Railtrack, Lloyds of London Web hacker explains motives

Credit card numbers not safe for e-commerce, he warns

Interview A member of a group which hacked into the Lloyds of London web site twice in one day has explained his intent in an exclusive interview with The Register. Over the New Year, Lloyds and a number of other sites including Railtrack UK, Eidos, and the Electronic Frontier Foundation (EFF) suffered attacks to their sites from groups appearing to act in concert. The hacker, who calls himself MisterX, also claims, in the interview below, that credit card transactions across the Internet are unsafe, and that he and his group have methods for hoovering up confidential data from Web sites. Q Hackers are generally described in the press as malicious or mischievous. Is there any serious intent to this activity, is it an intellectual exercise or is it just done for "fun" or to see if it can be done? ASome people do it for intellectual challenge, others do it with malicious intent. Some do it for fame amongst the hacker community, but all they get is disrespect. My hacks were to prove a point, which I think they have done. Many large UK organisations need to revise their security strategies, or lack of them. I defaced web sites to prove this point, but I could have easily got access to other systems and caused alot of damage. I am trying to make the community, in general, aware of the threats of cyber terrorism, and how real they are. Q What are the lessons large businesses should learn from their apparent inability to protect themselves against hacking? A They could have protected themselves from the attacks I used on them if only they had kept up to date on the latest computer security developments. Q Is there a worldwide network of people who share ideas and collectively hack sites, or is it more like small groups who have little contact with each other? A There is an underground scene, which shares files unreleased to the public. [These are] files on the latest security developments hot off the press, way before the public even knows these holes exist. But good morals normally lead them into the open. As for web site defacement it is generally small groups that do this, trying to compete against each other, and these groups are not very well respected within the mainstream community. Q Are the legal penalties against hacking that many governments have instituted any deterrent at all? Are the legal penalties too heavy handed? A Some governments have ridiculous penalties, as in the case of two Chinese hackers who stole a measly amount from a bank and were sentenced to death. The UK is more lax on the law in this respect :) I would just like to delve slightly into e-commerce. I warn the public about the drastic dangers of shopping online. I, personally, could break into a number of highly used e-commerce sites and steal the credit card numbers of every customer that ever shopped there. The head of Novell that shopped online and had his credit card number snarfed, said it was due to cookies. Well, the truth is someone most probably broke into one of the sites he used it on and his wasn't the only card abused, yet the site probably would not have even know the attack had taken place, and could still be taking place. Shopping online is not safe at the moment, despite what the big companies say, and which are just trying endlessly to grab your money, and see as the Internet as just another means of doing so. They tell you that they care about your security, OK, I grant them that, maybe they do. It is not in their hands though. As I mentioned earlier, hackers have resources unavailable to the general public, meaning a system administrator may think his site is secure, but, some one some where has a method of breaking in. ® Lloyds of London, Met Office follow Railtrack UK in hack attack

Sponsored: Driving business with continuous operational intelligence