[Previous] [Next] [Index]
[Thread]
Re: Justice Department Security
On Tue, 20 Aug 1996, Merran Elizabeth Williams wrote:
> I'm a journalism student at RMIT University in Melbourne and I would like
> to know more about the implications of the break-in to the Justice
> Department Web site on the weekend (17/8/96). (obscene pictures and
> anti-censorship messages were allegedly scrawled over it and links to
> unofficial sites put in)
>
For starters, thank you for asking the question, rather than doing as the
mass media in the US has done and formulate an opinion based on lack of
knowledge and understanding.
Second, I find the DOJ web page hack to be tragically funny. That's
somewhat of an oxymoron, I realize, but quite true. Though I don't solely
blame DOJ for the bad policy of late, it is their responsibility to keep
Congresscritters informed on what is and is not within the confines of the
Constitution when it comes to limitation of freedom. If you would like to
find a good reason to make DOJ a target, read the new anti-terrorism bill
in full. Some of the implications of the restrictions within it are
scary beyong belief. It further irritates me that the people responsible
do not nearly begin to comprehend what they have tried to do. There are
definite Civil Liberties issues at hand, though all in Washington will
deny it.
> Have any other sites ever been affected in this way, and what is stopping
> hackers from causing mayhem on any similar sites?
>
There are several definitions of hackers these days. Some hackers are the
"good ol' boys" (not meaning that there aren't many good female hackers --
just a cliche) who used to run around on various systems, probing holes,
etc., for the sake of learning. There are still quite a few of these
people around, though many of the true old-timers have gone into the
business of security.
Then there are the younger masses. Some of them (such as myself) are more
endearing to the older generation as we thrist for knowledge and do not
feel that tip-toeing around systems is wrong, provided you aren't
distinctly breaking laws or causing any harm. In this sense, we are a
continuation of the last generation. However, there is another group who
has been given the name "hackers" by the ignorant media. They are the
ones who write and distribute computer viruses in order to cause mayhem.
They are the ones who maliciously attack sites through various methods for
the simple sake of causing trouble. These are the misguided youth of the
world who, instead of joining gangs and killing each other in the street,
are now taking to the "cyber-streets" and stalking prey like a mugger
stalks his/her victim. These rebellious youth have no morals, no respect,
and no class. They call themselves cool (or should I say c00l?) because
they arrogantly think they are. However, these people are not cool. They
are the criminal element of the electronic society. They are the people
who cannot be trusted, and will end up making the Internet a place
over-run with security and untrusting fear.
Now, which element is to be blamed for the DOJ incident? Well, it seems
to me that, assuming no real damage was done, it was likely a moderate
element of hackers trying to make a political statement. The people
responsible are probably more mature than the average youth, yet still
young enough to not fear getting caught. They are probably the people who
still write for publications like 2600, but take the position that hacking
is simply a quest for knowledge, and nothing more. It is a marginally
conservative stance in a realm of fairly progressive thinkers. After all,
you have to be somewhat progressive to assimilate the new technologies and
make creative application there-of. But these people are likely not true
criminals. If they were, they would have placed a time-bomb on the system
hosting the web page with the hope of disrupting an entire government
agency. I could be wrong here, of course. It could be some wild and
crazy kid looking for some PR. Regardless of who it is, though, they will
be hunted like animals until the DOJ is satisfied that it has made up for
the embarrassment caused.
As to your question of whether this has happened before and what keeps it
from happening more often....what can be said? Sure, it's probably
happened before. Many of us are aware of the security holes in several
web servers and we do our best to patch those holes as quickly as possible
and encourage others to follow suit. But, and this is the key in my
opinion, due to the rapid increase of number of web sites on the internet
there is somewhat of a shortage of experienced, seasoned system
administrators out there who know how to maintain a secure system. There
is a high percentage of system administrators out there who are only 1-3
years out of college with very little practice in making a system secure
and protecting against attacks from the aggressive.
There is another issue, too. The DOJ is an attractive target for
political reasons. However, there are not many other sites that would
provide as great a feeling to hack. Sure, there are people who try to
hack college and univerity systems, but that is small-time. There are
also corporate targets which are more valuable if you are being paid by
the right people. However, very few of these will receive much publicity
as a) if your site has been compromised, the last thing you want to do is
advertise that fact and attract more hackers who want to try their hand at
compromising your site; and b) part of the idea behind security is
handling issues like this quickly and quietly so as not to raise
eyebrows or to concern your users. What the media doesn't understand is
that, in writing these ignorant stories about how aweful hackers are and
what dangers they pose to the rest of the world, they are actually
providing publicity to the ravel of the earth who don't deserve the time
to have a mug-shot taken. The result is then people jumping on the
bandwagon, trying to act cool, but really just becoming members of the
criminal element. And the media is to be blamed for that. The media is
to be blamed for contributing to the delinquincy of minors for glorifying
the wrong, and for making stupid little incidents into big problems.
I could probably go on for hours about my opinions on the media, but I
won't. The opinions expressed above are my own and not those of any of my
employers. And no, I'm not an expert in anything yet. Just a student who
plays in the worlds of system administration, user support, consulting,
and a little hacking. Why hacking, too? Because some (including myself)
believe that the best way to protect against hackers is to be one yourself
so that you can test your own system for holes and plug those holes before
someone else with much worse intentions finds them.
I hope that I have been able to keep the technicial jargon down enough for
you. If you have any questions on something I have said which doesn't
make sense (and I'm sure there is as I'm not much of a writer on the fly),
please feel free to ask. No attacks from list readers, if you please. I
didn't write this to spur angst in discussion but to provide a
younger-generation reply to an honest question deserving an answer.
Sincerely,
-ben
--------------------------------------------------------------------------------
|
Benjamin Tomhave | Shell to DOS...Come in DOS...Do you Copy?
Luther College |
Decorah, IA 52101 | $ rm * .* "Hey, where'd everything go?
tomhavbe@martin.luther.edu |
| What's an ID-10-T error? :)
|
--------------------------------------------------------------------------------
References: