Sheriff of the Internet

Ofir Arkin: It is impossible to hide anything. Anyone can download XProbe for one purpose or another and anyone can also read the research I put on the site and learn more than a little about cracking computer security systems.An …

Ofir Arkin: It is impossible to hide anything. Anyone can download XProbe for one purpose or another and anyone can also read the research I put on the site and learn more than a little about cracking computer security systems.An Israeli computer security expert will be one of the featured speakers this week as the world’s best safe builders meet with the world’s best safecrackers in Las Vegas.

While “white hat” or “black hat” speakers – industry nicknames for people on the legitimate side of the law or the other – will choose between the Black Hat security convention and the DefCon hackers convention which will be taking place successively in the gambling capital of the world, Ofir Arkin will be addressing both audiences.

Arkin studied mathematics and computers at Haifa University, but left before completing his degree. But that hasn’t stopped the 29-year old from consulting the second largest bank in Europe and building a security system for computerized banking, as well as work at several high-tech companies as head of information security.

Arkin, whose day job is head of security information at Golden Lines, spends most of his free time probing the world of computer crackers in order to learn as much as possible about their operating methods. The two conventions in Las Vegas provide him with a natural meeting point between his two worlds. And while he has attended four conferences previously, these are the first two at which he is speaking.

“The conventions are different from one another,” Arkin told Ha’aretz “The people who attend Black Hat can afford to pay $1,500 for registration and among the computer security people in the audience one can also see more than a few personnel from every arm of the American military, the CIA, the NSA and basically every three-letter government agency I know of. The military and government agency people also go to DefCon a few days later to catch up on the innovations in the hacker community, but most of the audience there is different – registration is just $75.”

Arkin’s lectures at Black Hat and DefCon will focus on XProbe, a tool that he and two friends developed in their free time and uploaded onto the Web as an open code program. The program lets users discover which operating system is installed on a computer with a particular Internet protocol (IP) address according to the unique parameters of each operating system.

“The tool we developed is actually the basis for assessing the vulnerability of a particular system,” Arkin told Ha’aretz, “and is therefore capable of reducing the number of checks one has to run on each computer whose vulnerability one wants to assess. There is no difference between the manner in which I check networks and the way a hacker does it. The only differences are the intention, the motivation and the information that the black side has and which is sometimes concealed from the white side.”

According to Arkin, “Black hat” wearers are naturally interested in programs that will make it easier and faster for them to break into computers. Arkin told Ha’aretz that among the 300,000 surfers who have downloaded XProbe from his site there were more than a few representatives of the darker side of the Web.

“It is impossible to hide anything,” he says. “Anyone can download XProbe for one purpose or another and anyone can also read the research I put on the site and learn more than a little about cracking computer security systems.”

Arkin himself studies cracking into systems and keeps up-to-date with the operating methods of hackers around the world, mainly via his company, HoneyNet.org – a group of 25 security experts who publish their work tools in open code that is free for downloading, and which is involved in non-profit research. The group
works by setting up a honey pot – unprotected computers that are connected to the Internet – and follows the “black hats” who break into
them.

According to Arkin, he can identify precisely what manipulations the “black hat” who has infiltrated it is trying to perform, and thus learn more about his tactics and what motivates him. Since the system is defined such that it will be locked to an outside user, any incoming movement is considered a break-in attempt and is monitored by the “white hats.”

“Our record is a system that was cracked within 15 minutes from the moment we hooked it up to the Internet,” says Arkin. “We collect the information that has accumulated on the computer and on the network and try to learn as much as we can about the person who broke in. In one case some Rumanian hackers broke into our traps and one of them had a Web camera that he used to show his friends what he was doing. After he was caught in the trap we were able to get his picture and even his name from the camera, and transferred the information to the appropriate authorities.”

Many of the discussions at the conventions at which Arkin will be speaking next week will be dealing with this year’s hottest topic – Wi-Fi, which facilitates wireless Internet access, and the implications of its use from the information security perspective. Recent surveys conducted in the United States and physical checks by security experts who drove around city centers in cars with scanners found that 90 percent of those who have wireless access points are not securing their networks.

This information was not news to Arkin, but he is still astonished by it. “The problem with people who do not encrypt access to their access points is not only that others will surf at their expense,” explains Arkin, taking the air out of the socialist vision of cooperation between networks for everyone’s benefit. “The lack of encryption allows hackers to reveal the information that the user is transmitting, such as passwords, and to harm him.”

“No one can stop progress,” says Arkin when asked if it is worthwhile for home users to refrain from using wireless networks because of the security problems, “but we have to be aware of the dangers and take a few basic security steps – they should use encryption and change the encryption key every few days.”


(Copyright 2003 by Ha’aretz)