AOH :: EDIT.TXT|
There's Gotta be a Better Way
THERE'S GOTTA BE A BETTER WAY
By Glen Roberts
COPYRIGHT (C) 1991 BY FULL DISCLOSURE. ALL RIGHTS RESERVED.
This issue of Full Disclosure is devoted to the current attempts at solving
the problems of computer security through prosecution of computer crimes.
It would appear from the recent activities of the federal government that one
of its major attacks is trying to spread fear throughout the ``hacker''
community. Such a concept will certainly work in a limited number of cases.
However, as the reading of any local newspaper will show, numerous crimes are
committed everyday, criminals are not stopped by the fear of punishment.
The other aspect of the government's fear program appears directed towards
those who have no criminal involvement, who wish to participate in First
Amendment activities by high-technology. Some have been subjected to
punishment without even the allegation of criminal behavior. See related
article titled ``Dr. Ripco Seizure.'' The result is a fear by some of
participating in the First Amendment, not a legitimate goal of law
enforcement or the government.
Reprinted in this issue is a copy a sentencing memorandum filed by the
Government last year in a computer crime case. It portrays the defendants as
particularly ``powerful by'' means of the information they stole. Missing is
the fact that the lax nature of computer security is what actually gave the
defendants power. If the state of computer security been reasonable secure,
the information obtained by defendants (whether legally or not) would have
granted them no extraordinary power.
A primary reason the government seeks incarceration as part of the sentence
is not because of the criminal nature of the defendants activities, but
rather to send ``the message that the hackers around the country need to
hear.'' Unfortunately, the death penalty has failed to stop murder.
The government appears to be more concerned with the free flow of information
than the fact that criminal acts were committed; ``[f]rom the start,
information was stolen and, by definition no longer safeguarded.'' Later
concluding, ``in essence, stolen information equalled power, and by that
definition, all three defendants were becoming frighteningly powerful.''
The concept that information is the crux of the problem is also highlighted
by William Cook, Assistant United States Attorney, Chicago, Illinois in an
article he wrote for the Spring 1990, COMMUNICATOR<M^>*1. He noted that
hackers can ``easily keep up with industry technical developments.'' He also
perceives that hackers are able to easily use prior information to form
attack plans on new computers.
As the Soviet Union moves toward a more open society, the United States is
just as surely closing its windows of communication. The United States has
always been the technological forefront in the world because of the ease of
information flow. Researchers, corporations and individuals have always been
free to group together and exchange information as desired. This has greatly
increased the ability of the United States to make technological advances
One can easily see the results by looking at the space programs administered
by NASA. They have resulted in many inventions finding their way quickly into
our economy, including rapid improvements in our exports. A few of the things
that have resulted from NASA's openness with U.S. industry have included: new
applications such as teflon coatings (frying pans and such), inhalation
therapy for lung ailments, teflon coatings for asbestos fiber made into
special apparel for rescue in fires, and many more too numerous to mention.
The phenomenon of information exchange is exactly what William Cook describes
in his article. However, because the ``hackers'' have apparently built or
made use of a highly efficient communications medium they have been able to
advance as quick as corporations which have failed to take devote resources
to advance their informational security. The corporate security departments
should make use of the same hacker communication techniques to work on their
problems and see their use of the ``frightening power'' of information lead
to secure computer systems.
The Communications Fraud Control Association (CFCA) in its published FRAUD
ALERT of June 21, 1990, is concerned that the government may not be able to
stop computer crime, if several organizations promising funding for legal
defense follow through. At risk is the review of several federal and state
statutes for compliance with constitutional guidelines. To date, even with
the presence of one such rights organization, the EFF<M^><MI^>*2, in at least
two federal cases, such a review has thus far been thwarted.
In short, we see the CFCA's position as allowing only two choices: 1) violate
the rights of hackers in order to obtain convictions, or 2) the world will be
runover by a rampage of hacking activities.
Two decades ago, the same problems, but with slightly different technology
was showing its ugly face. The related article in this issue ``The Death of
the Blue Box'' overviews the legal difficulties the government had in
prosecuting those stealing telecommunications services.
Ultimately, the law enforcement efforts to stop blue boxers were by all
practical means of measurement a complete failure. Only a handful of
thousands of offenses were prosecuted. Those prosecutions proved to have no
deterrent effect on others. Just as we will see that the few recent computer
hacker prosecutions will do nothing to stem the flow of current day hacking
and telecommunications fraud.
Prosecution of crimes throught to be victimless does little more than to
strengthen the resolve to not get caught in a very evoluntionary way. The
solution today is the same as it was in the blue box solution. An upgrading
of the technology will prevent the simplistic attacks that are so common. The
first step towards a technological upgrade requires an increase in the
communication between those experiencing compromise of their data.
The CFCA's COMMUNICATOR claims in the February 1990 issue of Security
Management to be the only regular journal on telecommunications crime.
Apparently overlooking, CUD, 2600 and the non defunct Phrack. That is a small
start towards the free flow of information needed by those who are looking
for security solutions for their companies.
*1 Communications Fraud Control Association (CFCA), 7921 Jones Branch Dr,
#300, McLean, Virginia 22102, Phone: (703) 848-9768, Fax: (703) 356-3701. The
association also operates a Consumer Hotline for anyone experiencing phone
*2 EFF, The Electronic Frontier Foundation, 155 Second St, Cambridge, MA
02141, Phone: (617) 864-0665, Fax: (617) 864-0866.
The above is reprinted from Full Disclosure Newspaper. Subscribe today and
get interesting articles like the above, plus more... pictures, graphics,
advertisement, and more articles. Full Disclosure is your source for
information on the leading edge of surveillance technology. Print the
following form, or supply the information on a plain piece of paper:
Please start my subscription to Full Disclosure for:
[ ] Sample issue, $2.00
[ ] 12 issue subscription, $18.00
[ ] 24 issue subscription, $29.95
With 24 issue susbcription include free one of the following:
[ ] Directory of Electronic Surveillance Equipment Suppliers
[ ] Citizen's Guide on How to Use the Freedom of Info/Privacy Acts
[ ] Maximizing PC Performance
Also available separately:
[ ] Directory of Electronic Surveillance Equipment Suppliers, $6.00
[ ] Citizen's Guide on How to Use the Freedom of Info/Privacy Acts, $5.00
[ ] Maximizing PC Performance, $6.00
Illinois residences, add 6.5% sales tax on above 3 items.
Enclosed is payment in the form of:
[ ] Check/Money order, [ ] Visa, [ ] Mastercard
Card no:___________________________________ Exp date:_______
(required for credit card orders)
Return to: Full Disclosure, Box 903, Libertyville, Illinois 60048
The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986- AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to firstname.lastname@example.org.