120 likes | 274 Views
Chapter 4. Digital Criminals and Hackers. What is a Hacker?. The consensus of computer crime experts is that most computer criminals are insiders to the victim organization, not hackers seeking to gain entry. Original Meaning of “Hacker”.
E N D
Chapter 4 Digital Criminals and Hackers
What is a Hacker? • The consensus of computer crime experts is that most computer criminals are insiders to the victim organization, not hackers seeking to gain entry
Original Meaning of “Hacker” • Among early MIT hackers, a hack was “a project undertaken or a product built not solely to fulfill some constructive goal, but with some wild pleasure taken in mere involvement.” • To qualify as a hack, the feat must be imbued with innovation, style, and technical virtuosity • Hacking was most closely associated with creative, unorthodox problem solving to overcome the limitations of early computers
Law Enforcement’s Point of View: Illegal Actions and Damage • When the computer belongs to the hacker or when the hacker has legitimate access to the computer, there is no crime • When the hacker does not have permission to use the computer or network, the action is called system intrusion • Federal statute makes it a crime to knowingly use false credentials or access devices (which include passwords)
Law Enforcement’s Point of View: Illegal Actions and Damage • Illegally accessing a computer connected to the Internet is a federal crime • The primary difference between simple network intrusion and data alteration is the intent of the intruder • Mere browsing may be theft, but it does not deprive the owner of the data or the use of the data • While criminally altered data may be used for fraud, the simple intruder may not cause actual harm
The Hacker’s Point of View: Prosocial Hacking • The hacker subculture is a group of like-minded individuals who share a set of values, defined in the hacker ethic • The subculture’s definition of prosocial hacking define it and differentiate its activities from computer crime
Computer Criminals vs. Hackers • It is also hard to prosecute a “pure” hacker under Federal statutes because the sentencing guidelines are driven by financial damages • The distinction between hackers and computer criminals in three ways: • He minimized the criminal damage caused by hacking, implying that very little actual harm is caused • He defended the criminal actions of hackers based on their motives and adherence to hacker subcultural values, which were not viewed as criminal by Goldstein • He disavowed hackers who commit crimes that violate hacker values, such as crimes of financial gain
White Hat vs. Black Hat • “White hat hacker” • Ethical hacker • Includes software testing by manufacturers, independent verification of software function and safety, reverse engineering, and training • Tiger teams described a hacker or team of hackers hired to “test” the defenses of an organization • “Black hat hacker” • Malicious hacker (Cracker) • “Gray hat hacker” • Someone who typically behaves in an ethical manner, but sometimes violates accepted ethics
FUD • “FUD is the fear, uncertainty, and doubt that IBM sales people instill in the minds of potential customers who might be considering (Amdahl) products
The Evolving Hacker Subculture • The Hacker Ethic • The belief that information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their expertise by writing open-source and facilitating access to information and to computing resources wherever possible • The belief that system-cracking for fun and exploration is ethically OK as long as the cracker commits no theft, vandalism, or breach of confidentiality • The requirement to do no harm may be an evolutionary step in hacker subculture
Bedroom Hackers • In the early 1980s, when home computers became widely available, hacking expanded from the universities and research parks • Phone phreaks, a counterculture movement of the 1960s and 1970s, had been exploring the phone system for years by the time hacking moved out of the universities • Bedroom hackers created a hacker society apart from corporate research parks and universities • They created their own dialect called eleet (‘leet) speek or k-rad • In k-rad, numbers were substituted for visually similar letters • For instance, “elite hackers” became 31337 HaKorZ
Internet Hackers • Enculturation • Aaron Ball uses the term “RTFRFC.” • It is an adaptation of “Read the F---ing Manual” (RTFM), referring to a document called a Request for Comment (RFC)