Feeds

Railtrack, Lloyds of London Web hacker explains motives

Credit card numbers not safe for e-commerce, he warns

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Interview A member of a group which hacked into the Lloyds of London web site twice in one day has explained his intent in an exclusive interview with The Register. Over the New Year, Lloyds and a number of other sites including Railtrack UK, Eidos, and the Electronic Frontier Foundation (EFF) suffered attacks to their sites from groups appearing to act in concert. The hacker, who calls himself MisterX, also claims, in the interview below, that credit card transactions across the Internet are unsafe, and that he and his group have methods for hoovering up confidential data from Web sites. Q Hackers are generally described in the press as malicious or mischievous. Is there any serious intent to this activity, is it an intellectual exercise or is it just done for "fun" or to see if it can be done? ASome people do it for intellectual challenge, others do it with malicious intent. Some do it for fame amongst the hacker community, but all they get is disrespect. My hacks were to prove a point, which I think they have done. Many large UK organisations need to revise their security strategies, or lack of them. I defaced web sites to prove this point, but I could have easily got access to other systems and caused alot of damage. I am trying to make the community, in general, aware of the threats of cyber terrorism, and how real they are. Q What are the lessons large businesses should learn from their apparent inability to protect themselves against hacking? A They could have protected themselves from the attacks I used on them if only they had kept up to date on the latest computer security developments. Q Is there a worldwide network of people who share ideas and collectively hack sites, or is it more like small groups who have little contact with each other? A There is an underground scene, which shares files unreleased to the public. [These are] files on the latest security developments hot off the press, way before the public even knows these holes exist. But good morals normally lead them into the open. As for web site defacement it is generally small groups that do this, trying to compete against each other, and these groups are not very well respected within the mainstream community. Q Are the legal penalties against hacking that many governments have instituted any deterrent at all? Are the legal penalties too heavy handed? A Some governments have ridiculous penalties, as in the case of two Chinese hackers who stole a measly amount from a bank and were sentenced to death. The UK is more lax on the law in this respect :) I would just like to delve slightly into e-commerce. I warn the public about the drastic dangers of shopping online. I, personally, could break into a number of highly used e-commerce sites and steal the credit card numbers of every customer that ever shopped there. The head of Novell that shopped online and had his credit card number snarfed, said it was due to cookies. Well, the truth is someone most probably broke into one of the sites he used it on and his wasn't the only card abused, yet the site probably would not have even know the attack had taken place, and could still be taking place. Shopping online is not safe at the moment, despite what the big companies say, and which are just trying endlessly to grab your money, and see as the Internet as just another means of doing so. They tell you that they care about your security, OK, I grant them that, maybe they do. It is not in their hands though. As I mentioned earlier, hackers have resources unavailable to the general public, meaning a system administrator may think his site is secure, but, some one some where has a method of breaking in. ® Lloyds of London, Met Office follow Railtrack UK in hack attack

Providing a secure and efficient Helpdesk

More from The Register

next story
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.