Hackers and Their Trackers

At the end of next week, against a surrealistic background of gambling machines, blackjack and roulette tables and fancy hotels, the best safe-builders in the world will meet face-to-face with potential safe crackers. Each side will present the methods it uses to confound its opponent.

If the event were transferred to a less digital world, it would certainly look very strange. At the end of next week, against a surrealistic background of gambling machines, blackjack and roulette tables and fancy hotels, the best safe-builders in the world will meet face-to-face with potential safe crackers. Each side will present the methods it uses to confound its opponent.

In the giant reception halls of Las Vegas, speakers wearing a "white hat" or a "black hat" - industry nicknames for people on the legitimate side of the law or the other - will follow one another at the podium. Afterward they will drink together peacefully at the bars and lounge by the swimming pools, tanning under the bright Nevada sun.

Among the best computer security experts in the world and the hackers who try to get past the firewalls set up to fend them off is one Israeli who will speak at both these most highly-regarded conventions in the world of computer security - Black Hat (the official security convention, www.blackhat.com) and DefCon (the official hackers convention, www.defcon.org), which will be taking place in the gambling city one after the other - Ofir Arkin.

Parallel lives

Like many of the hackers he tries to stop, Arkin, 29, has no academic letters after his name. He left his mathematics and computer studies at Haifa University before completing his degree, and acquired most of his knowledge from his own curiosity. Even today, when his resume includes consulting the second largest bank in Europe and building a security system for computerized banking, as well as work at several high-tech companies as head of information security, Arkin lives his life like Neo in "The Matrix" - on two parallel tracks that cross only occasionally.

By day Arkin holds a respectable job as head of security information at Golden Lines, and at night he is a volunteer researcher, delving deep into the world of computer crackers in order to learn as much as possible about their operating methods. From Arkin's perspective, the two conventions taking place next week in Las Vegas are another meeting point between the two worlds in which he spends his time.

"The conventions are different from one another," explains Arkin, who has attended four previous conventions, but will be participating as a speaker this year. "The people who attend Black Hat can afford to pay $1,500 for registration and among the computer security people in the audience one can also see more than a few personnel from every arm of the American military, the CIA, the NSA and basically every three-letter government agency I know of. The military and government agency people also go to DefCon a few days later to catch up on the innovations in the hacker community, but most of the audience there is different - registration is just $75."

Arkin's lectures at Black Hat and DefCon will focus on XProbe, a tool that he and two friends developed in their free time and uploaded onto the Web as an open code program. The program lets users discover which operating system is installed on a computer with a particular Internet protocol (IP) address according to the unique parameters of each operating system.

"The tool we developed is actually the basis for assessing the vulnerability of a particular system," explains Arkin, "and is therefore capable of reducing the number of checks one has to run on each computer whose vulnerability one wants to assess. There is no difference between the manner in which I check networks and the way a hacker does it. The only differences are the intention, the motivation and the information that the black side has and which is sometimes concealed from the white side.

Hackers will, for example, turn a computer into a `Zombie' so that they can use it to launch DDoS [Distributed Denial of Service] attacks [sending multiple simultaneous messages to a server or Web site to make it inaccessible to others by being busy or crashing], or will turn the computer into a server without the user's knowledge to blur the evidence of their break-in."

"Black hat" wearers are naturally interested in programs that will make it easier and faster for them to break into computers. Arkin believes that among the 300,000 surfers who have downloaded XProbe from his site (www.sys-security.com) there were more than a few representatives of the darker side of the Web.

Hands in the honey pot

"It is impossible to hide anything," he says. "Anyone can download XProbe for one purpose or another and anyone can also read the research I put on the site and learn more than a little about cracking computer security systems."

Arkin himself studies cracking into systems and keeps up-to-date with the operating methods of hackers around the world, mainly via his company, HoneyNet.org - a group of 25 security experts who publish their work tools in open code that is free for downloading, and which is involved in non-profit research. The group works by setting up a honey pot - unprotected computers that are connected to the Internet - and follows the "black hats" who break into them.

People at HoneyNet explain that the honey pot is built in such a fashion that is conceptually reminiscent of an aquarium - it is transparent for the "white hat" who is looking at it from the outside.

He can identify precisely what manipulations the "black hat" who has infiltrated it is trying to perform, and thus learn more about his tactics and what motivates him. Since the system is defined such that it will be locked to an outside user, any incoming movement is considered a break-in attempt and is monitored by the "white hats."

"Our record is a system that was cracked within 15 minutes from the moment we hooked it up to the Internet," says Arkin. "We collect the information that has accumulated on the computer and on the network and try to learn as much as we can about the person who broke in. In one case some Rumanian hackers broke into our traps and one of them had a Web camera that he used to show his friends what he was doing. After he was caught in the trap we were able to get his picture and even his name from the camera, and transferred the information to the appropriate authorities."

Many of the discussions at the conventions at which Arkin will be speaking next week will be dealing with this year's hottest topic - Wi-Fi, which facilitates wireless Internet access, and the implications of its use from the information security perspective. Recent surveys conducted in the United States and physical checks by security experts who drove around city centers in cars with scanners found that 90 percent of those who have wireless access points are not securing their networks.

This information was not news to Arkin, but he is still astonished by it. "The problem with people who do not encrypt access to their access points is not only that others will surf at their expense," explains Arkin, taking the air out of the socialist vision of cooperation between networks for everyone's benefit. "The lack of encryption allows hackers to reveal the information that the user is transmitting, such as passwords, and to harm him.

"No one can stop progress," says Arkin when asked if it is worthwhile for home users to refrain from using wireless networks because of the security problems, "but we have to be aware of the dangers and take a few basic security steps - they should use encryption and change the encryption key every few days."