Who's fighting the super hackers

�

A.� You must be talking about the likes of Curador.< xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

�

Q.� I am. Go on, then.

A.� OK. Curador - real name Raphael Gray - is an 18-year old hacker from rural Wales who in the winter of 2000 stole an estimated 26,000 credit cards numbers from a group of e-commerce websites and published the numbers on the web. He was tracked down by an ex-hacker called Chris Davis tracked him down. Then he was arrested and charged under computer crime laws.

�

Q.� So what outrage had he committed

A.� Apart from blowing people's credit security - rather a nasty and annoying crime - he bought a box of Viagra for Bill Gates and sent them to his Microsoft HQ. The FBI estimated he cost the dotcom industry about �2 million.

�

Q.� So, a whacking great jail sentence

A.� No - a three-year community probation order linked to treatment for a mental disorder. He admitted 10 charges of computer fraud. In a later interview, Gray said: 'I think I'm just a very nosy person. When you see into someone's computer, it gives you an idea of how they work, who they speak to, what they're interested in, whether they actually do any work, what their job is. You can see a lot of someone's life just from the contents of their PC.'

�

Q.� So are there any more poachers-turned-gamekeepers like this Chris Davis

A.� Many - catering for all sorts of companies, especially High Street banks and multinationals.� They won't reveal their names, though - because no-one wants to admit they're in danger from hackers, no matter how obvious the threat.

�

Q.� But what will they do

A.� Plenty. Take the example of Information Risk Management, co-founded by David Cazalet two years ago. It now has offices in London, Madrid, Hong Kong and Singapore. He said: 'We advise on information warfare to Ministry of Defence centres. We teach police forces in the UK how to retrieve and handle evidence correctly - from tracking down paedophile rings to retrieving deleted information stored in mobile phones after drug busts.'

�

Q.� What about cyber terrorism

A.� This is beginning to develop in the old Soviet Bloc countries where many out-of-work computer scientists can be hired for nefarious purposes. Cazalet says his firm has been called into deal with huge corporations being blackmailed by terrorist organisations - some of them during the anti-capitalist riots. In the normal run of things, however, firms will be reluctant to believe there is a cyber security problem.

�

Q.� How do security firms get round that

A.� Usually by hacking into the system - with the client's permission, of course. Cazalet explains: 'When we show how to get into a bank's treasury and shift money around unnoticed, buy shares online below market value and then flog them ... people tend to sit up a bit. We also imitate real-life terrorist attacks using ex-special forces guys ... We broke into a building via the roof, then plugged a computer on to the first network connection we could find and attempted to hack into critical data systems.' That convinced them.

�

Q.� But is the problem getting worse

A.� Of course - as more people use computers, there are more people who want to hack into them. Even insurers are coming to terms with the problem and Lloyds of London is now offering hacking insurance for firms in co-operation with a security company.

�

To ask a question about People & Places, click here

By Steve Cunningham