Set a hacker to catch a hacker

Pimpshiz, the hacker who rose to notoriety in 2000 during a pro-Napster defacement spree, has gone straight. Although his case is still pending in the US judicial system, Robert Lyttle, as he is now known, is trying to make a break as a security expert.
With a string of website defacements under his belt including military, FBI, and Nasa sites, Lyttle has started up a security company, Sub-Seven Software. He believes that the security industry could do with a word of advice from the dark side of the hat.

"Only a hacker can defeat a hacker. The threat of digital malice seems only to grow. Reports show that, even when new security measures are deployed, computer crimes do not decrease; often they increase," he said.

"The year 2001 catapulted to over 20,000 defacements from a mere 5,000 reported in the year 2000. Figures shown should not be taken lightly considering that there are thousands of other incidents that aren't being recorded," he added, predicting that numbers will increase this year.

Lyttle explained that the increasing availability of pre-packaged exploit scanners and denial of service tools was helping 'hackers' to gain even more of an upper hand.

"It doesn't take a genius to launch a worldwide attack, but only a few easily acquired resources," he said. "With this in mind, some hackers are beginning to realise that they are already equipped with the knowledge to accomplish larger and more destructive missions. All of this is leading to nothing but more insecurity towards a secure digital space."

Lyttle maintained that, if it weren't for high profile hackers, there would be no drive to create stronger security. "Stealing credit cards and launching denial of service attacks do not require a large amount of skill," he said.

Apparently it's even possible to make a living from digital fraud. "Making a profit, earning a buck from everything illegal done, is their speciality. Is it hard? No. Are we all possible victims? Yes. What you should be worrying about are the companies that store your vital information," he warned.

Lyttle claimed that "it is extremely hard to live a legal life on the internet and, because of this, people will become accustomed to illegal activities".

Whether this involves using someone else's serial number to register software, burning a copy of a CD for your mate or downloading a copyrighted song as an MP3, people "won't know the difference between good and bad, which makes the internet a scary place to think about".

"The internet was not raised with super-strict legal guidelines in mind which makes it what it is today - a widely illegal locale," said Lyttle. "There is no remedy for this; re-establishing the internet is quite impossible. Only improvements and adjustments in the system can be applied to help its users live a legal digital life."

The hacker reckons that living an illegal life on the internet is "no big deal". Bringing a website to its knees, stealing identities and snooping secret documents is so run of the mill that "the hackers you hear about in the news are the community that is in full control over the internet: the ones who are considered semi-smart but, in reality, do not possess any true knowledge or morals".

But Lyttle said that defending yourself digitally is extremely easy. "For the past five years I've used the same antivirus scanner. It's called my brain. It only takes common sense to make sure that you aren't about to step into a self-initiated catastrophic situation," he explained.

He suggested that the vast majority of successful attacks happen because people don't think before they open strange files. "Don't watch your important documents get wiped before your eyes; instead use your judgement," he said.

As a parting shot, Lyttle made a scathing attack on the hackers' adversary, the FBI. It was probably not a good move seeing as he hasn't been sentenced yet, but he insists that the authorities are not clued up enough to fight the hacker menace.

Speaking from experience, Lyttle said: "I came into the room knowing what they were going to say to me. [They underestimated me], creating vulnerabilities in themselves therefore allowing me to have the upper hand at all times."

Lyttle admits that he may not possess the upper hand in court. But it looks like he is the one "being beaten down, the one being hassled with court fees and other miscellaneous complications".

The reality is quite different, he says. "Diversion, question and assumption. This is what wins the chess game. To take a hacker out you must beat him\her at their own strategic game," he concluded.

http://www.vnunet.com/News/1128657