SCROOMtimes: Tales of the Geek Lord

Volume 2, Number 6 -- June, 1997

State of the Hacking Nation

By Pelican Smith

In 1986, the Federal Government passed two laws, both specifically aimed at making hacking (or cracking, depending on your preference) a crime: The Electronic Communications Privacy Act, and the Computer Fraud and Abuse Act. This put the government ahead of the game, giving them a law they could use to convict offenders. A few good arrests and the hacking culture should just disappear. No more "Cap'n Crunch's". Fini.

1989 showed that it wasn't going to be that easy. In Texas there was The Legion of Doom - In New York, the Masters of Deception. Eric BloodAxe, Acid Phreak, Corrupt, Phiber Optic, and several thousand others, all cruising through Ma Bell, having a good time, and eventually getting in gang wars with one another. They were either ignorant of the specific laws they were breaking, or they just didn't care. Some went to prison. Others didn't. They all went on to get good jobs in the coputer industry.

Since then, there's been a huge interest in this thing known as "The Internet". Don't worry, kids, it's just an extension of the phone system to tie home users into an existing computer network (the same computer network that you heard of the first time due to the "Internet Worm" written by Robert Morris, Jr.). CERT was developed within months of that incident. Morris went to jail, then was released to get a good job in the computer industry. You're all safe now. No fear necessary.

Ma Bell broke up, and the Baby Bell's were born. Sweeping changes were made to the phone system. Newer equipment was purchased. You can't hack the phone companies anymore. Other than cellular phones. Oh yeah, and pay phones. OK, maybe you can still hack the phone system.

The State of the Hacking Nation... is strong.

If you are wondering why, let's study a hypothetical break in:

You run tuvwxyz.net, a small ISP in Illinois. You made the homepage yourself. 120 customers pay you $19.95 a month. After enjoying a nice 4th of July weekend, you return to the computer to find someone has altered your homepage to say nasty things about your lineage.

Well, that's a definate violation of privacy and a network intrusion. You call CERT. CERT tells you what you did wrong, and how to keep it from happening again. That's nice, but you want revenge.

Your logs show you were attacked from another ISP in Iowa. Hmm, too bad they weren't from California, Georgia, Florida or Texas - The four states leading the nation in computer crime law (and incidently, the four states making the most money off of the computer industry). Further, since this has crossed state lines, the FBI will have to pursue the individual, when they get time.

You see, the FBI has limited resources. They prioritize their cases according to dollar losses. How much money did you say you lost? None? But they insulted your dog, huh.

"Screw the cops, I can get this guy myself", you say. You call the ISP in Iowa, ask them to review their logs. They say they knew about the problem, and that they were themselves attacked from another ISP in Australia - Some guy who goes by the handle "d00fus".

Australia? Who the hell do you turn to now? This is bigger than the FBI.

Being persistent, you spend the next 4 days lurking around on IRC and USENET, searching for d00fus. By accident, you find his homepage. He likes rollerblading. He has a skanky looking girlfriend. He's thirteen. A few more years and he'll probably get a good job in the computer industry. Hell, just rebuild your web page and keep your fingers crossed.

What if d00fus sends you 40,000 pieces of e-mail in one night, shutting down your mail server? The government hasn't even decided if that is illegal yet. Hey, you watch commercials on TV, right? Those e-mail messages were all advertisements.

The law can't protect you, unless you have something to protect. As a small-time owner of a small piece of the Internet, your basically on your own, closing down security holes as they arise, taking the occasional beating.

At least, until a few changes are made to the Internet at large. Those changes WILL protect you from d00fus, and are the subject of next months Tales of the Geek Lord.

5 Links to think about:

[an error occurred while processing this directive]