hackers who break into computer systems.txt

1000 HOWTOs for various needs [WINDOWS]

``Had a printed magazine been shut down in this fashion after having
all of their mail opened and read, even the most thick-headed
sensationalist media types would have caught on: hey, isn't that
a violation of the First Amendment?''  He also cites the shutdown
of several bulletin boards as part of Operation Sun Devil, and quotes
the administrator of the bulletin board Zygot as saying ``Should
I start reading my users' mail to make sure they aren't saying anything
naughty?  Should I snoop through all the files to make sure everyone
is being good?  This whole affair is rather chilling.''  The
administrator for the public system The Point wrote ``Today, there
is no law or precedent which affords me ... the same legal rights
that other common carriers have against prosecution should some other
party (you) use my property (The Point) for illegal activities.
That worries me ...''
 
About 40 personal computer systems and 23,000 data disks were seized
under Operation Sun Devil, a two-year investigation involving the
FBI, Secret Service, and other federal and local law enforcement
officials.  In addition, the Secret Service acknowledges that its
agents, acting as legitimate users, had secretly monitored computer
bulletin boards [Markoff90a].  Markoff reports that California
Representative Don Edwards, industry leader Mitchell Kapor, and civil
liberties advocates are alarmed by these government actions, saying
that they challenge freedom of speech under the First Amendment and
protection against searches and seizures under the Fourth Amendment.
Markoff asks: ``Will fear of hackers bring oppression?''
 
John Barlow writes ``The Secret Service may actually have done a
service for those of us who love liberty.  They have provided us
with a devil.  And devils, among their other galvanizing virtues,
are just great for clarifying the issues and putting iron in your
spine.'' [Barlow90]  Some of the questions that Barlow says need
to be addressed include ``What are data and what is free speech?
How does one treat property which has no physical form and can be
infinitely reproduced?  Is a computer the same as a printing press?''
Barlow urges those of us who understand the technology to address
these questions, lest the answers be given to us by law makers and
law enforcers who do not.   Barlow and Kapor are constituting the
Computer Liberty Foundation to ``raise and disburse funds for
education, lobbying, and litigation in the areas relating to digital
speech and the extension of the Constitution into Cyberspace.''
 
8.  Conclusions
 
Hackers say that it is our social responsibility to share information,
and that it is information hoarding and disinformation that are the
crimes.  This ethic of resource and information sharing contrasts
sharply with computer security policies that are based on authorization
and ``need to know.'' This discrepancy raises an interesting question:
Does the hacker ethic reflects a growing force in society that stands
for greater sharing of resources and information -- a reaffirmation
of basic values in our constitution and laws?  It is important that
we examine the differences between the standards of hackers, systems
managers, users, and the public.  These differences may represent
breakdowns in current practices, and may present new opportunities
to design better policies and mechanisms for making computer resources
and information more widely available.
 
The sentiment for greater information sharing is not restricted to
hackers.  In the best seller ``Thriving on Chaos,'' Tom Peters
[Peters87] writes about sharing within organizations: ``Information
hoarding, especially by politically motivated, power-seeking staffs,
has been commonplace throughout American industry, service and
manufacturing alike.  It will be an impossible millstone around the
neck of tomorrow's organizations.  Sharing is a must.''  Peters argues
that information flow and sharing is fundamental to innovation and
competetiveness.  On a broader scale, Peter Drucker [Drucker89] says
that the ``control of information by government is no longer possible.
Indeed, information is now transnational.  Like money, it has no
`fatherland.' ''
 
Nor is the sentiment restricted to people outside the computer security
field.  Harry DeMaio [DeMaio89] says that our natural urge is to
share information, and that we are suspicious of organizations and
individuals who are secretive.  He says that information is exchanged
out of ``want to know'' and mutual accommodation rather than ``need
to know.''  If this is so, then some of our security policies are
out of step with the way people work.  Peter Denning [DenningP89]
says that information sharing will be widespread in the emerging
worldwide networks of computers and that we need to focus on ``immune
systems'' that protect against mistakes in our designs and recover
from damage.
 
I began my investigation of hackers with the question: who are they
and what is their culture and discourse?  My investigation uncovered
some of their concerns, which provided the organizational structure
to this paper, and several suggestions for new actions that might
be taken.  My investigation also opened up a broader question:  What
are the clashing discourses that the hackers stand at the battle
lines of?  Is it owning or restricting information vs. sharing
information -- a tension between an age-old tradition of controlling
information as property and the Englightenment tradition of sharing
and disseminating information?  Is it controlling access based on
``need to know,'' as determined by the information provider, vs.
``want to know,'' as determined by the person desiring access?
Is it law enforcement vs. freedoms granted under the First and Fourth
Amendments?  The answers to these questions, as well as those raised
by Barlow on the nature of information and free speech, are important
because they tell us whether our policies and practices serve us
as well as they might.  The issue is not simply hackers vs. system
managers or law enforcers; it is a much larger question about values
and practices in an information society.
 
 
Acknowledgments
 
I am deeply grateful to Peter Denning, Frank Drake, Nathan Estey,
Katie Hafner, Brian Harvey, Steve Lipner, Teresa Lunt, Larry Martin,
Gordon Meyer, Donn Parker, Morgan Schweers, Richard Stallman, and
Alex for their comments on earlier versions of this paper and helpful
discussions; to Richard Stallman for putting me in contact with
hackers; John Draper, Geoff Goodfellow, Brian Reid, Eugene Spafford,
and the hackers for helpful discussions; and Richard Pethia for a
summary of some of his experiences at CERT. The opinions expressed
here, however, are my own and do not necessarily represent those
of the people mentioned above or of Digital Equipment Corporation.
 
 
References
 
ACM90
  ``Just say no,'' Comm. ACM, Vol. 33, No. 5, May 1990, p. 477.
 
Baird87
  Bruce J. Baird, Lindsay L. Baird, Jr., and Ronald P. Ranauro, ``The
  Moral Cracker?,'' Computers and Security, Vol. 6, No. 6, Dec. 1987,
  p. 471-478.
 
Barlow90
  John Barlow, ``Crime and Puzzlement,'' June 1990, to appear in Whole
  Earth Review.
 
Corley89
  Eric Corley, ``The Hacking Fever,'' in Pamela Kane, V.I.R.U.S.
  Protection, Bantam Books, New York, 1989, p. 67-72.
 
DeMaio89
  Harry B. DeMaio, ``Information Ethics, a Practical Approach,''
  Proc. of the 12th National Computer Security Conference, 1989,
  p. 630-633.
 
DenningP89
  Peter J. Denning, ``Worldnet,'' American Scientist, Vol. 77, No. 5,
  Sept.-Oct., 1989.
 
DenningP90
  Peter J. Denning, Computers Under Attack, ACM Press, 1990.
 
Dibbel90
  Julian Dibbel, ``Cyber Thrash,'' SPIN, Vol. 5, No. 12, March 1990.
 
Drucker89
  Peter F. Drucker, The New Realities, Harper and Row, New York, 1989.
 
Felsenstein86
  Lee Felsenstein, ``Real Hackers Don't Rob Banks,'' in full report on
  ACM Panel on Hacking [Lee86].
 
Frenkel87
  Karen A. Frenkel, ``Brian Reid, A Graphics Tale of a Hacker
  Tracker,'' Comm. ACM, Vol. 30, No. 10, Oct. 1987, p. 820-823.
 
Goldstein89
  Emmanuel Goldstein, ``Hackers in Jail,'' 2600 Magazine, Vol. 6, No. 1,
  Spring 1989.
 
Goldstein90
  Emmanuel Goldstein, ``For Your Protection,'' 2600 Magazine, Vol. 7,
  No. 1, Spring 1990.
 
Goodfellow83
  Geoffrey S. Goodfellow, ``Testimony Before the Subcommittee on
  Transportation, Aviation, and Materials on the Subject of
  Telecommunications Security and Privacy,'' Sept. 26, 1983.
 
Hafner90
  Katie Hafner, ``Morris Code,'' The New Republic, Feb. 16, 1990,
  p. 15-16.
 
Harpers90
  ``Is Computer Hacking a Crime?" Harper's, March 1990, p. 45-57.
 
Harvey86
  Brian Harvey, ``Computer Hacking and Ethics,'' in full report on
  ACM Panel on Hacking [Lee86].
 
HollingerLanza-Kaduce88
  Richard C. Hollinger and Lonn Lanza-Kaduce, ``The Process of
  Criminalization: The Case of Computer Crime Laws,'' Criminology,
  Vol. 26, No. 1, 1988, p. 101-126.
 
Huebner89
  Hans Huebner, ``Re: News from the KGB/Wiley Hackers,'' RISKS Digest,
  Vol. 8, Issue 37, 1989.
 
Landreth89
  Bill Landreth, Out of the Inner Circle, Tempus, Redmond, WA, 1989.
 
Lee86
  John A. N. Lee, Gerald Segal, and Rosalie Stier, ``Positive
  Alternatives: A Report on an ACM Panel on Hacking,'' Comm. ACM,
  Vol. 29, No. 4, April 1986, p. 297-299; full report available from
  ACM Headquarters, New York.
 
Levy84
  Steven Levy, Hackers, Dell, New York, 1984.
 
Markoff90
  John Markoff, ``Self-Proclaimed `Hacker' Sends Message to Critics,''
  The New York Times, March 19, 1990.
 
Markoff90a
  John Markoff, ``Drive to Counter Computer Crime Aims at Invaders,''
  The New York Times, June 3, 1990.
 
Martin89
  Larry Martin, ``Unethical `Computer' Behavior: Who is Responsible?,''
  Proc. of the 12th National Computer Security Conference, 1989.
 
Meyer89
  Gordon R. Meyer, The Social Organization of the Computer Underground,
  Master's thesis, Dept. of Sociology, Northern Illinois Univ., Aug.
  1989.
 
MeyerThomas90
  Gordon Meyer and Jim Thomas, ``The Baudy World of the Byte Bandit:
  A Postmodernist Interpretation of the Computer Underground,'' Dept.
  of Sociology, Northern Illinois Univ., DeKalb, IL, March 1990.
 
Peters87
  Tom Peters, Thriving on Chaos, Harper & Row, New York, Chapter VI, S-3,
  p. 610, 1987.
 
Samuelson89
  Pamela Samuelson, ``Information as Property: Do Ruckelshaus and
  Carpenter Signal a Changing Direction in Intellectual Property Law?"
  Catholic University Law Review, Vol. 38, No. 2, Winter 1989, p.
  365-400.
 
Spafford89
  Eugene H. Spafford, ``The Internet Worm, Crisis and Aftermath,''
  Comm. ACM, Vol. 32, No. 6, June 1989, p. 678-687.
 
Stallman84
  Richard M. Stallman, Letter to ACM Forum, Comm. ACM, Vol. 27,
  No. 1, Jan. 1984, p. 8-9.
 
Stallman90
  Richard M. Stallman, ``Against User Interface Copyright'' to appear
  in Comm. ACM.
 
Steele83
  Guy L. Steele, Jr., Donald R. Woods, Raphael A. Finkel, Mark R.
  Crispin, Richard M. Stallman, and Geoffrey S. Goodfellow,  The
  Hacker's Dictionary, Harper & Row, New York, 1983.
 
Stoll90
  Clifford Stoll, The Cuckoo's Egg, Doubleday, 1990.
 
Thomas90
  Jim Thomas, ``Review of The Cuckoo's Egg,'' Computer Underground
  Digest, Issue #1.06, April 27, 1990.
 
ThomasMeyer90
  Jim Thomas and Gordon Meyer, ``Joe McCarthy in a Leisure Suit:
  (Witch)Hunting for the Computer Underground,''  Unpublished
  manuscript, Department of Sociology, Northern Illinois University,
  DeKalb, IL, 1990; see also the Computer Underground Digest, Vol.
  1, Issue 11, June 16, 1990.