net.wars Home Page | NYU Press

Introduction | Contents | Notes | Author | Reviews | Feedback



Chapter 10
The Wrong Side of the Passwords

1 2 3 4 5 6 7 8

but it reminded me that I'd heard from a telephone company security specialist that the hacker channels on IRC are frequently used to exchange just this sort of software. Being able to retrieve such software lowers the technical barrier to this kind of petty theft to anyone who can work IRC, handle a soldering iron, and run a DOS program on a laptop (still a distinct sub-group from the majority of the population). That's always provided you can convince other hackers you're worth exchanging software with.


Go through any public area on the Net with anything related to hacking in the title, and you'll find nothing but contempt displayed for people logging on looking for quick and easy answers. However hostile the Net is to newcomers, multiply that by a factor of ten for the hacker groups, who add a hefty dose of not unreasonable paranoia to the normal intolerance for repetitive questions and a resounding contempt for people who are not willing to do their own homework. Guys who march into one of these groups asking for the addresses of "warez" sites (sites where pirated software is available) or collections of passwords to get free time on America Online (AOL) are quickly dismissed as "lamers" and ignored or slapped down. On alt.2600 the FAQ warns that if you want information, you must include details of an Obligatory Hack, usually shortened to ObHack, to establish yourself as someone worthy to receive information. These aren't always computer-related, illegal, or even impressive. A guy who just wants someone else to give him a stolen password for AOL isn't a hacker, he's a thief (or a "phisher" in hacker lingo)--and a lazy one, at that. He could at least take the trouble to use a bisk to get him onto AOL and try to socially engineer the natives.


Real respect is reserved for someone like Dan Farmer, who wrote a little program he called SATAN (for Security Administrator's Tool for Analyzing Networks, a stretch-to-fit acronym if there ever was one) that goes through a network configuration and lists the holes and makes suggestions for closing them.[7] In the hands of the network administrator at whom Farmer primarily aimed his program, this is a useful warning about what needs to be fixed or patched; Farmer's Web site contains information and advice about how to do this. Common software like the UNIX program SENDMAIL has known bugs that can be exploited by would-be crackers, and although patches are available and warnings have been sent out, some administrators still either haven't known or haven't bothered to install the fixes.


Just as a screwdriver can take the lock off a door, in a knowledgeable cracker's hands, SATAN shows exactly where to start poking. Its release onto the Net in early 1995 was so controversial that Farmer, who demonstrated his routine at the 1995 Computers, Freedom, and Privacy Conference to a stunned audience, got fired by his employer, computer manufacturer Silicon Graphics, for it. (He was almost immediately rehired by one of Silicon Graphics's competitors, Sun Microsystems, and makes a brief appearance providing accommodation to Tsutomu Shimomura in the book Shimomura and New York Times journalist John Markoff wrote about the 1995 capture of Kevin Mitnick. Shimomura, who has no trouble condemning Mitnick as a criminal, describes Farmer's firing as "a fit of corporate cowardice.")[8]


I have yet to see a hacking tool on the Net that was easy enough for someone with no technical knowledge to use, other than anonymizing services such as encrypted remailers or services that allow you to browse the Web without revealing any personal information. But you don't necessarily have to have specialist tools to do a lot of damage; the two-way nature of the Net means that some functions are there to be used or abused.


For example, I know a twelve-year-old who's set up his Web page with a Java script[9] that is programmed to open and close Netscape until it crashes. He found it on the Web somewhere, and copied and pasted it into one of his own pages using functions built into most Web browsers and that are important in helping people study Web pages to understand how they're constructed and share clever, new things they've thought up. This kid's friends know which of the many buttons to push to get the script to stop, but strangers choosing to load that page have to guess. The same kid got in trouble with a friend's parents for forging


Last Page   Top of Page   Next Page

Copyright © 1997-99 NYU Press. All rights reserved.
Reproduction in whole or in part in any form or medium without written permission of New York University Press is prohibited.

NYU Press
Be sure to visit the NYU Press Bookstore

[Design by NiceMedia]