Смекни!
smekni.com

Computer Hacking Essay Research Paper Computer HackingPrecis

Computer Hacking Essay, Research Paper

Computer Hacking

Precis of ‘Who’s reading your E-mail” by Richard Behars

The article exposes the vulnerability of computer data and of

corporations with the popularity of the Internet. The Internet can

allow hackers access to any computer in the world, with understated

ease. Break-ins can go virtually undetected

Major corporations and government security departments have

acknowledged that hacker break-ins are out of control. Some companies

are too fearful to join networks because of this. Software programs

brought out to deal with the growing problem, such as firewalls, are no

longer totally effective. New technology has been developed such as

”Pilot Network Services’ (offering supervised Internet access);

‘Netranger’ (a monitor device used by Pentagon) and ‘Encrypton’

(software that jumbles messages).

The basics of computer security (using difficult passwords, and

guarding of data) are not being met in a disturbingly large number of

American companies surveyed. A new bill demands that system operators

become responsible for security. Hackers can be prosecuted (with

subsequent heavy penalties) only if the exposed company has actively

shown that it was security conscious. Further more, exposed companies

are liable to other companies if their lack of security precautions

allowed their computer network to become an opening for other company

break-ins.

Companies are dis-inclined to report breaches in security as it denotes

a poor image and highlights their vulnerability. Clients demand

security, and lack of it will send them elsewhere.

Billions of dollars annually is spent on protection devices. Others are

utilizing the expertise of former convicted hackers to fine tune and

update their security features. It is a case of befriending the enemy

in order to learn more. These hackers come out of goal with a ready

market for their expertise, and great financial rewards.

The explosion of the Internet use, and networks around the world have

brought with it a need for greater security consciousness amongst its

users and systems operation managers. Technology needs to be

constantly updated in the war against the ever-growing insidious and

malicious hacker.

Precis of ‘Hackers: Taking a byte out of computer crime’ by W. Roush.

Roush discusses the changing face of computer crime with the advent of

the modem and stricter laws. The article touches on the effect these

changes are having on hackers themselves, and the measures that are put

in place to deal with the problem. It also explores the common ground

which hackers and computer security experts agree on.

In the 1960’s the dictionary definition of a hacker was that of a

“computer virtuoso”. Hackers comprised of young, computer literate and

rebellious gangs vying for the status symbol image and thrill of

breaking into a computer network.

This all changed with the popularity of the modem and an increasing

number of computer users. The number of hackers exploded and thus the

image of being a hacker became passe. The tougher security measures

put in place, combined with more stringent laws (including

imprisonment) had the effect of weeding out all but the keenest of

hackers, and the most malicious.

Firms and security enforcers are now dealing with elite hackers whose

intent is now focused on sinister revenge, malicious damage, political

and defense corruption; and monetary greed. The cost of these types of

computer crimes could run into the billions, but an accurate measure is

unavailable. This is due either to the reluctance of corporations to

report any break-ins (because they may feel guilty about their lax

security), or because the information systems are so massive that the

scale of corruption may be too difficult to detect.

There are also a select few who choose to label themselves as hackers

with moral ethics. These second types of hacker prevalent today are

assisting companies and law enforcers in the fight against dangerous

hackers in a number of ways. These include holding hacker conventions

and on-line information services to inform the public of new security

risks, as well as being employed by corporations to break into their

systems in order to secure and refine them. These hackers love

computers and are motivated by the anger and frustration they feel at

the prevailing laxity of security measures in place. Despite this

level of co-operation there remains an inherent distrustful fear

between the two camps. Fear is also a motivating factor for

corporations in refusing to join networks, allocating enormous funds

for security measures; restricting access to information; and utilizing

passwords to deter alien entry.

Hacking crime is now far more sophisticated, varied and costly to

society. There is a need to continue to work with ethical hackers in

the battle for safety and order, otherwise we face an increasingly

monitored future and a reduction in the freedom of computer use.

Precis of ‘The United States Vs Craig Neidorf’ by D. Denning.

This article initially focuses on the US indictment of Neidorf, a

student who started an Internet publication, ‘Phrack’. This

publication was accused by the United States government of being a

fraudulent scheme devised by Nied and others to steal sensitive

documents and make them freely available to the public. The court case

was centered on an article about the countries E99 emergency system,

and how he managed to fraudulently obtain a highly sensitive document

which was then published with the intent to disrupt or halt all

services.

The author had taken a keen interest in the case due to the

implications it had on threats against freedom of the electronic press.

The Electronic Frontier Foundation (EFF) was founded with just this

concern. It helps to raise public awareness about civil liberties

issues and works to preserve and protect the constitutional rights with

the electronic media.

Denning was sought by Neidorf to assist in the case an expert witness

and to provide evidence throughout the trial. The government dropped

the charges after 4 days and it was declared a mistrial. It cost

Neidorf $100,000, but potentially he stood to spend 65 years in goal.

Neidorf’s case was argued that while Phrack may have seemed to promote

illegal hacking, the public itself was not illegal. It advises readers

not to engage in any intentional damage or harm. The purpose of Phrack

was the free exchange of information as covered by the First Amendment

of Constitutional Law and Civil Liberties. Neidorf actively

co-operated with the government agents in every way prior the

indictment. Furthermore, it was found that the supposed sensitive

document (E911) was readily available elsewhere. There was nothing in

Phrack that couldn’t be found in any other published books or journals.

In addition, Neidorf argued that if the E911 text had been a sensitive

document, it certainly was not treated or secured as such by Bellcorp.

Denning questions the rights of government to seize documents and

computer ware for extended periods, causing severe disruption, without

appropriate court orders; and makes suggestions to rectify the

process. The responsibilities of system operators are also called into

question. They should take greater care from unauthorized break-ins, as

they may be vulnerable to lawsuits if accused of taking inadequate

protection. Denning also suggests an update of the current law, to

bring it more into line with the UK Computer Misuse Act of 1990. There

is an acknowledgement of a new threat emerging where computer

criminals, as opposed to juvenile hackers, are potentially capable of

industrial espionage and damaging infrastructures. There is also a

final suggestion that the teaching of computer ethics could decrease

the incidence of hacking.

A Compilation of Viewpoints.

The articles written by Roush, Denning and Behar, as summarized

earlier, have many common themes. Issues about hackers, the Internet,

on line publications, invasions, security measures, and current laws

are discussed within varying frameworks.

Denning’s article approaches the topics through the lens of a court

case involving Neidorf, a law student and the publisher of Phrack (an

Internet billboard). The case highlights that there is a fine but

distinct line between the right for freedom of information, and the

unauthorized theft and use of it. In a subtle way, Denning also

distinguishes between the two prevalent types of hacker.

Roush’s article focuses primarily on the history and changing profile

of today’s hacker, and their interaction with companies and

corporations.

Behar discusses vulnerabilities via networks and the various measures

available to prevent or circumnavigate invasions.

All authors agree that the profile of hackers has changed since the

early computer heydays of the 1980’s. Juveniles who hacked for the

thrill of it have been replaced by two distinct types of hackers. The

first is the hacker with a self-professed personal code of moral

ethics. These hackers invade networks, not only for the challenge, but

to make the public aware of weak security links. They abhor lax

security measures and feel justified in their actions, claiming a

superior authority by publishing their exploits. Neidorf’s case

inadvertedly alluded to this, and the other articles pointed to ethical

hackers who assist companies, or start security firms utilizing their

expertise. These hackers are acknowledged by non-hackers with a

reluctant acceptance. The second comprises of an elite number of

hackers focused on malicious intent and greed.

The issue of on-line publications and information networks were

discussed in different perspectives. All authors agree that the

abundance of information and interaction available on- line is

beneficial. Denning’s article may suggest inadvertedly that there is a

distinction between freedom of information and the moral overtones of

freedom of publication. In Neidors case there was a clear distinction,

according to the law. All agree that being on-line to a network leaves

your system vulnerable to exposure by hackers from anywhere in the

world.

The laws and penalties were discussed at length in Denning’s article,

with suggestions for improvements. Roush and Behar pointed out that

convicted hackers had a lucrative ready made market for their expertise

when they ended their prison term – being paid to assist corporations

by breaking into their systems. They all agreed that prison sentences

had deterred a large number of juvenile thrill seekers, and mature

hackers.

Roush and Behar discuss the enormous, yet understated cost of company

computer invasions. They point out the reluctance of those victims to

report occurrences because of embarrassment, and the loss of trust

client’s feel with their security measures. They also suggest that

invasions are understated because many companies do not even realize

they have been corrupted. Hacking is very much out of control.

Denning” article indirectly showed how easily sensitive information

could be extrapolated from a system. All articles show those hackers

with strong social skills and graces can charm the information out of a

beguiled or proud computer owner/manager.

Lastly, all the articles discussed the important overall theme of

security measures. Roush and Behar point out that the most basic of

measures, use of a difficult password, was sadly lacking in many

companies surveyed. Dennings article features heavily on the inference

of sensitive data, but the hypocrisy of BellSouth’s not adequately

securing it. Behar extends into great detail about the effectiveness of

security measures available, and the acceptance and use of them. All

agree that system operator managers are being forced legally to take

more responsibility in their security measures.

In Conclusion

The articles demonstrate from different perspectives the growing

problem associated with the rapid rise in computer networks. The media

provides us with further revelations on the matter. There is no doubt

that the inherent psychology of human behavior determines that there

will always be those whose intellectual and technological pursuits will

find an outlet in those of computer intrusions. If convicted computer

hackers are able to successfully utilize their same skills in a more

productive manner, then perhaps we are missing the point altogether.

Hackers need a suitable outlet for their expertise and instincts for

challenge. Perhaps we should be looking at ways to channel that

enthusiasm appropriately, before they discover the evil path.

In addition, perhaps the advent of the hackers is a blessing in

disguise. If the articles stated research lends us to believe that many

companies are lax in their responsibility to security measures then

perhaps an intrusion followed by a court case is what is required to

make managers sit up, take notice and take action. I am not suggesting

the issue is open and clear cut. The advent of continuous new

technology demands continuous changes within society, and new

approaches. There are at least two ways to resolve the hacker problem:

deal with it as it is encountered; or take a different and proactive

approach. Either way, it is largely determined by our innovation and

motivation, just as it is with budding hackers, really!