Corporate detective hacking away at cyber underworld


Deep in the bowels of an office block on Dublin's Harcourt Street, Mr Patrick Hynes is waging war on cybercrime. Armed with a laptop and the latest intrusion protection software, Mr Hynes spends his days scanning computer networks and servers for hackers.

Hackers, or crackers as they are known in the US, at best are mischievous individuals who illegally infiltrate computer networks just for kicks. These so-called "scriptkiddies" deface websites in a similar manner to how graffiti artists spray-paint a wall.

A more sophisticated breed of hacker also stalks the Web seeking opportunities for fraud, extortion and even cyberterrorism. These technologically savvy individuals can break through security features such as firewalls to wreak havoc on corporate and governmental networks.

It may sound like the stuff of science fiction, but hackers are continuously probing company websites and computer networks, according to Mr Hynes. To prove his point, he logs onto his Internet server, specially configured to identify hackers, and quickly runs a scan.

"Here's one," says the 28year-old head of Ernst & Young's Security and Technology Services Profiling and Attack and Penetration Teams, which was recently set up in Dublin.

"This guy has been trying to copy files and there are another two who have been scanning our systems."

By using a software programme designed to track the movement of Internet users called a "TCP wrapper" Mr Hynes can identify the general location of users trying to connect with his own computer systems.

Within minutes of logging on his computer he has located the Internet protocol address code for four potential infiltrators who have tried to connect with his system that day.

"The guys who tried our systems are from Seoul in South Korea, Iowa and San Jose in the US, and Taiwan," he says.

These codes tell him which Internet service provider (ISP) the users have registered with in their home countries. In theory, this should enable Mr Hynes to make a quick phone call to the ISPs to establish their full names and addresses.

Mr Hynes is head of an Ernst & Young team being assembled in Dublin to offer intrusion protection advice and services to corporate clients. A so-called "white hat" hacker, he performs simulated attacks on Irish firms' systems to test for security weaknesses.

A co-instructor and developer of the Ernst & Young "extreme hacking" course in Chicago, Mr Hynes has several years' experience of the international hacking world and is training Irish technologists to track hackers.

The global nature of the Internet means that Irish companies are as likely to be targeted by international hackers as they are by local cybercriminals and this makes prosecutions difficult, says Mr Hynes.

Brazilians, Russians and Koreans are considered to be among the most prolific hackers. Inadequate legal frameworks and the sheer cost of tracking hackers to such distant jurisdictions makes it less likely to obtain prosecutions, he says.

"You may not always get co-operation," adds Mr Hynes.

None of the four hackers probing Ernst & Young's special hacking site breached its security systems, which have been purpose-built to repulse such attacks. But the same isn't true for most Irish companies, he says.

"Irish companies tend to be at least one or two years behind their US counterparts," he says. "Many Irish companies think they are secure but, when we check their systems, it turns out they are very vulnerable and there is a certain amount of naivety."

Successful hack attacks can be extremely damaging for companies as they often lead to a complete loss of confidence among clients, says Mr Hynes.

The issue is of such crucial importance that firms often will not admit that their security systems have been breached. Last week it emerged that hundreds of thousands of pounds have been stolen from at least four UK Internet banks by hackers.

However, none of the banks admitted the fraud, prompting Mr Bill Hughes, director general of the UK national crime squad, to call for more businesses to report cybercrime.

"When businesses say they are not being `hacked' they are not telling the truth. Everyone has been attacked," according to Mr Hughes. "It is how businesses deal with it that is the question. As soon as they realise it is not bad for business, and we can do something about it, they will do something about it."

Fraud is just one motivating factor that drives hackers, according to Ernst & Young's Mr Hynes. So-called "hactivism" - hacking for ideological reasons - is growing in popularity, he says. This month an infamous US cracker group, PoizonBOx, defaced at least 100 Chinese websites following the spy plane stand-off between the US and China.

In retaliation, Chinese hackers are vowing a planned weeklong all-out crack attack on US websites and networks, which will begin next Tuesday, May 1st. Rather than seeking to break into some systems, "hacktivists" can employ spamming techniques (sending multiple e-mails) to try to bring down organisations' websites, says Mr Hynes.

Favourite targets of such ideologically motivated cybercriminals are international trade and governmental organisations, he says.

But probably the most prevalent type of hacker are so-called scriptkiddies - typically teenagers and twenty-somethings, who hack for fun and to show off to their peer group, says Mr Hynes.

"These kids often wear black, stop shaving and look really scruffy. They use pseudonyms such as rain forest puppy and write hacking tools which they make available on the Web," Mr Hynes says.

Although they often use basic hacking tool-kits, the results can be devastating.

The dramatic shut-down of Eircom's ISP ( following a successful hack attack perpetrated by a teenager last year demonstrated how even major companies can fall victim to such attacks.

The best way for businesses to avoid this type of disaster is to keep online security on their minds and make it part of the culture of the firm, says Mr Hynes.

Buying sophisticated security software is only part of the solution, he adds. Firms have to constantly monitor their security and simulate hacking scenarios to keep secure.