This preview shows page 1. Sign up to view the full content.
Unformatted text preview: SRA 211
Threat of Terrorism & Crime Spring, 08 Hackers What is a hacker? What do hackers do? A hacker by any other name... The evolving hacker subculture What is a hacker? Problem solver? Master programmer? Computer cracker? Computer criminal? Popular consensus that hackers are bad people who do bad thing? There is no universal agreement as to the meaning of the word "hacker" or "computer criminal." The original meaning of "Hacker" The MIT claims a tradition of the use of the word before computer hackers existed. The word "hack" had long been used to describe the elaborate college pranks that MIT students would regularly devise. These "hacks" ranged from benign (hiding the incoming president's office door with a bulletin board) to elaborate (building a fullsized police car on top of a domed building) The original meaning of "Hacker" A hack was "a project undertaken or a product built not solely to fulfill some constructive goal, but with some wild pleasure taken in mere involvement" "there was serious respect implied. To qualify as a hack, the feat must be imbued with innovation, style, and technical virtuosity." The original meaning of "Hacker" The limitations of the hardware available made this creative problem solving necessary for the earliest computer hackers. Small memory, only existed in major universities Thus hacking was most closely associated with creative, unorthodox problem solving to overcome the limitations of early computers. A hacker, in the classical sense, is someone who has mastered the art of programming to the point that he/she can simply sit down and "hack" in a program that works. What did hackers become? The 1983 film War Games spawned a boom in home hacking. "unfortunately for many true hackers, however, the popularization of the term was a disaster...The trouble began with some wellpublicized arrests of teenagers who electronically ventured into forbidden digital grounds, like government computer systems." 414 Gang, intrusion into Los Alamos military computers and SloanKettering Cancer Center. Retaking the word: Hacker In early 1990s, most of the original hackers had started their own hightech companies or assumed leadership in research programs. The hightech boom made many of them popular culture heroes. The zealous promotion of Wired Magazine. Welcome to Cyberwar Country, USA Aaron D. Ball, a hacker and supporter of then imprisoned Kevin Mitnick. "An entire community of people has been calling themselves hackers since before there was security to break. These people call those who make a practice of breaking security `crackers', and tend to think of them as nuisances more than anything else. This isn't to say that a True Hacker doesn't break security; he may well do so it's just being a peeping tom isn't his goal in Retaking the word: Hacker What do hackers do? Hacker have been accused of electronically stealing millions of dollars from major banks. Not all hacker activities are illegal; Similarly, not all illegal online activities are hacking. (child pornography) Hackers and the law enforcement community come into conflict over activities like system intrusions and other illegal acts. Difference between data alteration and network intrusion is the intent of the intruder. By reading or "browsing" through confidential files, the intruder actually creates a copy of the file. Mere browsing may be theft, but it does not deprive the owner of the data. System intrusion, a hacker does not have permission to use the computer or network. Illegally accessing a computer connected to the Internet is a federal crime. Data alteration: damage to financial networks (stock prices), health records, Law enforcement point of view: illegal actions and damage Hacker's point of view: prosocial hacking The hacker subculture is a group of likeminded individuals who share a set of values, defined in the hacker ethic. Define their activities as beneficial or "prosocial", which differentiate its activities from computer crime. Hacker report learning experiences (creative problem solving, educating others about security vulnerabilities). Hackers can act in ways that support a higher cause. Hackers understand the crime as a positive action under the "higher" goals supported by the subculture. Hacker subculture One of the most fundamental tenets of the hacker subculture: learning Kevin Mitnick Kevin Mitnick clearly broke the law by accessing computer systems without permission. Hackers felt that the sentence was too harsh and the prosecution felt that the final punishment (5 years in prison) was too light because of the obscure nature of what they believed was a serious underlying offense. The prosecution of Mitnick relied on estimates of the value of software he downloaded but did not alter. Several major corporations placed a total value of hundreds of millions of dollars on the software he obtained, which method is suggested by FBI (the total development costs of the software) Mitnick's trial This amount was questioned at various stages in Mitnick's trial. Since Mitnick didn't deprive the companies of the product of their research and development, it seems that the actual economic harm caused would be less than the total cost. This contention was supported by the failure of a single corporation on the list of Mitnick's victims to report such a loss to the Securities and Exchange Commission, as required for losses suffered by a company that sells stock. Interview with Kevin Mitnick. http://youtube.com/watch?v=8_VYWefmy34 Computer criminals vs. Hackers There is little said in mainstream that distinguishes hackers from computer criminals. Emanuel Goldstein, editor of 2600: The Hacker Quarterly He minimized the criminal damage caused by hacking, implying that very little actual harm is caused. He defended the criminal actins of hackers based on their motives and adherence to hacker sub cultural. He disavowed hackers who commit crimes that violate hacker values, such as crimes of financial gain. Computer criminals vs. Hackers The majority of hacker online actions are perfectly legal; it's hard to imagine committing a crime with every key stroke. Criminal hacking, the hacker subculture accepts action that violate law. Computer criminals vs. Hackers A hacker by any other name... A cracker is a malicious hacker. Most hackers claim to benefit the system they intrude upon because they do not destroy data and alert system administrators to security flaws. Hacking In response to a computer incident, John Gilmore, cofounder of the Electronic Frontier Foundation, said White Hat vs. Black Hat White hat describes an "ethical" hacker. A gray hat is someone who typically behaves in an ethical manner, but sometimes violates accepted ethics. A black hat is a "malicious" hacker. White hat hackers The term white hat was needed because so many former or "reformed" hackers entered the computer security field. Software testing by manufacturers Independent verification of software function and security Reverse engineering Training, consultation White hat hackers Several computer security/risk management companies have security services units that actually have white hat hacker on their rolls. KPMG Kroll Gartner Group's Cambridge Technology Partners Tiger teams Tiger teams described a hacker or team of hackers hired to "test" the defenses (security) of an organization. They follow a strict code of loyalty to their employers. It's based on the theory that "only a hacker can beat a hacker". Video hacker ethic A typical comp temporary interpretation of the hacker ethic usually includes the following elements Do not profit from intrusion Do not intentionally harm a computer system Attempt to inform a system administrator of security flaws Hackers are not bad guys; computer criminals are bad guys. The evolving hacker subculture The hacker ethic is evolving but integral part of the hacker subculture. Its oldest and purest form was derived from the unwritten rules of behavior of the earliest hackers. In his book, Hackers, Steven Levy compiled these ideas. The evolving hacker subculture When hackers left the university setting, they were forced to adapt aspects of their behavior to their new environments. This evolution is demonstrated in the Hacker Manifesto. It evokes the angst of young hackers exploring network from home computers. They were sometimes isolated and almost never enjoyed the supportive environment and encouragement of the previous generation of hackers. They first began to feel oppressed by the dominant culture. Hacker Manifesto The Mentor, author of the Hacker Manifesto, was a member of the Legion of Doom, the most prominent hacker group of the 1980s. New Hacker Dictionary The New Hacker Dictionary offers a more contemporary definition of hacker ethic. It stresses the importance of information sharing and the requirement of no harm. Hacker typology Hacker typology Common characteristics "Access to resources," or the ability of a type of hacker to access computer hardware or information "Enculturation," or the degree to which a type of hacker is expected to adhere to the values of the hacker subculture "Skill," or the ability to understand and manipulate a computer. Old school hackers The MIT is famous for the birth of hacking in the late 1950s, although U.C. Berkeley, CMU and Stanford simultaneously spawned hackers. Hackers first developed in the earliest days of computers, when researchers had to experiment with computers to see what they could do. Contemporary old school hackers Like the first generation, they must often invent the knowledge they need to pursue their goals. They tend to form collectives with supportive environments like the first generation. This type is most clearly continued in the collaborative "opensource" community that supports projects like Linux. Bedroom hackers Many children and young adults in the 1980s received home computers and were left, largely unsupervised to explore them. These machines were often placed in their bedroom. Electronic Bulletin Boards Phone phreak Larval Hackers (newbies) They tend to be excited about exploration. They are misguided or diverted (by media) to cracking, vandalism, baseless bragging, or other vices. Warez Doodz Warez Doodz (warz doodz) trade pirated software. They value the acquisition of massive amounts of software with broken copy protection. They collect and archive this software. Internet Hackers Contemporary hackers have Internet access. Through this connection they have virtually unlimited access to knowledge and virtually unlimited access to resources prized by the bedroom hackers. They rely on the subculture for the sense of community and organization to give meaning to their activities. Script kiddies The script kiddie is someone looking for the easy kill. They are not out for specific information or targeting a specific company.... It is this random selection of targets that make them such a dangerous threat. Sooner of later your systems and networks will be probed, you can't hide from them. Hacktivists There has been an increase in the political activity of selfidentified hackers. Hackers have combined to challenge the treatment of their peers by the government. Kevin Poulsen, Rally around Kevin Mitnick, Hacker movies DVDs Live Free or Die Hard The Net Hackers Track Down Live Free or Die Hard, 2007 "The best of the best is back and better than ever" (WNYW TV) in the latest installment of the pulsepounding, thrilla minute Die Hard action films. New York City detective John McClane (Bruce Willis) delivers oldschool justice to a new breed of terrorists when a massive computer attack on the U.S. infrastructure threatens to shut down the entire country over Independence Day weekend. The Net, 1995 Irwin Winkler's cyberthriller shuffles morosely from action sequence to action sequence, like a long bus trip with multiple transfers. Sandra Bullock plays a computer whiz who stumbles on evidence of a sinister conspiracy; she's pretty and likable, but this wan chase picture needs a lot more than she can give it. This movie, about a group of Internet surfing teenagers who hack into a computer system and become targets of a terrorist conspiracy, moves like a good episode of a hip Fox TV show. The director, Iain Softley, is a lover of fast cuts, and he has done one of the neater jobs of incorporating video techniques and effects into a film. The design is impressive, the sensational techno score adds drive to the action, and the two gorgeous leads (Jonny Lee Miller and Angelina Jolie) smolder nicely. The story is negligible, but it offers the same order of fun as a good rock video: the marriage of images and music. Hackers, 1998 Based on an incredible true story. For years Kevin Mitnick (Ulrich) the most notorious computer hacker in the nation had eluded Federal agents while using the latest electronic gadgetry to break into countless computers and gain access to sensitive and valuable information. But when he breaches the system of leading computer crimes expert Tsutomu Shimomura (Wong), it sets off an epic chase through cyberspace between a pair of harddriven geniuses operating on different sides of the law! Track Down, 2000 ...
View Full Document
This note was uploaded on 03/31/2008 for the course SRA 211 taught by Professor Luyong during the Spring '08 term at Pennsylvania State University, University Park.
- Spring '08