STUDY GUIDE
What are hackers?
- Hackers are people who try to gain unauthorised access to your computer. This is normally done through the use of a 'backdoor' program installed on your machine. You can protect yourself from these by using a firewalland a good up-to-date anti-virus program. You would normally get such a backdoor program by opening an E-mail attachment containing the backdoor program. It is normal for such a backdoor program to send out more copies of itself to everyone in your address book, so it is possible for someone you know to unintentionally send you a malicious program. A few backdoor programs can work with any e-mail program by sitting in memory and watching for a connection to a mail server, rather than actually running from within a specific mail program. These programs automatically attach themselves to any e-mail you send, causing you to unintentionally send out malicious programs to your friends and associates.
Why do hackers hack?
- To a hacker, breaking into someone’s computer is simply a challenge. They may not specifically intend to do damage to the computer. The thrill of simply gaining access is often enough. Hackers often try to show off their skills to the world by hacking into government computers, or as revenge against another user or agency. Hackers are indeed as the stereotype depicts them as; young males with a thirst for knowledge. Despite rumours, all hackers do not wear nerdy glasses.
What damage can a hacker do?
- This depends upon what backdoor program(s) are hiding on your PC. Different programs can do different amounts of damage. However, most allow a hacker to smuggle another program onto your PC. This means that if a hacker can't do something using the backdoor program, he can easily put something else onto your computer that can. Hackers can see everything you are doing, and can access any file on your disk. Hackers can write new files, delete files, edit files, and do practically anything to a file that could be done to a file. A hacker could install several programs on to your system without your knowledge. Such programs could also be used to steal personal information such as passwords and credit card information. Some backdoor programs even allow a hacker to listen in on your conversations using your computer's microphone if one is attached!
Types of hackers
Hackers often can be characterized by their motives. The following are the more common types of hackers and the motives they cite:
- Pranksters: These hackers are the mischief-makers of the bunch whose intention is merely to be a nuisance. They are the equivalent of individuals who pull fire alarms or make phony bomb threats. Copycat hackers would also fall into this category.
- Fame seekers: This group hacks seeking attention or notoriety. Using a code name, these individuals target high-profile sites such as Yahoo!, eBay, or NASA to achieve bragging rights among their peers.
- Educational: Students justify hacking into systems by saying that they are honing their programming skills.
- Criminals: When bank robber Willie Sutton was asked why he robbed banks, he replied: "That’s where the money is." Stored data or "data at rest" is more profitable to steal than data moving over the Internet. Why steal one credit card number at a time when you can steal tens of thousands to millions with one break-in? This happened to CDUniverse and RealNames. Pacific Bell had to have more than 60,000 customers change their passwords after hackers stole them.
What constitutes hacking?
- Computer fraud is the legal term for a large part ofwhat most consider hacking. Another form of hacking is the illegal seizure and unathorized use of credit card numbers.
Cases that have helped to shape the law
- Kevin Mitnick was arrested for stealing credit card numbers and for gaining illegal entry into numerous systems via the internet.
- Arrested at 1:30 a.m., February 15, 1995, in Raleigh, N.C.
- Eluded the F.B.I. for three years.
- He was charged with everything from the theft of more than 20,000 credit card numbers to the illegal entry into numerous computer networks. Oddly enough, the court could not prove that Mitnick ever actually used any of the stolen credit card numbers.
- He was caught by Tsutomu Shimomura , a computer security expert and senior research fellow at the San Diego Supercomputer Center.
- Lots of ethical questions are raised by the financial fallout of Mitnick's demise.
- Mitnick undoubtedly violated the law by illegally acquiring those credit card numbers.
- Was the method of his capture legal, though? They captured Mitnick using wiretaps, and by "hunting" him down on the internet. Tsutomu even admits to "baiting" Mitnick with tempting software in a few instances to draw h im out into the open.
- Could this be considered entrapment? Mistrials have been called for less.
- Ed Cummings was the first person in the United States to be imprisoned for possession of a red box.
- The charges
- The grand jury charged that he "knowingly and with intent to defraud did possess and have custody and control of a telecommunications instrument, that had been modified and altered to obtain unauthorized use of telecommunicatio n services through the use of public telephones" on or about March 13 and 15 of 1995.
- He was also charged with "being in possession of hardware and software used for altering and modifying telecommunications instruments to obtain unauthorized access to telecommunications service."
- Is it ethical to sell the components, if someone can be jailed for amassing them into one single object? Welcome to Radio Shack.
- Where in the world could he have obtained information regarding a tone dialer ?
- He was sentenced to seven months in federal prison, but was released three days later so that he could attend a hearing on whether or not he violated his probation.
- The violation in question was his supposed removal of batteries from the tone-dialer when the police arrived.
- The hearing was postponed many times, but finally took place on a day when the weather was so bad his lawyer could not show up.
- Was the judge ethically justified in discarding Cummings' right to a fair trial?
- The judge refused to let Cummings speak and said that he had definitely violated probation, ordering him to be held on $250,000 bail, to be sentenced within 60 days.
- He was sentenced 6 to 24 months in prison plus a $3,000 fine.
- Craig Neidorf , an employee of Bellsouth, was arrested for distributing information that was thought to have been illegally obtained from the comp any.
- A pre-law student at the University of Missouri and the editor of Phrack Magazine, was questioned first at home, then had his house searched, a nd then was called in for questioning by the U.S. Attorney's Office in Chicago in 1990 in which he complied willingly.
- On February 1, 1990 Neidorf was indicted by a grand jury on six counts including wire fraud, computer fraud, and transportation of stolen property greater than $5,000.
- The trial began on July 23, 1990 in Chicago's District Court for the Northern District of Illinois, in which the prosecution withheld witnesses, one Secret Service agent, a friend of Neidorf's and alleged co-conspirator, and many of Ne idorf's fellow employees at Bellsouth.
- He was found in possession of a file detailing an enhanced 911 system belonging to Bellsouth (regarded as hacking instructions), a T rojan Horse program, and an announcement in his magazine regarding "The Phoenix Project" (an elite bulletin board), which included a statement regarding the freedom of knowledge.
- The articles were proven harmless. The Trojan Horse Login program belonged to him and was never used. Finally, the Phoenix Project was observed and regarded to be insignificant.
- A mistrial was declared, but Neidorf was left with a $100,000 court bill.
- Should the court be ethically obligated to compensate Neidorf for his trouble?
- Steve Jackson Games
- On the morning of March 1, armed Secret Service agents and Austin police occupied the offices of Steve Jackson Games and began a search for computer equipment. The house of Loyd Blankenship, the writer of GURPS Cyberpunk, was also rai ded.
- Four computes, two laser printers, some loose hard disks, and a great deal of assorted hardware were seized .
- The only computers taken were those with GURPS Cyberpunk files. The agents cut locks, forced footlockers, and tore up boxes in their frantic search.
- It was supposed that GURPS (a soon-to-become famous role-playing game) was to be "a handbook for computer crime." The seized materials were ful l of references to futuristic equipment that didn't exist.
- The Secret Service kept one company hard disk, all Loyd's personal equipment and files, and the printouts of GURPS Cyberpunk.
- SJ Games survived the loss only by laying off half its employees.
- SJ Games received a copy of the Secret Service warrant affidavit on October 21, 1990. The cause for the search was Games' remote association with Neidorf and a few other main-stream computer elitists.
- The case finally came to trial in early 1993.
- The Secret Service lost, and S. J. Games was awarded $50,000 in damages, plus over $250,000 in attorney's fees.
- Be sure to read the article closely. The law states that the Secret Service did not violate any laws by reading any of the mail on the computers, as opposed to anything sent through the United States Postal Service.
- Should email be given the same status as actual mail? Should the medium make a difference?
In Favor of Hacking
Keep in mind that the ethical debate for hacking stems entirely in the definition of what it is to hack. Everyone realizes it is illegal to take money from a bank via a computer without authorization, but it might not be illegal to "hack" into a system if you do so because you are aware of a security flaw and wish to bring it to the attention of the proper authorities (without malicious intent).The following are sorted by their definitions of hacker:- "Someone who relates to technology as a form of play" Lee Felsenstein
Advice on Protecting your PC
A skilled hacker will do whatever it takes to break into your computer. Just ask Microsoft. Even a giant software company is not completely safe. The company was hacked by a Trojan-horse program hidden inside an innocent-looking email attachment. The Trojan horse replicated itself throughout Microsoft's internal network and eventually emailed proprietary secrets back to the originator of the Trojan horse. Follow these six steps to protect your computer from being hacked:- Don't let other people onto your computer unless you really trust them. A great way to do this is to password-protect your computer.
- Don't ever open attachments. Avoid Trojan horses and viruses by following this rule. For more information, go here .
- Turn off file sharing if you don't need it. If a port scan is done on your computer, a hacker may find a back door to your machine and access your files.
- Use an antivirus program and keep it up to date. For more information, gohere .
- If you have a constant Internet connection, use a firewall. For more information, go here .
- Routinely update Windows software. This is extremely important. Updates fix many bugs and known security holes within the Windows operating system.