net.wars Home Page | NYU Press

Introduction | Contents | Notes | Author | Reviews | Feedback

Chapter 10
The Wrong Side of the Passwords

1 2 3 4 5 6 7 8

Goldstein echoes this: "A lot of people are into hacking right now, but it's only the people who are into searching out information and wasting a lot of time who are hackers."[16]

The pettiness of some of these efforts was underlined for me when one member of the hacker gathering, the Navy security guy--now married and, he assured me, respectably monogamous--launched into a long, inchoate defense of inflating his status in the Navy to bag women: it's dazzling, and it's a faster way to achieve the desired result than might have been possible with the truth. Then he tangled this all up with conquest and challenge, "the way men like to approach women," the fun of the chase. "It's a one-night stand. You just want to get in quick." But if it's the challenge and the chase that appeal, why cheat to make it easier? If anything, you should be cheating to make it harder. By analogy, if it's the challenge these guys want, why go the easy, pre-programmed route? Some of the answer is that the cloned cellphone is only a means to an end: the ability to wander untraceably around the Internet trying doorknobs via a hacked university account. It turned out there was another reason: our cloner had already had his cellphone cut off for non- payment three times.

These are, of course, small-time hackers, and although they do present a risk, they're far from the biggest threat to computer systems. Disgruntled employees, current and former, do far more damage (just like rape, you are more at risk from someone you know and who knows you); the Year 2000 problem surfacing because computers were not designed to handle dates past 1999 will be far more expensive to fix; system crashes due to faulty or badly designed software lose more data. In a General Accounting Office (GAO) report on computer security released in May 1996, the Computer Emergency Response Team estimates that at least 80 percent of the security problems it addresses involve passwords poorly chosen or poorly protected by computer users.[17] That's a sobering thought, especially since the private cryptographic keys on which our future digital identities will depend are also protected from fraudulent use by passwords and passphrases.

That same report estimated that military systems may have experienced as many as 250,000 hacker attacks. Based on the Defense Information Systems Agency (DISA) data taken from attacks it carried out itself, DISA estimated that the attacks were successful 65 percent of the time, and that the number of attacks is doubling each year as Internet use and the sophistication of hackers and their tools increases. The figure of 250,000 attacks was widely reported, but when you look closely there were actually only 559 officially reported attacks in 1995.

The FBI view is grim: at a tutorial on law enforcement at the 1996 Computers, Freedom, and Privacy Conference, computer crime specialist Richard Ress told us, " A villain armed with a computer and a small squad of hackers can be as dangerous and disruptive as any adversary we've faced since World War II." And further, "We must dispel the notion that hackers are kids having fun and recognize that they are resourceful, talented, and dangerous." But some of them are just kids, and the Electronic Frontier Foundation was founded on the concerns about the rights of innocent users during search and seizure operations, especially the disposition of electronic mail stored on, for example, a system being taken down.

I'd argue that there are worse things to be scared about. The GAO report also mentions that the Department of Defense was warned as long ago as 1994 that its security was inadequate and that its policies were not suitable for the networked environment in which it now finds itself. The report adds, however: "Absolute protection of Defense information is neither practical nor affordable. Instead, Defense must turn to risk management to ensure computer security. In doing so, however, it must make tradeoffs that consider the magnitude of the threat, the value and sensitivity of the information to be protected, and the cost of protecting it." In other words: no one is safe, and there is no perfect security.

The latest twist on hacker scares is infowar. Paul Strassman and William Marlow, in a paper presented at a January 1996 conference at Harvard University, laid out just how vulnerable we may be becoming: "Information terrorist attacks can be expected to become a decisive element of any combined threat to the economic

Last Page   Top of Page   Next Page

Copyright © 1997-99 NYU Press. All rights reserved.
Reproduction in whole or in part in any form or medium without written permission of New York University Press is prohibited.

NYU Press
Be sure to visit the NYU Press Bookstore

[Design by NiceMedia]