Intellectually Motivated

I l @ ve RuBoard

Early on, most system intrusions were characterized as side-effects of intellectual curiosity, the curiosity of how things work, including security and how far it will bend before it breaks. Computers were a thing of science fiction . Using one was touching the future. Their abilities seemed miraculous and their potential had barely been touched. Many early hackers would not be content to have limited access to systems, and would venture across the early computer networks to find other systems they could explore. Very little thought was given to where the systems were, who owned them, or what they were supposed to be doing. They felt that cyberspace had to be explored.

Educational Experimentation

Hackers often take the position that they were using systems without permission "for educational purposes." There was a time when computers were expensive and found only at universities and large corporations, so this is where hackers experimented with systems without the knowledge or consent of the owners of the systems. In these early cases of computer trespassing, this excuse may have had some merit. However, today computers are so inexpensive, there is no excuse that one can not have systems to experiment with for educational purposes. Even so, computer criminals continue to harness the power of large systems.

A 28-year-old computer expert allegedly diverted 2,585 US West computers to assist him in his effort to solve a 350-year-old math problem ” the search for a new prime number. Investigators estimate that during a very short period he used 10.63 years worth of computer processing time ” lengthening lookup time for customers' telephone numbers from five seconds to five minutes and causing calls to be rerouted to other states. At one point, the delays threatened to shut down the Phoenix Service Delivery Center. The man, a contract computer consultant working for a vendor for US West, told investigators that he had been working on the math problem for a long time, and that all that computational power at US West was just too tempting. [16]

[16] Copyright 1998 EDUCAUSE. "Hacker Diverts US West Computers in Search of Prime," published in "Edupage," 17 September 1998.

Harmless Fun

Hackers often do not see their actions as malicious. They feel that painting a mustache on a website does not cause any real damage. The lack of physical interaction with the target and the association of computer games leads some hackers to view their activities as just harmless fun. The relationship between computers and video games has led to the view by some hackers that everything on the computer is just a game. Their addiction to the game creates a desire for inside information, so they can be the best, even to the extent of being the first to get the game, no matter what the cost.

In an interview, a 14-year-old member of the hacker community explained that they hack systems just for fun. These hackers do not intend to hurt anyone . Most invasions are never documented or even discovered .

To them it is much more interesting than "playing video games."

They spend most of their time communicating using mail or ICQ as they listen to rock bands from Napster. They know other hackers by nicknames, so they do not have any idea of who is who. The trick is to exchange the maximum amount of information around well-known operating system bugs . Even when documented, most people do not apply the fixes. Most shops still use, as he put it, "stupid passwords" or have bad protection policies. [17]

[17] "A Visit with a Hacker," Ignite/400 Newsletter .

As a Wake-up Call

Some attackers will say that their attack was meant to illustrate a flaw in the system or software which was exploited, so that the developer or administrator can repair the problem. They may feel that they were performing a service and should be rewarded for illustrating the problem.

Within the hacker community, hackers are often viewed as being persecuted "just because they know too much." They believe that they know more than the systems administrators and the security professionals and when they attempt to show these people their errors, the hackers are called criminals. The hackers may defend their actions by saying that they were "just trying to show the flaw" which they exploited, or that the system administrator thought he was smarter than the hacker so the hacker had to prove him wrong.

An Oklahoma man who claimed he accidentally found a security flaw in the website of the Poteau (Oklahoma) Daily News and Sun newspaper pled guilty to intentionally accessing and obtaining information from a protected computer without authorization. Using MS Front Page and a web browser, Brian West discovered a security flaw which allowed him to access proprietary information and password files.

West then reported to the newspaper editor that he had penetrated the website, accessed the site using a username and password, and downloaded several files, terming his intrusion "accidental." The website owner reported him to law enforcement authorities. The case generated a substantial amount of e-mail to the prosecutor from the Internet community questioning why someone who appeared to be a "good Samaritan" was being punished. [18]

[18] Brian K. West, Employee of Oklahoma ISP, Pleads Guilty to Unauthorized Access Charge Under 18 U.S.C. § 1020(a)(2)(c)," U.S. Department of Justice Press Release , 24 September 2001.

I l @ ve RuBoard


Halting the Hacker. A Practical Guide to Computer Security
Halting the Hacker: A Practical Guide to Computer Security (2nd Edition)
ISBN: 0130464163
EAN: 2147483647
Year: 2002
Pages: 210

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net