As websites multiply and worries
over computer security increase there is disagreement as to the nature
of good and bad hacking, writes William Brown
HACKERS have got
a bad name for themselves. Popular belief has it that they disrupt and
deface computer systems, but true hackers - as opposed to these
"crackers" and vandals - are said to be innocent and there for our
benefit. So why the misconception?
 |
|
Tackling
computer crime: Economic Secretary to the Treasury Patricia Hewitt
|
Jon Katz, the media critic with slashdot.org and Wired magazine,
claims that "when the media use the term 'hacker', they are really
talking about vandals. It doesn't help that the media falls into the
trap every time."
It is not even as though it is new phenomenon. The people to whom we
commonly refer as hackers have followed hot on the heels of new
technology ever since the invention of the telephone. In 1878, only two
years after Alexander Graham Bell's revolutionary invention, there were
reports of teenagers making prank calls. The hacker was born and has
since grown in the shadows of technological advances.
But fears are now growing about internet security since the "denial-of-service"
attacks by "hackers" on high-profile sites such as Yahoo, Amazon, Buy,
CNN.com and eBay. An attack on the latter in June 1999
was so bad that in the space of five days, eBay lost 26 per cent of its
market value.
Given that dotcom stocks are susceptible to fluctuation anyway, it
hardly helps when a company starting out online runs the added risk of
suffering a hack attack. As a result, Patricia Hewitt, Economic
Secretary to the Treasury, recently unveiled a project to be funded by
the Department of Trade and Industry to help tackle this problem.
The Computational Immunology for Fraud Detection (CIFD) is one of six
projects approved for funding, and Hewitt said: "We have recently seen
to devastating effect how hackers can penetrate and disrupt services
offered on the internet. The projects will help us combat these internet
criminals."
But when the criminals were labelled "hackers" many people came
forward to defend the hacker as being nothing more than a harmless
information seeker, completely lacking in any malicious intent.
Yes, we do read about the "stars" of cyber-hacking, whizz kids such
as Kevin
Mitnick and "Coolio", but they are in direct opposition
to what hacking is really about.
Eric Raymond runs a web site (http://www.telegraph.co.uk/et?ac=002845100751979&rtmo=w5wil5Mb&atmo=99999999&P4_from_link=/et/00/5/4/ecfhak04.html&pg=/Offsite/http://www.tuxedo.org/),
and his definition is quite different from that usually given.
"There is a community, a shared culture, of expert programmers and
networking wizards that traces its history back through decades to the
first time-sharing minicomputers and the earliest ARPAnet experiments.
"The members of this culture originated the term 'hacker'. Hackers
built the internet."
Raymond continues: "There is another group, though, who loudly call
themselves hackers, but aren't. These are people who get a kick out of
breaking into computers and phreaking the phone system. Real hackers
call these people 'crackers' and want nothing to do with them. Real
hackers tend to think crackers are lazy, irresponsible and object that
because you can break security it doesn't make you a hacker any more
than being able to hotwire cars makes you an automotive engineer.
"Unfortunately, many people have been fooled into using the word
'hacker' to describe crackers; this irritates real hackers no end."
So hackers are there for our benefit, building things while crackers
break them? Well, there are many groups that hack in the interests of
the general public. "Hyper Viper", a hacker with a newly formed group,
ProHACKtive, argues his case: "In the true sense of the word we are a
technology curious organisation. In an effort to pursue our love and
curiosity for computer technology, programming, and especially security,
we have started a new organisation called ProHACKtive.com.
Our goal is to make people more aware of security and privacy."
Other hacking groups are committed to quietly cleaning up the
plethora of pornography on the net. For example, the Hackers Against
Child Pornography and Condemned.org try to disable sites which provide
illegal materials.
Condemned.org claimed in January to have destroyed 20 porn servers
through legal channels, and to have hacked another 13 and wiped their
drives. In this light, the hacker becomes a sort of cyber-vigilante,
who, while performing tasks that in many senses are completely laudable
- cleaning up the internet - does still operate in legally ambiguous
ways.
Such activities do little to stop the public and the press from
clumping crackers, vigilantes, vandals and the "honest" hacker together.
Back in 1977, the men responsible for inventing the Apple computer,
Steve Jobs and Steve Wozniak, had previously created "blue boxes", which
were devices used to hack phone company computers - a perfect example of
the ambivalence of the hacking subculture.
There are, of course, hackers who believe they are acting in the name
of discovery and the spreading of information, but how can we draw a
line between these and the vandals who commonly deface or block
websites?
Katz claims that this vandalism is just harmless fun, and that it is
over-hyped. "Ever since the end of the Cold War, law enforcement and the
media have been short of bad guys," he said. "The people that the media
calls hackers have done very little damage to the net. They are kids
that like to show anonymous power. To make them into a serious menace, a
danger to society, is ludicrous."
Not that this should excuse the graffiti, since it can be unpleasant
and damaging. But the real problem comes when money and market value are
lost through bombarding a popular site with bogus information, resulting
in the denial-of-service signal that has been common of late.
And the culprits of these attacks are criminals, whether they claim
to be hackers, crackers or cyber-vigilantes. DC Clive Blake of the Met
Police's Computer Crime Unit says that "if an internet service provider
were to suffer a denial of service attack in this country, where no
evidence of modification of computers had taken place, ie an
unauthorised access, then this could be construed as an offence under
the Criminal Damage Act 1971 and we would consider proceedings."
Gareth Evans, Marketing Director for Cyrano, a company that provides
software to detect weak points in networks, firewalls and databases,
says that testing is the only way to protect your system. "The incidence
of hacking is increasing almost as quickly as the number of sites that
are being established on the Web, and it would be stupid to
underestimate the serious damage that hackers can cause. Companies incur
major financial loss when their sites are hacked, not to mention damaged
reputation, which is often irreversible."
So, with the risks facing online start-ups, does it matter that we
get the name wrong? Hyper Viper adds that hackers in ProHACKtive seek to
prevent malignant attacks: "During these years of booming internet
economies, it becomes increasingly important for experts in technology
fields to step forward and help maintain open channels of internet
commerce and help the economy continue on its upward trend.
"ProHACKtive has been created to provide services to protect the
internet and its users."
Hackers are innocent and there for our benefit. Attention-seeking
vandals and crackers are the ones who cause damage to reputations and
share prices. But fear should not stop anyone going online. With
security being constantly improved thanks to the new MI scheme, it seems
increasingly unlikely that you will suffer a DoS attack, or even some
malignant but easily removable graffiti.
This may not be the case if you are a less successful website away
from the public eye. Perhaps in these cases it could be construed as an
inverted form of flattery to be cracked.
Serbian cyber-vandals recently made their way into Network Solutions
and registered themselves as owners of a whole host of websites,
including Manchester United, Adidas, Viagra, Jamesbond, France, Italy
and more.
A total loss of service was caused at the original sites in question
as the culprits used a Hotmail account and changed DNS servers to an
American ISP.
Instead of seeing the original sites, visitors saw a page stating
that "Kosovo is Serbia", and which asked victims to "be happy if we
hacked your site, because we hack only the best sites on the internet."
3
February 2000: Japan to fight hackers after raids on web sites
27
January 2000: Hacker Mitnick
released
12
January 2000: [International] Internet hacker in credit card plot
3
January 2000: [City] Hacker shuts Lloyds of London web site
25
November 1999: Hacker fears over fast Net
links