Chaos Computer Club 1997 February

home *** CD-ROM | disk | FTP | other *** search

/ Chaos Computer Club 1997 February / cccd_beta_feb_97.iso / chaos / ds38 / ds38_23.txt < prev next >

Wrap

Text File | 1997-02-28 | 6KB | 163 lines

DUTCH POLICE ARRESTS HACKERS f7~e facts At 10.30 in the morning vf rnonday the 27th of January 1992 Dutch police searcheci the homes of two hackers. In the city 03 Roer v mond, the parental homle of the. 21-year old student :EI.W. was searched a.nd in Nuenen the same happened to the parenta.l home of R.N., a Computer Science engineer, age 25. Both ~Yere arrested and taLen ir~to cust~dy. At both sites, members of the Am~terd3~m Police Pilot Team ~lor computer ccime Nvere present, .alongside local police officors and representatives of the national org;misa~tion CRI (Criminal Investigations Agency) Both suspects were transported to Arr~sterdam. The brother of one of the susl~ects was told the suspects could recciYe no visits or mail. All of this has happened more than one week ago and the two are still in ~aii as we write this. ~e charges A break-in supposedly occured at the bronto.geo.vu.nl site at the VU University in Amsterd~en. This UNIX system running on a SUN station (IP 130.37.64;3) has been taken off the net at least for the duration of the investigation. What 'happened to the actual hardware is unknown at thi~ tinre. The formal charges are: forgery, rackeLee- ring and vandalism. The police justifies the forgery part by clalming that files on the system have been changed. The vandalism charge is valid bec~use the system had to be taken vff the net for a perlod of time to in- vestigate the extent of the damage. By pre- tending to be regular users or even systern management the hackers committed racke- teering, the police says. Both suspects, according to the Dutch po- lice, have made a full statement. According to ~ police spoLesman the motiYe wa5 "fana- tical hobbyismt'. Spokesperso~ Slort for the CRI speakes of the ?'kicl; of seeing how ~r you can get". .~,~. f~.~ ~ ~- "Dam~es)' According to J. Renkema, head of the geo- physics faculty at the VIJ, the university is considering filing a ciYiL lawsait against the suspects. "The system was contaminated because of their doing and had to be clea- ned out. This cost months of labour and 50.000 gullders (about US$ :lU,O(10?. Registe- red users pa~y for access to the system and these hackers did not. Result: tens of thou- sands of guilders in damages.~ Renkema also speaks of a ,~moral disadvantage": The uni- versity lost trust from other sites on the nct- work. Renkema claims thc uniYcrsity runs the risk of being expelLed from some net- works. SeNe za | Das wissenschaNiche Fachblatt ftir Datenreisende ~it ~nlt~nitr| Renkema also clalms the hackers were dis- c~vered almost immediately after the break- in and were monitored at alL times. This means all the damages had occured under the watchful eyes of the superYisors. All this time, no action was taken to kick lhe hac- kers off the system. Accordina to Renkema all systerns at the VU were protected accor- ding to ~uidelines as laid down by CERT and Sur£Net B\7 (SurfNet is thc company tbst runs most of the ir~ter-uniYersit~r data- traffic in The Netherlands). What reaIly happened? The charKe of ,~adapting system-`software" could mean tbat the hacl~ers installed back- doors to secure access to the system or to the root lesel, e~en if pz~sswords ~rrere ch~nged. New versions of te]net, ftp, rlogin and other programs could have been compiled tG log access to the networks. What really happened is anybl}dy's guess. One point is that e~en the CRI acknowled- ges tbat there were no "lbad" intentions on the part of the hackers. They ~vere tLere tu look around and pla.y with the networks. About hacking ir1 yeneral In the past we have warned tbat new Laws against computer crime c;~n vnly be used against hackers which are harmless Asainst the rea] computer criminals a law is useless because they wil] probably ren~ain untracea- ble. The CRI re~ularly goes ~n the recorcl to say tbat hackers are not the top priority in computer crime investigation. It seems tbat hackers are an easy target when something has to be done'. 1 .... . . And ''something had to be done": The pres- sure from especially the U.S. to do some- thing about the ~,hacking prohlem" was so huge tbat it would have been alrnost humi- liating for the Dutch not to respond. It seems as if the arrests are mainly meant to ease the American fear of the overseas hacker-paradise. ; i; P~. JE~ifl~ i ~,~ - ' .r;~.~- - .' A clo~er took at t1ze cl7~rges and dam~ges The VU has launched the idea that system security on their system was only needed be- cause of these two hackers. All costs made in relation to system security are billed to the two people tFat just happened to get ill. For people tbat lil~e to see hacking in terms of analogies: It is like walLing into ~ bullding full of students, fooling ar~und and then get- ting the bill for the new alarm-system tbat they had to install just for you. Systems security is a normal part of the daily task of every system~ adminstrator. Not just beca.use the system has to be pro- tected from break-ins from the outside, but ~Iso bec~use the users themseLves r~ee] to be protecLed from each other. The 'bronlo' man~gement ha~ neglected some of their du- ties, and now they still have to secare their system. This is not damages done, it's work long overd~e. I~S) ~l~ic ~nicn8~'k'`bc' | Das wisserlschal~che Fachl~latt für Datenreisende ! Ssite 23 |