Hacking wave targets the campus computer

Click to follow
The Independent Online
British businesses and universities are coming under concerted attack from hackers, according to a senior computer expert. He says that an average of one computer is being hacked into each day - and that the real figure could be 25 times higher.

In some cases the hackers could be accessing sensitive corporate information without the real users being aware of it, said Dennis Jackson, the coordinator of the UK's Computer Emergency Response Team (CERT), which acts both as a clearing house and informal investigation team for hacking incidents.

A team of hackers contacted The Independent last week to claim that they broke into the CERT computer system 10 days ago and copied a number of programs which they found there.

They said these "could and will be used to attack systems in the future. Many of these tools are highly sophisticated and will allow new systems to be breached, which were previously regarded as highly secure."

But Mr Jackson denied that any such breach had occurred, although information sent to The Independent suggested that the hackers had accessed his electronic mail account.

They forwarded a copy of an electronic mail message from a military source in the United States to Mr Jackson which answered a query from the CERT about a possible hacking method.

Mr Jackson did acknowledge though that the threat from hackers is intensifying with the growth of computer use in the United Kingdom.

"There are probably about 300 or 400 computer break-ins each year, and experiments by the US Defense Department show that only 4 per cent of intrusions are discovered. You can work it out how many that makes," he said.

The attacks are not limited to the academic sector, which is traditionally low on security. Mr Jackson said: "Internet service providers are easy targets, but there have been a small number in the industrial sector." The hackers did sometimes penetrate into commercial systems with valuable information, he said.

British hackers are also becoming more accomplished, he acknowledged. "There may have been a disproportionate increase in the UK because they have at last learnt what their US competitors can do. For some time hackers in this country seemed comparatively clueless, compared with the US ones."

Celebrated US hackers include Kevin Mitnick, who was arrested in 1994 after evading the police. He was thought to have downloaded thousands of credit card numbers from a company's database, though it was not thought he ever used any of them. Other US hackers created programs which generated valid credit card numbers for any company, and spread them on the Internet.

The group which claimed to have broken into CERT's computers told The Independent that their purpose was simply to "see what investigations were ongoing". Their advice to CERT was "tighten up your security".

Mr Jackson said that if the break-in was confirmed it would be "very embarrassing".

There is not yet any industrial equivalent of CERT, and business problems do not attract CERT's attention "because our funding doesn't come from them". A joint body, with industry funding, would be "a marvellous idea", Mr Jackson said.

Hacking constitutes a crime under the Computer Misuse Act, though companies which knowingly operated lax computer security might be liable to prosecution under the Data Protection Act.