Feeds

Railtrack, Lloyds of London Web hacker explains motives

Credit card numbers not safe for e-commerce, he warns

  • alert
  • submit to reddit

Mobile application security vulnerability report

Interview A member of a group which hacked into the Lloyds of London web site twice in one day has explained his intent in an exclusive interview with The Register. Over the New Year, Lloyds and a number of other sites including Railtrack UK, Eidos, and the Electronic Frontier Foundation (EFF) suffered attacks to their sites from groups appearing to act in concert. The hacker, who calls himself MisterX, also claims, in the interview below, that credit card transactions across the Internet are unsafe, and that he and his group have methods for hoovering up confidential data from Web sites. Q Hackers are generally described in the press as malicious or mischievous. Is there any serious intent to this activity, is it an intellectual exercise or is it just done for "fun" or to see if it can be done? ASome people do it for intellectual challenge, others do it with malicious intent. Some do it for fame amongst the hacker community, but all they get is disrespect. My hacks were to prove a point, which I think they have done. Many large UK organisations need to revise their security strategies, or lack of them. I defaced web sites to prove this point, but I could have easily got access to other systems and caused alot of damage. I am trying to make the community, in general, aware of the threats of cyber terrorism, and how real they are. Q What are the lessons large businesses should learn from their apparent inability to protect themselves against hacking? A They could have protected themselves from the attacks I used on them if only they had kept up to date on the latest computer security developments. Q Is there a worldwide network of people who share ideas and collectively hack sites, or is it more like small groups who have little contact with each other? A There is an underground scene, which shares files unreleased to the public. [These are] files on the latest security developments hot off the press, way before the public even knows these holes exist. But good morals normally lead them into the open. As for web site defacement it is generally small groups that do this, trying to compete against each other, and these groups are not very well respected within the mainstream community. Q Are the legal penalties against hacking that many governments have instituted any deterrent at all? Are the legal penalties too heavy handed? A Some governments have ridiculous penalties, as in the case of two Chinese hackers who stole a measly amount from a bank and were sentenced to death. The UK is more lax on the law in this respect :) I would just like to delve slightly into e-commerce. I warn the public about the drastic dangers of shopping online. I, personally, could break into a number of highly used e-commerce sites and steal the credit card numbers of every customer that ever shopped there. The head of Novell that shopped online and had his credit card number snarfed, said it was due to cookies. Well, the truth is someone most probably broke into one of the sites he used it on and his wasn't the only card abused, yet the site probably would not have even know the attack had taken place, and could still be taking place. Shopping online is not safe at the moment, despite what the big companies say, and which are just trying endlessly to grab your money, and see as the Internet as just another means of doing so. They tell you that they care about your security, OK, I grant them that, maybe they do. It is not in their hands though. As I mentioned earlier, hackers have resources unavailable to the general public, meaning a system administrator may think his site is secure, but, some one some where has a method of breaking in. ® Lloyds of London, Met Office follow Railtrack UK in hack attack

The Power of One Brief: Top reasons to choose HP BladeSystem

More from The Register

next story
Stick a 4K in them: Super high-res TVs are DONE
4,000 pixels is niche now... Don't say we didn't warn you
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple fell into IBM's arms
But never fear fanbois, you're still lapping up iPhones, Macs
Philip K Dick 'Nazi alternate reality' story to be made into TV series
Amazon Studios, Ridley Scott firm to produce The Man in the High Castle
Amazon Reveals One Weird Trick: A Loss On Almost $20bn In Sales
Investors really hate it: Share price plunge as growth SLOWS in key AWS division
Bose says today is F*** With Dre Day: Beats sued in patent battle
Music gear giant seeks some of that sweet, sweet Apple pie
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Too many IT conferences to cover? MICROSOFT to the RESCUE!
Yet more word of cuts emerges from Redmond
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.