Hire the hackers Misha Glenny
now this is a very unlike thing to do
but let’s kick off the afternoon with a
message from a mystery sponsor dear fox
news it has come to our unfortunate
attention that both the name and nature
of anonymous has been ravished anonymous
ladies and gentlemen a sophisticated
group of politically motivated hackers
who have emerged in 2011 and they’re
pretty scary you never know when they’re
going to attack next who or what the
consequences will be but interestingly
they have a sense of humor these guys
hacked into Fox News’s Twitter account
to announce President Obama’s
assassination now you can imagine the
panic that would have generated in the
news room at Fox what do we do now put
on a black armband or crack open the
champagne and of course
who could who could escape the irony of
a member of Rupert Murdoch’s News Corp
being a victim of hacking for a change
sometimes sometimes you know you turn on
the news and you say is there anyone
left to hack Sony PlayStation Network
done the government of Turkey tick
Britain’s Serious Organised Crime Agency
a breeze the CIA falling off a log in
fact a friend of mine from the security
industry told me the other day that
there are two types of companies in the
world those that know they’ve been
hacked and those that don’t I mean three
companies providing cybersecurity
services to the FBI have been hacked
I mean it is nothing sacred anymore for
heaven’s sake anyway
this mysterious group Anonymous and they
would say this themselves they are
providing a service by demonstrating how
useless companies are at protecting our
data but there is also a very serious
aspect to anonymous they are
ideologically driven they claim that
they are battling a dastardly conspiracy
they say that governments are trying to
take over the Internet and control it
and that they anonymous are the
authentic voice of resistance be it
against middle-eastern dictatorships
against global media corporations or
against intelligence agencies or whoever
it is and their politics are not
entirely unattractive okay they’re a
little inchoate and there’s a there’s a
strong whiff of sort of half-baked
anarchism about them but one thing is
true we are at the beginning of a mighty
struggle for control of the internet the
web links everything and very soon it
will mediate most human activity because
the Internet has fashioned a new and
complicated environment for an old age
dilemma that pits the demands of
purity with the desire for freedom now
this is a very complicated struggle and
unfortunately for mortals like you and
me we probably can’t understand it very
well nonetheless in an unexpected attack
of hubris a couple of years ago I
decided I would try and do that and I
sought I sort of get it
these were the various things that I was
looking at as I was trying to understand
it but in order to try and explain the
whole thing I would need another 18
minutes or so to do it so you’re just
gonna have to take it on trust for me on
this occasion and let me assure you that
all of these issues are involved in
cyber security and control of the
Internet one way or the other but in a
configuration that even Stephen Hawkins
would probably have difficulty trying to
get trying to get his head around so
there you are and as you see in the
middle there is our old friend the
hacker the hacker is absolutely central
to many of the political social and
economic issues affecting the net and so
I thought to myself well these are the
guys who I want to talk to and what do
you know nobody else does talk to the
hackers they’re completely anonymous as
it were so despite the fact that we are
beginning to pour billions hundreds of
billions of dollars into cybersecurity
for the most extraordinary technical
solutions no one wants to talk to these
guys the hackers who are doing
everything instead we prefer these
really dazzling technological solutions
which cost a huge amount of money
so nothing is going into into the
hackers well I say nothing but actually
there is one teeny-weeny little research
unit in turin italy called the hackers
profiling project and they are doing
some fantastic research into the
to ristic sin to the abilities and the
socialization of hackers but because
there are UN operation maybe that’s why
governments and corporations and that
interested in them and because it’s a UN
operation of course
it lacks funding but I think they’re
doing very important work because where
we have a surfeit of technology in the
cybersecurity industry we have a
definite lack of call me old-fashioned
human intelligence now so far I’ve
mentioned the hackers anonymous who are
a politically motivated hacking group of
course the criminal justice system
treats them as common or garden
criminals but interestingly anonymous
does not make use of its hacked
information for financial gain but what
about the real cyber criminals well real
organized crime on the internet goes
back about ten years when a group of
gifted Ukrainian hackers developed a
website which led to the
industrialization of cybercrime welcome
to the now forgotten realm of karma
planet this is how they were advertising
themselves a decade ago on the net now
kada planet was very interesting cyber
criminals would go there to buy and sell
stolen credit card details to exchange
information about new malware that was
was out there and remember this is a
time when we’re seeing for the first
time so-called off-the-shelf malware
this is sort of ready for use out of the
box stuff which you can deploy even if
you’re not a terribly sophisticated
hacker and so kartaa planet became a
sort of super market for cyber criminals
and its creators were incredibly smart
and entrepreneurial because they were
faced with one enormous challenges
cyber criminals and that challenge is
how do you do business how do you trust
somebody on the web who you want to do
business with when you know that they
are
I mean it’s axiomatic that they’re dodgy
and they’re going to want to try and rip
you off so the family as the inner core
of Carter planet was known came up with
this brilliant idea called the escrow
system they appointed an officer who
would mediate between the vendor and the
purchase of the vendor say of stolen
credit card details but Chester wanted
to get hold of them the purchaser would
send the administrative officer some
dollars digitally and the vendor would
sell the stolen credit card details and
the officer would then verify if the
credit card the stolen credit cards
worked and if they did he then passed on
the money to the vendor and the stolen
credit card details to the purchaser and
it was this which completely
revolutionized cybercrime on the web and
after that it just went wild we had a
champagne decade for people we known we
know as Carter’s now I spoke to one of
these Carter’s who will call red brigade
although that was not even his proper
nickname but I promised I wouldn’t
reveal who he was and he explained to me
how in 2003 and 2004 he would go on
sprees in New York
taking out $10,000 from an ATM here
30,000 from an ATM there using cloned
credit cards he was making on average a
week 150,000 dollars tax-free of course
and he said that he had so much money
stashed in his upper US East Side
apartment at one point that he just
didn’t know what to do with it and
actually fell into a depression but
that’s a slightly different story which
I won’t go into now now the interesting
thing about repre Gaede is is that he
wasn’t an advanced hacker he sort of
understood the technology and he
realized that security was very
important if you were going to be a cada
but he didn’t spend his days and nights
bent over a computer eating pizza
drinking coke and that sort of thing he
was out there on the town having a fab
time in enjoying the high life and this
is because hackers are only one element
in a cyber criminal enterprise and often
they’re the most vulnerable element of
all and I want to explain this to you by
introducing you to six characters who I
met while I was doing this research
dmitri golubov AKA script born in odessa
ukraine in 1982 now he developed his
social and moral compass and the Black
Sea port during the 1990s this was a
sink or swim environment where
involvement in criminal or corrupt
activities was entirely necessary if you
wanted to survive as an accomplished
computer user what Dmitri did was to
transfer the gangster capitalism of his
hometown on to the World Wide Web and he
did a great job in it you have to
understand over that from his ninth
birthday the only environment that he
knew was gangsterism he knew no other
way of making a living and making money
then we have Renault can’t subramanian
aka jillsy founder of dark market born
in colombo sri lanka as an 8 year old he
and his parents fled the sri lankan
capital because single e’s mobs were
roaming the city looking for Tamils like
Renu to murder at 11 he was interrogated
by the Sri Lankan military accused of
being a terrorist and his parents sent
him on his own to Britain as a refugee
seeking political asylum at 13 with only
little English and being bullied at
school he escaped into a world of
computers where he showed great
technical ability but he was soon being
seduced by people on the internet he was
convicted of mortgage and credit card
fraud and he will be released from
Wormwood Scrubs jail in London in 2012
from matrix zero zero 1 matrix null null
ants who was an administrator of dark
market born in southern Germany to a
state
and well-respected middle-class family
his obsession with gaming as a teenager
led him to hacking and he was soon
controlling huge servers around the
world where he stored his games that he
had cracked and pirated his slider into
criminality was incremental and when he
finally woke up to his situation and
understood the implications
he was already in too deep Mac’s vision
aka iseman mastermind of Cardoz market
born in Meridian Idaho Mack’s vision was
one of the best penetration testers
working out of Santa Clara California in
the late 90s for private companies and
voluntarily for the FBI now in the late
1990s he discovered a vulnerability on
all US government networks and he went
in and patched it up because this
included nuclear research facilities
sparing the American government a huge
security embarrassment but also because
he was an inveterate hacker he left a
tiny digital hot wormhole through which
he alone could crawl but this was
spotted by an eagle-eye investigator and
he was convicted at his open prison he
came under the influence of financial
fraud stirs and those financial
fraudsters persuaded him to work for
them on his release and this man with a
planetary size brain is now serving a
13-year sentence in California Adewale
tiwa aka Freddy BB master bank account
cracker from Abuja in Nigeria he set up
his prosaically entitled news group of
Bank frauds at Yahoo Co UK
before arriving in Britain in 2005 to
take a masters in chemical engineering
at Manchester University he impressed in
the private sector developing chemical
applications for the oil industry while
simultaneously running a worldwide bank
and credit card fraud operation that was
worth millions until his arrest in 2008
and then finally chart eye area pan aka
Chow one of the most remarkable hackers
ever from Ankara in Turkey he combines
the tremendous skills of a geek with the
suave social engineering skills of the
master criminal one of the smartest
people I’ve ever met he also had the
most effective virtual private network
security arrangement that police have
ever encountered amongst global cyber
criminals now the important thing about
all of these people is they share
certain characteristics despite the fact
that they come from very different
environments they are all people who
learnt their hacking skills in their
early to mid teens they are all people
who demonstrate advanced ability in
maths and the sciences remember when
they develop those hacking skills their
moral compass had not yet developed and
most of them with the exception of
script and chaough well they did not
demonstrate any real social skills in
the outside world only on the web and
the other thing is is the high incidence
of hackers like these who have
characteristics which are consistent
with Asperger’s syndrome
now I discussed this with Professor
Simon baron-cohen who’s the professor of
developmental psychopathology at
Cambridge and he has done path-breaking
work on autism and confirmed also for
the authorities here that gary mckinnon
who was who is wanted by the United
States for hacking into the to the
Pentagon suffers from acts per
Asperger’s and the secondary condition
of depression and Baron Cohen explained
that
certain disabilities can manifest
themselves in the hacking and computing
world as tremendous skills and that we
should not be throwing in jail
people who have such disabilities and
skills because they have lost their way
socially or been duped now I think we’re
missing a trick here because I don’t
think people like max vision should be
in jail and let me be blunt about this
in China in Russia and in loads of other
countries that are developing cyber
offensive capabilities this is exactly
what they are doing they are recruiting
hackers both before and after they
become involved in criminal and
industrial espionage activities and
mobilizing them on behalf of the state
we need to engage and find ways of
offering guidance to these young people
because they are a remarkable breed and
if we rely as we do at the moment solely
on the criminal justice system and the
threat of punitive sentences we will be
nurturing a monster we cannot tame thank
you very much for listening
so so your idea we’re spreading is hire
hackers how how would someone get over
that the kind of fear that the hacker
they hire might preserve that at all
teensy wormhole I think to an extent you
have to understand that it’s axiomatic
among hackers that they do that they are
you know they’re just relentless and
obsessive about what they do but all of
the people who I have spoken to who
fallen foul of the law they have all
said please please give us a chance to
work in the legitimate industry we just
never knew how to get there what we were
doing we want to work with you okay well
that makes sense
thanks a lot me sir