Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 exptools 1/6/84; site ihu1g.UUCP Path: utzoo!watmath!clyde!burl!ulysses!mhuxl!ihnp4!ihu1g!fish From: fish@ihu1g.UUCP (Bob Fishell) Newsgroups: net.misc,net.legal Subject: Re: Password hacker gets probation (& other electronic crimes) Message-ID: <336@ihu1g.UUCP> Date: Tue, 8-May-84 11:39:34 EDT Article-I.D.: ihu1g.336 Posted: Tue May 8 11:39:34 1984 Date-Received: Wed, 9-May-84 02:18:13 EDT References: <90@tilt.UUCP>, <308@ihu1g.UUCP> <822@ihuxw.UUCP>, <739@ihuxx.UUCP>, <1444@dartvax.UUCP> <333@teldata.UUCP> Organization: AT&T Bell Labs, Naperville, IL Lines: 68 (oo) Shoot somebody for picking your locks? Break their fingers? You'd be in big trouble, bud. Besides, breaking into a house and gaining unauthorized access to a computer are two completely different things, so I wish you Law&Order freaks would stop making the analogy. Consider the differences: 1) Housebreaking entails doing some physical damage to the building. Computer breakins do not physically harm a system. 2) Housebreakers enter the building physically. This has the following effects: a) The occupants of the building are placed in physical danger. Even if the burglar does not intend violence, he might panic if surprised and hurt or kill somebody. b) The burglar himself is in danger of being shot, beat up, or having his fingers broken by the vindictive resident. Computer-breakers, on the other hand, enter the system via a telephone that may be located thousands of miles away. Although once inside, there is a potential for malicious damage, the danger is not to anybody's life. Oh, don't give me that line about somebody getting into a medical computer and potentially killing somebody. That is a far-fetched hypothetical situation, whereas the danger that occurs from a housebreaking is real, and always present in such a situation. You can always argue that any illegal act is potentially life- threatening. If I throw a bag of empty beer bottles out of the car, a kid with bare feet could potentially cut himself and bleed to death or die of tetanus. However, that potential is very small. 3) The worst a computer-breaker can do is wipe out files. While this can cause a lot of grief, it will not in most cases result in any physical damage to the computer system. A housebreaker, on the other hand, can trash the building, steal everything in sight, murder the occupants, and burn the place down. I could go on, but I think I've made the point that, even though a housebreaker *could* just intend a harmless prank, the potential harm he can do is vastly greater than the harm that a password "hacker" can do. Remember that "War Games" was just a silly movie. Finally, I must reiterate: any enterprise whose computer facilities are important enough that a breakin could cause serious problems should take serious measures to prevent such activities. This needn't be as elaborate as using pressurized cable, just enforce password aging and make sure that passwords are long enough to prevent breakins by Apple Basic programs that just try a progression of character strings. This would prevent most mischievous breakins. I don't advocate that it should be legal for any one who is resourceful enough to break in to a computer. However, I don't advocate serious punishment for those who do. A fine, say $100, ought to be enough for a first offense. An unprotected computer system is an attractive nuisance, and there should be some culpability on the part of the system's owners when some bored college kid finds that he can get into it. -- Bob Fishell ihnp4!ihu1g!fish