One of the little known effects of the War on Terror is the impact on Internet hackers. While the amateur hackers - the "script kiddies" - continue to attempt break-ins at military Web sites, many of the professional (or simply more skillful) hackers have stopped going after military sites.

The reason is not patriotism, but fear. America considers itself at war and defenses at military Web sites and computer installations have gone way up. Not only does this make it more likely that a hacker might get caught, but given the war fever, it's also likely that the penalties would be more severe than usual. But this is part of a trend that has been developing over the last few years. While always a popular target of hackers, most of the serious attacks on military networks increasingly tend to come from foreign governments, not skilled civilian hackers.

The script kiddies continue to provide most of the action, making sweeps of the Internet looking for vulnerable systems. Mostly adolescents or men in their 20s, this group is largely a threat to (usually small) organizations that cannot afford a skilled staff to run their Internet site, and home users with high-speed (cable modem or DSL) connections. The more experienced hackers are directing their efforts more at being the first to find and exploit Internet software flaws. Among the hot areas right now are wireless Internet systems. These have a number of known security flaws and provide entertainment for those skilled enough to slip into PCs on wireless networks.

The experienced hackers fall into two categories, the crooks and the thrill seekers. The criminal hackers are looking to make money, and they have many opportunities. Oddly enough, banks are not a favorite target. Financial institutions have the best network defenses and, perhaps more important, have a reputation for going after anyone who penetrates, or comes close to penetrating, their systems.

A favorite new criminal angle is industrial espionage. This pays well, and provides more stuff to be gotten out of a penetrated site. In the past, credit card information was the most valuable item sought. This could be quickly sold to gangs that would then use the stolen credit card data before the card companies canceled the accounts. This was pretty risk free for the hackers.

Industrial espionage is another matter. Here you have to work with more vulnerable contacts and go after better-defended sites. The credit card gangs were willing to let hackers remain pretty anonymous and, perhaps most important, were often based outside the United States. This made the credit card gangs harder to catch. Industrial espionage is usually carried out by U.S. groups against U.S. companies. The target companies have more lawyers, security people and friends in the FBI. The middlemen arranging the hacks try to insulate themselves from illegal acts and are more willing to give up their hacker contacts if the FBI closes in.

Business and law enforcement are becoming more capable of going after and catching illegal hackers, which is making it a more dangerous proposition. Expect to see more hackers caught and prosecuted in the future. Catching these guys actually is becoming easier because the "hacker underground" is more organized. There are regular (although hidden and password-protected) hangouts for the black-hat hacker elite. Moreover, the black hats are losing the one trait that made them useful. In the past, the bad guys would often pass around security flaws they found in Internet software. No more, especially since the software publishers increased the speed with which flaws were fixed. A few years ago, it might take months for a security flaw to be fixed. Now, most are fixed in days or weeks. So the black hats tend to keep flaws they have found to themselves, and then try to exploit the flaw before others find out and the problem is fixed.

Another vulnerability is the increased "can you top this" competition. The pecking order is established among the black hats according to who has pulled off the most impressive hacks. Find one big security flaw, exploit it and let the media run with it, and your reputation is made. But that also tends to get you on the FBI target list.

At the moment, the FBI is distracted with the war on terrorism. This, of course, is why the black-hat hackers are staying away from military sites. But gradually, the hacker cops will move back to chasing civilian hackers. And because of the war on terror, the police have hired and trained more people who can go after Internet criminals.

The heat is on Internet criminals long term, because the police have noted that these black-hat hackers often don't care whom they work for. Some would perform "industrial espionage" against governments for terrorist groups. This makes Internet crime a potential act of war. The results of this shift in attitude should be as interesting as they will be unpredictable.

"Dirty Little Secrets" is syndicated by: