ch03.htm

Maximum Security (First Edition) 网络安全 英文版

were infected. Within hours, the Internet was under heavy siege. In a now celebrated
paper that provides a blow-by-blow analysis of the worm incident ("Tour of the
Worm"), Donn Seeley, then at the Department of Computer Science at the University
of Utah, wrote:

<DL>
	<DD>November 3, 1988 is already coming to be known as Black Thursday. System administrators
	around the country came to work on that day and discovered that their networks of
	computers were laboring under a huge load. If they were able to log in and generate
	a system status listing, they saw what appeared to be dozens or hundreds of &quot;shell&quot;
	(command interpreter) processes. If they tried to kill the processes, they found
	that new processes appeared faster than they could kill them.
</DL>

<P>The worm was apparently released from a machine at the Massachusetts Institute
of Technology. Reportedly, the logging system on that machine was either working
incorrectly or was not properly configured and thus, the perpetrator left no trail.
(Seely reports that the first infections included the Artificial Intelligence Laboratory
at MIT, the University of California at Berkeley, and the RAND Corporation in California.)
As one might expect, the computing community was initially in a state of shock. However,
as Eugene Spafford, a renowned computer science professor from Purdue University,
explained in his paper &quot;The Internet Worm: An Analysis,&quot; that state of
shock didn't last long. Programmers at both ends of the country were working feverishly
to find a solution:

<DL>
	<DD>By late Wednesday night, personnel at the University of California at Berkeley
	and at Massachusetts Institute of Technology had `captured' copies of the program
	and began to analyze it. People at other sites also began to study the program and
	were developing methods of eradicating it.
</DL>

<P>An unlikely candidate would come under suspicion: a young man studying computer
science at Cornell University. This particular young man was an unlikely candidate
for two reasons. First, he was a good student without any background that would suggest
such behavior. Second, and more importantly, the young man's father, an engineer
with Bell Labs, had a profound influence on the Internet's design. Nevertheless,
the young man, Robert Morris Jr., was indeed the perpetrator. Reportedly, Morris
expected his program to spread at a very slow rate, its effects being perhaps even
imperceptible. However, as Brendan Kehoe notes in his book <I>Zen and the Art of
the Internet</I>:

<DL>
	<DD>Morris soon discovered that the program was replicating and reinfecting machines
	at a much faster rate than he had anticipated--there was a bug. Ultimately, many
	machines at locations around the country either crashed or became `catatonic.' When
	Morris realized what was happening, he contacted a friend at Harvard to discuss a
	solution. Eventually, they sent an anonymous message from Harvard over the network,
	instructing programmers how to kill the worm and prevent reinfection.
</DL>

<P>Morris was tried and convicted under federal statutes, receiving three years probation
and a substantial fine. An unsuccessful appeal followed. (I address this case in
detail in Part VII of this book, &quot;The Law.&quot;)</P>
<P>The introduction of the Morris Worm changed many attitudes about Internet security.
A single program had virtually disabled hundreds (or perhaps thousands) of machines.
That day marked the beginning of serious Internet security. Moreover, the event helped
to forever seal the fate of hackers. Since that point, legitimate programmers have
had to rigorously defend their hacker titles. The media has largely neglected to
correct this misconception. Even today, the national press refers to crackers as
hackers, thus perpetuating the misunderstanding. That will never change and hence,
hackers will have to find another term by which to classify themselves.</P>
<P>Does it matter? Not really. Many people charge that true hackers are splitting
hairs, that their rigid distinctions are too complex and inconvenient for the public.
Perhaps there is some truth to that. For it has been many years since the terms were
first used interchangeably (and erroneously). At this stage, it is a matter of principle
only.
<H2><FONT COLOR="#000077"><B>The Situation Today: A Network at War</B></FONT></H2>
<P>The situation today is radically different from the one 10 years ago. Over that
period of time, these two groups of people have faced off and crystallized into opposing
teams. The network is now at war and these are the soldiers. Crackers fight furiously
for recognition and often realize it through spectacular feats of technical prowess.
A month cannot go by without a newspaper article about some site that has been cracked.
Equally, hackers work hard to develop new methods of security to ward off the cracker
hordes. Who will ultimately prevail? It is too early to tell. The struggle will likely
continue for another decade or more.</P>
<P>The crackers may be losing ground, though. Because big business has invaded the
Net, the demand for proprietary security tools has increased dramatically. This influx
of corporate money will lead to an increase in the quality of such security tools.
Moreover, the proliferation of these tools will happen at a much faster rate and
for a variety of platforms. Crackers will be faced with greater and greater challenges
as time goes on. However, as I explain in Chapter 5, &quot;Is Security a Futile Endeavor?&quot;
the balance of knowledge maintains a constant, with crackers only inches behind.
Some writers assert that throughout this process, a form of hacker evolution is occurring.
By this they mean that crackers will ultimately be weeded out over the long haul
(many will go to jail, many will grow older and wiser, and so forth). This is probably
unrealistic. The exclusivity associated with being a cracker is a strong lure to
up-and-coming teenagers. There is a mystique surrounding the activities of a cracker.</P>
<P>There is ample evidence, however, that most crackers eventually retire. They later
crop up in various positions, including system administrator jobs. One formerly renowned
cracker today runs an Internet salon. Another works on systems for an airline company
in Florida. Still another is an elected official in a small town in Southern California.
(Because all these individuals have left the life for a more conservative and sane
existence, I elected not to mention their names here.)
<H4><FONT COLOR="#000077"><B>The Hackers</B></FONT></H4>
<P>I shall close this chapter by giving real-life examples of hackers are crackers.
That seems to be the only reliable way to differentiate between them. From these
brief descriptions, you can get a better understanding of the distinction. Moreover,
many of these people are discussed later at various points in this book. This section
prepares you for that as well.</P>
<P><B>Richard Stallman</B> Stallman joined the Artificial Intelligence Laboratory
at MIT in 1971. He received the 250K McArthur Genius award for developing software.
He ultimately founded the Free Software Foundation, creating hundreds of freely distributable
utilities and programs for use on the UNIX platform. He worked on some archaic machines,
including the DEC PDP-10 (to which he probably still has access somewhere). He is
a brilliant programmer.</P>
<P><B>Dennis Ritchie, Ken Thompson, and Brian Kernighan</B> Ritchie, Thompson, and
Kernighan are programmers at Bell Labs, and all were instrumental in the development
of the UNIX operating system and the C programming language. Take these three individuals
out of the picture, and there would likely be no Internet (or if there were, it would
be a lot less functional). They still hack today. (For example, Ritchie is busy working
on Plan 9 from Bell Labs, a new operating system that will probably supplant UNIX
as the industry-standard super-networking operating system.)</P>
<P><B>Paul Baran, Rand Corporation</B> Baran is probably the greatest hacker of them
all for one fundamental reason: He was hacking the Internet before the Internet even
existed. He hacked the concept, and his efforts provided a rough navigational tool
that served to inspire those who followed him.</P>
<P><B>Eugene Spafford</B> Spafford is a professor of computer science, celebrated
for his work at Purdue University and elsewhere. He was instrumental in creating
the Computer Oracle Password and Security System (COPS), a semi-automated system
of securing your network. Spafford has turned out some very prominent students over
the years and his name is intensely respected in the field.</P>
<P><B>Dan Farmer</B> Farmer worked with Spafford on COPS (Release 1991) while at
Carnegie Mellon University with the Computer Emergency Response Team (CERT). For
real details, see Purdue University Technical Report CSD-TR-993, written by Eugene
Spafford and Daniel Farmer. (Yes, Dan, the byline says Daniel Farmer.) Farmer later
gained national notoriety for releasing the System Administrator Tool for Analyzing
Networks (SATAN), a powerful tool for analyzing remote networks for security vulnerabilities.</P>
<P><B>Wietse Venema</B> Venema hails from the Eindhoven University of Technology
in the Netherlands. He is an exceptionally gifted programmer who has a long history
of writing industry-standard security tools. He co-authored SATAN with Farmer and
wrote TCP Wrapper, one of the commonly used security programs in the world. (This
program provides close control and monitoring of information packets coming from
the void.)</P>
<P><B>Linus Torvalds</B> A most extraordinary individual, Torvalds enrolled in classes
on UNIX and the C programming language in the early 1990s. One year later, he began
writing a UNIX-like operating system. Within a year, he released this system to the
Internet (it was called Linux). Today, Linux has a cult following and has the distinction
of being the only operating system ever developed by software programmers all over
the world, many of whom will never meet one another. Linux is free from copyright
restrictions and is available free to anyone with Internet access.</P>
<P><B>Bill Gates and Paul Allen</B> From their high school days, these men from Washington
were hacking software. Both are skilled programmers. Starting in 1980, they built
the largest and most successful software empire on Earth. Their commercial successes
include MS-DOS, Microsoft Windows, Windows 95, and Windows NT.
<H4><FONT COLOR="#000077"><B>The Crackers</B></FONT></H4>
<P><B>Kevin Mitnik</B> Mitnik, also known as Condor, is probably the world's best-known
cracker. Mitnik began his career as a phone phreak. Since those early years, Mitnik
has successfully cracked every manner of secure site you can imagine, including but
not limited to military sites, financial corporations, software firms, and other
technology companies. (When he was still a teen, Mitnik cracked the North American
Aerospace Defense Command.) At the time of this writing, he is awaiting trial on
federal charges stemming from attacks committed in 1994-1995.</P>
<P><B>Kevin Poulsen</B> Having followed a path quite similar to Mitnik, Poulsen is
best known for his uncanny ability to seize control of the Pacific Bell telephone
system. (Poulsen once used this talent to win a radio contest where the prize was
a Porsche. He manipulated the telephone lines so that his call would be the wining
one.) Poulsen has also broken nearly every type of site, but has a special penchant
for sites containing defense data. This greatly complicated his last period of incarceration,
which lasted five years. (This is the longest period ever served by a hacker in the
United States.) Poulsen was released in 1996 and has apparently reformed.</P>
<P><B>Justin Tanner Peterson</B> Known as Agent Steal, Peterson is probably most
celebrated for cracking a prominent consumer credit agency. Peterson appeared to
be motivated by money instead of curiosity. This lack of personal philosophy led
to his downfall and the downfall of others. For example, once caught, Peterson ratted
out his friends, including Kevin Poulsen. Peterson then obtained a deal with the
FBI to work undercover. This secured his release and he subsequently absconded, going
on a crime spree that ended with a failed attempt to secure a six-figure fraudulent
wire transfer.
<H2><FONT COLOR="#000077"><B>Summary</B></FONT></H2>
<P>There are many other hackers and crackers, and you will read about them in the
following chapters. Their names, their works, and their Web pages (when available)
are meticulously recorded throughout this book. If you are one such person of note,
you will undoubtedly find yourself somewhere within this book. The criterion to be
listed here is straightforward: If you have done something that influenced the security
of the Internet, your name likely appears here. If I missed you, I extend my apologies.</P>
<P>For the remaining readers, this book serves not only as a general reference tool,
but a kind of directory of hackers and crackers. For a comprehensive listing, see
Appendix A, &quot;How to Get More Information.&quot; That appendix contains both
establishment and underground resources.</P>
<CENTER>
<P>
<HR>
<A HREF="../ch02/ch02.htm"><IMG SRC="../button/previous.gif" WIDTH="128" HEIGHT="28"
ALIGN="BOTTOM" ALT="Previous chapter" BORDER="0"></A><A HREF="../ch04/ch04.htm"><IMG
SRC="../button/next.gif" WIDTH="128" HEIGHT="28" ALIGN="BOTTOM" ALT="Next chapter"
BORDER="0"></A><A HREF="../index.htm"><IMG SRC="../button/contents.gif" WIDTH="128"
HEIGHT="28" ALIGN="BOTTOM" ALT="Contents" BORDER="0"></A> <BR>
<BR>
<BR>
<IMG SRC="../button/corp.gif" WIDTH="284" HEIGHT="45" ALIGN="BOTTOM" ALT="Macmillan Computer Publishing USA"
BORDER="0"></P>

<P>&#169; <A HREF="../copy.htm">Copyright</A>, Macmillan Computer Publishing. All
rights reserved.
</CENTER>


</BODY>

</HTML>