💾 Archived View for aphrack.org › issues › phrack22 › 7.gmi captured on 2021-12-04 at 18:04:22. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2021-12-03)

-=-=-=-=-=-=-

                                ==Phrack Inc.==

                      Volume Two, Issue 22, File 7 of 12

           [][][][][][][][][][][][][][][][][][][][][][][][][][][][]
           []                                                    []
           [] Computer Hackers Follow A Guttman-Like Progression []
           []                                                    []
           []               by Richard C. Hollinger              []
           []                University Of Florida               []
           []                                                    []
           []                     April, 1988                    []
           []                                                    []
           [][][][][][][][][][][][][][][][][][][][][][][][][][][][]

Little is known about computer "hackers," those who invade the privacy of
somone else's computer.  This pretest gives us reason to believe that their
illegal activities follow a Guttman-like involvement in deviance.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Computer crime has gained increasing attention, from news media to the
legislature.  The nation's first computer crime statute passed unanimously in
the Florida Legislature during 1978 in response to a widely publicized incident
at the Flagler Dog Track near Miami where employees used a computer to print
bogus winning trifecta tickets (Miami Herald, 1977a and 1977b; Underwood,
1979).  Forty-seven states and the federal government have enacted some
criminal statue prohibiting unauthorized computer access, both malicious and
non-malicious (BloomBecker, 1986; Scott, 1984; U.S. Public Law 98-4733, 1984;
U.S. Public Law 99-474, 1986).  Although some computer deviance might already
have been illegal under fraud or other statutes, such rapid criminalization of
this form of deviant behavior is itself an interesting social phenomenon.

Parker documented thousands of computer-related incidents (1976; 1979; 1980a;
1980b; and 1983), arguing that most documented cases of computer abuse were
discovered by accident.  He believed that these incidents represent the tip of
the iceberg.  Others counter that many of these so-called computer crimes are
apocryphal or not uniquely perpetrated by computer (Taber, 1980; Time, 1986).

Parker's work (1976; 1983) suggests that computer offenders are typically males
in the mid-twenties and thirties, acting illegally in their jobs, but others
may be high school and college students (New York Times, 1984b; see related
points in Hafner, 1983; Shea, 1984; New York Times, 1984a).

Levy (1984) and Landreth (1985) both note that some computer aficionados have
developed a "hacker ethic" allowing harmless computer exploration, including
free access to files belonging to other users, bypassing passwords and security
systems, outwitting bureaucrats preventing access, and opposing private
software and copy protection schemes.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

This research on computer hackers is based on a small number of semi-structured
two-hour interviews covering many topics, including ties to other users,
computer ethics, knowledge of computer crime statutes, and self-reports of
using computers in an illegal fashion.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Such acts include these ten:
1.  Acquiring another user's password.
2.  Unauthorized use of someone else's computer account.
3.  Unauthorized "browsing" among other user's computer files.
4.  Unauthorized "copying" of another user's computer files.
5.  Unauthorized file modification.
6.  Deliberate sabotage of another user's programs.
7.  Deliberately "crashing" a computer system.
8.  Deliberate damage or theft of computer hardware.
9.  Making an unauthorized or "pirated" copy of proprietary computer software
    for another user.
10. Receiving an unauthorized or "pirated" copy of proprietary computer
    software from another user.

In 1985, a group of five students took unauthorized control of the account
management system on one of the University of Florida's Digital VAX computers.
They were able to allocate new accounts to each other and their friends.  In
addition, they browsed through other users' accounts, files and programs, and
most importantly, they modified or damaged a couple of files and programs on
the system.  All first-time offenders, three of the five performed "community
service" in consenting to being interviewed for this paper.  Eight additional
interviews were conducted with students selected randomly from an computer
science "assembler" (advanced machine language) class.  These students are
required to have a working knowledge of both mainframe systems and micro
computers, in addition to literacy in at least two other computer languages.

The State Attorney's decision not to prosecute these non-malicious offenders
under Florida's Computer Crime Act (Chapter 815) may reflect a more general
trend.  From research on the use (actually non-use) of computer crime statutes
nationally, both BloomBecker (1986) and Pfuhl (1987) report that given the lack
of a previous criminal record and the generally "prankish" nature of the vast
majority of these "crimes," very few offenders are being prosecuted with these
new laws.

The three known offenders differed little from four of the eight computer
science students in their level of self-reported computer deviance.  The
interviews suggest that computer deviance follows a Guttman-like progression of
involvement.  Four of the eight computer science respondents (including all
three females) reported no significant deviant activity using the computer.
They indicated no unauthorized browsing or file modification and only isolated
trading of "pirated" proprietary software.  When asked, none of these
respondents considered themselves "hackers."  However, two of the eight
computer science students admitted to being very active in unauthorized use.

Respondents who admitted to violations seem to fit into three categories.
PIRATES reported mainly copyright infringements, such as giving or receiving
illegally copied versions of popular software programs.  In fact, pirating
software was the most common form of computer deviance discovered, with
slightly over half of the respondents indicating some level of involvement.  In
addition to software piracy, BROWSERS gained occasional unauthorized access to
another user's university computer account and browsed the private files of
others.  However, they did not damage or copy these files.  CRACKERS were most
serious abusers.  These five individuals admitted many separate instances of
the other two types of computer deviance, but went beyond that.  They reported
copying, modifying, and sabotaging other user's computer files and programs.
These respondents also reported "crashing" entire computer systems or trying to
do so.

Whether for normative or technical reaspons, at least in this small sample,
involvement in computer crime seems to follow a Guttman-like progression.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

                                  REFERENCES

BloomBecker, Jay.  1986.  Computer Crime Law Reporter:  1986 Update.  Los
     Angeles:  National Center for Computer Crime Data.
Florida, State of.  1978.  Florida Computer Crimes Act Chapter 815.01-815.08.
Hafner, Katherine.  1983.  "UCLA student penetrates DOD Network," InfoWorld
     5(47):  28.
Landreth, Bill. 1985.  Out of the Inner Circle:  A Hacker's Guide to Computer
     Security.  Bellevue, Washington:  Microsoft Press.
Levy, Steven.  1984.  Hackers:  Heroes of the Computer Revolution.  New York:
     Doubleday.
Miami Herald.  1977a-.  "Dog players bilked via computer,"  (September
     20):1,16.
--1977b "Why Flagler Dog Track was easy pickings," (September 21):  1,17.
Newsweek.  1983a.  "Beware:  Hackers at play," (September 5):  42-46,48.
--1983b.  "Preventing 'WarGames'," (September 5):  48.
New York Times.  1984a.  "Low Tech" (January 5):  26.
--1984b.  "Two who raided computers pleading guilty," (March 17):  6.
Parker, Donn B.  1976.  Crime By Computer.  New York:  Charles Scribner's Sons.
--1979.  Computer Crime:  Criminal Justice Resource Manual.  Washington, D.C.:
     U.S. Government Printing Office.
--1980a.  "Computer abuse research update," Computer/Law Journal 2:  329-52.
--1980b.  "Computer-related white collar crime," In Gilbert Geis and Ezra
     Stotland (eds.), White Collar Crime:  Theory and Research.  Beverly Hills,
     CA.:  Sage, pp.  199-220.
--1983.  Fighting Computer Crime.  New York:  Charles Scribner's Sons.
Pful, Erdwin H.  1987.  "Computer abuse:  problems of instrumental control.
     Deviant Behavior 8:  113-130.
Scott, Michael D.  1984.  Computer Law.  New York:  John Wiley and Sons.
Shea, Tom.  1984.  "The FBI goes after hackers," Infoworld 6 (13):
     38,39,41,43,44.
Taber, John K.  1980.  "A survey of computer crime studies," Computer/Law
     Journal 2:  275-327.
Time.  1983a.  "Playing games," (August 22):  14.
--1983b.  "The 414 gang strikes again," (August 29):  75.
--1986.  "Surveying the data diddlers," (February 17):  95.
Underwood, John.  1979.  "Win, place...  and sting," Sports Illustrated 51
     (July 23):  54-81+.
U.S. Public Law 98-473.  1984.  Counterfeit Access Device and Computer Fraud
     and Abuse Act of 1984.  Amendment to Chapter 47 of Title 18 of the United
     States Code, (October 12).
U.S. Public Law 99-474.  1986.  Computer Fraud and Abuse Act of 1986.
     Amendment to Chapter 47 of Title 18 of the United States Code, (October
     16).
_______________________________________________________________________________