Information Security News mailing list archives
Re: Cyberterrorism hype
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Fri, 24 Dec 1999 01:47:53 -0700
Reply From: edison <edison () dhp com>
Forwarded From: Johan.Ingles () janes co uk http://jir.janes.com/sample/jir0525.html Nothing gets a hacker's back up quicker than someone confusing a hacker with cracker. The term 'hacker' refers to an individual who programmes enthusiastically (even obsessively), enjoys programming or is especially good at programming; a 'cracker' is somebody who breaks into another's computer systems or digs into their code (to make a copy-protected programme run). Yet the boundaries have become somewhat blurred and the popular understanding of these terms is is quite wrong: ever since Hollywood produced 'Wargames', based on Kevin Mitnic's cracking activities (known as 'exploits'), the term 'hacking' has become synonymous with unauthorised access into restricted systems - which is 'cracking'. In today's world, such activity also includes the deliberate defacement of websites. Hackers are quick to point out that there is a code of hacker ethics that precludes any profit from the activity - the only motive is the activity itself - but they are not naïve: realising the potential for misuse, they divide themselves into 'white-hat' hackers (ethical hackers) and 'black-hat' hackers (crackers).
"Nothing gets a hacker's back up quicker than someone confusing a hacker with a cracker." I couldn't agree more. Unfortunately, you've gotten my back up. I don't know where the idea first came from, but the re-titling of the hacker and the cracker really does get our collective goats. I am a hacker. I was a hacker before WarGames came out in '83. I would get lists of access numbers from local and national BBSes. I would dial into these systems from my Apple ][ with a 300 baud modem. I would gain unauthorized access to them and then do nothing more than learn as much about that system's OS as I could fit into my 13 year-old brain. When PC Pursuit came out, not only did we hackers figure out how to access their outdial modems to call up our favorite board, but we soon realized there was more to this network than was advertised. For many of us, it was our first exposure to networked computers, and that notion itself was enough to keep us up at night. I, along with my hacking colleagues, had no qualms about profiting from our hacking. But the profit we made was knowledge. Most of us didn't know about the guys at MIT rewiring their model trains and DECs until Steven Levy wrote about them, but immediately felt a kinship to these early pioneers. Both groups were driven by the pursuit of knowledge, but we had to learn to pick electronic locks instead of physical ones, to gain access to the resources needed to further our goals. But even in our day there were unethical hackers. They would pursue the wrong kinds of knowledge, such as personal information, or would abuse the power gleaned from already attained skill. They did things that the majority of the hackers frowned upon, but never for an instant did we not consider them hackers. Just like a politician can use his clout and charisma to enact both right or wrong, a hacker can use his skill to make a system run better or harrass the sys admin. I am also a cracker. I was a cracker before WarGames came out in '83. I would copy software from friends at school or the local computer store. I would examine the copy protection on these programs with my Apple ][ and a sector editor. I would reverse engineer this protection and defeat it and then do nothing more then post it on a local BBS for download, or use the game or program myself because my $10-a-week allowance couldn't buy much in the way of software. I, along with my cracking colleagues, had no qualms about profiting from our cracking. But the profit we made was knowledge. Most of us knew hackers or were hackers ourselves, and felt a kinship with them. Both groups were driven by the thrill of using self-acquired technical skill to circumvent protection schemes, but we had to learn how to disassemble copy-protection code instead of a passcode, to further our goals. But even in our day there were unethical crackers. They would sell pirated software or would take credit on a crack page for a crack they didn't do. They did things that the majority of the crackers frowned upon, but never for an instant did we not consider them crackers. Not everyone that breaks into a computer system is a hacker. Someone that downloads an exploit off the net ( which, by the way, is not a Kevin Mitnick activity, but rather a program that automatically takes advantage of a vulnerability in a system ), without caring what makes it tick, and uses it to break into a web server to put his group's name in lights, could hardly be called a hacker. Likewise, not everyone that defeats copy protection is a cracker. Someone that grabs a serial number off the net, without caring how that serial number was generated, and uses it to register software that he doesn't want to buy, could hardly be called a cracker. In summary, a hacker breaks into computer systems and a cracker defeats software copy proctection. Sure, I can hack some source code to make it run better, but in that capacity I'm a coder, not a hacker. If you doubt what I'm saying, go buy the LOD's hacker BBS logs or read the essays on Fravia's Page of Reverse Engineering. Don't take what you read in the press as authoritative. Instead, do a bit of digging and talk to the people you are mislabeling. Here endeth the lesson. -edison ISN is sponsored by Security-Focus.COM
Current thread:
- Cyberterrorism hype mea culpa (Dec 20)
- <Possible follow-ups>
- Re: Cyberterrorism hype mea culpa (Dec 24)
- Re: Cyberterrorism hype mea culpa (Dec 27)