143 lines
7.0 KiB
Plaintext
143 lines
7.0 KiB
Plaintext
4
|
|
|
|
|
|
Copyright 1986 Ken McLeod
|
|
|
|
|
|
HACKERS: Friend of Foe?
|
|
|
|
|
|
Much has been said and written lately about hackers and their activities.
|
|
From attempting to reposition communications satellites to break-ins at
|
|
computer facilities throughout the world. Is this just hype? Do these
|
|
precocious children really possess the keys to computer disarmament?
|
|
|
|
I could tell many sexy stories about hacker activity. Computers broken
|
|
into, monetary fraud, late night sojourns to computer sites, ad infinitum,
|
|
ad nauseum. I don't think salacious stories about highly motivated but
|
|
misguided teenagers is the real issue. What is germain is that hackers
|
|
represent a real and serious threat to information processing and are a
|
|
problem created by society.
|
|
|
|
Computer security personnel are faced with a modern day Hobson's choice.
|
|
Do they ignore the "hackers", or, do the entrench themselves in a Maginot
|
|
line of technical ramparts. Either choice may result in serious if not
|
|
financially fatal costs to an organization.
|
|
|
|
Hackers seem to have become steeped in an aura of technological mysticism--
|
|
often perceived as the Druids of the Church of Information Processing.
|
|
Are video display terminals really their Oracle's? You be the judge!
|
|
|
|
While the popular belief, at least within the "hacker culture", is to
|
|
believe in an embodiment of computers and computer programming for the
|
|
greater goal of understanding computer technology, in reality, most
|
|
people espousing the "hacker ethic" actually fit quite nicely into the
|
|
definition of a criminal.
|
|
|
|
My "Theory of Hacking" was developed after I arrested more hackers than
|
|
probably any other single law enforcement officer and in response to the
|
|
inability of anyone else to explaing why hackers "hacked."
|
|
|
|
Having had the privilege of conducting what was essentially empirical
|
|
research while enforcing the law -- numerous hackers were arrested and
|
|
interviewed.
|
|
|
|
During my interviews with the hackers a strange pattern developed which
|
|
seemed to be shared by most, if not all of those persons arrested.
|
|
"Information may not be owned", was the recurrent theme. Each hacker
|
|
seemed determined to rationalize why he, (or rarely "she"), felt it
|
|
necessary to commit a criminal act in furtherance of the divine act of
|
|
"Information Acquisition." This was strange behavior for a criminal,
|
|
at least from the point of view of a traditional law enforcement officer.
|
|
|
|
Why was the mere "reading" of data contained in a computer so important
|
|
in the life of a hacker? What spiritual nirvana was reached when the
|
|
ultimate goal has been reached: "Access Granted."
|
|
|
|
A complete enforcement re-evaluation was required to combat the hacker
|
|
problem. A realization came about when traditional views of the value
|
|
of information was ignored, i.e. information = money, and a new outlook
|
|
adopted: information = value/status/power. While the equations may at
|
|
first glance seem equal, the variables of value, status and power have
|
|
a much greater meaning among peers.
|
|
|
|
Hackers, when compared to the public perception of a "common criminal",
|
|
are not breaking into computer systems using the same standards as a
|
|
conventional burglar (if criminal standards can exist!). A burglar or
|
|
robber is usually concerned with simply the monetary value of what he
|
|
steals. A hacker tends to have different motives although the end
|
|
result may be the same.
|
|
|
|
In accepting the fact that hackers seek information (usually) not for
|
|
its pecuniary value, but for its value as a commodity of status and
|
|
reputation, then we have reached the first step in combating hackers.
|
|
What was and is really happening is that hackers are merely a logical
|
|
metamorphosis of our reliance on the flow and value of data and informa-
|
|
tion in our modern society.
|
|
|
|
Hackers are not some subterranean breed of criminal who has learned the
|
|
innermost secrets of the information age. In reality they are our own
|
|
technologically created demons.
|
|
|
|
Modern society has bred a generation of youngsters who have been taught
|
|
to communicate and pass information as naturally as eating and sleeping.
|
|
These hackers, for they usually are younger, realize that to possess
|
|
information is the first step to power; for information in and of itself
|
|
denotes power.
|
|
|
|
It is not illogical that hackers are our own worst nightmares, created
|
|
from ignorance and apathy. Hackers are simply eating at the trough of
|
|
information which computer managers so eagerly spread throughout society,
|
|
|
|
To combat hackers two attitudes must be accepted by computer professionals-
|
|
- 1) Hackers have been created by society and are a natural extension of
|
|
that society; and, 2) Apathy and ambivalence are rampant throughout the
|
|
computer field.
|
|
|
|
Hackers create no new problems, they simply feed on those areas in which
|
|
computer designers, operators and managers have failed to protect.
|
|
|
|
Law Enforcement is faced with serious problems in attempting to
|
|
investigate and prosecute hackers. Computer professionals refuse to
|
|
identify or report suspected or actual cases of computer crime, for fear
|
|
of losing face amongst their peers.
|
|
|
|
Too often hacker attacks, from inside or outside a company, are considered
|
|
personnel problems, rather than crimes. Managers refuse to believe that
|
|
some of the employees might acutally fit the hacker mold and fail to act
|
|
accordingly.
|
|
|
|
In November of 1984 one of the first hacker arrests I made was of a 28
|
|
year old school teacher. Since that time the ages of suspects or
|
|
arrestees has steadily decreased to where we have detected cases of
|
|
computer fraud committed by 12 year olds. Attempts to break into
|
|
financial, government and private computers are discussed among hackers
|
|
as easily as talking about the latest football scores.
|
|
|
|
Groups of children now regularly control information secretly removed
|
|
from the computers of America's largest corporations and government
|
|
institutions. Arrests only tend to credentialize the hackers, making them
|
|
experts in the eyes of many.
|
|
|
|
This is disturbing. Are we to create a system of jails for the young
|
|
intellectuals on out society? Certainly not! What is the answer?
|
|
|
|
I believe that two things are going to occur--one a sure bet, the second
|
|
worthy of debate. The first is that computer fraud dba "hacker activity"
|
|
will continue to increase in both scope and complexity with correspondingly
|
|
exponential losses. The second is that computer security professionals will
|
|
continue to be slow to come around to accepting the fact that hackers are
|
|
a part of the fabric of society and that to be dealt with, they must first
|
|
be understood.
|
|
|
|
Law Enforcement can not be the lone cry in the wilderness, baying for
|
|
computer users to safeguard their information. Computer professionals
|
|
must proactively protect their systems through a synergistic system of
|
|
awareness, acceptance and technical competence. Pseudo-experts and
|
|
"reformed hackers" are not the answer. Only through a policy of total
|
|
commitment to computer security will the hcaker problem by effectively
|
|
dealt with.
|
|
|
|
|
|
z
|