Feeds

Railtrack, Lloyds of London Web hacker explains motives

Credit card numbers not safe for e-commerce, he warns

  • alert
  • submit to reddit

Protecting users from Firesheep and other Sidejacking attacks with SSL

Interview A member of a group which hacked into the Lloyds of London web site twice in one day has explained his intent in an exclusive interview with The Register. Over the New Year, Lloyds and a number of other sites including Railtrack UK, Eidos, and the Electronic Frontier Foundation (EFF) suffered attacks to their sites from groups appearing to act in concert. The hacker, who calls himself MisterX, also claims, in the interview below, that credit card transactions across the Internet are unsafe, and that he and his group have methods for hoovering up confidential data from Web sites. Q Hackers are generally described in the press as malicious or mischievous. Is there any serious intent to this activity, is it an intellectual exercise or is it just done for "fun" or to see if it can be done? ASome people do it for intellectual challenge, others do it with malicious intent. Some do it for fame amongst the hacker community, but all they get is disrespect. My hacks were to prove a point, which I think they have done. Many large UK organisations need to revise their security strategies, or lack of them. I defaced web sites to prove this point, but I could have easily got access to other systems and caused alot of damage. I am trying to make the community, in general, aware of the threats of cyber terrorism, and how real they are. Q What are the lessons large businesses should learn from their apparent inability to protect themselves against hacking? A They could have protected themselves from the attacks I used on them if only they had kept up to date on the latest computer security developments. Q Is there a worldwide network of people who share ideas and collectively hack sites, or is it more like small groups who have little contact with each other? A There is an underground scene, which shares files unreleased to the public. [These are] files on the latest security developments hot off the press, way before the public even knows these holes exist. But good morals normally lead them into the open. As for web site defacement it is generally small groups that do this, trying to compete against each other, and these groups are not very well respected within the mainstream community. Q Are the legal penalties against hacking that many governments have instituted any deterrent at all? Are the legal penalties too heavy handed? A Some governments have ridiculous penalties, as in the case of two Chinese hackers who stole a measly amount from a bank and were sentenced to death. The UK is more lax on the law in this respect :) I would just like to delve slightly into e-commerce. I warn the public about the drastic dangers of shopping online. I, personally, could break into a number of highly used e-commerce sites and steal the credit card numbers of every customer that ever shopped there. The head of Novell that shopped online and had his credit card number snarfed, said it was due to cookies. Well, the truth is someone most probably broke into one of the sites he used it on and his wasn't the only card abused, yet the site probably would not have even know the attack had taken place, and could still be taking place. Shopping online is not safe at the moment, despite what the big companies say, and which are just trying endlessly to grab your money, and see as the Internet as just another means of doing so. They tell you that they care about your security, OK, I grant them that, maybe they do. It is not in their hands though. As I mentioned earlier, hackers have resources unavailable to the general public, meaning a system administrator may think his site is secure, but, some one some where has a method of breaking in. ® Lloyds of London, Met Office follow Railtrack UK in hack attack

Website security in corporate America

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Apple CEO Tim Cook: TV is TERRIBLE and stuck in the 1970s
The iKing thinks telly is far too fiddly and ugly – basically, iTunes
Huawei ditches new Windows Phone mobe plans, blames poor sales
Giganto mobe firm slams door shut on Microsoft. OH DEAR
Phones 4u website DIES as wounded mobe retailer struggles to stay above water
Founder blames 'ruthless network partners' for implosion
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.