From InformationWeek Posted by Larry Greenemeier on Nov 4, 2005 at 06:36 PM
The recent arrest and 17-count indictment against 20-year-old accused hacker and botmaster Jeanson James Ancheta for both using and selling the tools to attack a number of networks, including some within the Defense Department, should be taken as a shot across the bow by anyone who reads this. Ancheta is accused of being part of a new breed of criminal hacker: not just in it for the fame–sure, he’s getting his 15 minutes, although it could be more like 50 years–but rather after money. According to the charges against him, Ancheta even managed to collect nearly $60,000 by creating, spreading, and selling bots to the highest bidders. By all accounts, Ancheta is smart and motivated, and there was a market for his black-market guerrilla hacking tactics and tools. How do you stop a smart, motivated attacker from making your life miserable? Read carefully.
To catch a thief, or in this case a cyberterrorist, you have to think like one. IT professionals have been conditioned to think defensively, draping their networks with sensor-studded barbed wire and using firewalls and intrusion-prevention systems to lock down doors and windows around the perimeter. But there’s an emerging school of thought that says only a more proactive approach to security can prepare companies for the unexpected.