Hackers for Hire Corporate Computer Networks and Home PCs Are Vulnerable to outside Invasions. Consultants Who Are Paid to Hack into Systems Tell Us How They Get in, and How to Keep Other Hackers Out
Mawhorr, S. A., Daily Herald (Arlington Heights, IL)
Byline: S. A. Mawhorr Daily Herald Business Writer
But the hackers at Ernst & Young only hack with permission from clients who want to find out just how secure their computer networks are.
All too often their job is all too easy.
Computer networks often prove easy to access because employees disregard security protocols, the networks are configured poorly and because the software running computer systems invariably is rife with mistakes that give hackers opportunities.
"What most people have to worry about is not hackers writing massive code in some dark room somewhere," said Erich Bublitz, one of the 120 or so professional hackers working for Ernst & Young around the globe.
What they have to worry about is usually well within their control.
A mistake many companies make is failing to assign passwords or using easy-to-guess passwords.
"Just about any company we go to without exception, we get into half the machines just guessing the password or because the password was left blank," Bublitz said.
Another common problem is employees set up Web sites, e-mail accounts or high-speed cable modems on their company's network independent of any security measures.
And then there's LAN-jacking. (LAN stands for local area network.) Hackers, who drive around a city with an antenna hooked up to a laptop, can hijack transmissions out of the air.
LAN-jacking is possible thanks to inexpensive wireless routers that sell of $150 or so at retail stores and sit innocuously enough on office desks or shelves in a house. The routers allow people to expand their networks without adding workstations.
The transmissions don't go far - the signal is as strong as that of a cordless telephone. But they do travel through walls out into the street where cruising hackers can use them to jump into a network like a cat burglar happening upon an open window when no one's home.
Many networks are vulnerable because they weren't built with security in mind.
Companies sometimes openly identify where the firewall is - the firewall being the very thing protecting the operating system from hackers lurking out on the Internet. Some just don't have a firewall at all, which is like leaving the front door wide open for that burglar driving through the neighborhood.
If a hacker can't guess a password or find a hole in the network, he or she might just look to see what kind of computers and software run the system and then look for vulnerability in those products.
Every operating system has embedded vulnerabilities and companies will distribute fixes for these weaknesses, called patches. But not everyone knows about these patches or realizes their significance and hackers know that.
All a hacker has to do is type a description of the operating system, such as a Microsoft server running on a Windows NT platform, into a search engine like Google to get a listing of its vulnerabilities.
In fact, all of the tools and information the Ernst & Young hackers use can be found on the Web.
It's all out there so people can build and maintain networks. The problem is that the tools and information, like anything else, can be used to do harm as well as good.
"It's all on the Web and it's easy to use," said Dave Dobrotka, an Ernst & Young hacker. …