A new crimeware registry including more than 4,000 entries has been compiled for use by students of the EC Council, a private firm that performs ethical hacker training.
Called Frankenstein, the encyclopedia of attack code is designed so students and penetration testers can actually download and use the attacks, giving them a perspective on how attackers think but also to measure whether networks are vulnerable, says Jay Bavisi, president of the council.
The cost of using the attack code varies depending on whether it's been produced by commercial enterprises that might license it, he says. If it's open source or an underground tool, authorized users of Frankenstein can use it for free. So far it's only available to students enrolled in EC Council's ethical hacker certification students.
The registry would be a treasure trove for criminals looking for network-attack tools, but it is kept under strict scrutiny, Bavisi says. Only ethical hacker students and professional penetration testers have access, and that is monitored, he says.
Plus, anyone with authorized use has to sign away their data-protection act rights, allowing law enforcement agencies to see logs of their activity in the registry should those agencies want to investigate a user.
Besides, the code is available via underground chat rooms and marketplaces online. "They could just go to Google," Bavisi says. "It's not as if it's not available on the Internet."