A practical guide to computer security Part 2

Date July 19, 2005

Historic Perspective
There have been hackers for as long as there have been computer systems. Early on, hackers were students wanting access to more computer resources than they were allocated. So they would find ways to get those unauthorized resources. They might “find” another account to use to run programs or store file, or they might hack the accounting software so it didn’t charge them for the resources they used. Computers were new to everyone, including instructors, so the inventiveness and ingenuity of these hacks received more focus than the infractions of misappropriation of resources. These hacks, even though they may be viewed as minor infractions, are still theft.

Over time, with the proliferation of computers, the number, variety, and severity of computer crimes have increased. Today, the diversity of computer criminals who are identified as hackers is astounding. When hacking was new, hackers were mostly students who had access to systems. This group of hackers is still a large demographic, but it has been joined by professionals with criminal motives.

Today the term “hacking” is used routinely to mean intruding into computer systems by stealth and without permission or any crime committed with, by, through, or against a computer. Computer crime dates back to the early 1970s, when employees discovered ways to use the computer to embezzle from their employers by falsifying sales records. The losses due to these hackers ran into the millions of dollars.

This whitepaper does not differentiate based on the intent of the hacker. The actual intent of the hacker is not the issue. Anyone who enters an information system without permission is committing a crime which has the possibility of causing damage. He or she will cost the owners of the systems time and money as they investigate the incident and determine what has been done and if there has been any damage. Damage, whether accidental or intentional, will have to be repaired and the impact to the business evaluated. The method of intrusion will have to be determined and repaired to eliminate recurrence.

Hacker or Cracker
Today, there is a debate about the term hacker. Those who oppose the use of the word to describe computer criminals indicate that its original use was to describe someone who could rapidly hack out a piece of code that will do what is necessary. The code was written quickly, without benefit of design and concern for maintainability. The hacker’s ability to understand the system seemed to come intuitively. Hacking signified the unfettered exploration of computer systems for the sake of the intellectual challenge. The term hacker changed to a more mystical meaning: one who is a computer wizard, able to make systems do anything he wished, while the popular use of the word continues to focus on those who had started exploring the ARPAnet — the predecessor of today’s Internet. These hackers were often accessing systems and information on systems which were far away from where they were and without permission. Those who have idolized the hacker as the elite computer enthusiast are offended by the popular use of the term and have invented the term cracker to indicate one who cracks into systems or is in any way criminal in his or her hacking activities.

Emmanuel Goldstein, the editor of 2600 magazine, had this to say on the subject: “Now, we have a small but vocal group who insist on calling anyone they deem unacceptable in the hacker world a “cracker.” This is an attempt to solve the problem of the misuse of the word “hacker” by simply misusing a new word. It’s a very misguided, though well-intentioned, effort.” [1]

[1] “Q&A with Emmanuel Goldstein of 2600: The Hacker’s Quarterly,” CNN Online, April 1999.

However, much of what is known about early hacks are stories which have been handed down through the hacker community, which would have a tendency to glorify the hacker and vilify any organization which wanted to stop him or her. This small but vocal group which wants to “preserve” the term hacker has had little support. The popular media continue to use the term hacker to identify computer criminals, as do the criminals themselves.

Self-Identification
Possibly the most important input to the debate on use of the term hacker comes from those who access systems and information without permission. They identify themselves as hackers. They use the term to identify the skill and prowess which they display. Nobody who hacks into systems willingly describes himself as a “computer intruder,” “cracker,” or “computer vandal.” These terms have been invented by people who consider themselves hackers in the classic sense, and who fiercely and publicly resist any besmirching of the “noble” title of hacker. Naturally and understandably, they deeply resent the attack on their values implicit in using the word “hacker” as a synonym for computer criminal. But none of the terms has caught on. The only term that has received some acceptance is “cyberpunk” — although not in the mainstream media.

Category Posted in WhitePapers

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>