22 Jun 2011

‘Hackers are more dangerous than al-Qaeda right now’

A self-proclaimed former computer hacker talks to Channel 4 News about cyber crime in 2011, the role social media is playing and why he thinks hackers could become “more dangerous than al-Qaeda”.

Former hacker talks about LulzSec and new era of cyber crime.

In the late 1990s Gregory Evans is said to have been one of the FBI‘s most wanted computer hackers. He made millions of dollars but after serving a prison sentence was ordered to pay back nearly $10 million.

Now he runs a security company and talks to Channel 4 News about the new frontier of cyber crime.

How has hacking changed since you were involved?

Before, it was just a whole bunch of kids trying to do mischief and trying to break into a system to see what they could access to be curious. It was not to shut down companies. People would hack systems just to see how it worked and get in.

Is hacking now dominated by Distributed Denial of Service (DDoS) attacks?

Yes. You see a lot of DDoS attacks. They are a lot easier to perform to knock a website offline. You can use a lot of computers where the owner doesn’t even know. You can just put in an IP address or a web address and send over so many requests at the same time to knock off a site.

To me hackers are more dangerous than al-Qaeda right now. So, we need to spend more time and resources on that.

That is not hacking because they never came in. It’s like someone coming over to your house and beating on the door and the door opens and you step in. They didn’t break the law just for banging on the door. However if they step in and access information, then that’s illegal.

How significant do you think social media is in the current era?

Social media is very big. I think the founders of Facebook and Twitter are more powerful than the President of the United States. We’ve seen earlier this year how social media was used to actually overthrow governments in the Middle East. Social media is a great way for some of these hackers to meet before they go into private chatrooms and start chatting about hacking. Social media also plays a big part in identity theft as well. Facebook is currently working on a face recognition application.

More from Channel 4 News: Will Facebook facial recognition tool invade our privacy?

LulzSec have been called ‘international hackers’. Do you think this is accurate?

It is a small group. One thing Benjamin Franklin said is the only way two people can keep a secret is if one of them is dead. If you have a group that is so big with 20-30 people, it would be easier for someone to find out who these guys are. So what they do is they keep a small group. They use other people outside of the organisation but the actual members themselves is a small group of people. They probably never met face to face and could be anywhere in the world.

Former hacker talks about LulzSec and new era of cyber crime.

What do you think are the motives of today’s hackers?

You will find that most of these hacker groups are people who are very young and are not doing it for profit. You will find that most of them will be under 23-years-old. These guys are doing it because they think it’s fun. They don’t think about the consequences of it. They think oh, they’ll never catch me because I blocked my IP address. Or they’ll say they haven’t caught us yet, so let’s have some fun. A person making a living with a family is not going do anything like this. Someone in high school or college will have more time to do things like this.

More from Channel 4 News: Hacking group LulzSec trying to incite 'cyber riot' 

Do you think the authorities are doing a good job of tracing suspected hackers?

I think they are doing what they can. To me hackers are more dangerous than al-Qaeda right now. So, we need to spend more time and resources on that before I can fully say they are doing a good job. The hackers are like bogie men though. That’s why it’s so hard to catch them.

LulzSec and Anonymous are taking too much credit and putting a lot of pressure on other hacker organisations.

What kind of punishment can hackers expect if convicted in the US?

I’ve seen everything from three years to 20 years. They have to make the laws, not just in this country, but all countries more strict.

Do you think there could be more extradition cases between the UK and US over alleged hackers?

Yes. One of the biggest problems with hacking is jurisdiction because in some countries, hacking is not a big deal. In India, you can hire a hacker to hack a website for about $100. And with the laws in India, they aren’t trying to extradite these guys like they would in the UK or the US. We have to have international law officers working to stop cyber crime.

Analysis from Channel 4 News: 'Tens of thousands' of cyber attacks every day

Some groups are claiming they’ve “outed” LulzSec members. Are we seeing a hacker civil war?

I won’t call it a civil war. What I will say is LulzSec and Anonymous are taking too much credit and putting a lot of pressure on other hacker organisations and they don’t want that. For them to go out and brag about who they’ve hacked and when they are going to hack again and taking revenge, it’s making other hacking organisations say “Look. You are putting too much heat on us.” This also goes to show their maturity level. I can see other hacking groups saying “hey you are bad for business.”