Italian hackers: Business or leisure?

Police say the 14 hackers accused of breaking into the servers of NASA and other government and military organisations wrote their own software and used complex methods to cover their tracks

The technical expert in charge of the unit that arrested 14 hacking suspects last week has characterised the hackers as a sophisticated criminal network that stole sensitive information from businesses and government, while funding its activities through stolen credit cards and counterfeit DVD sales.

Italy's Guardia di Finanza, or financial police, last week arrested 14 people around the country, accusing them of thousands of computer intrusions, including attacks on the US Army and Navy and the National Aeronautics and Space Administration (NASA). It is believed to be the largest bust of its kind to date, and is also unusual because many of the suspects worked as security consultants.

Those arrested included four minors, the security manager of a large Italian ISP, a network security manager for a computer consulting company, and several IT consultants.

Dario Forte, who heads the forensics team at the Guardia di finanza Milano team responsible for tracking down the suspects, said that the "Reservoir Dogs" and "Mentor" groups were far from the stereotype of computer geeks cracking into important servers just for the fun of it.

"Don't forget that the majority of the people busted are infosecurity consultants or managers," he told ZDNet UK. "The files stolen were strategic, sensitive and very important."

He said that some of the hackers had connections to unspecified "protest groups", which may be an indication of political motives.

The groups used sophisticated methods to attack their targets, including using a large number of "stepping stone" systems -- taking over one system and using it to attack another, as a way of concealing the true origin of the attack. Forte said that the attackers wrote their own software, another indication of a high level of skill.

"The group's components are absolutely not script kiddies. Almost all of them are also coders," he said. "It was very difficult to backtrace (those) guys."

Forte said that the groups' alleged credit card number thefts and sales of counterfeit DVDs was a lucrative "sport" that helped fund more serious criminal activities. "It's like crime in the real world," he said. "Drug traffickers use prostitution as an instrumental source of money and work. In this case, DVD (counterfeiting), 'carding' and so on are the instrumentals."

The police's characterisation of the two hacking groups contrasts with the usual perception of hackers as tech-savvy individuals who break into sensitive servers mainly to show off their skills and gain a reputation among their peers. However, it is in line with a trend since last September's terrorist attacks to treat computer crime as a terrorist offence. Since September, the UK and the US governments have passed legislation increasing potential jail time for computer criminals.

In an interview conducted before the arrests, an individual claiming to be a member of the Reservoir Dogs group dismissed any political motives behind the group's activities. "We... consider (ourselves) as computer specialists who like to hack systems in order to increase (our) acknowledgement and skill," he said.

The individual admitted that Reservoir Dogs routinely broke into the servers of banks and government bodies.

The arrests were the culmination of several months of investigations, which began in October of last year and were initiated by the US Secret Service following the theft of sensitive files from US government and military sites. The US Army CID, US Navy and the US Secret Service assisted in the investigations.

Forte's team was also responsible for arresting the suspected author of the Vierika worm.

For all security-related news, including updates on the latest viruses, hacking exploits and patches, check out ZDNet UK's Viruses and Hacking News Section.

Have your say instantly, and see what others have said. Go to the Security forum.

Let the editors know what you think in the Mailroom.