Europe battles insiders-turned-hackers

A security adviser for the European Electronic Crimes Task Force (EECTF) in Milan has warned that governments and businesses...

A security adviser for the European Electronic Crimes Task Force (EECTF) in Milan has warned that governments and businesses around the world are blighted by insiders who become hackers for profit.

"The 'grey hat' phenomenon is growing in Europe," said Dario Forte, referring to people employed as security consultants who also engage in criminal computer hacking.

"Companies should increase screening and control of IT personnel. And customers should think twice before leaving their IT systems in the hands of contractors."

Forte outlined a recent investigation into an Italian hacker group known as the Reservoir Dogs. Of the 14 members arrested last August by the Italian financial police in what became known as Operation Rootkit, 10 were employed as security experts and four were minors.

The group was responsible for a series of hacking incidents that spanned the globe and included the likes of NASA, the US Army and Navy and various financial companies in the US and abroad.

"Some were working as information security managers in big consulting firms and Internet service providers, even Italian branches of US companies," said Forte. "They were white hats by day and black hats by night."

Because the case is still open, Dario was unable to name the companies involved. However, he did say that Operation Rootkit involved investigations into more than 1,000 compromised systems in the US and Europe, including 100 US military and government systems. Law enforcement officials from the US and Europe seized more than 40 computers belonging to the hackers, as well as nearly a terabyte worth of evidence that included hundreds of stolen credit card numbers.

The Reservoir Dogs, led by a hacker known as Pentoz, employed internal communications methods similar to those used by crime rings, such as encrypted Internet Relay Chat sessions, secure shell and IPv6 tunnels, said Forte. In addition, "they used compromised machines for one single criminal act and then they burned it [clean of evidence]," he added.

In addition to using a compromised University of Pennsylvania system to launch attacks, the group also took control of a corporate web server in Germany and used it to attack US Army systems. Working with the US Army's criminal Investigation Division, Forte was able to trace many of the attacks back to a flat-rate dial-up service in Italy used by members of the group.

"Without international co-operation, it wouldn't have been possible to achieve a good correlation of events," said Forte.

In the Cyprus Credit Card Case, Forte was notified that the leader of a worldwide credit card trafficking ring had been arrested in Cyprus. The EECTF was able to arrange for the travel of both the evidence and police officers involved in the case to its forensic lab in Italy.

Once in Italy, the EECTF was able to conduct a forensic examination that recovered enough evidence to keep the defendants in jail until a more complete investigation could be completed in the US.

Dan Verton writes for Computerworld

Read more on IT risk management