Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!akgua!mcnc!decvax!harpo!ihnp4!houxm!hogpc!houti!ariel!vax135!cornell!uw-beaver!teltone!teldata!tac From: tac@teldata.UUCP Newsgroups: net.misc,net.legal Subject: Re: Password hacker gets probation (& other electronic crimes) Message-ID: <338@teldata.UUCP> Date: Fri, 11-May-84 15:05:38 EDT Article-I.D.: teldata.338 Posted: Fri May 11 15:05:38 1984 Date-Received: Sun, 13-May-84 08:41:01 EDT References: <90@tilt.UUCP>, <308@ihu1g.UUCP> <822@ihuxw.UUCP>, <739@ihuxx.UUCP>, <1444@dartvax.UUCP> <333@teldatRe: Password ha Lines: 162 Relay-Version: version B 2.10 5/3/83; site houti.UUCP Posting-Version: version B 2.10.1 6/24/83; site teldata.UUCP Message-ID: <338@teldata.UUCP> Date: Fri, 11-May-84 15:05:38 EDT cker gets probation (& other electronic crimes) Organization: Teltone Corp., Kirkland, WA Lines: 155 , (sop to the blank line eaters--consider it a religious sacrifice) Oh woe is us if this crap gets spread around, the grass will be too deep to mow in no time! >> From: fish@ihu1g.UUCP (Bob Fishell) >> >> (oo) >> Shoot somebody for picking your locks? Break their fingers? You'd be >> in big trouble, bud. I believe I said that would be my first inclination. Sort of like finding the dog has used the rug instead of the newspapers when you come home--the first inclination is that the dog is not worth keeping. You are right though, the criminals have many more rights than the victims these days so I could probably be in trouble just for being there to catch him. Have you ever had your house broken into? There is a terrible feeling of violation (I imagine it is similar to - though not as bad as - being raped). You loose all sense of security in you home, and wonder every time you come back what is missing now. No, if you have sympathy for the lock picker you probably have never been robbed. >> >> Besides, breaking into a house and gaining unauthorized access to a >> computer are two completely different things, so I wish you Law&Order >> freaks would stop making the analogy. Consider the differences: >> >> 1) Housebreaking entails doing some physical damage to the building. >> Computer breakins do not physically harm a system. A skilled lock picker can open your door without harming it-- in fact to make his job easier he may even oil the lock for you. Now that is what I call damage. The damage is to your mental security. That is damaged when a computer is entered also. >> >> 2) Housebreakers enter the building physically. This has the >> following effects: >> >> a) The occupants of the building are placed in physical >> danger. Even if the burglar does not intend violence, >> he might panic if surprised and hurt or kill somebody. >> >> b) The burglar himself is in danger of being shot, beat >> up, or having his fingers broken by the vindictive >> resident. Is it all right to rob someone if you don't put them in danger (wait until they are not home)? I had something stolen out of my storage locker once, and the person who did it did not break in. They got into the one next door and leaned over the top of the wall and fished out stuff. Never once entered my locker. Seems to me you could do the same with a window in a house--that is to never actually enter, but manage to hook the goods out the window. >> >> Computer-breakers, on the other hand, enter the system via >> a telephone that may be located thousands of miles away. >> Although once inside, there is a potential for malicious >> damage, the danger is not to anybody's life. Oh, don't give >> me that line about somebody getting into a medical computer >> and potentially killing somebody. That is a far-fetched >> hypothetical situation, whereas the danger that occurs from >> a housebreaking is real, and always present in such a situation. Need I remind you that computers frequently control machinery these days? You could accidentaly shut off or turn on all sorts of dangerous things. >> >> 3) The worst a computer-breaker can do is wipe out files. While this >> can cause a lot of grief, it will not in most cases result in any >> physical damage to the computer system. While I admit that there is only a small damage possibility to the actual COMPUTER system, there is the potential for great monetary loss (and thereby damage) to the company or person owning that computer. First case: A home enthusiast who keeps his projects on his computer. He has just invented the next *BIG HIT* video game or toy or whatever. Our potential hero (the hacker) breaks in and erases it destroying hours of work and sweat. Or worse yet steals it and pattens it first! Second case: Dr. Somebody has spent 13 years collecting data and analyzing it to make a great scientific breakthrough. Since all of this was funded by the government and the school where he was doing this he is required to publish and has, in fact, let out the mearest hint of what he is going to publish on, but comes back the next day to find some sh*t-head has run rampant through his data. Now it still looks good in some respects, but in all consceince he cannot PROVE it has not been modified. As a man of respectable morals he declines to publish until it can be re-verified and therefore looses his grant and job thus causing hardship for his family and possibly a difficult future. A worse case of this scenario is that our hero (remember the innocent hacker?) just modifies enough data for the Dr. to come to the wrong conclusion, or to overlook something important and he publishes false data which is exposed depriving him of he credibility along with his job! Third case: The most common institutional computer these days is banks. Now tell me that no damage or loss can be incured by messing with those. Want the picture painted for you? How about Granny Smith. All of her family is dead or moved on and she has just enough in the bank to keep her going for a few more years. Then some punk--eh, excuse me, our hero-- messes with her bank account and now she has no money at all (don't give me any cr*p about how she could live on SS and Welfare the rest of her life either). A worse case of that scenario? How about the bank decides it is her who has messed with their files and prosecutes. How should our hero feel about having been instrumental in sending a little old lady to jail? Some of these may be far fetched, but I think you will have to admit that they all fall within bounds you set out in the discussion. >> >> A housebreaker, on the other hand, can trash the building, steal >> everything in sight, murder the occupants, and burn the place down. >> >> I could go on, but I think I've made the point that, even though a >> housebreaker *could* just intend a harmless prank, the potential >> harm he can do is vastly greater than the harm that a password >> "hacker" can do. Remember that "War Games" was just a silly movie. Where have you been all the last 5 years? People have broken into some of the government security installations. Just what do you think it takes to create a catastrophy? I don't believe that someone could start a war with a computer, but some *REALLY* big sh*t could hit the fan. We still have not mentioned the other thing our hero could do--he could break in and leave the door open for anyone else by making the password so simple that anyone could get in, or just publish it on a billboard or network! Then all h*ll breaks loose. >> >> Finally, I must reiterate: any enterprise whose computer facilities >> are important enough that a breakin could cause serious problems >> should take serious measures to prevent such activities. This >> needn't be as elaborate as using pressurized cable, just enforce >> password aging and make sure that passwords are long enough to >> prevent breakins by Apple Basic programs that just try a progression >> of character strings. This would prevent most mischievous breakins. Do you live in a castle with a mote? If not your house is not secure enough, and if so YOU have provided the atractive nuisance. >> >> I don't advocate that it should be legal for any one who is resourceful >> enough to break in to a computer. However, I don't advocate serious >> punishment for those who do. A fine, say $100, ought to be enough >> for a first offense. An unprotected computer system is an attractive >> nuisance, and there should be some culpability on the part of the >> system's owners when some bored college kid finds that he can get >> into it. >> -- >> >> Bob Fishell >> ihnp4!ihu1g!fish Just by the by, how do you tell it is an unprotected system until you try to break in? And if you happen to be successful, does that make it poor protection or you just lucky or smart? From the Soapbox of Tom Condon {...!uw-beaver!teltone!teldata!tac} A Radical A Day Keeps The Government At Bay. (A gunfight a day keeps the muggers away?) :-)