• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

Stocks

• Quotes
• SE Diary
• Scoreboard
• Open-End Mutual Fund

Port Info

• Ships in Ports
  
  

Archives

• Yesterday
• Datewise
• Resources

Group Sites

• The Hindu
• Business Line
• The Sportstar
• Frontline
• The Hindu eBooks
• The Hindu Images

R.K. Raghavan

`This is how I did it.' Hackers relive their `exploits', of how they breached the most protected systems. The accounts are both absorbing and educative.

Hacking is a unique ego issue. It involves the potential for a great deal of power in the hands of a single individual, power reserved for government or big business. The idea of some teenager being able to turn off the power grid scares the hell out of government. It should. — Adrian Lamo

HAVE you heard of a lad breaking into the computer systems of giants such as Microsoft, Yahoo and MCI WorldCom and audacious enough to tell them how vulnerable they were?

For the Boston-born Colombian Adrian Lamo, hacking was " less about technology and more about religion."

Tinkering with his father's modest machine, even at the age of seven, he chanced to find out that he could instruct the computer to generate a listing of the source code of an adventure game.

This yielded him all the data he needed to win the game, after several unsuccessful earlier attempts. There was no stopping him thereafter.

Adopting an approach untypical of the normal hacker, he could wander around a targeted system, aided not by technical prowess but purely by intuition.

Playing the role of an employee accessing customer information, Adrian could, most of the time, draw a mental diagram as a prelude to his forays.

For instance, by just typing a name he stumbled on a customer's online order with Microsoft and gained access to entries relating to some credit cards that the company had declined.

Later he tipped off Washington Post on how he had broken into the MS Web site. Nothing was worse publicity to the software giant, which prudently did not press charges against Adrian.

A greater `triumph' was against New York Times. An IP address on an e-mail from the newspaper gave the initial opening to enable Adrian to lay his fingers on a variety of data, including the Times's Lotus Notes database.

Of course, this landed him in serious trouble with law enforcement.

Adrian, called the `The Robin Hood Hacker' was among the many interviewed by the legendary Kevin Mitnick, who has teamed up with a well-known journalist William Simon to write a highly absorbing The Art of Intrusion (Wiley Publishing, Indianapolis), released just a few months ago. The book outlines some astounding breaks-in and has received some flattering, if not outstanding, reviews.

Simon possibly does the writing, and the facts are supplied by Mitnick, whose skills to get into the most protected systems without leaving a trace may never be excelled.

Convicted in 1989 for computer and access device frauds, Mitnick did the vanishing trick for some time, only to indulge in his obsession of stealing passwords and copy confidential and sensitive e-mail information from several Web sites.

The FBI arrested him in 1995 to face nearly 50 charges in North Carolina and California. Sentenced to more than five years, he was released in January 2000. Ever since then he has utilised his hacking skills to helping government and business combat an activity in which he himself had thrived in his previous incarnation. Can there be a more ironical twist to one's career?

The present book is a sort of sequel to Mitnick's earlier work, The Art of Deception (2002), that dealt more with the pervasive influence of social engineering over computer crime.

Mitnick is currently under a federal injunction not to write about his own `achievements' in cyberspace until 2007. This is why he has now paired with Simon to record how others had violated the sanctity of computer systems, either for adventure or greed.

There are 10 chapters that paint a ceaseless world of intruders who are all the time prying for vulnerabilities.

It is just possible that some cases in the book are apocryphal. Nevertheless, the point to remember is that there is no limit to human ingenuity, and eternal vigilance is the watchword.

The casinos in Las Vegas are as inviting to the underworld as to genuine gamblers.

Four consultants in a high-tech company get a chance to go there on official work along with their families. A stray remark from one of the wives, on landing at Las Vegas, as to why their husbands with all their computer knowledge could not beat the slot machines, triggers group action.

Some assiduous research and purchase of a machine similar to the one in use at one of the casinos leads to the discovery that the numbers generated by the machines at casinos are not all that random and are clearly predictable. The group's synergy is effectively exploited thereafter to hoodwink the machines and bring in continual gains that sometime ran into four figures.

This was too good to last. A daredevil in the group is too greedy and therefore gets caught. Since he is a tough guy, he does not let down the others who just disappear.

There is everything here that can make up a movie, something on the lines of the Ocean's Eleven.

`Countermeasures' and `The Bottom Line' are the final sections of each chapter where the authors analyse every incident and suggest remedial action.

In a case like the Las Vegas intrusion, Mitnick and Simon recommend the use of a really secure chip in all hardware products and the scratching off of any identifying information on the body of the chip so that no mischief-monger goes back to the manufacturer for procuring a similar chip.

Their general advice is one that favours a stronger form of authentication than a static password, and a second-level sign-on technique in combination with a traditional password.

Mitnick and Simon see a positive side to hacking because it exposes system vulnerabilities more than other devices would do.

In their view, it will not be inappropriate for MIT or Caltech to award a Bachelor's degree in Hacking! Mitnick has many candidates to recommend. Possibly some of us also do have a few!

The writer is a former CBI Director who is currently Adviser (Security) to TCS Ltd.

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Balancing act

Copyright © 2005, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line