London, Apr 28 : The next target for hackers could be high-street chains like Tesco and Marks and Spencer, warned the infamous "Hackers Panel" at the InfoSecurity Europe conference in London.
According to this panel of the world's elite hackers, cyber-criminals could make use of same hacking-techniques, which brought down Estonia's government and some firms last year.
The 'Hackers Panel' consists of penetration testers and also those "white hat" hackers, who aid the organisations in developing a flawless digital security system by searching for glitches in their defences.
Earlier panels had the likes of Gary McKinnon, known as Solo, alleged by the US government to have hacked into dozens of US Army, Navy, Air Force, and Department of Defense computers.
Usually, the "hackers" prefer remaining anonymous, "for security reasons", but this year they came out in open to discuss cyber-terrorism.
The first one to speak in the conference was Roberto Preatoni, the founder of the cyber crime monitoring site, Zone-H, and WabSabiLabi, a trading site for security researchers. It was just a few months back that he was arrested by Italian authorities on charges of hacking and wiretapping, for investigation into theTelecom Italia scandal.
In his address to the audience, Preatoni said that the attacks in Estonia were a clear indication for a new era of cyber warfare. Another panellist was notorious hacker Gary McKinnon, who has been part of the panel earlier also.
"I'm afraid we will have to get used to this. We had all been waiting for this kind of attack to happen. Estonia was just unfortunate to be the first country to experience it. But very soon, our own [western] companies and countries will be getting attacked for political and religious reasons. This kind of attack can happen at any time. And it will happen," BBC quoted Preatoni, also known as SyS64738, as saying.
In the two-week long "cyber war" against Estonia, hackers disabled the websites of banks, governments and political parties using "denial-of-service" (DoS) attacks that resulted in knocking websites offline by swamping servers with page requests.
"That's the beauty of asymmetric warfare. You don't need a lot of money, or an army of people. You can do it from the comfort of your living room, with a beer in your hand," said Preatoni.
He was seconded by Steve Armstrong, who teaches seminars in hacking techniques, at the SANS Institute for information security training.
"If someone wants to have a pop at the UK, they are unlikely to go for the government web servers. They will go for the lower hanging fruit - companies which are seen as good representatives of the country," he said.
He added: The likes of Tesco, Marks and Spencer and B and Q can be seen as legitimate targets. We have to get the message across to companies [to invest in information security]. At the moment Chief Executives are only interested in the bottom line. But remember - if tesco.com goes down, that's a lot of shopping."
Later, the panellists argued if Internet Service Providers should take more steps to tighten security, by helping customers in protecting their computers from being "zombified" by hackers for use in distributed DoS attacks.
"Actually, I don't think the ISPs should have any role in security. In my opinion, that's like asking the Royal Mail to be responsible for the quality of your post," said Preatoni.
However, he was immediately countered by the third panellist, Jason Creasey, head of research at the independent Information Security Forum.
"I believe ISPs can play a phenomenal role in security, with a little bit of legal pressure," he said.
In the end, Preatoni said that the rise in cyber attacks originating in China acted as a cloak for western countries to disguise their own cyber surveillance activities.
"It's too easy to blame China. In fact, legitimate countries are bouncing their attacks through China. It's very easy to do, so why not? My evil opinion is that some western governments are already doing this," he said.