Lance Spitzner heads project which uses unguarded computers as decoys to find out how hackers get into systems, what they do there and why, writes Karlin Lillington.
"Go on, type in the word 'wurm'." I do, and hit "enter". I've just called up the program for a malicious computer worm, the kind that squirms in over the internet and can wreak havok on your PC.
Mr Lance Spitzner, former US military tank commander turned computer hacker expert, tells me to type in another brief command. I do, and the worm program is compiled, ready to be sent out to computer users across the world. His blue computer screen glows benignly in the corner booth of a downtown hotel bar. We won't be hitting "send".
That, says Mr Spitzner, is how easy it is to bedevil the computing world.
The "wurm" program is merely one of thousands that hackers-in-training can download from websites - they don't even need to know how to write them themselves as someone else has kindly done that for them, they just require some basic computer knowledge on how to download and send it.
This is a furtive world in which a small minority of those that move with relative ease in the computing world - mostly with malicious intentions, says Mr Spitzner - seek the back alleyways and unguarded access points of networks or individual home PCs. He scoffs at the notion that hackers are really good guys exposing system vulnerabilities so the rest of the world can fix them.
"The vast majority of attacks are malicious." Many are not just troublesome - like many of the viruses and worms that bring down whole networks or demolish information on PCs - but are criminal in intent.
Increasingly, hackers work to acquire credit card details to sell on to organised crime, for example, or to sell pirated movies.
Mr Spitzner knows more than most about what hackers are up to because he listens in to their secret conversations over private online chat channels, watches them break and enter his own computers, views them loading in specialised software tools to his PCs that will enable them to cause further problems for others.
The Chicagoan spearheads an unusual, not for profit global venture called the Honeynet Project, which established unguarded computer systems all around the world as decoys to draw in the hackers. The unfirewalled (or "unhardened") computers are "honey pot" lures - they appear to a hacker to be vulnerable systems just waiting to be exploited.
Instead, they end up on systems that seem to allow them to do pretty much whatever they want to do, without actually letting them launch anything malicious, says Mr Colm Murphy of Dublin security company Espion, who watches over the Irish end of the Honeynet Project.
"We want people to attack these systems; we want them to compromise them," he says.
The actual location of Honeynet computers is kept highly secret and they are moved around as well, so that they won't become apparent as decoys. Mr Spitzner even keeps a Honeypot running on his own laptop.
What they get to see is both how hackers break in to systems, and more interestingly, says Mr Spitzner, what they do once they're inside, and why they do it. That's providing some valuable intelligence of a type not gathered in the past.
"Everyone focused on the exploit, on the tool," he says. "Not who was using it, and why." In order to track those actions, the Honeynet project has developed some sophisticated software that logs every single attempt to get into the system, and winnows out many of the details so that a trained viewer can read the basic data and see just what's going on.
Mr Spitzner calls up the current logs on his laptop and scrolls past dozens and dozens of assaults on his machine, attempts to enter by the computer access points, or ports, normally used to get web pages, or to send for files from another computer, or to set up a "chat" connection.
He gets about 50 unique computers trying to get into his system every day.
He drills into one example, a group of "naughty Indonesians" who used his PC to, among other things, conduct a chat session amongst themselves. A few keystrokes, and he pulls up their entire chat session - in the Indonesian language. How did he know it was Indonesian? He speaks the language himself, he grins.
"The easiest way to tell something is going wrong is when you start to see lots of connections being made to the internet from your computer," he says.
"And when your computer starts sending things out to the internet, you know you've been hacked." Most hackers get inside a system or network and then use it to send out attacks on other systems, or to store or send on material such as compressed, stolen films in digital form, or pornography. They especially like big university and corporate systems because they have "big pipes" - high-speed internet connections - and often are very poorly secured, he says. More than one company has found a massive pornography or film collection residing on one of its big computer servers, stored there by a hacker who then used the company bandwidth for his distribution network.
About 100 Honeynets are distributed around the world, and the project - which works with governments and organisations to provide information and advice, but does not install or maintain systems for them - employs lawyers, statisticians, even a social psychologist to get a true sense of who hacks, and why.
The Irish network has been running for about a year, and has revealed that the Republic gets its own fair share of hacker attacks. If you are running a high speed digital subscriber line (DSL) internet connection, you should be averaging 697 attacks on your home PC every month, says Espion managing director Mr Colman Morrissey - that's what the Irish honeypots are drawing in.
"That's proof of just how aggressive the bad guys are," says Mr Spitzner. He says it with both relish and respect - as of a wily enemy, well-armed.
Mr Spitzner was in Dublin this week to speak at the NITES security conference.
