home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Chaos Computer Club 1997 February
/
cccd_beta_feb_97.iso
/
chaos
/
ds38
/
ds38_23.txt
< prev
next >
Wrap
Text File
|
1997-02-28
|
6KB
|
163 lines
DUTCH POLICE
ARRESTS HACKERS
f7~e facts
At 10.30 in the morning vf rnonday the 27th
of January 1992 Dutch police searcheci the
homes of two hackers. In the city 03 Roer
v
mond, the parental homle of the. 21-year old
student :EI.W. was searched a.nd in Nuenen
the same happened to the parenta.l home of
R.N., a Computer Science engineer, age 25.
Both ~Yere arrested and taLen ir~to cust~dy.
At both sites, members of the Am~terd3~m
Police Pilot Team ~lor computer ccime Nvere
present, .alongside local police officors and
representatives of the national org;misa~tion
CRI (Criminal Investigations Agency) Both
suspects were transported to Arr~sterdam.
The brother of one of the susl~ects was told
the suspects could recciYe no visits or mail.
All of this has happened more than one week
ago and the two are still in ~aii as we write
this.
~e charges
A break-in supposedly occured at the
bronto.geo.vu.nl site at the VU University
in Amsterd~en. This UNIX system running
on a SUN station (IP 130.37.64;3) has been
taken off the net at least for the duration
of the investigation. What 'happened to the
actual hardware is unknown at thi~ tinre.
The formal charges are: forgery, rackeLee-
ring and vandalism. The police justifies the
forgery part by clalming that files on the
system have been changed. The vandalism
charge is valid bec~use the system had to be
taken vff the net for a perlod of time to in-
vestigate the extent of the damage. By pre-
tending to be regular users or even systern
management the hackers committed racke-
teering, the police says.
Both suspects, according to the Dutch po-
lice, have made a full statement. According
to ~ police spoLesman the motiYe wa5 "fana-
tical hobbyismt'. Spokesperso~ Slort for the
CRI speakes of the ?'kicl; of seeing how ~r
you can get".
.~,~. f~.~ ~
~-
"Dam~es)'
According to J. Renkema, head of the geo-
physics faculty at the VIJ, the university is
considering filing a ciYiL lawsait against the
suspects. "The system was contaminated
because of their doing and had to be clea-
ned out. This cost months of labour and
50.000 gullders (about US$ :lU,O(10?. Registe-
red users pa~y for access to the system and
these hackers did not. Result: tens of thou-
sands of guilders in damages.~ Renkema also
speaks of a ,~moral disadvantage": The uni-
versity lost trust from other sites on the nct-
work. Renkema claims thc uniYcrsity runs
the risk of being expelLed from some net-
works.
SeNe za | Das wissenschaNiche Fachblatt ftir Datenreisende ~it ~nlt~nitr|
Renkema also clalms the hackers were dis-
c~vered almost immediately after the break-
in and were monitored at alL times. This
means all the damages had occured under
the watchful eyes of the superYisors. All this
time, no action was taken to kick lhe hac-
kers off the system. Accordina to Renkema
all systerns at the VU were protected accor-
ding to ~uidelines as laid down by CERT
and Sur£Net B\7 (SurfNet is thc company
tbst runs most of the ir~ter-uniYersit~r data-
traffic in The Netherlands).
What reaIly happened?
The charKe of ,~adapting system-`software"
could mean tbat the hacl~ers installed back-
doors to secure access to the system or to the
root lesel, e~en if pz~sswords ~rrere ch~nged.
New versions of te]net, ftp, rlogin and other
programs could have been compiled tG log
access to the networks.
What really happened is anybl}dy's guess.
One point is that e~en the CRI acknowled-
ges tbat there were no "lbad" intentions on
the part of the hackers. They ~vere tLere tu
look around and pla.y with the networks.
About hacking ir1 yeneral
In the past we have warned tbat new Laws
against computer crime c;~n vnly be used
against hackers which are harmless Asainst
the rea] computer criminals a law is useless
because they wil] probably ren~ain untracea-
ble. The CRI re~ularly goes ~n the recorcl to
say tbat hackers are not the top priority in
computer crime investigation. It seems tbat
hackers are an easy target when something
has to be done'.
1 .... . .
And ''something had to be done": The pres-
sure from especially the U.S. to do some-
thing about the ~,hacking prohlem" was so
huge tbat it would have been alrnost humi-
liating for the Dutch not to respond. It
seems as if the arrests are mainly meant
to ease the American fear of the overseas
hacker-paradise.
; i; P~. JE~ifl~ i
~,~ - ' .r;~.~- - .'
A clo~er took at t1ze cl7~rges and dam~ges
The VU has launched the idea that system
security on their system was only needed be-
cause of these two hackers. All costs made in
relation to system security are billed to the
two people tFat just happened to get ill. For
people tbat lil~e to see hacking in terms of
analogies: It is like walLing into ~ bullding
full of students, fooling ar~und and then get-
ting the bill for the new alarm-system tbat
they had to install just for you.
Systems security is a normal part of the
daily task of every system~ adminstrator.
Not just beca.use the system has to be pro-
tected from break-ins from the outside, but
~Iso bec~use the users themseLves r~ee] to
be protecLed from each other. The 'bronlo'
man~gement ha~ neglected some of their du-
ties, and now they still have to secare their
system. This is not damages done, it's work
long overd~e.
I~S) ~l~ic ~nicn8~'k'`bc' | Das wisserlschal~che Fachl~latt für Datenreisende ! Ssite 23 |