Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [ISN] Cyberterrorism hype
From: mea culpa (jerichoDIMENSIONAL.COM)
Date: Mon Dec 27 1999 - 18:52:11 CST
Reply From: "Robert G. Ferrell" <rootrgfsparc.cr.usgs.gov>
>I couldn't agree more. Unfortunately, you've gotten my back up. I
>don't know where the idea first came from, but the re-titling of the
>hacker and the cracker really does get our collective goats.
I think what this reply serves to point out is that the 'hacker' community
doesn't even among themselves agree on what these terms mean. I, too, was
a hacker long before WarGames; in fact, I started out phreaking in the
early 70s, before hacking was really an option (unless you happened to
have access to, say, a PDP-10). Unlike edison, however, I fundamentally
agree with the terminology in the quoted article. A hacker, in my
definition, is a person who evinces an obsessive drive to learn more about
an operating system, program, or piece of hardware than is offered in the
documentation. Hackers spend countless hours experimenting with
configurations, trying things that the designers probably never imagined,
looking for new and different ways to interact with the systems they
study. They modify source code, look for nuances in system calls, reverse
engineer from disassembled code, rebuild kernels, and in general search
for ways to make systems do things they weren't supposed to be able to do,
or to make them do things they were supposed to do better or faster. The
payoff from this obsession is, as edison says, knowledge. Hackers have a
deep need to know as much as humanly possible about their chosen topic;
to possess knowledge no one else has (even for a short time) can generate
as great a rush as any "extreme" sport.
There were times when gaining unauthorized access was the only way to
increase one's depth of knowledge on a given topic. This was especially
true before the Internet went "commercial." Given this premise, most
hackers would not have hesitated to break into a system. The only goal of
this intrusion would have been information, however, and no malicious
intent would be present (while that may not be much of a distinction from
the legal point of view, it is very important in understanding hackers).
The Internet has always been a bastion of freely shared information, so
many people reacted (and still do react) to the concept of "proprietary"
as the antithesis of "polite" Internet culture; in effect, they saw it as
an abuse. While one may argue quite rightly that abuse is an
inappropriate response to abuse in a society based on the rule of law,
this reaction is widespread throughout even the current day hacker
community. Most of us just complain about it, but a few take a more
active role. I can't say that I approve of their actions, but I do
sympathize with their frustrations and concur on a philosophical level.
Crackers, by my definition, are motivated solely by a desire to subvert
the security of a system. The illicit entry is the raison d'etre, not the
knowledge to be gained by it (except inasmuch as it facilitates future
intrusions). Crackers may be very sophisticated hackers gone "bad," or
they may be "script kiddies" who have little understanding of the tools
they use to break into a vulnerable system. The distinction between
hacker and cracker, then, is one of motivation more than method. Some
crackers are truly 'evil,' many more are just fed up or bored.
Just another in an endless series of personal definitions....
Robert G. Ferrell
National Business Center, US DoI
ISN is sponsored by Security-Focus.COM