'[ISN] Hackers rue blurred line between curiosity, vandalism'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] Hackers rue blurred line between curiosity, vandalism
From:       William Knowles <wk () C4I ! ORG>
Date:       2000-03-29 7:57:12
[Download RAW message or body]

http://www.techserver.com/noframes/story/0,2294,500185952-500248285-501250243-0,00.html

By HARRY BRUINIUS, The Christian Science Monitor

NEW YORK (March 28, 2000 2:20 a.m. EST http://www.nandotimes.com) -
When Simple Nomad was younger, one of his favorite pastimes was
worming his way into phone companies' computer systems. That was more
than 10 years ago, before words like "Internet" and "hacker" were key
words in the cultural lexicon - and before it was against the law.

"I liked to take things apart and see how they worked, he says. "In
that way, I'm considered 'old school.'"

Getting around a computer system's security and exploring its
technological nuance is part of the thrill of the pseudonymous world
of the hacker underground, a relatively young cyberspace culture where
computer programmers like Simple Nomad are driven to demonstrate their
own technological skills.

For many, the term "hacker" conjures up images of a precocious
troublemaker smirking as he toys with the technologically challenged.
Indeed, sometimes what the hacker underground sees as exploring,
companies call trespassing.

But hackers see a difference between their love of exploration and
computer showmanship and recent attempts to shut down Web sites and
steal credit-card information. They see themselves as pioneers, ones
who are helping computer culture and science evolve - as opposed to
the thieving (and amateur) tactics of those they derisively call
"crackers."

But as the Internet evolves into a giant superstore, the lines between
black and white are blurring further. The hacking underground has a
libertarian ethos that places a high value on the free flow of
information. As a result, hackers often post techniques that can be
used to crack system security. They argue that unauthorized hacks into
systems are the only way allow security techniques - as well as
technology - to fully evolve.

"I'll be the first to admit there are a lot of gray areas," says
Simple Nomad, who runs Nomad Mobile Research Centre, a Web site that
provides information on the security flaws in computer systems. "I've
written tools that I know can be used for people to test their system,
but I also know someone can turn around and use the same tools to
break into a system."

In the mid 1990s, as many in the Internet industry began clamoring for
ways to protect against these intrusions, Congress passed legislation
that made hacking a crime. Last week, Max Vision, the hacking alias of
Max Ray Butler, was held on $100,000 bail after being indicted for
breaking into government systems including NASA and the Department of
Defense.

The hacker community, however, bristles at being lumped with acts like
last month's "denial of service" attacks against Internet behemoths
like Yahoo! and eBay, attacks that lacked the technological
sophistication they value. Many have tried to distinguish hackers from
"black hats" or "crackers," who crack into systems to steal credit
card information or do some kind of damage.

"A lot of the underground isn't looking at this as a major hack, or
even as a genuine act of hacking," says Space Rogue, editor of Hacker
News Network and a computer scientist for security consortium
@stake.com.

A. Anonymous, a former "black hat" hacker who wrote the best-selling
book "Maximum Security," was one of the first to give detailed
information on how to crack a system's security. "All these other
security books, not one of them taught you how to break into
anything," he says. "But because there are standard things you must do
to secure your system, you first need to know how the attacks work."

Some of the roots of hacking come out of the "phone phreaking" of the
1970s.

According to the Hackers' Hall of Fame, the hacker Cap'n Crunch became
a legend when he figured out how to reproduce the tone that authorizes
long-distance service with a toy whistle from a cereal box. Later,
many people - mostly kids - manipulated pay-phone wires with a paper
clip to get "free" long-distance. As networks connected by phone wires
began to evolve, so did the various ways to furtively plug into them.

As young hackers explored the source code of systems, they began to
think of ways to do it better. The result was a highly competitive
community where, like playground basketball, a hacking "star" performs
exploits that could become legendary.

"When something is posted, immediately that motivates some people to
want to do something better," says A. Anonymous. "As a result, ideas
are being exposed to an evolution at an extremely rapid pace."

Though Simple Nomad says he no longer breaks into systems, he notes
that his Web site is listed as criminal on most Web-blocking software.
"Which is unfortunate," he says, "because 9 out of 10 e-mails I get is
from a system administrator saying 'Thank you, I used the stuff on
your site to take care of my system.'"

More and more, Internet security companies are using the techniques of
the hacker underground to make systems more secure. And many of the
old phone phreakers and black-hat crackers are being hired. "You stick
with it long enough," says A. Anonymous, "and you shed the purple hair
and put on a suit and tie."



*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by Security-Focus.COM

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic