrienldy).
        5) the hostile is obviously a script kiddie (stupid warez, IRC, etc.). Experien

        • Can you post some links from a .gov site documenting these requirments? It would be nice to point the PHBs at it.


          I wish I could. That list is based on plain old experience. There's no way they'd ever admit to that. Although, as you can see from the other comments, it pretty obvious.

          Those are not "documented" requirements. They are plain realities.
      • So, in loose translation, the FBI doesn't have to/want to do their jobs with regard to cyber-crime because the Ass't. US Attorney won't do theirs unless it's just so glaring that the negative press might actually affect their mutual self-esteem? Net effect, the job doesn't get done, the average tax-paying citizen sees zero return on that fraction of the tax dollars we're paying (not quite zero, we get a shrug, "That's life."), oh, and by the way, both agencies are requesting MORE funds???
        • So, in loose translation, the FBI doesn't have to/want to do their jobs with regard to cyber-crime because the Ass't. US Attorney won't do theirs
          You completely missed the point. There's *already* too much work. It's not a matter of not wanting to do their jobs, it's a matter of having way too much work already. Re-read my original post again, *slowly*, if you must.

          • Re:Pfft. They care so much. (Score:5, Interesting)

            by RM6f9 ( 825298 ) <rwmurker@yahoo.com> on Sunday May 22, 2005 @05:34PM (#12607061) Homepage Journal
            I missed your point, on purpose. Can you see how the issue might seem to someone who does not have your unique vantage point? There's too much work, so you choose the high-profile cases. There's too much work, so you let the small fry continue to break the law. There's too much work, so you need more funding... All of this is more than likely true, however: My point is, to the eye of an average tax-paying citizen, me, it seems very much as if, because the average tax-paying citizen doesn't have large enough businesses or large enough losses, we don't rate any protection at all, and only those who pay larger amounts in taxes or sustain larger losses (regardless of relative ability to *bear* such losses) get their issues even heard, much less addressed. Beyond a massive education initiative so that the people affected are better-prepared to protect themselves (hence reducing the amount of work your beleaguered department has), how would you recommend solving this dilemma? And, really, do we want citizens knowing that we must protect ourselves because the people in the agencies we pay to protect us are so overworked? Methinks that way may lie vigilantism, which seems to get prosecuted much more vigorously for some reason.... Maybe we average folks don't get to see nearly enough of what's going on - maybe some network exec could follow a day/week/month in the life of a law enforcement official in yet another reality show, bring it home that it's not all doughnuts and jaywalkers, but meantime, there's still that pesky problem of appearances. I'm just letting you know how it looks from out here...

            • Re:Pfft. They care so much. (Score:4, Interesting)

              by 5cary ( 632356 ) on Sunday May 22, 2005 @09:33PM (#12608887)
              to the eye of an average tax-paying citizen, me, it seems very much as if, because the average tax-paying citizen doesn't have large enough businesses or large enough losses, we don't rate any protection at all


              That's just it... The thresholds are high - not because those are the glamerous cases (the vast majority are sensitive enough NOT to make it to the press), but because they have the greatest impact on our society, and hence, the taxpayers. For example:

              a) A Government contractor housing sensitive information is compromised. The cost to the taxpayer is not obvious, but it *is* there. And it's a greater cost than you might imagine. Compromised technology and data exfiltration -- funded by taxpayers like you.

              b) your company's website is brutalized, and perhaps the customer database is somehow compromized. The cost in rebuiding the servers is (if it's really big) around $10,000 in man hours. Explain to me how a price will be put on the customer database. This will have to be done by the already overworked prosecuter in court (assuming it ever gets there). Prosecution and sentencing are based on damage to society, in most cases.

              Which one do you think the FBI is most interested in (for the sake of the taxpayer)? In the case of the first, *all* taxpayers bear a burden. In the case of the second... not so much.

              Understand this. Cybercrime investigators are overworked well beyond what you can imagine. A threshold *has* to be established. If you fall below that threshold, I'm sorry. Secure your systems.

              The days of sending out the fire department to get little kitty out of the tree are over. This has nothing to do with "ignoring the little guy". It's economy of resources.

      • As with RM6f9, I have some sympathy with the problems of law enforcement. But $50,000??? This means that anyone can physically break into a business, steal less than $50,000 and not be prosecuted? Oh, that wouldn't be a federal offence? What happens when that person crosses a state line? Will they be prosecuted then? Of course they will.

        All this clearly is not acceptable. If there aren't enough officers to handle this, it is up to the authorities to secure better funding so they can handle what is clearly

        • This means that anyone can physically break into a business, steal less than $50,000 and not be prosecuted? Oh, that wouldn't be a federal offence?

          First, that's not in every jurisdiction. Just in some of the more overworked ones. The threshold is not just a total of what was stolen, it includes man hours (for recovery and [non LE] investigation), along with other resources.

          Second, it's still a federal offence. Speeding is still speeding, even if you pass a cop doing 65 in a 55. But does he stop you?

      • translation: Commit multiple $50,000 crimes across multiple jurisdictions, and there are no consequences?!?!?
  • Im surprised that the FBI doesnt arrest the hacker hunters... they tend to like to arrest everything they can see doing anything that might be something they dont like....

    Ive got my tin foil hat on again too..

  • SCO mydoom (Score:5, Informative)

    by Camel Pilot ( 78781 ) on Sunday May 22, 2005 @01:57PM (#12605777) Homepage Journal
    Kudos to Buinessweek as one of only a few news sources that got the SCO, linux and MyDoom virus story right. From the fine article:

    In January, 2004, a new virus called MyDoom attacked the Web site of the SCO Group Inc. (SCOX ), a software company that claimed the open-source Linux program violated its copyrights. Most security experts suspected the virus writer was a Linux fan seeking revenge. They were wrong. While the SCO angle created confusion, MyDoom acted like a Trojan horse, infecting millions of computers and then opening a secret backdoor for its author.


    McBride however is remembered as calling the resulting DOS attacks "the darker side of the Linux community we've been fighting."

    • Re:SCO mydoom (Score:5, Funny)

      by FunWithHeadlines ( 644929 ) on Sunday May 22, 2005 @02:09PM (#12605846) Homepage
      "McBride however is remembered as calling the resulting DOS attacks "the darker side of the Linux community we've been fighting."

      Well then, this is an excellent opportunity for Mr. McBride to apologize to the Linux community for his inadvertant slander. I have no doubt that such a man who has shown a constant willigness to reach out to the press will take an immediate opportunity to correct his mistake.

      (Holding breath)

    • Advertising (Re:SCO mydoom) (Score:4, Interesting)

      by GQuon ( 643387 ) on Sunday May 22, 2005 @03:09PM (#12606142) Journal
      Yes. Chosing SCO as a target seemed to me to have the following motivations for the crackers:

      1: Advertising. They had a bot net that they wanted to demonstrate the power of. "Behold the might of our bots! It takes down SCO and Microsoft! Now pay protection money or your online casino is out of business."

      2: Social engineering against administrators. Linux-users are more likely to be administrators and have other network-related jobs. The crackers might think that attacking SCO and Microsoft would gain them symphaty from some of the administrators.

      3: The crackers don't like Microsoft. The security updates are a hindrance to them.

      4: The crackers don't like Linux/BSD. Microsoft's saving graces, in the cracker's eyes, is that they at least used to make insecure software, and they made a monoculture fertile to malware. By casting the blame on "linux fans", they might hurt the image of the FOSS community.
  • The article is dated May 30.

  • This was a very interesting article, although long. It's good to know that law enforcement agencies are at least trying to do something to stop this crime, but as the article stated it is hard because of things like little available funding and difficulties inherent in dealing with foreign governments with lax cybercrime laws, like Russia, but still, they're trying.

    I for one worry little about these government task forces spying on the rest of us. Sure, it might happen, but I would think that as long as we

  • "Hacker hunters," huh? (Score:3, Funny)

    by FlyByPC ( 841016 ) on Sunday May 22, 2005 @02:15PM (#12605876) Homepage
    So what's the point of shooting a deer with a BFG9000? Bring it down and cook it all at once, I guess?
  • "Lookey here! It looks like we've stumbled across a scriptkiddie! D'ya reckon it's a fella or a sheila? These are yung 'uns, and it's hard to tell. I've gotta be really careful, or it'll BITE me!"
  • Return of the "USSS" defacement
    Archived site [archive.org]. It was even funnier when the Mission Impossible music played as the background sound. :-)

  • The target: the ShadowCrew, a gang whose members were schooled in identity theft, bank account pillage, and the fencing of ill-gotten wares on the Web, police say. For months, agents had been watching their every move through a clandestine gateway into their Web site, shadowcrew.com.
    Obviously they missed the class at school on how to keep a low profile.
  • Agents (armed with) MP5 semi-automatic machine guns swooped in...
    If you don't know what kind of weapons they had, MAKE IT UP and MAKE IT SOUND SCARY, even if it DOESN'T MAKE ANY SENSE.
    Were they driving Volkswagen hatchback sport/racing pickup trucks? Was the house a four-story duplex ranch single-family apartment?

  • FBI hacker (Score:3, Interesting)

    by rice_burners_suck ( 243660 ) on Sunday May 22, 2005 @02:59PM (#12606101)
    You keep hearing about FBI, Secret Service or other law enforcement authorities involved in pursuing international cybercrime gangs, but who are those people and how does the cyberlaw enforcement work?

    I always thought that somewhere in the FBI worked some geek that couldn't really accomplish anything, but for some reason, they couldn't just fire him. So when they realized that he's a computer geek, they gave him a computer and said, "Here, go after cyberhackers." What they didn't realize was that he'd actually take it seriously. So now there's a geek in some dark room at the FBI going after 1337 h4x0rz. And the FBI talks about it as if they have a department of 6,000 professional MSCE's tracking evil hackers out there.


  • The article claims that shadowcrew is out-on-bond, and that the case is not even over yet. These guys (shadowcrew) will probably get an attorney who will explain that the Feds are nothing but a bunch of 'blow-hard-bastards', and that they should take the case all the way to court(s).

    If this a case the Feds are 'proud' to give to BusinessWeek, I'd hate to see the ones they are *not* so proud to show us.

    After all, the Feds don't even know where to look for these people.

    I mean, they claim that alot of th

  • Proof Law Enforcement Has All the Tools It Needs (Score:3, Interesting)

    by PingXao ( 153057 ) on Sunday May 22, 2005 @05:49PM (#12607175)
    The cops admit they can't rely on technology alone, they have to get back to basics: gumshoe work, people-on-the-ground, infiltration of the bad guys.

    Good for them. Now will lawmakers begin to realize that Law Enforcement for the most part already has all the tools they need to fight crime? There is no need to keep ramping up the powers they are granting to the cops every damn year that directly or indirectly erode personal liberty in this country?

    I'm not holding my breath.
  • I subscribe to businessweek, and I was totally underwhelmed by the story. The entire thing centers around the breakup of the shadowcrew. No technical means were employed to do this. It happened because someone rolled on the organization. They used the informant to tell everyone to come online for a meeting and busted down their respective doors in traditional FBI style. How is this a group of elite FBI hackers? It's traditional law enforcement!

Slashdot Top Deals

"Everything should be made as simple as possible, but not simpler." -- Albert Einstein

Close