Hiding in the shadows

The world of IT intelligence is extremely complex. Sandra Rossi talks to the ‘watchers' and the ‘hackers' and finds there are only shades of grey.

In the shadowy world of hacking there are the good guys, bad guys and plenty of shady characters in between.

There are those who watch and those who are being watched. Some security specialists have made careers out of being watchers and those who are being watched - aka hackers aka bad guys - are not too concerned.

As players on both side of the fence in the cybercrime chess game will tell you, the hackers are winning by miles. In a world where nobody is seen but every presence is felt, who are the watchers? Ask them and they won't provide a clear answer, mainly because sometimes there are no clear sides; it all gets a bit too grey and murky.

At other times, the lines are clearly drawn but the territory is always shifting. If it all sounds a little vague don't be concerned, it's meant to be. To try and peel away the different layers of the cyber-security onion this reporter spoke to both security intelligence and law enforcement specialists, as well as members of Australia's hacking community.

The IT security world is a pretty tight circle, but sometimes even the players don't know who is who in the zoo.

Generally, watchers do not identify themselves, remaining elusive in order to move from one world to another. They maintain several online identities to visit chat rooms, bulletin boards, hacker sites, news groups and other public forums, and move seamlessly through the cyber world gathering intelligence. There may be times where a "watcher" thinks he is chatting to a "hacker" only to find he has made contact with another "watcher", but real identities are never revealed.

"Information may be repeated to me and I know where it came from so I can deduce who I am talking to, but we are always assessing the reliability of what's heard," one intelligence source told Computerworld.

For readers finding it all a little too James Bondish, I did say it was shadowy.

The world of IT intelligence comprises three main groups - there are the older types, typically with a military or law enforcement background, but without broad high-tech experience, and have an old-world mentality. They tend to have an enforcement approach to solving problems.

The second group tends to be younger, more tech-savvy and have a more pragmatic approach to law enforcement.

Finally, there are those computer science graduates less than five years out of university who love their electronic toys and are more commonly known as ‘propellor heads'.

"The ideal watcher has a traditional IT background as a systems administrator and along the path has worked on large security projects with private consultants in addition to a military or law enforcement background. This allows them to have a good understanding of the investigative process - people, motives and their networks," sources told Computerworld.

"This is important, because high-tech skills aren't always in use; 80 per cent of the time decrypting is not necessary and it is too much hard work anyway.

"We can generally find out passwords through alternative methods such as the use of video cameras."

An example of this technique is using video cameras in airport lounges as suspects tap away on their laptops waiting for a flight.

"They are good quality cameras and have been used on a number of occasions.

Another bonus is that they have already walked through a metal detector so it's reassuring to us if they are a dangerous person and anything unfolds," the source said.

"However, cyber criminals only tend to be violent online; it is only their employers, such as organised crime syndicates, that are dangerous."

Other techniques used by watchers include intercepting ISP data or telephone communications combined with physical, real-world surveillance and access to the US intelligence network to capture electronic transmissions.

The Government also partners with the private sector including IT security vendors and consultants who have comprehensive computer forensic units.

The aim is to identify threats before they materialise and, according to sources, the threats are very real, particularly in light of the September 11 terrorist attacks.

Gathering intelligence is the first step to preparing threat assessments and determining a protective response; it's the type of groundwork likely to be used before a CHOGM meeting or the Sydney Olympics.

So who are the watchers watching? Predictably, terrorist organisations with a cyber network in Australia and threats to the national infrastructure top the list; and in the world of cyber terrorism techniques are extremely sophisticated. For example, information can be hidden behind images on Web sites readily available for the person picking up text from anywhere in the world. This makes information virtually impossible to locate.

But Australia's bread-and-butter variety hacker is not always a zealot driven by ideals. In most cases he or she does it because "it can be done".

As one former law enforcement officer told Computerworld: "The motivation is to be a hero, to prove prowess by hacking into a company then e-mailing the victim to prove a point; right now it's pretty cool to be a hacker."

This tends to make up the bulk of the hacking community outside hacktivists (online political activism) and of course, organised crime syndicates motivated by money.

For watchers, penetrating the hacking world is only the beginning, the ideal is to nurture informants.

The hacking community may not describe themselves as "organised" in a true sense, but there is plenty of networking, open exchange of information and groups can be difficult to define because they change so quickly.

It is a dynamic, fast-moving and always evolving community and personalties involved tend to change allegiances on a regular basis, shifting the dynamics even further.

While some groups, such as 2600, have become more mainstream, smaller groups are emerging and sources claim the corporate dollar is also having an impact; some former hackers become consultants with dual lives.

The concept of a double life is not unusual as a suit-and-tie security specialist during the day may be exploring his or her IT skills at night, just pushing their abilities and limits.

"This is where character comes into play, because you can end up on both sides of the fence seeking excitement, it comes down to discipline; there is all sorts of network testing done in the security field and even without criminal intent, activities have to be contained," the source said.

One convicted hacker who spoke to Computerworld described it as a "mental sport" no different to doing a crossword.

"It's an opportunity to pit your skills against someone," he said.

Admitting it is sometimes a fine line, the hacker said the real problem in defining a hacker is that "people equate ethics with the law".

He agrees there are plenty of people in IT security who are white hats in the day and black hats at night.

"Hackers get together to exchange information and for educational purposes, but the serious players are pretty solitary," the hacker explained.

"They operate solo and do not attend public meetings; these are the guys that cause untold damage."

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place