Intruder School

November 2008. Freiburg is supposed to be Germany's "sunniest city," but today, on my way to a special forensics conference, the rain is constant. Tobi, an ex-hacker who is now a forensics expert and trainer, is training 20 representatives from a smattering of European law enforcement agencies (Figure 1). The sessions over the next few days will cover topics such as rootkits, CSS scripting attacks, and browser compromise. The participants will also learn how attackers use professional software to create, distribute, and administer botnets, trojans, and viruses.

Even showing up for this event invites some legal risk. German law forbids such training. Yet many agencies feel it is impossible to maintain IT security without an understanding of the tools used by professional intruders.

The whole problem is that the criminal world isn't too worried about statutes. A well-trained and highly organized community of intrusion specialists even distributes user-friendly software to aspiring beginners so that anyone can get in the game. One of the agents groans, "By now, any mouse-pusher or script kiddie can practice his art at breakneck speed."

[...]