Essay/Term paper: Computer hacking

Essay, term paper, research paper:  College Papers

Precis of 'Who's reading your E-mail" by Richard Behars

The article exposes the vulnerability of computer data and of
corporations with the popularity of the Internet. The Internet can
allow hackers access to any computer in the world, with understated
ease. Break-ins can go virtually undetected

Major corporations and government security departments have
acknowledged that hacker break-ins are out of control. Some companies
are too fearful to join networks because of this. Software programs
brought out to deal with the growing problem, such as firewalls, are no
longer totally effective. New technology has been developed such as
''Pilot Network Services' (offering supervised Internet access);
'Netranger' (a monitor device used by Pentagon) and 'Encrypton'
(software that jumbles messages).

The basics of computer security (using difficult passwords, and
guarding of data) are not being met in a disturbingly large number of
American companies surveyed. A new bill demands that system operators
become responsible for security. Hackers can be prosecuted (with
subsequent heavy penalties) only if the exposed company has actively
shown that it was security conscious. Further more, exposed companies
are liable to other companies if their lack of security precautions
allowed their computer network to become an opening for other company
break-ins.

Companies are dis-inclined to report breaches in security as it denotes
a poor image and highlights their vulnerability. Clients demand
security, and lack of it will send them elsewhere.

Billions of dollars annually is spent on protection devices. Others are
utilizing the expertise of former convicted hackers to fine tune and
update their security features. It is a case of befriending the enemy
in order to learn more. These hackers come out of goal with a ready
market for their expertise, and great financial rewards.

The explosion of the Internet use, and networks around the world have
brought with it a need for greater security consciousness amongst its
users and systems operation managers. Technology needs to be
constantly updated in the war against the ever-growing insidious and
malicious hacker.

Precis of 'Hackers: Taking a byte out of computer crime' by W. Roush.

Roush discusses the changing face of computer crime with the advent of
the modem and stricter laws. The article touches on the effect these
changes are having on hackers themselves, and the measures that are put
in place to deal with the problem. It also explores the common ground
which hackers and computer security experts agree on.

In the 1960's the dictionary definition of a hacker was that of a
"computer virtuoso". Hackers comprised of young, computer literate and
rebellious gangs vying for the status symbol image and thrill of
breaking into a computer network.

This all changed with the popularity of the modem and an increasing
number of computer users. The number of hackers exploded and thus the
image of being a hacker became passe. The tougher security measures
put in place, combined with more stringent laws (including
imprisonment) had the effect of weeding out all but the keenest of
hackers, and the most malicious.

Firms and security enforcers are now dealing with elite hackers whose
intent is now focused on sinister revenge, malicious damage, political
and defense corruption; and monetary greed. The cost of these types of
computer crimes could run into the billions, but an accurate measure is
unavailable. This is due either to the reluctance of corporations to
report any break-ins (because they may feel guilty about their lax
security), or because the information systems are so massive that the
scale of corruption may be too difficult to detect.

There are also a select few who choose to label themselves as hackers
with moral ethics. These second types of hacker prevalent today are
assisting companies and law enforcers in the fight against dangerous
hackers in a number of ways. These include holding hacker conventions
and on-line information services to inform the public of new security
risks, as well as being employed by corporations to break into their
systems in order to secure and refine them. These hackers love
computers and are motivated by the anger and frustration they feel at
the prevailing laxity of security measures in place. Despite this
level of co-operation there remains an inherent distrustful fear
between the two camps. Fear is also a motivating factor for
corporations in refusing to join networks, allocating enormous funds
for security measures; restricting access to information; and utilizing
passwords to deter alien entry.

Hacking crime is now far more sophisticated, varied and costly to
society. There is a need to continue to work with ethical hackers in
the battle for safety and order, otherwise we face an increasingly
monitored future and a reduction in the freedom of computer use.



Precis of 'The United States Vs Craig Neidorf' by D. Denning.

This article initially focuses on the US indictment of Neidorf, a
student who started an Internet publication, 'Phrack'. This
publication was accused by the United States government of being a
fraudulent scheme devised by Nied and others to steal sensitive
documents and make them freely available to the public. The court case
was centered on an article about the countries E99 emergency system,
and how he managed to fraudulently obtain a highly sensitive document
which was then published with the intent to disrupt or halt all
services.

The author had taken a keen interest in the case due to the
implications it had on threats against freedom of the electronic press.
The Electronic Frontier Foundation (EFF) was founded with just this
concern. It helps to raise public awareness about civil liberties
issues and works to preserve and protect the constitutional rights with
the electronic media.

Denning was sought by Neidorf to assist in the case an expert witness
and to provide evidence throughout the trial. The government dropped
the charges after 4 days and it was declared a mistrial. It cost
Neidorf $100,000, but potentially he stood to spend 65 years in goal.

Neidorf's case was argued that while Phrack may have seemed to promote
illegal hacking, the public itself was not illegal. It advises readers
not to engage in any intentional damage or harm. The purpose of Phrack
was the free exchange of information as covered by the First Amendment
of Constitutional Law and Civil Liberties. Neidorf actively
co-operated with the government agents in every way prior the
indictment. Furthermore, it was found that the supposed sensitive
document (E911) was readily available elsewhere. There was nothing in
Phrack that couldn't be found in any other published books or journals.
In addition, Neidorf argued that if the E911 text had been a sensitive
document, it certainly was not treated or secured as such by Bellcorp.

Denning questions the rights of government to seize documents and
computer ware for extended periods, causing severe disruption, without
appropriate court orders; and makes suggestions to rectify the
process. The responsibilities of system operators are also called into
question. They should take greater care from unauthorized break-ins, as
they may be vulnerable to lawsuits if accused of taking inadequate
protection. Denning also suggests an update of the current law, to
bring it more into line with the UK Computer Misuse Act of 1990. There
is an acknowledgement of a new threat emerging where computer
criminals, as opposed to juvenile hackers, are potentially capable of
industrial espionage and damaging infrastructures. There is also a
final suggestion that the teaching of computer ethics could decrease
the incidence of hacking.

A Compilation of Viewpoints.

The articles written by Roush, Denning and Behar, as summarized
earlier, have many common themes. Issues about hackers, the Internet,
on line publications, invasions, security measures, and current laws
are discussed within varying frameworks.

Denning's article approaches the topics through the lens of a court
case involving Neidorf, a law student and the publisher of Phrack (an
Internet billboard). The case highlights that there is a fine but
distinct line between the right for freedom of information, and the
unauthorized theft and use of it. In a subtle way, Denning also
distinguishes between the two prevalent types of hacker.

Roush's article focuses primarily on the history and changing profile
of today's hacker, and their interaction with companies and
corporations.

Behar discusses vulnerabilities via networks and the various measures
available to prevent or circumnavigate invasions.

All authors agree that the profile of hackers has changed since the
early computer heydays of the 1980's. Juveniles who hacked for the
thrill of it have been replaced by two distinct types of hackers. The
first is the hacker with a self-professed personal code of moral
ethics. These hackers invade networks, not only for the challenge, but
to make the public aware of weak security links. They abhor lax
security measures and feel justified in their actions, claiming a
superior authority by publishing their exploits. Neidorf's case
inadvertedly alluded to this, and the other articles pointed to ethical
hackers who assist companies, or start security firms utilizing their
expertise. These hackers are acknowledged by non-hackers with a
reluctant acceptance. The second comprises of an elite number of
hackers focused on malicious intent and greed.

The issue of on-line publications and information networks were
discussed in different perspectives. All authors agree that the
abundance of information and interaction available on- line is
beneficial. Denning's article may suggest inadvertedly that there is a
distinction between freedom of information and the moral overtones of
freedom of publication. In Neidors case there was a clear distinction,
according to the law. All agree that being on-line to a network leaves
your system vulnerable to exposure by hackers from anywhere in the
world.

The laws and penalties were discussed at length in Denning's article,
with suggestions for improvements. Roush and Behar pointed out that
convicted hackers had a lucrative ready made market for their expertise
when they ended their prison term - being paid to assist corporations
by breaking into their systems. They all agreed that prison sentences
had deterred a large number of juvenile thrill seekers, and mature
hackers.

Roush and Behar discuss the enormous, yet understated cost of company
computer invasions. They point out the reluctance of those victims to
report occurrences because of embarrassment, and the loss of trust
client's feel with their security measures. They also suggest that
invasions are understated because many companies do not even realize
they have been corrupted. Hacking is very much out of control.
Denning'' article indirectly showed how easily sensitive information
could be extrapolated from a system. All articles show those hackers
with strong social skills and graces can charm the information out of a
beguiled or proud computer owner/manager.

Lastly, all the articles discussed the important overall theme of
security measures. Roush and Behar point out that the most basic of
measures, use of a difficult password, was sadly lacking in many
companies surveyed. Dennings article features heavily on the inference
of sensitive data, but the hypocrisy of BellSouth's not adequately
securing it. Behar extends into great detail about the effectiveness of
security measures available, and the acceptance and use of them. All
agree that system operator managers are being forced legally to take
more responsibility in their security measures.


In Conclusion

The articles demonstrate from different perspectives the growing
problem associated with the rapid rise in computer networks. The media
provides us with further revelations on the matter. There is no doubt
that the inherent psychology of human behavior determines that there
will always be those whose intellectual and technological pursuits will
find an outlet in those of computer intrusions. If convicted computer
hackers are able to successfully utilize their same skills in a more
productive manner, then perhaps we are missing the point altogether.
Hackers need a suitable outlet for their expertise and instincts for
challenge. Perhaps we should be looking at ways to channel that
enthusiasm appropriately, before they discover the evil path.

In addition, perhaps the advent of the hackers is a blessing in
disguise. If the articles stated research lends us to believe that many
companies are lax in their responsibility to security measures then
perhaps an intrusion followed by a court case is what is required to
make managers sit up, take notice and take action. I am not suggesting
the issue is open and clear cut. The advent of continuous new
technology demands continuous changes within society, and new
approaches. There are at least two ways to resolve the hacker problem:
deal with it as it is encountered; or take a different and proactive
approach. Either way, it is largely determined by our innovation and
motivation, just as it is with budding hackers, really!


References


Roush, W. (1995). 'Hackers: Taking a byte out of computer crime' in Technology Review, April, pp.
32-40.

Denning, D. E. (1991). 'The United States Vs Craig Neidorf' in Communications of the ACM, 34, 3,
1991, pp. 24-32.

Behar, R. 'Who's Reading Your E-mail?' in Time, February 3, 1997, pp. 64-67.


1

1