|
|
|
Introduction
|
|
[******NOTE******
The information presented in these
pages has become somewhat outdated and
is best viewed for historical
interest only. However, security
and privacy have continued to be major
issues and many solutions are now
available to users. An excellent
up-to-date discussion of the concepts of
Privacy, Security, and "Virtual Private
Network" services (VPNs) are
offered by IVPN
, and by Anonymster.
See PCMagazine's comparison
of a number of VPN paid services and
their discussion
of free VPN's, and Andrey
Doichev's analysis of current
top free VPN's
. Encrypted storage of information
has become a major concern as well,
particularly with the proliferation of
cloud-based storage (see discussion by PCMagazine
for an analysis and comparisons).
Finally, well-informed and articulate
presentations of a number of timely
security topics can be found in the Information
Security Blog published by Comparitech.
************]
The earliest programmers
and technical artists of the personal computer
revolution in the 70’s were given the nickname
“hackers.”
Defined in the Discovery Channel Hacker’s
Hall of Fame Glossary, a “hacker”
is:
1.
A person who enjoys exploring the
details of programmable systems and how to
stretch their capabilities.
2.
One who programs enthusiastically.
3.
A person who is good at programming
quickly.
4.
An expert at a particular program, as
in 'a Unix hacker'.
5.
[Deprecated] A malicious meddler
who tries to discover sensitive information by
poking around. The correct term for this sense
is "cracker."
However, the term has
hacker has been used to include both programmers
that “hack” computers, networks and programs
illegally and legally, maliciously and
inquisitively, innocently and with exploitative
intent. For
the purposes of the this project, the term
hacker will be reserved to the first 4
definitions given above while the term “cracker”
will encompass the 5th definition. It is
important to note; however, that in most every
article, book, and newspaper, the term hacker is
used to define a “cracker”.
In these cases, please take the
definition in context with the article.
The art of hacking
computers can be traced back to the late 1960s
and 1970s when young adults like Bill Gates,
Steve Jobs and Steve Wozniak were inventing
the personal computer industry in their
garages. From
that start, the motley bunch of computer
programmers and techie “nerds” began gathering
together and sharing information on the
computer, possibilities, ideas, innovations etc. The
term hacker, back then, defined these types of
people—individuals who programmed computers
intensely, nerds that knew 3-4 computer
languages, people that knew computers inside and
out. It
wasn’t until the personal computer revolution in
the early 1980s, that the term hacker evolved
into the infamous connotation.
Personal computers became affordable
and eventually necessary to the average
consumer.
With computers being distributed at an
enormous rate, the concern of that time was new
and innovative technology, not security.
By the late 1980s and early 1990s, the
average computer user became the consumer and
was not quickly associated with “nerd.”
This gave innovative, deceptive and
creative individuals a whole new breed of people
to scam, rip-off, threaten and hack—computer
users who could not retaliate nor defend
themselves with proper net/computer security. Thus,
the evolution of the hacker came from the lack
of security precautions taken while the personal
computer revolution began.
It is only much later in the 21st
century that computer and Internet security has
gotten much attention.
Computer users are growing
exponentially, still, and the availability of
security software and hardware is still slow to
develop. Improvements
have been made, but auxiliary precautions are
still necessary to be able to safely use a
computer and the Internet.
.
|
|
Can't
Hack It
|
|
There
are three major types of cyber crime.
The Internet offers limitless
communication, which crackers can use to
establish connections with cohorts or with their
victims. Net-based
attacks disrupt information on the Internet and
finally, the World Wide Web is a gold mine for
information and tools that can be used to
facilitate crime on and off of the Internet. Prefabricated
programs, detailed instructions, maps, sensitive
information, schedules, and addresses can be
accessed over the web and make it extremely easy
for an individual or group of individuals to
remain anonymous, organized, and unseen by the
public or by the proper authorities.
Communication
allows one or more crackers to plan and
coordinate attacks over the Internet or in a
physical environment.
The distribution of illegal materials
(drugs) and pirated materials (programs, music)
are also common cyber crimes.
Death threats, extortion, and
harassment are the more serious instance of
cyber crime that can effect individuals or
groups of individuals and wind up causing
emotional or physical harm on them.
Finally, each year thousands of people
are scammed out of money over the Internet with
a variety of get-rich quick pyramids, bogus
college degrees, and email fraud. The Moldavian Web scam cost the crackers over $2.4 million
in refunds to the over 38,000 customers scammed
through long distance dial-ups of their
computers.
Consumer complaints increased 6x in 1999
from 1998 alone.
The number of people that are potential
victims increases as every computer is sold—the
problem can only get worse unless serious action
is taken.
Digital
piracy of software and music has lead to big
business screaming for regulation.
As of 1994, over 1600 illegal software
sites were being operated.
The software and music industries claim
to be losing $20 and $10 billion dollars
(respectively) annually due to the distribution
of these pirated materials alone.
Again, the net offers the freedom of
extortion and scam to anyone who knows what
buttons to press.
How many of us have illegal files saved
onto our hard drives right now?
I want my MP3.
As
computer users, we all represent potential
targets of web-based attacks.
There are several targets in particular
though, that we as net-savvy computer users
should all be concerned about.
Computers can be broken into, web sites
can be hacked into and manipulated, Denial of Service (DoS)
attacks, email bombings, viruses and worms, and
eavesdropping.
All of these vulnerabilities of a
computer user can be used to the advantage of a
cracker to gain access to your personal system,
steal sensitive information, manipulate your
computer in a DoS attack, infect your PC with a
virus or worm that destroys files and spread
across a network, or to establish open
communication between you, the victim, and a
potential physical threat.
As of July 1999, there was a reported
1400 web hacks.
Credit card theft alone has skyrocketed
as more and more users are establishing business
and making transactions across the net.
Carlos
Felipe Salgado Jr. stole almost 100,000
credit cards numbers and attempted to sell them
on the Internet for $260,000 dollars before the
FBI caught him in a sting operation.
Salgado did not hack through security
measures either, once the firewalls were
bypassed; the numbers were available to him
without even 40-bit encryption. Computer viruses such as Chernobyl (CIH) and the Melissa
macro virus have spread worldwide infecting
computers, erasing files and overwriting the
BIOS. In
China, over $120 million dollars were lost to
the Chernobyl
macro virus.
Businesses
lost $7.6 billion in the 1st 2Q of
1999 according to Computer
Economics due to viruses.
Over ¾ of the computers of business are
infected, mainly through email, by these
viruses. Clearly,
crackers have the ability to write and
distribute these viruses to one user, one firm,
one country, or the entire system of computers
connected to the Internet.
As the rate of globalization increases,
and as advances in communication outweighs the
innovations in security, vulnerability lurks
within every computer plugged into the wall.
To
the amateur cracker, the Internet is a
supermarket for information and tools regarding
illegal computer hacking.
There are “how to” guides on hacking,
social engineering, making bombs, drugs, and
evading law enforcement.
The software available on the net
provides crackers with the means to automate
crimes and to hide any trace of illegality. The NY TIMES reported that in 1997, there were 1900 hacker web sites and
more than 30 hacker publications.
The
tools
of the trade are available for free
download on the net.
Programs that serve as Network monitors
are programs like Back
Orifice, Netbus, and Backdoor-G—all of
which allow the cracker to remotely gain control
of the infected computer to excise sensitive
information such as image, packets, keystrokes,
and files.
These programs can be hidden within
another program like a game or the free trial of
a utility.
Password cracking programs like Crack,
LOphtCrack, and John the Ripper are used,
obviously, for breaking into password protected
systems. Several
different programs including Ping of Death,
Smurf, SYN flood, Land, Teardrop, and FloodNet
can initiate remote DoS attacks.
Trojan horse programs by the likes of
Trin00, Tribal Flood Network, Stacheldraht (used
in the DoS
attacks of Feb 2000) can also be
distributed secretly and used to organize
large-scale attacks on popular web sites like
buy.com, yahoo.com and ebay.com.
There are also a whole series of
programs designed to find the vulnerabilities of
computer systems over the Internet.
Right behind that are sets of programs
designed to exploit those specific weaknesses. Want
to write a virus?
There are even programs available on
the net for those aspiring authors of computer
viruses as well.
Will one be a bestseller on your PC?
Update: 4/23/00
On April 17th,
Canadian police arrested a 15 year old boy that
goes by the name Mafiaboy online in
conjunction with the February DoS attacks.
It is claimed that Mafiaboy made several
claims in online chat rooms of his involvement
with the attacks and the FBI has reason to
believe that the attacks came from an ISP in
Montreal of which Mafiaboy holds two
accounts. Currently,
the boy is being charged under the Computer
Fraud and Abuse Act, which was expanded in
1996 to cover all computers used in commerce.
It prohibits the unauthorized access of
information and the transmission of anything
that causes damage or facilitates fraud and
extortion. Mafiaboy could face 6
months to 10 years in prison for a repeat
offender and twice the gross monetary loss to
the victim.
..
|
|
Legal Schmegal
|
|
In
1998 there were 418 cases handed to federal
prosecutors, up 43% from the previous year. Only
20% of those cases were filed with charge of
cyber crime.
Over 40% of the cases that are
brought to the prosecutors do not have enough
evidence for a successful trial.
Of the 418 potential cases, only 47
of them resulted in conviction with the
average sentence being 5 months in jail (half
of those 47 cases resulted in no jail time). Since
1992, a total of 84 cyber criminals have been
imprisoned.
That’s it.
The cost of cyber crime, estimated
by CSI/FBI, is near $124 million for the
163 organizations surveyed.
According to ASIS however, over $250
Billion have been lost in intellectual
property theft.
These numbers are merely estimates
that do more than point to a problem, they
scream at a need for a solution.
In light of the recent
DoS attacks, President Bill Clinton held a
summit at the White House calling in the leaders
of the computer industry to try and formulate
the problem in a manageable and solvable way. What
came from the meaning was a need for increased
security in the high-tech market.
Cyber crime is one of the most critical
issues in law enforcement with the rate of
online crime escalating from 547
“computer-intrusion cases” in 1998 to 1,154 in
1999 according to the FBI.
Louis
Freeh, Director of the FBI, stated, “In
short, even though we have markedly improved our
capabilities to fight cyber intrusions the
problem is growing even faster and we are
falling further behind.”
Janet
Reno has proposed a five-year plan to deal
with the issue of cyber crime, which will work
toward establishing uniformity in the tech
industry that would regulate security features
on computers and related equipment.
The plan also intends to increase the
penalty for cyber intrusions by making it a
bigger offense to wreak havoc on the Internet. The
objective of this plan is to increase awareness
of cyber crime, to help regulate technology so
that at least some collective effort can be made
to securing cyberspace, and to discourage
malicious hackers from committing a cyber crime
by offering stiffer penalties.
The issues at hand are being taken very
seriously by both the FBI and the White House
and illustrate one very important point: unless
action is taken, the distance between a secured
Internet and an unsecured Internet will only
lengthen with time.
What
does big
business say about security?
The e-comm bigwigs like ebay and yahoo
deal with hacking, fraud and security breaches
every day.
Their systems are constantly under the
strain of attempted cyber intrusion; however,
only the most serious cases are even brought to
attention of the FBI—yielding mostly limited
results. The
FBI and the federal courts do not have the
technology to investigate and convict potential
cyber criminals.
Therefore, it is futile for these
companies to rely on the law when there are
simply no resources at hand to investigate these
types of crimes.
Instead, corporations that cannot
afford to rely on the government for support
invest billions of dollars into high-tech
security measures.
While funding for prosecutors remains
static, computer crime has quadrupled over the
past three years, according to a survey by the
FBI and San Francisco's Computer Security
Institute.
Seventy-five percent of the hacking
victims—most often corporations and government
agencies—said it cost an average of $1 million
per intrusion to investigate, repair, and secure
their systems.
Corporations spent $7.1 billion in 1999
on corporate security to protect themselves
against cyber attacks and the bill could reach
$17 billion by 2003, according to Internet
analysts at Aberdeen Group in Boston, Mass. The
evolution of the Internet has illustrated a very
sensitive weakness, technology that outweighs
it’s security and the economy and society that
depends on it will be under constant strain
until adequate security measures are taken into
effect. The
effects of security on business and e-commerce
are analyzed in detail in another focus
of this project.
|
|
Conclusion
|
|
Hacking,
the essence of programming, has become one of
the most potential disasters of the Internet. While
everyone remains concerned with the Microsoft
anti-trust case, the latest web browser,
or the
best place to buy a garden rake on the
net, the silent but deadly art of hacking
computer systems has gained a firm hold in
cyberspace.
It will take more effort than simply
outfitting every computer with virus software. After
all, the people designing virus software work in
a reactionary response to the crackers, not
proactively.
Is
there a way to secure the Internet from hackers? Absolutely
not. Here is an analogy. Is
there anyway to stop speeding cars on the
highway? No. Are there
ways to regulate speeding and to keep it to a
minimum? Yes, more than likely.
In light of this rant on hacking the
Internet, no, there is not a cure-all solution
for safeguarding cyberspace.
Technology is still an option in this
country. The
only way to assure one’s security over the
Internet is to unplug it from your wall.
Precautions can be taken; however, and
that will be discussed upon in a later focus
of this project.
Like
all crime, the CSI/FBI need people to point
fingers at.
Right now, it is relatively impossible
to trace the source and individuals responsible
for cyber attacks.
Programs facilitating the capture and
conviction of cyber criminals should be
initiated, many have been, and the seriousness
of this issue needs to be released every time
someone buys a computer.
Perhaps
my dad isn’t so tech stupid after all.
He hates computers, because he values
his privacy and security more than anyone I know
does. To him, a computer represents a portal right into someone’s
house—vulnerability; a weak spot that can be
exploited by the knowledgeable and the willing,
unbeknownst to the typical computer user.
Maybe
computers need a warning label on the box. It is
up to the user to secure their computer.
There is information out there.
Tons of it.
On the Internet, in the library, on the
news, everywhere.
To use the Internet safely, one must be
aware of the problems out there. Hopefully this entire project has
shed some light on the subject.
If you’re sitting at a computer reading
this right now, how many other people do you
think know what site you are at, what you are
looking at, and what your IP address is?
They might know where you live, your
email address or your favorite flavor of ice
cream. Or
they might not.
Back to
Psybersite
|
|
This
project was produced for PSY 380, Social
Psychology of Cyberspace, Spring 2000, at
Miami
University. All graphics in these
pages are used with permission or under fair use
guidelines, are in the public domain, or
were created by the authors. Last
revised:
This document has been accessed
times since 1 May 2000.
Comments and Questions to R. Sherman.
|
|
