|
|
|
|
|
|
|
|
|
As computers take on an increasingly critical role in society, the fear
of computer crime has also become more palpable. But how justified is that
fear?
John Windell
Seventh of February 2000: a number of the world's busiest
websites, including Amazon.com and Yahoo, are temporarily shut down as computer
hackers launch denial of service' attacks, swamping the sites with countless
instant page hits, causing them to seize up. Those responsible are denounced
as criminals.
Fourth of May 2000: a computer virus triggered
when users open an email headed 'I Love You' spreads around the world and
infects millions of PCs in homes and businesses before anybody knows what's
happening. The FBI's computer crime section begins scouring the internet
in hot pursuit of the person who unleashed the most virulent computer bug
yet seen.
Reading reports of these events in newspapers, or watching them on television,
you could be forgiven for thinking the world was doing held to ransom by
a James Bond villain of some sod, an evil genius intent on wreaking havoc
from his hi- tech lair. There's no mistaking it is a potent fear: most
of us realise the modern world depends on computers, but few understand
the technology to any great degree, making us easy prey for lurid news
reports. However, is there any substance to this fear, or is it merely
a technological version of old-fashioned superstition? Are computer
hackers super - criminals, or just pimple-flecked, socially inadequate teenagers
desperate for attention?
These are among the questions asked by Hack the Planet, which takes
the viewer into the murky world of the computer hacker to seek the truth,
or otherwise, behind the popular image of hackers as malicious masterminds.
OU computer lecturer Blaine Price, was heavily involved in making the programme:
"'Hacker', in the computing community, is not a pejorative term," he says.
"A hacker, generally, is someone who does computing for the love of it, who
likes to find innovative solutions to problems."
As with any group of people with a shared interest, hackers like to form
clubs. Perhaps the most famous of these is the Chaos Computer Club,
based in Berlin. It was a member of Chaos who during the 1980s was
responsible for breaking into US military computers and selling the secrets
to the Russians. This is not typical of their activities, however. For the
most part they remain enthusiasts with a well-developed sense of curiosity
- which can sometimes mutate into an equally well-developed sense of
mission.
Take, for example, another of the famous computer clubs, the Cult of the
Dead Cow. It claims to perform a public service in looking for flaws
in software. "They might take a newly released Microsoft product and go and
hammer at it from a technical point of view, and try to find the holes that
might affect the people who use it," says Price. The Dead Cows found
such a hole in every version of the Windows operating system, which potentially
allows other people to spy on computers using those systems, or even remotely
control them from the internet. Conspiracy theorists might suggest this is
more intentional than accidental (the name attached to the relevant piece
of code begins with the letters NSA - the National Security Agency?), but
the point is that the Dead Cows exposed the flaw. "They went to the
manufacturer," adds Price, "and quietly said, 'You have a problem, and we're
telling you so you can fix it before bad people exploit it'. Microsoft replied,
'Thank you, we'll fix it', and ignored it."
|
You can go to a black website and get a
simple script for attacking systems |
So the Cult of the Dead Cows went public to shame Microsoft
into fixing the software. It's still not fixed.
So hackers are consumer champions. They are also ethical warriors.
These are the people with a cause, be it environmental protection, dropping
the Third World debt or a general distaste for big business. Their
tactics are to target enemy websites and disrupt them, spoof them or shut
them down altogether. This is what has happened to the World Trade Organisation's
site a number of times; to ethical hackers, a body such as the WTO deserves
whatever trouble they can cook up for it. In other words, ethical hackers
feel morally justified. One of their preferred methods is the 'denial of
service' attack, which involves a large number of computers hitting the target
website at once. This, in effect, denies service to everyone else. It's a
bit like a virtual sit-down protest, which is how the hackers might like
to see it. Or, as Blaine Price says: "The internet is like a public road,
but anyone can instantly create a million virtual cars and intentionally
block all the roads until you can plough them out of the way."
Denial of service attacks can be effective, but it's hard to see what point
anybody is trying to make by
hitting the bookseller
Amazon.com, other than simply proving that they can. And if that's the
case, if reveals a curious fact about hacking: it doesn't actually require
much skill. "You can go to a black website and get a simple script for attacking
systems," says Price. "They're not necessarily smart people. They're just
following a recipe."
How this contrasts with the general perception of computer hackers as wayward
geniuses or digital gunslingers. According to Price: "The media glorifies
them in a way by giving the impression they're more intelligent than the
people writing the systems." In fact, all the other hackers refer to
them as 'crackers', because they crack systems, and in this sense, they are
little more than vandals. But because they don't carry spray paint, the person
on the street can't readily understand it. Their handiwork has a hint of
mystery to it, and so we get the over-wrought news headlines.
Still, just as one sort of vandal might derail a train, could this sort also
cause real and lasting damage? Maybe, but if the worry
is for nuclear missiles to start flying, or financial markets to crash, fear
not, for these are scenarios fit only for Hollywood. On the other hand,
much concern surrounds the safety of using credit card details over the web.
There was a case in America recently where a hacker broke into a website
and stole thousands of card numbers. However, he was soon apprehended, and
the truth remains that fraud is more likely to occur when using a credit
card over the phone than on a secure website. Businesses at
risk have taken to calling on counter-intelligence
hackers, hardened computer experts who will test a company's systems to the
limit in an attempt to find holes and, if they do, help to close them. A
number of methods have also been developed to stop denial of service attacks
before they get too serious.
So the establishment is striking back. But there's a catch: effective defences
take time and money to install, so compromise is inevitable. In Hack the
Planet Microsoft pleads this defence for having bug- ridden software;
ironing out every problem would take forever and render the product prohibitively
expensive. So we might simply have to accept that holes will exist, and that
as long as they exist, there will also be people willing to exploit them,
for good or bad. The question remains, though: should we be concerned? "To
the level of media hype, no," says Blaine Price. "But people shouldn't be
complacent. The biggest problems right now are the script viruses, such as
'I Love You'. Don't trust everything you read on email - and never run programmes
provided by a company you can't sue."
TV PROGRAMME Hack the Planet (00.30 Wednesday 6 September & 01.00
Friday 10 November)
OU COURSE Computing: an object-oriented approach (M206)
WEBSITE
www3.open.ac.uk/courses
|
|
|
|
|
|
|
|
|
|