Find Article by Date
Mon, 21 Mar 2005

JP/Former hacker turns over new leaf

Former hacker turns over new leaf

M. Taufiqurrahman, The Jakarta Post, Jakarta

A statement that says "computer hacking is stupid and equivalent to throwing stones at the windows of jewelry shops" sounds hollow if made by cyberpolice whose designated job is to curb the offense.

However, the remark rings true and carries a serious moral when it is cited by a former big-time hacker who once broke into the Federal Bureau of Investigation's (FBI)'s communications system, compromised the system for his own use and cost the top U.S. security agency dearly.

The hacker's (mis)conduct in 1994 and the subsequent legal proceedings were so famous they became a case study for social engineering in his country, France.

Eleven years on, the man, Anthony Zboralski, has not looked back and painstakingly engages in a campaign to combat the very offense he committed in his youth. He now ardently advises companies to better manage their information security systems.

Zboralski is the current principal of Bellua Asia Pacific, a Jakarta-based Information Security consulting company whose clients include a number of the country's top banks and government agencies.

His previous clients included numerous Fortune 500 companies like Air France, Aerospatiale, Allianz, AXA and Total Fina.

"After the problem with the FBI, I thought that people would blame me and would not really appreciate my company. But as soon as it was in the press, I got invited to all the conferences for security and information warfare and people started to offer me jobs," said Zboralski, recalling how he first plunged into the information security consulting business.

He said that among his first clients were French companies in aerospace and defense.

"At the beginning, I was doing mostly technical work, but after a while, I started realizing that if you just fixed only technical issues it is not going to solve problems, because there are also the human factors," he told The Jakarta Post.

The emphasis on human factors also led him to embark on a campaign to "convert" active hackers into doing more constructive work. "We look for young hackers who have the potential and skills and put them in the right direction. We give them the opportunity to carry out security research and have them as interns," he said.

To further pursue his crusade in promoting the cause, in 1998 Zboralski founded a nonprofit organization, Hacker Emergency Response Team (HERT), to provide analysis and expertise on information security, attack and defense in an information warfare setting and reverse engineering with membership in more than 24 countries.

In 2000, he took part in a project in the Philippines and in Indonesia that would lead to the establishment of Bellua. "Unlike in Europe where the system is already there, we found the project in Asia very interesting as there is much new infrastructure to be built and we can engage from planning to action. It was a lot more interesting," he said.

Backed by security experts, practitioners and researchers, Zboralski founded Bellua to help companies comply with organizational security policies and standards.

Among numerous services offered by his company, the most famous is the one that Zboralski was taught to do from experience -- a penetration test, also known as ethical hacking. "We test the security of our clients from the outsiders' point of view like offensive hackers or rival companies."

The involvement with Bellua also exposed him to the laxity in information security management systems among companies operating in the country and the dire consequences it would bring.

"There is a lot of fraud here. For instance, while we were doing a security review for a company, we found that there was someone trying to erase or change interest rates. That kind of problem happens all the time," he said.

But such an incident would not appear in the press and the public is exposed only to petty cyber crimes, he said. "You will not often hear about a multimillion dollar case as that would panic everyone."

He said companies tended to protect only the data center, but leave all infrastructure around it unguarded. "It is like spending a million dollars on the front door but leaving all the windows open."

Zboralski's predilection for computer science and information security was inspired by the 1983 film War Games, starring John Badham and Matthew Broderick. The film is about a child who hacks into the North American Aerospace Defense Command (NORAD) computer system and starts a war.

"Kids of my generation started to think that it was something that they would like to do -- something that was more realistic that James Bond or Superman movies," he said.

He said the movie sparked a deep passion in him for computers and gave him the urge to start hacking. "However, we view it more as a tool than a goal. Hacking is just a tool for creating projects," he said.

Against the widely held notion that most hackers commit the crime purely for fun, Zboralski said the activity was sometimes far from enjoyable and, in reality, too risky. "People do that for power. It is like a king, when one can do something no one else can," he said.