The hackers panel is one of the highlights of InfoSecurity Europe. High street chains will be the next victims of cyber terrorism, some of the world's elite hackers have warned.

- 26 / 04 / 2008 14:01

Criminals could use the kind of tactics which crippled Estonia's government and some firms last year, they warned.

The experts were members of the infamous "Hackers Panel" which convened in London this week at the InfoSecurity Europe conference.

The panel includes penetration testers and so-called "white hat" hackers, who help companies tighten up their digital security by searching for flaws in their defences.

Previous panellists include Gary McKinnon, known as Solo, alleged by the US government to have hacked into dozens of US Army, Navy, Air Force, and Department of Defense computers.

The "hackers" usually remain anonymous, "for security reasons", but this year's panellists agreed to break cover.

First up was Roberto Preatoni, the founder of the cyber crime monitoring site, Zone-H, and WabSabiLabi, a trading site for security researchers.

His appearance came just a few months after he was arrested by Italian authorities on charges of hacking and wiretapping, as part of the ongoing investigation into the Telecom Italia scandal.

Mr Preatoni told the audience that the attacks in Estonia were a harbinger for a new era of cyber warfare.

"I'm afraid we will have to get used to this," said Mr Preatoni, also known as SyS64738. "We had all been waiting for this kind of attack to happen.

"Estonia was just unfortunate to be the first country to experience it. But very soon, our own [western] companies and countries will be getting attacked for political and religious reasons.

"This kind of attack can happen at any time. And it will happen."

During the two week "cyber war" against Estonia, hackers shut down the websites of banks, governments and political parties using "denial-of-service" (DoS) attacks, which knock websites offline by swamping servers with page requests.

As many of the attacks originated from Russia, the Estonian government pointed the finger at the Kremlin. But Mr Preatoni said that, having spoken to contacts in the hacking community, he was clear that "Putin was not involved".

"In my opinion, this was a collection of private individuals who spontaneously gathered under the same flag.

"Even though Estonia is one of the world's most advanced countries in IT technology, the whole economy was brought to its knees.

"That's the beauty of asymmetric warfare. You don't need a lot of money, or an army of people. You can do it from the comfort of your living room, with a beer in your hand.

Gate control

His warning was echoed by Steve Armstrong, who teaches seminars in hacking techniques, at the SANS Institute for information security training.

"If someone wants to have a pop at the UK, they are unlikely to go for the government web servers. They will go for the lower hanging fruit - companies which are seen as good representatives of the country.

The panellists then argued over whether Internet Service Providers should do more to tighten security, by helping customers' protect their computers from being "zombified" by hackers for use in distributed DoS attacks.