Inside Europe’s cybersleuth central

‘When we go to look at their computers,
they also have guns’

Europol Cybersleuth tracks Hackers

RMNews: Near the end of the following article about Europol, there is a mention of "back doors". It is the first mention of "back doors", USING the term "back door", in a major media. Other media call them "trap doors". The men who created the concept use the term, "back door".

"...a small group of London hackers posed as computer security consultants and managed to break into several companies’ networks. Once hired, the hackers - all of whom were under 20 years-old - performed bogus tests on the corporate networks and then installed “back doors,” allowing them to freely access data."

http://www.msnbc.com/news/481681.asp?cp1=1">Inside&cp1=1#BODY

Europol agent, Paulo Felix, hunts down cybercriminals across Europe from his office in The Hague.

By Bob Sullivan
MSNBC

THE HAGUE, Netherlands, Oct. 26 — Hunched over a computer inside a building that once served as Gestapo headquarters, Paulo Felix hunts down clues that he hopes will lead him to Europe’s most hardened criminals. Though Europol does not officially investigate cybercrimes, Felix is the crime fighting agency’s resident expert. The cybercriminals he pursues are hardly blue-haired, teen-aged hackers or Web pranksters. Felix puts it this way: “Along with their computers, they also have guns.”

A MEMBER of the “Intelligence Analysis Department” at Europol — the European Union’s six-year-old policing agency — Felix spends his days scouring through electronic sources for hints toward the arrest of drug ring leaders, terrorists, even those who are “trafficking in humans.” His official work is in the agency’s “Open Sources Unit,” which digs through any publicly available digital information.

But by night, and in his spare time, he dives inside the computer underground, looking for clues to solve what some might call “cybercrime.” From his office in The Hague, in a building with a chilling World War II history, Felix has gained the trust of a number of prominent hackers.

The trust comes, no doubt, because they can sense Felix’s personal passion for computer work. Felix says he almost failed out of law school 10 years ago because he was so busy teaching himself how to program. He now gives seminars on cybercrime for companies and government agencies all over the world; on Thursday, his Europol ID dangled from his neck, attached to an “FBI Academy” badge necklace.

Europol's headquarters in The Hague, now the center of cybercrime investigation across the Continent, served as headquarters for the Gestapo during World War II.

A former homicide lawyer in his native Portugal, Felix joined Europol four years ago. When he talks about unsolved murder cases from his past, he grits his teeth and twists his fist into his chest in frustration. Now he applies that grit 16 hours per day to cyberspace crime, which he adds, has attracted an increasingly hardcore element. More and more frequently, when local police raid a location where hackers are suspected of operating, weapons are found near their computers, Felix said. “And we’re not talking about 9 milimeter pistols. We’re talking about automatic weapons.”

Much like members of the hacking community, Felix is no longer comfortable with the term “cybercrime.” It conjures up images of genius high school students, cracking open databases or defacing Websites.

“I prefer to say organized crime using telecommunications as a means to achieve their goals, or advanced technology as a means to achieve their goals,” Felix said. It doesn’t exactly roll off the tongue, but his point is that computers and the Internet are merely new-fangled tools for the same old class of organized, sophisticated criminals. Just like the rest of the business world, organized crime is learning ways to use the Internet to steamline its processes and increase profit margins.

“Take a drug dealer. He is looking for ways to expand his market, improve his distribution. He can use the Internet for that,” Felix said. And criminals are increasingly recruiting young computer hackers.

“Say you want to create a secure, private network to talk about drug deals. And you don’t know how to do that. So what do you do?” he said.

Felix said many hackers have been approached by seemingly legitimate businessmen with requests to build private networks that offer secure, encrypted communication. Sometimes they are paid with computer equipment; sometimes they don’t even have to be paid.

“They tell them, ‘You know, the government is all over everything, it’s not right. Help us keep the government away.’ And the hacker thinks, ‘This is an interesting problem,’ and starts to do it,” Felix said. Many never realized they’ve been tricked, and are oblivious to the potential dangers.

“There have been many who did not know how close they were to getting into an “accident,’ ” Felix said.

Jeff Moss, the organizer of “Black Hat Briefings,” a hacker convention that took place earlier this week in Amsterdam, 40 miles to the north, said he’s heard of cases where hackers are duped into working for a mafia-like organization.

“They do it by taunting, a game of one-upsmanship. They say ‘OK, I broke into this, now can you break into here? And the hacker does it because he’s trying to look cool,” Moss said.

But just how common are such incidents? It’s impossible to say. Cybercrime is a thorny topic to pin down. Investigators can’t talk about specific cases. Companies don’t talk about it at all. That leaves the computer underground — an anonymous world — rife with rumors and exaggerations.

Felix refused to offer details on most of his investigations, but he did relay a story about a Portugese bank which lost millions of dollars through a scheme implemented by one of its own system administrators several years ago. The employee added a few lines of code to the bank’s software so it would actually credit his account, rather than deduct his account, every time he withdrew cash from an automatic teller machine. He got away with it for over two years, Felix said, and wasn’t caught until after he left the bank.

The problem, of course, was giving one programmer the power to change such fundamental financial software without any kind of review. “And that’s not the only bank where one person has full power,” Felix said.

Still, criminal hacking usually requires more in the way of social skills than technical know-how. One attendee at this week’s Amsterdam convention, who requested anonymity, relayed a story of how a small group of London hackers posed as computer security consultants and managed to break into several companies’ networks. Once hired, the hackers - all of whom were under 20 years-old - performed bogus tests on the corporate networks and then installed “back doors,” allowing them to freely access data. As the story goes, the hackers then tried to extort money from the companies, threatening to sell information they had accessed from the networks. Like many of the tales heard in the underground world of computer hacking, this story could not be independently verified.

Still, stories like these have helped convince police agencies on both sides of the Atlantic that cybercrime is a fast-growing problem. The FBI has implemented Carnivore, an e-mail equivalent of wire-tapping. The Council of Europe has offered up a controversial far-reaching draft treaty on cybercrime which would give investigators more clout as they hunt for computer criminals. But some hackers think law enforcement is exaggerating the problem in order to gain more power and resources.

Not true, insists Felix. Cybercrime, he says, is a very serious problem, and “it’s not about teen-agers.”