ch03.htm

Maximum Security (First Edition) 网络安全 英文版

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>

<HEAD>
	
	<TITLE>Maximum Security -- Ch 3 -- Hackers and Crackers</TITLE>
</HEAD>

<BODY TEXT="#000000" BGCOLOR="#FFFFFF">

<CENTER>
<H1><IMG SRC="../button/samsnet.gif" WIDTH="171" HEIGHT="66" ALIGN="BOTTOM" BORDER="0"><BR>
<FONT COLOR="#000077">Maximum Security: </FONT></H1>
</CENTER>
<CENTER>
<H2><FONT COLOR="#000077">A Hacker's Guide to Protecting Your Internet Site and Network</FONT></H2>
</CENTER>
<CENTER>
<P><A HREF="../ch02/ch02.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch04/ch04.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> 
<HR>

</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">3</FONT></H1>
</CENTER>
<CENTER>
<H1><FONT COLOR="#000077">Hackers and Crackers</FONT></H1>
</CENTER>
<P>The focus of this chapter is on hackers, crackers, and the differences between
them.
<H2><FONT COLOR="#000077"><B>What Is the Difference Between a Hacker and a Cracker?</B></FONT></H2>
<P>There have been many articles written (particularly on the Internet) about the
difference between hackers and crackers. In them, authors often attempt to correct
public misconceptions. This chapter is my contribution in clarifying the issue.</P>
<P>For many years, the American media has erroneously applied the word <I>hacker</I>
when it really means <I>cracker</I>. So the American public now believe that a hacker
is someone who breaks into computer systems. This is untrue and does a disservice
to some of our most talented hackers.</P>
<P>There are some traditional tests to determine the difference between hackers and
crackers. I provide these in order of their acceptance. First, I want to offer the
general definitions of each term. This will provide a basis for the remaining portion
of this chapter. Those definitions are as follows:</P>

<UL>
	<LI>A <I>hacker</I> is a person intensely interested in the arcane and recondite
	workings of any computer operating system. Most often, hackers are programmers. As
	such, hackers obtain advanced knowledge of operating systems and programming languages.
	They may know of holes within systems and the reasons for such holes. Hackers constantly
	seek further knowledge, freely share what they have discovered, and never, ever intentionally
	damage data.<BR>
	<BR>
	
	<LI>A <I>cracker</I> is a person who breaks into or otherwise violates the system
	integrity of remote machines, with malicious intent. Crackers, having gained unauthorized
	access, destroy vital data, deny legitimate users service, or basically cause problems
	for their targets. Crackers can easily be identified because their actions are malicious.
</UL>

<P>These definitions are good and may be used in the general sense. However, there
are other tests. One is the legal test. It is said that by applying legal reasoning
to the equation, you can differentiate between hackers (or any other party) and crackers.
This test requires no extensive legal training. It is applied simply by inquiring
as to <I>mens rea</I>.
<H3><FONT COLOR="#000077"><I><B>Mens Rea</B></I></FONT></H3>
<P><I>Mens rea</I> is a Latin term that refers to the guilty mind. It is used to
describe that mental condition in which criminal intent exists. Applying <I>mens
rea</I> to the hacker-cracker equation seems simple enough. If the suspect unwittingly
penetrated a computer system--and did so by methods that any law-abiding citizen
would have employed at the time--there is no <I>mens rea</I> and therefore no crime.
However, if the suspect was well aware that a security breach was underway--and he
knowingly employed sophisticated methods of implementing that breach--<I>mens rea</I>
exists and a crime has been committed. By this measure, at least from a legal point
of view, the former is an unwitting computer user (possibly a hacker) and the latter
a cracker. In my opinion, however, this test is too rigid.</P>
<P>At day's end, hackers and crackers are human beings, creatures too complex to
sum up with a single rule. The better way to distinguish these individuals would
be to understand their motivations and their ways of life. I want to start with the
hacker.</P>
<P>To understand the mind-set of the hacker, you must first know what they do. To
explain that, I need to briefly discuss computer languages.
<H4><FONT COLOR="#000077"><B>Computer Languages</B></FONT></H4>
<P>A computer language is any set of libraries or instructions that, when properly
arranged and compiled, can constitute a functional computer program. The building
blocks of any given computer language never fundamentally change. Therefore, each
programmer walks to his or her keyboard and begins with the same basic tools as his
or her fellows. Examples of such tools include</P>

<UL>
	<LI>Language libraries--These are pre-fabbed functions that perform common actions
	that are usually included in any computer program (routines that read a directory,
	for example). They are provided to the programmer so that he or she can concentrate
	on other, less generic aspects of a computer program.<BR>
	<BR>
	
	<LI>Compilers--These are software programs that convert the programmer's written
	code to an executable format, suitable for running on this or that platform.
</UL>

<P>The programmer is given nothing more than languages (except a few manuals that
describe how these tools are to be used). It is therefore up to the programmer what
happens next. The programmer programs to either learn or create, whether for profit
or not. This is a useful function, not a wasteful one. Throughout these processes
of learning and creating, the programmer applies one magical element that is absent
within both the language libraries and the compiler: imagination. That is the programmer's
existence in a nutshell.</P>
<P>Modern hackers, however, reach deeper still. They probe the system, often at a
microcosmic level, finding holes in software and snags in logic. They write programs
to check the integrity of other programs. Thus, when a hacker creates a program that
can automatically check the security structure of a remote machine, this represents
a desire to better what now exists. It is creation and improvement through the process
of analysis.</P>
<P>In contrast, crackers rarely write their own programs. Instead, they beg, borrow,
or steal tools from others. They use these tools not to improve Internet security,
but to subvert it. They have technique, perhaps, but seldom possess programming skills
or imagination. They learn all the holes and may be exceptionally talented at practicing
their dark arts, but they remain limited. A true cracker creates nothing and destroys
much. His chief pleasure comes from disrupting or otherwise adversely effecting the
computer services of others.</P>
<P>This is the division of hacker and cracker. Both are powerful forces on the Internet,
and both will remain permanently. And, as you have probably guessed by now, some
individuals may qualify for both categories. The very existence of such individuals
assists in further clouding the division between these two odd groups of people.
Now, I know that real hackers reading this are saying to themselves &quot;There is
no such thing as this creature you are talking about. One is either a hacker or a
cracker and there's no more to it.&quot;
<H4><FONT COLOR="#000077"><B>Randal Schwartz</B></FONT></H4>
<P>If you had asked me five years ago, I would have agreed. However, today, it just
isn't true. A good case in point is Randal Schwartz, whom some of you know from his
weighty contributions to the programming communities, particularly his discourses
on the Practical Extraction and Report Language (Perl). With the exception of Perl's
creator, Larry Wall, no one has done more to educate the general public on the Perl
programming language. Schwartz has therefore had a most beneficial influence on the
Internet in general. Additionally, Schwartz has held positions in consulting at the
University of Buffalo, Silicon Graphics (SGI), Motorola Corporation, and Air Net.
He is an extremely gifted programmer.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>Schwartz has authored or co-authored
	quite a few books about Perl, including <I>Learning Perl</I>, usually called &quot;The
	Llama Book,&quot; published by O'Reilly &amp; Associates (ISBN 1-56592-042-2). 
<HR>


</BLOCKQUOTE>

<P>His contributions notwithstanding, Schwartz remains on the thin line between hacker
and cracker. In fall 1993 (and for some time prior), Schwartz was employed as a consultant
at Intel in Oregon. In his capacity as a system administrator, Schwartz was authorized
to implement certain security procedures. As he would later explain on the witness
stand, testifying on his own behalf:

<DL>
	<DD>Part of my work involved being sure that the computer systems were secure, to
	pay attention to information assets, because the entire company resides--the product
	of the company is what's sitting on those disks. That's what the people are producing.
	They are sitting at their work stations. So protecting that information was my job,
	to look at the situation, see what needed to be fixed, what needed to be changed,
	what needed to be installed, what needed to be altered in such a way that the information
	was protected.
</DL>

<P>The following events transpired:</P>

<UL>
	<LI>On October 28, 1993, another system administrator at Intel noticed heavy processes
	being run from a machine under his control.<BR>
	<BR>
	
	<LI>Upon examination of those processes, the system administrator concluded that
	the program being run was Crack, a common utility used to crack passwords on UNIX
	systems. This utility was apparently being applied to network passwords at Intel
	and at least one other firm.<BR>
	<BR>
	
	<LI>Further examination revealed that the processes were being run by Schwartz or
	someone using his login and password.<BR>
	<BR>
	
	<LI>The system administrator contacted a superior who confirmed that Schwartz was
	not authorized to crack the network passwords at Intel.<BR>
	<BR>
	
	<LI>On November 1, 1993, that system administrator provided an affidavit that was
	sufficient to support a search warrant for Schwartz's home.<BR>
	<BR>
	
	<LI>The search warrant was served and Schwartz was subsequently arrested, charged
	under an obscure Oregon computer crime statute. The case is bizarre. You have a skilled
	and renowned programmer charged with maintaining internal security for a large firm.
	He undertakes procedures to test the security of that network and is ultimately arrested
	for his efforts. At least, the case initially appears that way. Unfortunately, that
	is not the end of the story. Schwartz did not have authorization to crack those password
	files. Moreover, there is some evidence that he violated other network security conventions
	at Intel.
</UL>