Good hackers meet to seek ways to stop the bad hackers

Sep 30, 2009 By Bridget Carey

The world of hackers is kind of like the "Star Wars" universe: There's a light side and a dark side of cracking computers.

Hundreds of hackers on the side of good -- or ethical hackers -- gathered at the 14th Hacker Halted global conference, held for the first time in Miami, to talk about strategies to thwart cyber terrorists.

Ethical hackers understand how to hack a system in order to better protect against attacks, or to know where the vulnerabilities are in a program.

"A good defense is a good offense," said Sean Arries, a security engineer at Terremark Worldwide. "If you understand your opponent and you understand how the attacker is going to attack you, then it makes it a lot easier for you to defend yourself."

Arries gave a cautionary presentation detailing how hackers can take advantage of a vulnerability in Vista and Windows Server 2008 _ a gateway for hackers that Microsoft hasn't yet patched.

Arries did a scan of 43,000 domains and found 110 of those sites were vulnerable to that exploit.

"Now 110 is quite a lot, because that becomes a staging process for an attacker to launch against other sites and internal networks," he added.

Bloggers have been writing about this flaw for two weeks, so it wasn't exactly news to the audience. But while going through slides filled with programming code, he warned attendees that hackers will likely launch a worm to take advantage of this flaw any day now.

"We are in a scramble state to secure our clients and customers and secure ourselves internally before this worm shows up -- and it will be coming," Arries said in an interview afterward.

Not everyone who comes to events like this is a good guy, so to speak. Talk to anyone at that conference and they believe at least some "" hackers were among them in anonymity -- or more likely, who work in a morally gray area.

"The same techniques that you learn to protect a system are the same things people look at to break into systems," said Howard A. Schmidt, president of the Information Security Forum. "You have the good guys trying to out-thwart the bad guys, and the bad guys going to learn from the good guys. "

In the world of hacker conferences, Hacker Halted is pretty tame compared to the DefCon and Black Hat conferences in Las Vegas.

"That's where you get more of the black hat subculture to learn what's going on and extract information that maybe you should or shouldn't be privy to," said Solutient technical trainer Ernie Campbell, who flew in from Cleveland to attend.

Malicious hackers are usually grouped into subsets.

There are the "script kiddies," a derogatory term given to hackers who use programs to cause trouble because they don't have the skills to write their own code. There's also the typical movie stereotype of pale guys pounding down energy drinks in a basement full of computer screens as they wreak havoc.

"That certainly exists, but it is a small, small subculture," said Erik Laykin, managing director of Duff & Phelps in Los Angeles and honorary chairman of the Electronic Commerce Council, which organized the conference.

The hackers that Laykin and other investigators focus on are the criminal hackers -- many working out of the country -- who keep coming up with ways to steal financial information.

And while these criminals work 24/7, it's a constant job of playing catch up for the ethical who is trying to stay on top of the latest exploits. And as people become more attached to mobile devices, cellphones will be the target down the road.

But it could be worse than that.

"Defibrillators that are implanted in people's chests today have electronic remote sensors so they can be reprogrammed using wireless technology. That's an early technology that's potentially susceptible to hacking," Laykin said.

"Now if I can hack a computer, why can't I hack somebody's defibrillator or pacemaker? Scary stuff."
___

(c) 2009, The Miami Herald.
Visit The Miami Herald Web edition on the World Wide Web at www.herald.com
Distributed by McClatchy-Tribune Information Services.

Explore further: Japan court orders Facebook to reveal revenge porn IP addresses

add to favorites email to friend print save as pdf

Related Stories

The Web: Hackers penetrate network routers

Nov 23, 2005

Hackers are now probing a new target -- network routers -- as they seek to wreak havoc on corporate computing networks and evade the extensive security software that has been deployed on PCs and Web servers, experts tell ...

Conficker worm dabbling with mischief

Apr 28, 2009

The Conficker worm's creators are evidently toying with ways to put the pervasive computer virus to work firing off spam or spreading rogue anti-virus applications called "scareware."

Turmoil fuels 'hacktivist' attacks on Web sites

Jun 25, 2009

(AP) -- For about 90 minutes Wednesday, visitors to the Oregon University System's Web site found themselves taken for a ride they didn't ask for. They were redirected to another site under the control of ...

Recommended for you

Kickstarter suspends privacy router campaign

Oct 20, 2014

Kickstarter has suspended an anonymizing router from its crowdfunding site. By Sunday, the page for "anonabox: A Tor hardware router" carried an extra word "(Suspended)" in parentheses with a banner below ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

frajo
not rated yet Sep 30, 2009
We used to call the good ones hackers and the bad ones crackers.