Forwarded from: Robert G. Ferrell <[EMAIL PROTECTED]> >Forwarded from: Lance Spitzner <[EMAIL PROTECTED]> > >On Mon, 30 Jun 2003, InfoSec News wrote: > > > But Barrett, technical director at Information Risk Management, > > questioned how any hacker could own 600 computers at any one time. > > > > From his experience working with the police, he said that hackers > > typically control no more than 12 systems at any time. > > > > "The sheer mechanics of 600 computers - no. How can you control 600 > > computers?" he said.
Well, it depends on what you mean by "control." Logistically, it would be very difficult to dictate every process running on 600 nodes. However, simply to compromise and install a backdoor for possible future use, or run some automated data collection utility that doesn't require centralized feedback is relatively simple on that scale. However, I take issue with the bald statement that "the average hacker 'owns' between 600 and 800 systems at any time." That's really misleading. How do you define 'average hacker?' The 'average' script kiddie who defaces Web pages for kicks? The 'average' IRC packet monkey who gets off on kicking people he doesn't like from other people's channels? The 'average' identity thief lying in wait to steal Privacy Act information from eCommerce sites? The 'average' security consultant looking to boost his/her media presence? The 'average hacker' doesn't root anyone's boxes but his own. RGF Robert G. Ferrell [EMAIL PROTECTED] - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail.
