Hacker trainer for law enforcement agents

Intruder School

© Neliana Kostadinova, Fotolia.com

© Neliana Kostadinova, Fotolia.com

Article from Issue 102/2009
Author(s):

A former intrusion specialist is training a gathering of European law enforcement agents in how the bad guys work on the Internet. Contributing editor Markus Feilner stops in for a lesson in attack techniques.

November 2008. Freiburg is supposed to be Germany's "sunniest city," but today, on my way to a special forensics conference, the rain is constant. Tobi, an ex-hacker who is now a forensics expert and trainer, is training 20 representatives from a smattering of European law enforcement agencies (Figure 1). The sessions over the next few days will cover topics such as rootkits, CSS scripting attacks, and browser compromise. The participants will also learn how attackers use professional software to create, distribute, and administer botnets, trojans, and viruses.

Even showing up for this event invites some legal risk. German law forbids such training. Yet many agencies feel it is impossible to maintain IT security without an understanding of the tools used by professional intruders.

The whole problem is that the criminal world isn't too worried about statutes. A well-trained and highly organized community of intrusion specialists even distributes user-friendly software to aspiring beginners so that anyone can get in the game. One of the agents groans, "By now, any mouse-pusher or script kiddie can practice his art at breakneck speed."

[...]

Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Backdoors

    Backdoors give attackers unrestricted access to a zombie system. If you plan to stop the bad guys from settling in, you’ll be interested in this analysis of the tools they might use for building a private entrance.

    more »
  • Honeynet

    Security-conscious admins can use a honeynet to monitor, log, and analyze intrusion techniques.

    more »
  • Web Attacks Using HTTP Parameter Pollution

    At the OWASP AppSec Poland 2009 web security conference two Italian security experts presented a new kind of web application attack threat. The presentation slides for the method called HTTP Parameter Pollution (HPP) are now available online.

    more »
  • OWASP Releases Web-Security Videos

    The Open Web Application Security Project (OWASP) has placed videos of its latest conference online. The open- source project concerns itself with web application security.

    more »
  • ESAPI: Porting Security Methods to PHP

    Andrew van der Stock from the Open Web Application Security Project (OWASP) is porting Enterprise Security API (ESAPI) methods to PHP.

    more »
comments powered by Disqus