💾 Archived View for gemini.spam.works › mirrors › textfiles › news › pcomhck.txt captured on 2023-01-29 at 09:55:51.

View Raw

More Information

⬅️ Previous capture (2020-10-31)

-=-=-=-=-=-=-



Printed in Popular Communications November 1992 issue.
Page 4 
By Tom Kneitel, K2AES


You say that someone overheard your cordless telephone and
learned your bank account number?  Ho boy!

You claim that despite a federal privacy law your cellular
phone was monitored but someone who told your boss you said he
was  a skinflint?  Whoa, but who cares?

You tell me that some 16 year old got your company computer's
security password from a BBS, then used it to open a $5000
credit line charge account for himself?  Hey, I'm all choked up.

Every couple of years a few computer hackers get caught and
are written up in the newspapers.  That triggers yet another round
of astonished revelations on the tabloid TV shows. the indignant
show hosts act mortified at learning some of the computer files
that hackers have been able to invade.  This invariably includes
financial and educational records, court
and police information, scientific data, and national defense
data.

This ritual of hacker discovery takes place regularly every
two or three years.  Each time it's as if none of these
practices had ever before been made known to the public.
We are asked to have limitless pity for those poor owners of
those computers whose private and sacred data has been
ruthlessly  violated at the hands of marauding cyberpunks
with their evil computers.

Another round of this drivel appears to be in progress now.  I
recently saw a replay of the entire scenario right down to
Geraldo Rivera on TV discussing computer hackers.  With a face
of stony seriousness, it was as if he had personally
discovered the first young hacker ever captured alive and
forced to confess his many sins in front of a TV camera.
Personally, I thought the hacker came across a lot better than
did Geraldo.

Despite this continuing negative public relations campaign to keep
the world living in dread fear of hackers, I'm still not
sold on the need to immediately sign up for the tar and
feather brigade.  In fact, methinks I smell a red herring.
I'm beginning to suspect that all of this medial coverage
consists of nothing mote than the chintziest possible way of
finding convenient scapegoats to blame for the failure of the
nation's data security systems.

Somewhere along the line someone forgot that it's the
responsibility of those wanting security to sufficiently
upgrade their own technology to the point where it works.  The
Primary responsibility for providing computer security can't
be relegated to third parties on the basis of expecting they
will offer security simply by ignoring the tempting and easily
accessible data because they are told it's "illegal" to
access, and because they should realize that it's not nice to
snoop.

That logic doesn't wash.  That system of security can't work.
Why should it work for those seeking security for their
computerized data?

In the July '92 issue of U.S. Naval Institute Proceedings,
there was a feature on C4I by Robert David Steele, Assistant
Chief of Staff (in charge of C4I- command , control,
communications, computer, and intelligence) at Headquarters,
U.S. Marine Corps.  He stated "The inherent danger in a
necessary but risky strategy of reliance on commercial
communications and computer equipment-to transmit much of our
operational logistics, personnel, and even intelligence
information. around the globe- exacerbates the targeting-data
and mapping shortfalls.  The Marine Corps is off the limb and
out in free fall when it comes to vulnerability to our C4I
links...Our reliance on commercial satellites and ground
switching stations leaves us wide open to total shutdown of
our communications, and complete penetration of our
administrative and logistics computer systems by any skilled
hacker."  He noted that this was the weakest and most
neglected, C4I link in the Marine Corps.

The man spelled it out very well.  If commercial
telecommunications landlines, satellites and other facilities
are to be relied upon, then they can be penetrated by skilled
hackers.

And have you noticed that the majority of skilled hackers you
learn about from the media are young adults or even teen age
hobbyists using home computers?  Some of these hackers are
benign  and merely curious, others just like the challenge of
seeing how many systems they can invade.  Sure, there are also
pranksters, plus a sprinkling of those who are truly
malicious.  The media seldom mentions the really dangerous
professional computer security violators-those involved in
industrial espionage , or who work for foreign governments,
international drug cartels, terrorist groups, and organized
crime.  Nevertheless, benign or malevolent, hobbyist or
professional, all who snoop through presumed secure computers
have the potential to steal, modify, or destroy all kinds of
data.  That this can still so easily be accomplished seems rather
astonishing at this point.

Underground BBS's offering information on these techniques are
popular and known to all who wish to seek out the information.

The data in the computers that hackers are accused of
accessing is just sitting there.  It's tempting, tantalizing,
juicy, ripe and practically crying out to be called up.  To
some amateurs and computer hobbyists, this is what amounts
to an "attractive nuisance", similar to a swimming pool of a
high tension electric tower.  Attractive nuisances are
potentially dangerous, but desirable and easily accessible
things that require a fence or other security measures, lest
the owner be declared negligent.  Every individual, industry,
and government entity is responsible when they create and
maintain an attractive nuisance.  They can post all of the "No
Trespassing" signs they want, but they still must have
safeguards such as fences.  If their safeguards are violated,
the owner of the attractive nuisance can still be considered
to have been less than diligent in keeping out intruders.  The
intruder may be only minimally held responsible for getting
through.

Somehow, though, the communications industry is unique in that
it gets off the hook with being responsible for its many
attractive nuisances.  A "No Trespassing" sign is hung up, and
intruders are considered to be in the wrong after that.

Common sense dictates that those wanting or needing real
security have no right to fall back upon low tech public
access telecommunications systems, then cry "foul" when the
security systems don't work for them.  This includes all
categories of governmental users, including the military.
Maybe they'll have to hang up and use circuits closed to the
public.

Those business firms, universities, government entities, and
others who demand tight security but need to or elect to
remain connected to the public access telecommunications
system are going to have to get better security advice, and
more efficient programs.  Don't want to?  Then they can and
will continue to have their data exploited by outsiders.  They
must tolerate it without complaining.

It's hard for me to have very much pity for multi-million
dollar companies, or the federal government when I hear about
their broached computer security.  Not when I learn that it
can be zapped by a hobbyist with a personal computer and a
program that was downloaded from a BBS.  I don't quite go so
far as those hackers who claim that they're performing a
public service by pointing out the security loopholes in
computer security systems.  The main service they are
performing is in embarrassing those folks in charge of
computer security.  This is a service that is hardly
appreciated, and is undoubtedly what has sparked their
hilarious and hysterical media diversionary blitz and
smokescreen on the evils of hackers

My own policy on cellular and other comms has been that if you
want privacy, it's solely your responsibility to assure that
you take whatever steps are required to cause your system to
be secure from outside interception.  The responsibility can't
be effectively dumped onto third parties either by
legislation or by appeals to public ethics and good-will.  So
let it also be with the data stored in computers.

I'm not an advocate for computer hackers, or for hacking-
quite obviously some of it has resulted in damage to and theft
of data.  But let's be at least a little fair bout this
ridiculous media overkill relating to amateur hackers.  How
about sharing some of the blame by shifting the complete focus
off the hackers?  Let's also see groups of these inept and
impotent computer security experts dragged out in front of the
tabloid TV cameras to own up to the public about their total
inability to protect data about you and I, and on national
defense, stored in and exchanged between public access
computers.

How about asking financial institutions, business, and
governmental agencies to explain why the data they are
supposed to be holding in trust?  And, forgetting about the
hobbyists, let them admit to the potential threat to their
stored data from terrorist groups, foreign governments,
organized crime, and other high powered professional operations.
Nobody wants to talk about any of these things.  If the public
ever learned the real threats to stored data, they would no
longer be too worried about amateur and hobbyist hackers.

Hobbyist hackers have been around for more than a decade.
It's really time now to stop the crocodile tears for the
government and big companies that get their data rifled by an
image of *Billy Whizbang* and his souped up *Commodore 64*.
If companies and agencies are so stupid and lazy that they
still can't protect important and vital data, then what they
deserve is our anger and derision, not public pity.  The
public, in turn, needs some real answers instead a of a lot of
garbage blaming it all on teenage hackers.

Fifty years ago, young people reacted to attractive nuisances
by swimming in a neighbors's pool while the people were on
vacation.  Or they stole the bell from the town church.
Today, maybe they are into computer hacking instead.  These
are bright and creative people-let's not forget that.  One the
one hand, people complain young people wrecking their brains
on drugs and loud rock music.  Hobbyist hackers are young
people who aren't spending money on drugs and rock CD's
(typist's note...I have a LOT of rock CD's).  Take your choice.

We aren't condoning computer hacking.  Certainly the practice
must be monitored and discouraged until the computer industry
can find some people intelligent enough to devise valid
security systems.  But we should be mindful that in a few
years, these young hackers are the bright people who will be
on the cutting edge of developing future technologies.
Instead of getting bent all out of shape about their
undirected curiosity, let's think about trying to channel
their talents and interests into more constructive
directions!  In all fairness, we can't allow the inept
computer  security industry make them sound too evil when,
after all, hackers are (at worst) no more than a small part of
the computer security problem. 
 
Retyped for your pleasure by BMO (scanners?  BAH!)