/Big Question/ Hack & Cash

23/10/2007 | Filed under Discover > Big Question

Do paid-for hacking tools pose a threat to online safety?

Web app expert
Deri Jones
SciVisum

The short answer is no, not at all – or at least they shouldn’t do. With a little digging, you can find out the capabilities and functionality of paid-for hacking tools for yourself, so they should present no shocks or surprises. This is one area where a dedicated IT person or team can really add value. A far more significant threat is posed by the organised crime hackers who have been flexing their muscles and demonstrating some innovative and clever techniques in recent months, with regular attacks originating from China. IT security is a constant threat, but if firms and individuals remain vigilant and take appropriate measures, they should be OK.

Deri Jones is CEO of SciVisum, a web and application testing service based in Kent

The professionalisation of hacking tools, complete with support, is a decisive tilting of the playing field in favour of would-be hackers. What once required a bit of self-knowledge (or at least a knowledgeable friend) can be learned from a support ticket! But as computer and internet users, many of us could still do much more to protect ourselves. I’ve lost count of the number of people whose computers I’ve seen running no (or out of date) firewalls and antivirus software.

The problem is that, to many people, the threat from hacking appears to be merely theoretical. For example, with banks underwriting losses from misuse of online banking – in part because a collapse in confidence of the system would force them to reverse their cost-cutting policies of branch closures – the consequences of not securing your machine and using robust passwords are lessened.

In the long term, such safety blankets work against the creation of a secure “online world”, and we may arrive at a time where the only way to change people’s habits is to make them responsible for the consequences of their inaction.

A .net reader, Martin is sales director at web hosting company, Beyond Ego Ltd

Media & PR expert
Tim Gibbon
Elemental Communications

You would think that books on hacking would be enough, but obviously not. Now you can go online and get the really good stuff. Well, you can’t say that this wasn’t inevitable; individuals profiting from reckless behaviour and inciting others to do the same. It’s hardly anything new, is it? If you ever watched the 80s film War Games, with a very young Matthew Broderick, you know that there are some really bright people out there that don’t need off-the-shelf tools to assist them to hack. A report in The Times, “China’s cyber army is preparing to march on America, says Pentagon”, outlines some of the issues, paranoia and propaganda that nations now face. The commentary via subsequent posts is even better reading than the article itself! There have been reports of Russia inflicting similar tactics upon Estonia, and there must be countless others we don’t know about. It’s clear that attacks from mud slinging, espionage and even wars, will be fought online (if they’re not already), because we’re now a technology driven peoples.

Just imagine what challenges we all face, as more individuals become skilled from guides that are so readily available. Perhaps we’ll need to buy a hacking tool/guide just to keep up and protect ourselves as individuals rather than waiting for governments to do an inadequate job of looking out for us.

Tim is founder and director of Elemental Communications, a media communications consultancy that caters for traditional and digital media

Open source guru
Tristan Nitot
Mozilla Europe

What’s new today with these hacking tools is not their availability, but their price tag! The internet is mirroring society: there are mostly honest citizens that need protection from a minority. Just as in war, some people develop weapons such as spears, while others improve their protection, such as shields. Days of shields and spears are now long gone, but the idea is still valid in the online world. Attacking technology is improving, and companies providing technology to consumers have to take this into account when they sell (or give away, in Mozilla’s case) products. This is why we strive to continuously update our browser, Firefox, so that it’s immune to innovative attacks. Our efforts do bear fruit, as Mozilla has the quickest turnaround when it comes to security, combined with the fact that we include an automatic update system so that our users are safer than with other, larger competitors.

Tristan is the president of Mozilla Europe, a not-for-profit organisation funded by donations

Content specialist
Siim Vips
Modera

What is a hacking tool, you might ask. Trojan horses, security exploits, rootkits, botnet-powered services (proxy, spam, DDOS, etc.), packet sniffers, vulnerability scanners, etc. All of these might be classified as hacking tools. The difference between them is great: While packet sniffers and vulnerability scanners are legal and are developed by commercial companies, other tools are created by black hats, and are outlawed and used mainly for malicious purposes.

Computer technologies continue to develop rapidly, and hacking tools are not an exception. Hopefully, on the opposite side, antivirus tools are following new viruses very closely, and are probably just half a step behind them (and this distance is decreasing). However, it seems impossible to completely eliminate the gap.

Viruses, security exploits, worms and other similar software are not something new, but what makes them more dangerous now is the abundance of them. On the black market, it’s possible to buy security exploits that utilise the newest, and sometimes even undisclosed, vulnerabilities in computer software, rootkits that are completely invisible and undetectable

by antivirus tools, and the most exciting to some are likely to be botnets. There are even professional-looking consoles for managing botnets. These enable anonymous DDOS attacks, sending millions of spam mails, or performing some other malicious action by using infected computers from a botnet as proxy chain, successfully hiding your original location. It’s even possible to order customisations and completely new malware from black hat individuals.

I’m sure that most of you, at least once, were faced with spyware and adware software, bothersome pop-up windows in your browser, viruses and definitely spam emails. Making more hacking tools available may present the opportunity for more individuals to undertake illegal activity, as more crime shifts online. Only time will tell if there will be more criminal activity in this space.

Siim Vips is a software development and content management specialist at Modera, a software company specialising in CMS development

Legal expert
Raj Mahapatra
vLegal

Do guns pose a serious threat to my safety? Not all guns, just those in the wrong hands. Do I think guns are a good idea? No. And is the sale of guns is completely unjustifiable? Yes. But do they worry me? No, well not all of them.

I feel the same about hacking tools. You have to be concerned about how they’re going to be used, as I can’t really see a legitimate application for them. But do I personally worry about a threat to me? Not particularly.

Raj Mahapatra is MD of vLegal, a company with an aim to redefine the legal services industry

Ecommerce specialist
Chris Barling
Actinic

The short answer is that hacking tools are a threat. Ever since our US website was defaced by a snotty lad (well, that’s how I made up his Voodoo doll) using LOphtCrack, I’ve been irritated by so-called “script kiddies” buying tools and causing havoc, while having no talent themselves.

While it’s true that these tools keep us all on our toes from a security point of view, that’s not an argument in their favour. We wouldn’t think much of someone selling “retail sledgehammers” for the purpose of breaking through shop windows, even though the result might be the greater use of safety glass.

The truth is that hacking tools are written for the cash, notoriety and fame, or all three. There’s nothing altruistic involved, and since their sole use is criminal, they should be banned. Symantec must have seen this point, but it still took it 18 months from purchase before it dropped LOphtCrack in March 2006. What was it thinking?

Chris founded the well-known ecommerce software development company Actinic in 1996

Internet researcher
Alex Burmaster
Nielsen//NetRatings

Anything that encourages or aids hacking online can only be detrimental to the safety and security of the online population. The only hope for law-abiding Netizens is that, in some way, these types of activity spur those entrusted with increasing our security to greater levels of proficiency.

Alex is European internet analyst at Nielsen//NetRatings, a global leader in internet media and market research