I was a teenage hacker

The arrest of Briton Gary McKinnon, accused of hacking into computer systems at the Pentagon and Nasa, has again thrown the spotlight on the world of hi-tech crime. The problems he allegedly perpetrated cost more than £500,000 to track and correct. @metro editor JONATHAN GODDARD tries to find out why hackers do it. FORMER hacker LC uses his skills to help police, private companies,and the FBI tackle the problem of hacking. Now 21, the security consultant was in trouble for credit card fraud and hacking into his school's computer systems between the ages of 13 and 15. 'Anyone can connect up to a server, discuss whatever they want and no one can regulate it,' says LC. CYBER GUIDE TO JARGON Trojan horse: A program disguised as legitimate software to setup a 'back door' in a computer Virus:  Self-replicating program that spreads by inserting copies of itself into other files Worm: Another type of self-replicating program; it does not attach itself to other codes Vulnerability scanner: A tool used to check computers on a network for known weaknesses Firewall: A system that defends computers from intruders by limiting access Exploit: Pre-prepared software that can take advantage of a known weakness Root kit: A device for hiding the fact that a computer's security has been breached Whitehat: A hacker who breaks security for non-malicious reasons Script kiddie: A by-the-numbers hacker who simply follows without fully understanding the steps they are performing 'I started getting into piracy and was then introduced to hacking' groups. 'I wasn't in trouble work-wise at school, but was a geek. The only way I could really excel was to be this hacker. Police were more interested in how a 15-year-old did these things than messing up my future.' Hacking has been a serious problem to computer systems and sensitive information for many years. With the advent of the Internet, more data being stored and an ever-growing number of computer users with little knowledge of how to protect  files, hackers are prospering. 'There are good hackers - those hacking just to see what they can uncover as a challenge,' adds LC. 'And there are bad types - the script kiddies and malicious hackers, who make money from it.' Most malicious hackers break into shopping sites and steal credit card numbers. 'Gary McKinnon most likely didn't know what he was doing,' adds LC. A hacker breaks into a system, gains knowledge and keeps control of that system or disappears. 'Nowadays you have tools you can download that, within 20 seconds, allow anyone to start scanning at the press of a button. It's a power buzz' IT security consultancy Information Risk Management recently probed the online defences of 18 online banks including Barclays, HSBC, and Lloyds TSB, and found 72 per cent of them were vulnerable. The need for banks to protect against cyber-crime was highlighted in March when police foiled an attempt to steal £220million from a London-based Japanese bank, Sumitomo Mitsui. Hackers are breaking into about 30,000 PCs a day to send viruses around the globe or reveal bank account details - phishing. LC says the problem is a slow reaction to security threats. 'We need a system worldwide which every government agrees on,' he adds. 'It's like earthquakes - you're never going to stop them, but you can minimise the damage.' [Metro, June 13,2005] Conmen 'phish' in your e-mail inbox BY SARAH GETTY ALMOST half of all Internet users have received spam emails aimed at tricking them out of money, a new poll by AOL found. 'Phishing' e-mails - designed to look like they come from a bank -ask users for their personal information and password details. Fraudsters can use the information to steal cash from users' accounts. The techniques being used are becoming increasingly sophisticated, with e-mails often directing users to false websites via hyperlinks. Yet there is little chance of getting money back if you are caught out by a phishing e-mail. More than half those who lost cash were not compensated by their bank or credit card provider. The amounts stolen are often small - about £50 - because the conmen aim to carry on undetected. They know that few people check credit card and bank statements thoroughly. Other online scams include paying for items ordered over the Internet which never arrive and sending cash following a demand from a bogus e-mail. Will Smith, from AOL, said: 'It is often difficult to spot a scam so it's crucial people protect themselves.' AOL's advice includes: Use spam filters, anti-virus software and firewall software Be suspicious, especially of unsolicited e-mails Do not click on links if you are suspicious - type in the company's web address instead Check your bank balance and statements regularly. [Metro May 3, 2005]

Hackers unravel key to Internet

Hackers have attacked US army and NASA computers after stealing codes which control the Internet. The gang is thought to have exposed security flaws in the networks but it  is not known how much data was stolen or destroyed. The attackers are believed to have been based in Europe and have targeted thousands of computers some serving research labs. The revelation follows the latest arrest over last May's theft of program instructions for machines which control the Internet. The suspect,detained in Sweden on Monday,is believed to be a 16-year old already charged with hacking into a university. The stolen CISCO SYSTEMS code was posted on the Net.

[Metro May 11,2005]

BY SARAH HILLS

HACKERS have unleashed an 'industrial-strength' attack in a bid to steal sensitive information from almost 300 Government departments, it emerged yesterday.

Businesses have also been targeted during months of concerted attacks, which are launched from bogus e-mails and contain a 'Trojan' attachment.

At first glance they appear harmless but, once opened, an invader can gain fill' control of the user's machine.

A 'recent rise in sophistication' in attacks on financial, telecommunications, energy, transport and health organisations has been noted by the National Infrastructure Security Co-ordination Centre.

The Government body aims to protect essential services and systems from electronic attack.

It issued a warning yesterday urging businesses to beef up security. 'There are businesses on the periphery of the critical national infrastructure that can be targeted by these attacks,' it confirmed. These could include banks,insurers and other financial units. 'This is not a few hackers sitting in their bedrooms trying to steal bank account details from individuals. This is aimed at organisations, targeted at gaining information and is extremely well organised and structured,' said NISCC director Roger Cumming.

Security consultant Carole Theriault, who helped the NISCC analyse the Trojans, said there were 17 types.

'They were basically information-stealing files hidden in the machines. It must have been serious enough for the NISCC to put a warning out,' she added.

Many of the messages were sent from addresses in Asia and efforts are now being made to shut them down.

The messages are spoofed to appear as though they come from a credible source and hackers use distribution lists to target large numbers of people. Nothing significant has been stolen so far, said the NISCC.

eBay Sellers warned over PayPal swindle

BY OLIVER STALLWOOD TRICKSTERS are duping eBay users into giving goods away for free in a new scam on the Internet auction site. A seller is emailed asking if the item can be sent to Africa - even if the victim has agreed to post only to the UK or Europe. The buyer offers £40 postage using Paypal, an eBay firm allowing online payments. Then an email allegedly from PayPal says the money has been received and seeks a Royal Mail tracking number If that is not sent, an email purportedly from eBay threatens action against the seller's eBay account. The aim is to pressure victims into mailing the goods, even though they have never been paid. IT boss John McGregor was almost duped by the scam when he tried to sell his mobile phone on eBay. But the Internet security specialist was able to spot that the emails were not legitimate. A LEFTOVER Christmas sprout has fetched £1,550 on eBay. Leigh Knight, 18, put the sprout up for auction as a joke after saving it from the rubbish while washing up. Bids started slowly at £1 and someone even offered a carrot in exchange. After receiving the money from a buyer called Rachel, Leigh has given it to charity. He said: 'The real concern is that there are thousands of people who may get caught and taken for a ride.' The con is believed to originate from Nigeria. PayPal and eBay yesterday said its safeguards were 'a world class example of the tools that can be put in place to prevent these attacks'. Members suspecting a hoax email should send it to spoof@ebay.co.uk or spoof@paypal.co.uk. Within a few minutes, they will get a response confirming whether or not it is genuine. [Metro Jan9,2006]