The earliest programmers and technical artists of the personal
computer revolution in the 70s were given the nickname hackers. Defined in the Discovery Channel Hackers Hall
of Fame Glossary, a hacker is:
A person who enjoys exploring the details of programmable systems and how to
stretch their capabilities.
One who programs enthusiastically.
A person who is good at programming quickly.
An expert at a particular program, as in 'a Unix hacker'.
[Deprecated] A malicious meddler who tries to discover sensitive information by
poking around. The correct term for this sense is "cracker."
the term has hacker has been used to include both programmers that hack
computers, networks and programs illegally and legally, maliciously and inquisitively,
innocently and with exploitative intent. For
the purposes of the this project, the term hacker will be reserved to the first 4
definitions given above while the term cracker will encompass the 5th
definition. It is important to note; however,
that in most every article, book, and newspaper, the term hacker is used to define a
cracker. In these cases, please
take the definition in context with the article.
art of hacking computers can be traced back to the late 1960s and 1970s when young adults
like Bill Gates, Steve Jobs and Steve Wozniak were inventing the personal computer
industry in their garages. From that
start, the motley bunch of computer programmers and techie nerds began
gathering together and sharing information on the computer, possibilities, ideas,
innovations etc. The term hacker, back then,
defined these types of peopleindividuals who programmed computers intensely, nerds
that knew 3-4 computer languages, people that knew computers inside and out. It wasnt until the personal computer
revolution in the early 1980s, that the term hacker evolved into the infamous connotation. Personal computers became affordable and
eventually necessary to the average consumer. With
computers being distributed at an enormous rate, the concern of that time was new and
innovative technology, not security. By the
late 1980s and early 1990s, the average computer user became the consumer and was not
quickly associated with nerd. This
gave innovative, deceptive and creative individuals a whole new breed of people to scam,
rip-off, threaten and hackcomputer users who could not retaliate nor defend
themselves with proper net/computer security. Thus,
the evolution of the hacker came from the lack of security precautions taken while the
personal computer revolution began. It is
only much later in the 21st century that computer and Internet security has
gotten much attention. Computer users are
growing exponentially, still, and the availability of security software and hardware is
still slow to develop. Improvements have been
made, but auxiliary precautions are still necessary to be able to safely use a computer
and the Internet.
Can't Hack It
There are three major types of
cyber crime. The Internet offers limitless
communication, which crackers can use to establish connections with cohorts or with their
victims. Net-based attacks disrupt
information on the Internet and finally, the World Wide Web is a gold mine for information
and tools that can be used to facilitate crime on and off of the Internet. Prefabricated programs, detailed instructions,
maps, sensitive information, schedules, and addresses can be accessed over the web and
make it extremely easy for an individual or group of individuals to remain anonymous,
organized, and unseen by the public or by the proper authorities.
Communication allows one or
more crackers to plan and coordinate attacks over the Internet or in a physical
environment. The distribution of illegal
materials (drugs) and pirated materials (programs, music) are also common cyber crimes. Death threats, extortion, and harassment are the
more serious instance of cyber crime that can effect individuals or groups of individuals
and wind up causing emotional or physical harm on them.
Finally, each year thousands of people are scammed out of money over the Internet
with a variety of get-rich quick pyramids, bogus college degrees, and email fraud. The Moldavian Web scam cost the crackers over
$2.4 million in refunds to the over 38,000 customers scammed through long distance
dial-ups of their computers. Consumer
complaints increased 6x in 1999 from 1998 alone. The
number of people that are potential victims increases as every computer is soldthe
problem can only get worse unless serious action is taken.
Digital piracy of software and
music has lead to big business screaming for regulation.
As of 1994, over 1600 illegal software sites were being operated. The software and music industries claim to be
losing $20 and $10 billion dollars (respectively) annually due to the distribution of
these pirated materials alone. Again, the net
offers the freedom of extortion and scam to anyone who knows what buttons to press. How many of us have illegal files saved onto our
hard drives right now? I want my MP3.
As computer users, we all
represent potential targets of web-based attacks. There
are several targets in particular though, that we as net-savvy computer users should all
be concerned about. Computers can be broken
into, web sites can be hacked into and manipulated, Denial of Service (DoS) attacks, email bombings, viruses and worms,
and eavesdropping. All of these
vulnerabilities of a computer user can be used to the advantage of a cracker to gain
access to your personal system, steal sensitive information, manipulate your computer in a
DoS attack, infect your PC with a virus or worm that destroys files and spread across a
network, or to establish open communication between you, the victim, and a potential
physical threat. As of July 1999, there was a
reported 1400 web hacks. Credit card theft
alone has skyrocketed as more and more users are establishing business and making
transactions across the net. Carlos Felipe Salgado
Jr. stole almost 100,000 credit cards numbers and attempted to sell them on the
Internet for $260,000 dollars before the FBI caught him in a sting operation. Salgado did not hack through security measures
either, once the firewalls were bypassed; the numbers were available to him without even
40-bit encryption. Computer viruses such as
Chernobyl (CIH) and the Melissa macro virus have spread worldwide infecting computers,
erasing files and overwriting the BIOS. In
China, over $120 million dollars were lost to the Chernobyl macro virus.
Businesses lost $7.6 billion in
the 1st 2Q of 1999 according to Computer
Economics due to viruses. Over ¾ of the
computers of business are infected, mainly through email, by these viruses. Clearly, crackers have the ability to write and
distribute these viruses to one user, one firm, one country, or the entire system of
computers connected to the Internet. As the
rate of globalization increases, and as advances in communication outweighs the
innovations in security, vulnerability lurks within every computer plugged into the wall.
To the amateur cracker, the
Internet is a supermarket for information and tools regarding illegal computer hacking. There are how to guides on hacking,
social engineering, making bombs, drugs, and evading law enforcement. The software available on the net provides
crackers with the means to automate crimes and to hide any trace of illegality. The NY
TIMES reported that in 1997, there were 1900 hacker web sites and more than 30 hacker
The tools of
the trade are available for free download on the net.
Programs that serve as Network monitors are programs like Back Orifice, Netbus, and Backdoor-Gall of which
allow the cracker to remotely gain control of the infected computer to excise sensitive
information such as image, packets, keystrokes, and files.
These programs can be hidden within another program like a game or the free trial
of a utility. Password cracking programs like
Crack, LOphtCrack, and John the Ripper are used, obviously, for breaking into password
protected systems. Several different programs
including Ping of Death, Smurf, SYN flood, Land, Teardrop, and FloodNet can initiate
remote DoS attacks. Trojan horse programs by
the likes of Trin00, Tribal Flood Network, Stacheldraht (used in the DoS
attacks of Feb 2000) can also be distributed secretly and used to organize large-scale
attacks on popular web sites like buy.com, yahoo.com and ebay.com. There are also a whole series of programs
designed to find the vulnerabilities of computer systems over the Internet. Right behind that are sets of programs designed to
exploit those specific weaknesses. Want to
write a virus? There are even programs
available on the net for those aspiring authors of computer viruses as well. Will one be a bestseller on your PC?
On April 17th, Canadian police arrested a 15 year old boy
that goes by the name Mafiaboy online in conjunction with the February DoS
attacks. It is claimed that Mafiaboy made several claims in online chat rooms
of his involvement with the attacks and the FBI has reason to believe that the attacks
came from an ISP in Montreal of which Mafiaboy holds two accounts. Currently, the boy is being charged under the Computer Fraud and Abuse Act, which
was expanded in 1996 to cover all computers used in commerce. It prohibits the
unauthorized access of information and the transmission of anything that causes damage or
facilitates fraud and extortion. Mafiaboy could face 6 months to 10 years in
prison for a repeat offender and twice the gross monetary loss to the victim.
In 1998 there were 418 cases handed to federal
prosecutors, up 43% from the previous year. Only
20% of those cases were filed with charge of cyber crime.
Over 40% of the cases that are brought to the prosecutors do not have enough
evidence for a successful trial. Of the 418
potential cases, only 47 of them resulted in conviction with the average sentence being 5
months in jail (half of those 47 cases resulted in no jail time). Since 1992, a total of 84 cyber criminals have
been imprisoned. Thats it. The cost of cyber crime, estimated by CSI/FBI, is near $124 million for
the 163 organizations surveyed. According to
ASIS however, over $250 Billion have been lost in intellectual property theft. These numbers are merely estimates that do more
than point to a problem, they scream at a need for a solution.
light of the recent DoS attacks, President Bill Clinton held a summit at the White House
calling in the leaders of the computer industry to try and formulate the problem in a
manageable and solvable way. What came from
the meaning was a need for increased security in the high-tech market. Cyber crime is one of the most critical issues in
law enforcement with the rate of online crime escalating from 547 computer-intrusion
cases in 1998 to 1,154 in 1999 according to the FBI.
Freeh, Director of the FBI, stated, In short, even though we have markedly
improved our capabilities to fight cyber intrusions the problem is growing even faster and
we are falling further behind.
has proposed a five-year plan to deal with the issue of cyber crime, which will work
toward establishing uniformity in the tech industry that would regulate security features
on computers and related equipment. The plan
also intends to increase the penalty for cyber intrusions by making it a bigger offense to
wreak havoc on the Internet. The objective of
this plan is to increase awareness of cyber crime, to help regulate technology so that at
least some collective effort can be made to securing cyberspace, and to discourage
malicious hackers from committing a cyber crime by offering stiffer penalties. The issues at hand are being taken very seriously
by both the FBI and the White House and illustrate one very important point: unless action
is taken, the distance between a secured Internet and an unsecured Internet will only
lengthen with time.
What does big
business say about security? The e-comm
bigwigs like ebay and yahoo deal with hacking, fraud and security breaches every day. Their systems are constantly under the strain of
attempted cyber intrusion; however, only the most serious cases are even brought to
attention of the FBIyielding mostly limited results.
The FBI and the federal courts do not have the technology to investigate and
convict potential cyber criminals. Therefore,
it is futile for these companies to rely on the law when there are simply no resources at
hand to investigate these types of crimes. Instead,
corporations that cannot afford to rely on the government for support invest billions of
dollars into high-tech security measures. While
funding for prosecutors remains static, computer crime has quadrupled over the past three
years, according to a survey by the FBI and San Francisco's Computer Security Institute. Seventy-five percent of the hacking
victimsmost often corporations and government agenciessaid it cost an average
of $1 million per intrusion to investigate, repair, and secure their systems. Corporations spent $7.1 billion in 1999 on
corporate security to protect themselves against cyber attacks and the bill could reach
$17 billion by 2003, according to Internet analysts at Aberdeen Group in Boston, Mass. The evolution of the Internet has illustrated a
very sensitive weakness, technology that outweighs its security and the economy and
society that depends on it will be under constant strain until adequate security measures
are taken into effect. The effects of
security on business and e-commerce are analyzed in detail in another focus
of this project.
the essence of programming, has become one of the most potential disasters of the
Internet. While everyone remains concerned
with the Microsoft
anti-trust case, the latest web browser, or the
best place to buy a garden rake on the net, the silent but deadly art of hacking
computer systems has gained a firm hold in cyberspace.
It will take more effort than simply outfitting every computer with virus software. After all, the people designing virus software
work in a reactionary response to the crackers, not proactively.
Is there a way to secure the
Internet from hackers? Absolutely not. Here is an analogy. Is there anyway to stop speeding cars on the
Are there ways to regulate speeding and to keep it to a minimum? Yes, more than
likely. In light of this rant on hacking the
Internet, no, there is not a cure-all solution for safeguarding cyberspace. Technology is still an option in this country. The only way to assure ones security over
the Internet is to unplug it from your wall. Precautions
can be taken; however, and that will be discussed upon in a later focus
of this project.
Like all crime, the CSI/FBI
need people to point fingers at. Right now,
it is relatively impossible to trace the source and individuals responsible for cyber
attacks. Programs facilitating the capture
and conviction of cyber criminals should be initiated, many have been, and the seriousness
of this issue needs to be released every time someone buys a computer.
Perhaps my dad isnt so
tech stupid after all. He hates computers,
because he values his privacy and security more than anyone I know does. To him, a computer represents a portal right into
someones housevulnerability; a weak spot that can be exploited by the
knowledgeable and the willing, unbeknownst to the typical computer user.
Maybe computers need a warning
label on the box. It is up to the user to
secure their computer. There is information
out there. Tons of it. On the Internet, in the library, on the news,
everywhere. To use the Internet safely, one
must be aware of the problems out there. Hopefully
this entire project has shed some light on the subject. If youre sitting at a computer reading this
right now, how many other people do you think know what site you are at, what you are
looking at, and what your IP address is? They
might know where you live, your email address or your favorite flavor of ice cream. Or they might not.
Back to Psybersite
project was produced for PSY 380, Social
Psychology of Cyberspace, Spring 2000, at Miami
University. All graphics in these pages are used with permission or under fair
use guidelines, are in the public domain, or were created by the authors. Last
revised: Tuesday, March 11, 2014 at 17:34: %3 This document has been accessed 1 times since 1 May
Comments and Questions to R. Sherman.