Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site mit-eddie.UUCP Path: utzoo!watmath!clyde!burl!we13!ihnp4!mit-eddie!barmar From: barmar@mit-eddie.UUCP (Barry Margolin) Newsgroups: net.misc,net.legal Subject: Re: Password hacker gets probation (& other electronic crimes) Message-ID: <1724@mit-eddie.UUCP> Date: Wed, 2-May-84 22:31:51 EDT Article-I.D.: mit-eddi.1724 Posted: Wed May 2 22:31:51 1984 Date-Received: Fri, 4-May-84 01:19:17 EDT References: <90@tilt.UUCP>, <308@ihu1g.UUCP> <822@ihuxw.UUCP> <310@ihu1g.UUCP> Organization: MIT, Cambridge, MA Lines: 41 -------------------- Equating a computer breakin by an amateur to breaking into a house by a burglar is a false analogy. -------------------- Right. I prefer an analogy to trespassing. One problem, though, is in the definition of "adequate security measures". I would generally consider most computer password systems to be as good as the deadbolt lock on my front door, and I generally consider it to be adequate. Of course, leaving well-known passwords on the system (that is how the 414's got into Sloan-Kettering, I believe) is like locking one's front door with one of those tiny, standard locks for suitcases. Intentions are very important. At MIT we have a long tradition of "roof-hacking" and "tunnel-hacking", which generally involve hanging out in parts of the campus buildings that we are not supposed to be. There is never any malice involved, so when we are caught we are just asked to leave (they instituted a $50 fine for roof-hacking a couple of years ago, but I think it was mostly to appease the insurance company, and I have never heard of it being enforced). This is pretty close to what the kids who break into computers are doing. There is rarely any intentional damage, and they usually play around at night, so the computrons they are using would probably be wasted anyway. Of course, there are malicious crackers. One of the people I work with told me about something that took place while he was in college or HS. A cracker was caught by the operator when he broke into a system, and the operator politely asked him to get off. The cracker was annoyed by this, so he wiped out the file system. I would consider that system completely inadequate, since it sounds like a disgruntled employee with authorization to use the machine could dothe same thing. However, that doesn't alter the fact that the cracker maliciously destroyed the data. This is analogous to the fact that my car has no protection against someone with a sledge-hammer, but that doesn't give someone with a sledge-hammer the right to demolish it. -- Barry Margolin ARPA: barmar@MIT-Multics UUCP: ..!genrad!mit-eddie!barmar