885 lines
47 KiB
Text
885 lines
47 KiB
Text
|
==Phrack Inc.==
|
||
|
|
||
|
Volume Four, Issue Forty-One, File 12 of 13
|
||
|
|
||
|
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||
|
PWN PWN
|
||
|
PWN Phrack World News PWN
|
||
|
PWN PWN
|
||
|
PWN Issue 41 / Part 2 of 3 PWN
|
||
|
PWN PWN
|
||
|
PWN Compiled by Datastream Cowboy PWN
|
||
|
PWN PWN
|
||
|
PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN PWN
|
||
|
|
||
|
|
||
|
Government Cracks Down On Hacker November 2, 1992
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
by Donald Clark (The San Francisco Chronicle)(Page C1)
|
||
|
|
||
|
"Civil Libertarians Take Keen Interest In Kevin Poulsen Case"
|
||
|
|
||
|
Breaking new ground in the war on computer crime, the Justice Department plans
|
||
|
to accuse Silicon Valley's most notorious hacker of espionage.
|
||
|
|
||
|
Kevin Lee Poulsen, 27, touched off a 17-month manhunt before being arrested on
|
||
|
charges of telecommunications and computer fraud in April 1991. A federal
|
||
|
grand jury soon will be asked to issue a new indictment charging Poulsen with
|
||
|
violating a law against willfully sharing classified information with
|
||
|
unauthorized persons, assistant U.S. attorney Robert Crowe confirmed.
|
||
|
|
||
|
A 1988 search of Poulsen's Menlo Park storage locker uncovered a set of secret
|
||
|
orders from a military exercise, plus evidence that Poulsen may have tried to
|
||
|
log onto an Army data network and eavesdropped on a confidential investigation
|
||
|
of former Philippine President Ferdinand Marcos. It is not clear whether the
|
||
|
new charge stems from these or other acts.
|
||
|
|
||
|
Poulsen did not hand secrets to a foreign power, a more serious crime, Crowe
|
||
|
noted. But by using an espionage statute against a U.S. hacker for the first
|
||
|
time, prosecutors raise the odds of a record jail sentence that could be used
|
||
|
to deter other electronic break-ins.
|
||
|
|
||
|
They could use a stronger deterrent. Using personal computers connected to
|
||
|
telephone lines, cadres of so-called cyberpunks have made a sport of tapping
|
||
|
into confidential databases and voicemail systems at government agencies and
|
||
|
corporations. Though there is no reliable way to tally the damage, a 1989
|
||
|
survey indicated that computer crimes may cost U.S. business $500 million a
|
||
|
year, according to the Santa Cruz-based National Center for Computer Crime
|
||
|
Data.
|
||
|
|
||
|
Telephone companies, whose computers and switching systems have long been among
|
||
|
hackers' most inviting targets, are among those most anxious to tighten
|
||
|
security. Poulsen allegedly roamed at will through the networks of Pacific
|
||
|
Bell, for example, changing records and even intercepting calls between Pac
|
||
|
Bell security personnel who were on his trail.
|
||
|
|
||
|
The San Francisco-based utility has been intimately involved in his
|
||
|
prosecution; Poulsen was actually captured in part because one of the company's
|
||
|
investigators staked out a suburban Los Angeles supermarket where the fugitive
|
||
|
shopped.
|
||
|
|
||
|
"Virtually everything we do these days is done in a computer --your credit
|
||
|
cards, your phone bills," said Kurt von Brauch, a Pac Bell security officer who
|
||
|
tracked Poulsen, in an interview last year. "He had the knowledge to go in
|
||
|
there and alter them."
|
||
|
|
||
|
|
||
|
BROAD LEGAL IMPACT
|
||
|
|
||
|
Poulsen's case could have broad impact because of several controversial legal
|
||
|
issues involved. Some civil libertarians, for example, question the Justice
|
||
|
Department's use of the espionage statute, which carries a maximum 10-year
|
||
|
penalty and is treated severely under federal sentencing guidelines. They
|
||
|
doubt the law matches the actions of Poulsen, who seems to have been motivated
|
||
|
more by curiosity than any desire to hurt national security.
|
||
|
|
||
|
"Everything we know about this guy is that he was hacking around systems for
|
||
|
his own purposes," said Mike Godwin, staff counsel for the Electronic Frontier
|
||
|
Foundation, a public-interest group that has tracked Poulsen's prosecution. He
|
||
|
termed the attempt to use the statute against Poulsen "brain-damaged."
|
||
|
|
||
|
Poulsen, now in federal prison in Pleasanton, has already served 18 months in
|
||
|
jail without being tried for a crime, much less convicted. Though federal
|
||
|
rules are supposed to ensure a speedy trial, federal judges can grant extended
|
||
|
time to allow pretrial preparation in cases of complex evidence or novel legal
|
||
|
issues.
|
||
|
|
||
|
Both are involved here. After he fled to Los Angeles to avoid prosecution,
|
||
|
for example, Poulsen used a special scrambling scheme on one computer to make
|
||
|
his data files unintelligible to others. It has taken months to decode that
|
||
|
data, and the job isn't done yet, Crowe said. That PC was only found because
|
||
|
authorities intercepted one of Poulsen's phone conversations from jail, other
|
||
|
sources said.
|
||
|
|
||
|
|
||
|
CHARGES LABELED ABSURD
|
||
|
|
||
|
Poulsen declined requests for interviews. His attorney, Paul Meltzer, terms
|
||
|
the espionage charge absurd. He is also mounting several unusual attacks on
|
||
|
parts of the government's original indictment against Poulsen, filed in 1989.
|
||
|
|
||
|
He complains, for example, that the entire defense team is being subjected to
|
||
|
15-year background checks to obtain security clearances before key documents
|
||
|
can be examined.
|
||
|
|
||
|
"The legal issues are fascinating," Meltzer said. "The court will be forced to
|
||
|
make law."
|
||
|
|
||
|
Poulsen's enthusiasm for exploring forbidden computer systems became known to
|
||
|
authorities in 1983. The 17-year-old North Hollywood resident, then using the
|
||
|
handle Dark Dante, allegedly teamed up with an older hacker to break into
|
||
|
ARPAnet, a Pentagon-organized computer network that links researchers and
|
||
|
defense contractors around the country. He was not charged with a crime because
|
||
|
of his age.
|
||
|
|
||
|
Despite those exploits, Poulsen was later hired by SRI International, a Menlo
|
||
|
Park-based think tank and government contractor, and given an assistant
|
||
|
programming job with a security clearance. Though SRI won't comment, one
|
||
|
source said Poulsen's job involved testing whether a public data network, by
|
||
|
means of scrambling devices, could be used to confidentially link classified
|
||
|
government networks.
|
||
|
|
||
|
But Poulsen apparently had other sidelines. Between 1985 and 1988, the Justice
|
||
|
Department charges, Poulsen burglarized or used phony identification to sneak
|
||
|
into several Bay Area phone company offices to steal equipment and confidential
|
||
|
access codes that helped him monitor calls and change records in Pac Bell
|
||
|
computers, prosecutors say.
|
||
|
|
||
|
|
||
|
CACHE OF PHONE GEAR
|
||
|
|
||
|
The alleged activities came to light because Poulsen did not pay a bill at the
|
||
|
Menlo/Atherton Storage Facility. The owner snipped off a padlock on a storage
|
||
|
locker and found an extraordinary cache of telephone paraphernalia. A 19-count
|
||
|
indictment, which also named two of Poulsen's associates, included charges of
|
||
|
theft of government property, possession of wire-tapping devices and phony
|
||
|
identification.
|
||
|
|
||
|
One of Poulsen's alleged accomplices, Robert Gilligan, last year pleaded guilty
|
||
|
to one charge of illegally obtaining Pac Bell access codes. Under a plea
|
||
|
bargain, Gilligan received three years of probation, a $25,000 fine, and agreed
|
||
|
to help authorities in the Poulsen prosecution. Poulsen's former roommate,
|
||
|
Mark Lottor, is still awaiting trial.
|
||
|
|
||
|
A key issue in Poulsen's case concerns CPX Caber Dragon, a code name for a
|
||
|
military exercise in Fort Bragg, North Carolina. In late 1987 or early 1988,
|
||
|
the government charges, Poulsen illegally obtained classified orders for the
|
||
|
exercise. But Meltzer insists that the orders had been declassified by the
|
||
|
time they were seized, and were reclassified after the fact to prosecute
|
||
|
Poulsen. Crowe said Meltzer has his facts wrong. "That's the same as saying
|
||
|
we're framing Poulsen," Crowe said. "That's the worst sort of accusation I can
|
||
|
imagine."
|
||
|
|
||
|
Another dispute focuses on the charge of unauthorized access to government
|
||
|
computers. FBI agents found an electronic copy of the banner that a computer
|
||
|
user sees on first dialing up an Army network called MASNET, which includes a
|
||
|
warning against unauthorized use of the computer system. Meltzer says Poulsen
|
||
|
never got beyond this computer equivalent of a "No Trespassing" sign.
|
||
|
|
||
|
Furthermore, Meltzer argues that the law is unconstitutional because it does
|
||
|
not sufficiently define whether merely dialing up a computer qualifies as
|
||
|
illegal "access."
|
||
|
|
||
|
Meltzer also denies that Poulsen could eavesdrop on calls. The indictment
|
||
|
accuses him of illegally owning a device called a direct access test unit,
|
||
|
which it says is "primarily useful" for surreptitiously intercepting
|
||
|
communications. But Meltzer cites an equipment manual showing that the system
|
||
|
is specifically designed to garble conversations, though it allows phone
|
||
|
company technicians to tell that a line is in use.
|
||
|
|
||
|
Crowe said he will soon file written rebuttals to Meltzer's motions. In
|
||
|
addition to the new indictment he is seeking, federal prosecutors in Los
|
||
|
Angeles are believed to be investigating Poulsen's activities while a fugitive.
|
||
|
Among other things, Poulsen reportedly taunted FBI agents on computer bulletin
|
||
|
boards frequented by hackers.
|
||
|
|
||
|
|
||
|
PHONE COMPANIES WORRIED
|
||
|
|
||
|
Poulsen's prosecution is important to the government -- and phone companies --
|
||
|
because of their mixed record so far in getting convictions in hacker cases.
|
||
|
|
||
|
In one of the most embarrassing stumbles, a 19-year-old University of Missouri
|
||
|
student named Craig Neidorf was indicted in February 1990 on felony charges for
|
||
|
publishing a memorandum on the emergency 911 system of Bell South. The case
|
||
|
collapsed when the phone company information -- which the government said was
|
||
|
worth $79,940 -- was shown by the defense to be available from another Bell
|
||
|
system for just $13.50.
|
||
|
|
||
|
Author Bruce Sterling, whose "The Hacker Crackdown" surveys recent high-tech
|
||
|
crime and punishment, thinks the phone company overstates the dangers from
|
||
|
young hackers. On the other hand, a Toronto high school student electronically
|
||
|
tampered with that city's emergency telephone dispatching system and was
|
||
|
arrested, he noted.
|
||
|
|
||
|
Because systems that affect public safety are involved, law enforcement
|
||
|
officials are particularly anxious to win convictions and long jail sentences
|
||
|
for the likes of Poulsen.
|
||
|
|
||
|
"It's very bad when the government goes out on a case and loses," said one
|
||
|
computer-security expert who asked not to be identified. "They are desperately
|
||
|
trying to find something to hang him on."
|
||
|
|
||
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||
|
|
||
|
Computer Hacker Charged With Stealing Military Secrets December 8, 1992
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
Taken from the Associated Press
|
||
|
|
||
|
SAN FRANCISCO -- A computer hacker has been charged with stealing Air Force
|
||
|
secrets that allegedly included a list of planned targets in a hypothetical
|
||
|
war.
|
||
|
|
||
|
Former Silicon Valley computer whiz Kevin Poulsen, who was accused in the early
|
||
|
1980s as part of a major hacking case, was named in a 14-count indictment
|
||
|
issued Monday.
|
||
|
|
||
|
He and an alleged accomplice already face lesser charges of unlawful use of
|
||
|
telephone access devices, illegal wiretapping and conspiracy.
|
||
|
|
||
|
Poulsen, 27, of Los Angeles, faces 7-to-10 years in prison if convicted of the
|
||
|
new charge of gathering defense information, double the sentence he faced
|
||
|
previously.
|
||
|
|
||
|
His lawyer, Paul Meltzer, says the information was not militarily sensitive and
|
||
|
that it was reclassified by government officials just so they could prosecute
|
||
|
Poulsen on a greater charge.
|
||
|
|
||
|
A judge is scheduled to rule February 1 on Meltzer's motion to dismiss the
|
||
|
charge.
|
||
|
|
||
|
In the early 1980s, Poulsen and another hacker going by the monicker Dark Dante
|
||
|
were accused of breaking into UCLA's computer network in one of the first
|
||
|
prosecutions of computer hacking.
|
||
|
|
||
|
He escaped prosecution because he was then a juvenile and went to work at Sun
|
||
|
Microsystems in Mountain View.
|
||
|
|
||
|
While working for Sun, Poulsen illegally obtained a computer tape containing a
|
||
|
1987 order concerning a military exercise code-named Caber Dragon 88, the
|
||
|
government said in court papers. The order is classified secret and contains
|
||
|
names of military targets, the government said.
|
||
|
|
||
|
In 1989, Poulsen and two other men were charged with stealing telephone access
|
||
|
codes from a Pacific Bell office, accessing Pacific Bell computers, obtaining
|
||
|
unpublished phone numbers for the Soviet Consulate in San Francisco; dealing in
|
||
|
stolen telephone access codes; and eavesdropping on two telephone company
|
||
|
investigators.
|
||
|
|
||
|
Poulsen remained at large until a television show elicited a tip that led to
|
||
|
his capture in April 1991.
|
||
|
|
||
|
He and Mark Lottor, 27, of Menlo Park, are scheduled to be tried in March. The
|
||
|
third defendant, Robert Gilligan, has pleaded guilty and agreed to pay Pacific
|
||
|
Bell $25,000. He is scheduled to testify against Lottor and Poulsen as part of
|
||
|
a plea bargain.
|
||
|
|
||
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||
|
|
||
|
CA Computer Whiz Is First Hacker Charged With Espionage December 10, 1992
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
by John Enders (The Associated Press)
|
||
|
|
||
|
SAN JOSE, California -- A 28-year-old computer whiz who reportedly once tested
|
||
|
Department of Defense security procedures has become the first alleged computer
|
||
|
hacker to be charged with espionage.
|
||
|
|
||
|
The government says Kevin Lee Poulsen stole classified military secrets and
|
||
|
should go to prison. But his lawyer calls him "an intellectually curious
|
||
|
computer nerd."
|
||
|
|
||
|
Poulsen, of Menlo Park, California, worked in the mid-1980s as a consultant
|
||
|
testing Pentagon computer security. Because of prosecution delays, he was held
|
||
|
without bail in a San Jose jail for 20 months before being charged this week.
|
||
|
|
||
|
His attorney, Paul Meltzer, says that Poulsen did not knowingly possess
|
||
|
classified information. The military information had been declassified by the
|
||
|
time prosecutors say Poulsen obtained it, Meltzer said.
|
||
|
|
||
|
"They are attempting to make him look like Julius Rosenberg," Meltzer said of
|
||
|
the man executed in 1953 for passing nuclear-bomb secrets to the Soviet Union.
|
||
|
"It's just ridiculous."
|
||
|
|
||
|
Poulsen was arrested in 1988 on lesser but related hacking charges. He
|
||
|
disappeared before he was indicted and was re-arrested in Los Angeles in April
|
||
|
1991. Under an amended indictment, he was charged with illegal possession of
|
||
|
classified government secrets.
|
||
|
|
||
|
Poulsen also is charged with 13 additional counts, including eavesdropping on
|
||
|
private telephone conversations and stealing telephone company equipment.
|
||
|
|
||
|
If convicted on all counts, he faces up to 85 years in prison and fines
|
||
|
totaling $3.5 million, said Assistant U.S. Attorney Robert Crowe in San
|
||
|
Francisco.
|
||
|
|
||
|
On Monday (12/7), Poulsen pleaded innocent to all charges. He was handed over
|
||
|
to U.S. Marshals in San Jose on Wednesday (12/9) and was being held at a
|
||
|
federal center in Pleasanton near San Francisco.
|
||
|
|
||
|
He hasn't been available for comment, but in an earlier letter from prison,
|
||
|
Poulsen called the charges "ludicrous" and said the government is taking
|
||
|
computer hacking too seriously.
|
||
|
|
||
|
U.S. Attorney John A. Mendez said Wednesday (12/9) that Poulsen is not
|
||
|
suspected of turning any classified or non-classified information over to a
|
||
|
foreign power, but he said Poulsen's alleged activities are being taken very
|
||
|
seriously.
|
||
|
|
||
|
"He's unique. He's the first computer hacker charged with this type of
|
||
|
violation -- unlawful gathering of defense information," Mendez said.
|
||
|
|
||
|
Assistant U.S. Attorney Robert Crowe said the espionage charge was entered only
|
||
|
after approval from the Justice Department's internal security section in
|
||
|
Washington.
|
||
|
|
||
|
The indictment alleges that Poulsen:
|
||
|
|
||
|
- Tapped into the Pacific Bell Co.'s computer and collected unpublished
|
||
|
telephone numbers and employee lists for the Soviet Consulate in San
|
||
|
Francisco.
|
||
|
|
||
|
- Stole expensive telephone switching and other equipment.
|
||
|
|
||
|
- Retrieved records of phone company security personnel and checked records of
|
||
|
their own calls to see if they were following him.
|
||
|
|
||
|
- Eavesdropped on telephone calls and computer electronic mail between phone
|
||
|
company investigators and some of his acquaintances.
|
||
|
|
||
|
- Tapped into an unclassified military computer network known as Masnet.
|
||
|
|
||
|
- Obtained a classified document on flight orders for a military exercise
|
||
|
involving thousands of paratroopers at the Army's Fort Bragg in North
|
||
|
Carolina.
|
||
|
|
||
|
The offenses allegedly took place between 1986 and 1988.
|
||
|
|
||
|
In 1985, the Palo Alto, California, think tank SRI International hired Poulsen
|
||
|
to work on military contracts, including a sensitive experiment to test
|
||
|
Pentagon computer security, according to published reports. SRI has declined
|
||
|
to comment on the case.
|
||
|
_______________________________________________________________________________
|
||
|
|
||
|
Hacker For Hire October 19, 1992
|
||
|
~~~~~~~~~~~~~~~
|
||
|
by Mark Goodman and Allison Lynn (People)(Page 151)
|
||
|
|
||
|
"Real-life Sneaker Ian Murphy puts the byte on corporate spies."
|
||
|
|
||
|
THERE'S NO PRIVACY THESE DAYS," says Ian Murphy. "Just imagine going into GM's
|
||
|
or IBM's accounts and wiping them out. You can bring about economic collapse
|
||
|
by dropping in a virus without them even knowing it." Scoff at your peril,
|
||
|
Corporate America. Captain Zap -- as Murphy is known in the electronic
|
||
|
underworld of computer hackers -- claims there's no computer system he can't
|
||
|
crack, and hence no mechanical mischief he can't wreak on corporations or
|
||
|
governments. And Murphy, 35, has the track record -- not to mention the
|
||
|
criminal record -- to back up his boasts.
|
||
|
|
||
|
Murphy's fame in his subterranean world is such that he worked as a consultant
|
||
|
for Sneakers, the hit film about a gang of computer-driven spies (Robert
|
||
|
Redford, Sidney Poitier, Dan Aykroyd) lured into doing some high-risk
|
||
|
undercover work for what they believe is the National Security Agency.
|
||
|
|
||
|
Murphy loved the way the movie turned out. "It's like a training film for
|
||
|
hackers," he says, adding that he saw much of himself in the Aykroyd character,
|
||
|
a pudgy, paranoid fantasist named Mother who, like Murphy, plows through
|
||
|
people's trash for clues. In fact when Aykroyd walked onscreen covered with
|
||
|
trash, Murphy recalls, "My friends turned to me and said, 'Wow, that's you!'"
|
||
|
If that sounds like a nerd's fantasy, then check out Captain Zap's credentials.
|
||
|
Among the first Americans to be convicted of a crime involving computer break-
|
||
|
ins, he served only some easy community-service time in 1983 before heading
|
||
|
down the semistraight, not necessarily narrow, path of a corporate spy.
|
||
|
|
||
|
Today, Murphy, 35, is president of IAM Secure Data Systems, a security
|
||
|
consultant group he formed in 1982. For a fee of $5,000 a day plus expenses,
|
||
|
Murphy has dressed up as a phone-company employee and cracked a bank's security
|
||
|
system, he has aided a murder investigation for a drug dealer's court defense,
|
||
|
and he has conducted a terrorism study for a major airline. His specialty,
|
||
|
though, is breaking into company security systems -- an expertise he applied
|
||
|
illegally in his outlaw hacker days and now, legally, by helping companies
|
||
|
guard against such potential break-ins. Much of his work lately, he says,
|
||
|
involves countersurveillance -- that is, finding out if a corporation's
|
||
|
competitors are searching its computer systems for useful information. "It's
|
||
|
industrial spying," Murphy says, "and it's happening all over the place."
|
||
|
|
||
|
Murphy came by his cloak-and-daggerish calling early. He grew up in Gladwyne,
|
||
|
Pennsylvania, on Philadelphia's Main Line, the son of Daniel Murphy, a retired
|
||
|
owner of a stevedoring business, and his wife, Mary Ann, an advertising
|
||
|
executive. Ian recalls, "As a kid, I was bored. In science I did wonderfully.
|
||
|
The rest of it sucked. And social skills weren't my thing."
|
||
|
|
||
|
Neither was college. Ian had already begun playing around with computers at
|
||
|
Archbishop Carroll High School; after graduation he joined the Navy. He got an
|
||
|
early discharge in 1975 when the Navy didn't assign him to radio school as
|
||
|
promised, and he returned home to start hacking with a few pals. In his
|
||
|
heyday, he claims, he broke into White House and Pentagon computers. "In the
|
||
|
Pentagon," he says, "we were playing in the missile department, finding out
|
||
|
about the new little toys they were developing and trying to mess with their
|
||
|
information. None of our break-ins had major consequences, but it woke them the
|
||
|
hell up because they [had] all claimed it couldn't be done."
|
||
|
|
||
|
Major consequences came later. Murphy and his buddies created dummy
|
||
|
corporations with Triple-A credit ratings and ordered thousands of dollars'
|
||
|
worth of computer equipment. Two years later the authorities knocked at
|
||
|
Murphy's door. His mother listened politely to the charges, then earnestly
|
||
|
replied, "You have the wrong person. He doesn't know anything about
|
||
|
computers."
|
||
|
|
||
|
Right. Murphy was arrested and convicted of receiving stolen property in 1982.
|
||
|
But because there were no federal computer-crime laws at that time, he got off
|
||
|
with a third-degree felony count. He was fined $1,000, ordered to provide
|
||
|
1,000 hours of community service (he worked in a homeless shelter) and placed
|
||
|
on probation for 2 1/2 years. "I got off easy," he concedes.
|
||
|
|
||
|
Too easy, by his own mother's standards. A past president of Republican Women
|
||
|
of the Main Line, Mary Ann sought out her Congressman, Larry Coughlin, and put
|
||
|
the question to him: "How would you like it if the next time you ran for
|
||
|
office, some young person decided he was going to change all of your files?"
|
||
|
Coughlin decided he wouldn't like it and raised the issue on the floor of
|
||
|
Congress in 1983. The following year, Congress passed a national computer-
|
||
|
crime law, making it illegal to use a computer in a manner not authorized by
|
||
|
the owner.
|
||
|
|
||
|
Meanwhile, Murphy, divorced in 1977 after a brief marriage, had married Carol
|
||
|
Adrienne, a documentary film producer, in 1982. Marriage evidently helped set
|
||
|
Murphy straight, and he formed his company -- now with a staff of 12 that
|
||
|
includes a bomb expert and a hostage expert. Countersurveillance has been
|
||
|
profitable (he's making more than $250,000 a year and is moving out of his
|
||
|
parents' house), but it has left him little time to work on his social skills -
|
||
|
- or for that matter his health. At 5 ft.6 in. and 180 lbs., wearing jeans,
|
||
|
sneakers and a baseball cap, Murphy looks like a Hollywood notion of himself.
|
||
|
He has suffered four heart attacks since 1986 but unregenerately smokes a pack
|
||
|
of cigarettes a day and drinks Scotch long before the sun falls over the
|
||
|
yardarm.
|
||
|
|
||
|
He and Carol divorced in April 1991, after 10 years of marriage. "She got
|
||
|
ethics and didn't like the work I did," he says. These days Murphy dates --
|
||
|
but not until he thoroughly "checks" the women he goes out with. "I want to
|
||
|
know who I'm dealing with because I could be dealing with plants," he explains.
|
||
|
"The Secret Service plays games with hackers."
|
||
|
|
||
|
Murphy does retain a code of honor. He will work for corporations, helping to
|
||
|
keep down the corporate crime rate, he says, but he won't help gather evidence
|
||
|
to prosecute fellow hackers. Indeed his rogue image makes it prudent for him
|
||
|
to stay in the background. Says Reginald Branham, 23, president of Cyberlock
|
||
|
Consulting, with whom Murphy recently developed a comprehensive antiviral
|
||
|
system: "I prefer not to take Ian to meetings with CEOs. They're going to
|
||
|
listen to him and say, 'This guy is going to tear us apart.'" And yet Captain
|
||
|
Zap, for all his errant ways, maintains a certain peculiar charm. "I'm like
|
||
|
the Darth Vader of the computer world," he insists. "In the end I turn out to
|
||
|
be the good guy."
|
||
|
|
||
|
(Photograph 1 = Ian Murphy)
|
||
|
(Photograph 2 = River Phoenix, Robert Redford, Dan Aykroyd, and Sidney Poitier)
|
||
|
(Photograph 3 = Mary Ann Murphy <Ian's mom>)
|
||
|
_______________________________________________________________________________
|
||
|
|
||
|
Yacking With A Hack August 1992
|
||
|
~~~~~~~~~~~~~~~~~~~
|
||
|
by Barbara Herman (Teleconnect)(Page 60)
|
||
|
|
||
|
"Phone phreaking for fun, profit & politics."
|
||
|
|
||
|
Ed is an intelligent, articulate 18 year old. He's also a hacker, a self-
|
||
|
professed "phreak" -- the term that's developed in a subculture of usually
|
||
|
young, middle-class computer whizzes.
|
||
|
|
||
|
I called him at his favorite phone booth.
|
||
|
|
||
|
Although he explained how he hacks as well as what kinds of hacking he has been
|
||
|
involved in, I was especially interested in why he hacks.
|
||
|
|
||
|
First off, Ed wanted to make it clear he doesn't consider himself a
|
||
|
"professional" who's in it only for the money. He kept emphasizing that
|
||
|
"hacking is not only an action, it's a state of mind."
|
||
|
|
||
|
Phreaks even have an acronym-based motto that hints at their overblown opinions
|
||
|
of themselves. PHAC. It describes what they do: "phreaking," "hacking,"
|
||
|
"anarchy" and "carding." In other words, they get into systems over the
|
||
|
telecom network (phreaking), gain access (hacking), disrupt the systems
|
||
|
(political anarchy) and use peoples' calling/credit cards for their personal
|
||
|
use.
|
||
|
|
||
|
Throughout our talk, Ed showed no remorse for hacking. Actually, he had
|
||
|
contempt for those he hacked. Companies were "stupid" because their systems'
|
||
|
were so easy to crack. They deserved it.
|
||
|
|
||
|
As if they should have been thankful for his mercy, he asked me to imagine what
|
||
|
would have happened if he really hacked one railway company's system (he merely
|
||
|
left a warning note), changing schedules and causing trains to collide.
|
||
|
|
||
|
He also had a lot of disgust for the "system," which apparently includes big
|
||
|
business (he is especially venomous toward AT&T), government, the FBI, known as
|
||
|
"the Gestapo" in phreak circles, and the secret service, whose "intelligence
|
||
|
reflects what their real jobs should be, secret service station attendants."
|
||
|
|
||
|
He doesn't really believe any one is losing money on remote access toll fraud.
|
||
|
|
||
|
He figures the carriers are angry not about money lost but rather hypothetical
|
||
|
money, the money they could have charged for the free calls the hackers made,
|
||
|
which he thinks are overpriced to begin with.
|
||
|
|
||
|
He's also convinced (wrongly) that companies usually don't foot the bill for
|
||
|
the free calls hackers rack up on their phone systems. "And, besides, if some
|
||
|
multi-million dollar corporation has to pay, I'm certainly not going to cry for
|
||
|
them."
|
||
|
|
||
|
I know. A twisted kid. Weird. But besides his skewed ethics, there's also a
|
||
|
bunch of contradictions.
|
||
|
|
||
|
He has scorn for companies who can't keep him out, even though he piously warns
|
||
|
them to try.
|
||
|
|
||
|
He dismisses my suggestion that the "little guy" is in fact paying the bills
|
||
|
instead of the carrier. And yet he says AT&T is overcharging them for the
|
||
|
"vital" right to communicate with each other.
|
||
|
|
||
|
He also contradicted his stance of being for the underdog by calling the
|
||
|
railway company "stupid" for not being more careful with their information.
|
||
|
|
||
|
Maybe a railway company is not necessarily the "little guy," but it hardly
|
||
|
seems deserving of the insults Ed hurled at it. When I mentioned that a
|
||
|
hospital in New York was taken for $100,000 by hackers, he defended the hackers
|
||
|
by irrelevantly making the claim that doctors easily make $100,000 a year.
|
||
|
Since when did doctors pay hospital phone bills?
|
||
|
|
||
|
What Ed is good at is rationalizing. He lessens his crimes by raising them to
|
||
|
the status of political statements, and yet in the same breath, for example, he
|
||
|
talks about getting insider info on the stock market and investing once he
|
||
|
knows how the stock is doing. He knows it's morally wrong, he told me, but
|
||
|
urged me to examine this society that "believes in making a buck any way you
|
||
|
can. It's not a moral society."
|
||
|
|
||
|
Amazingly enough, the hacker society to which Ed belongs, if I can
|
||
|
unstatistically use him as a representative of the whole community, is just as
|
||
|
tangled in the contradictions of capitalism as the "system" they supposedly
|
||
|
loathe. In fact, they are perhaps more deluded and hypocritical because they
|
||
|
take a political stance rather than recognizing their crimes for what they are.
|
||
|
How can Ed or anyone else in the "phreaking" community take seriously their
|
||
|
claims of being against big business and evil capitalism when they steal
|
||
|
people's credit-card and calling-card numbers and use them for their own
|
||
|
profit?
|
||
|
|
||
|
The conversation winded down after Ed rhapsodized about the plight of the
|
||
|
martyred hacker who is left unfairly stigmatized after he is caught, or "taken
|
||
|
down."
|
||
|
|
||
|
One time the Feds caught his friend hacking ID codes, had several phone
|
||
|
companies and police search his house, and had his computer taken away. Even
|
||
|
though charges were not filed, Ed complained, "It's not fair."
|
||
|
|
||
|
That's right, phreak. They should have thrown him in prison.
|
||
|
_______________________________________________________________________________
|
||
|
|
||
|
Computer Hacker On Side Of Law September 23, 1992
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
by Shelby Grad (Los Angeles Times)(Page B3)
|
||
|
|
||
|
COSTA MESA, CA -- Philip Bettencourt's formal title is photo lab supervisor for
|
||
|
the Costa Mesa Police Department. But on Tuesday afternoon, he served as the
|
||
|
department's official computer hacker.
|
||
|
|
||
|
Bettencourt, pounding the keyboard excitedly as other officers looked on, was
|
||
|
determined to find information within a stolen computer's vast memory that
|
||
|
would link the machine to its owner.
|
||
|
|
||
|
So far, he had made matches for all but two of the 26 computers recovered
|
||
|
earlier this month by police as part of a countywide investigation of stolen
|
||
|
office equipment. This would be number 25.
|
||
|
|
||
|
First, he checked the hard drive's directory, searching for a word-processing
|
||
|
program that might include a form letter or fax cover sheet containing the
|
||
|
owner's name, address or phone number.
|
||
|
|
||
|
When that failed, he tapped into an accounting program, checking for clues on
|
||
|
the accounts payable menu.
|
||
|
|
||
|
"Bingo!" Bettencourt yelled a few minutes into his work. He found an invoice
|
||
|
account number to a Fountain Valley cement company that might reveal the
|
||
|
owner's identity. Seconds later, he came across the owner's bank credit-card
|
||
|
number.
|
||
|
|
||
|
And less than a minute after that, Bettencourt hit pay dirt: The name of a
|
||
|
Santa Ana building company that, when contacted, revealed that it had indeed
|
||
|
been the victim of a recent computer burglary.
|
||
|
|
||
|
"This is great," said Bettencourt, who has been interested in computers for
|
||
|
nearly two decades now, ever since Radio Shack put its first model on the
|
||
|
market. "I love doing this. This is hacking, but it's in a good sense, not
|
||
|
trying to hurt someone. This is helping people."
|
||
|
|
||
|
Few computer owners who were reunited with their equipment would contest that.
|
||
|
When Costa Mesa police recovered $250,000 worth of computers, fax machines,
|
||
|
telephones and other office gadgets, detectives were faced with the difficult
|
||
|
task of matching machines bearing few helpful identifying marks to their
|
||
|
owners, said investigator Bob Fate.
|
||
|
|
||
|
Enter Bettencourt, who tapped into the computers' hard drives, attempting to
|
||
|
find the documents that would reveal from whom the machines were taken.
|
||
|
|
||
|
As of Tuesday, all but $50,000 worth of equipment was back in owners' hands.
|
||
|
Investigators suggested that people who recently lost office equipment call the
|
||
|
station to determine if some of the recovered gadgetry belongs to them.
|
||
|
|
||
|
Ironically, the alleged burglars tripped themselves up by not erasing the data
|
||
|
from the computers before reselling the machines, authorities said. A college
|
||
|
student who purchased one of the stolen computers found data from the previous
|
||
|
owner, whom he contacted. Police were then called in, and a second "buy" was
|
||
|
scheduled in which several suspects were arrested, Fate said.
|
||
|
|
||
|
Three people were arrested September 15 and charged with receiving and
|
||
|
possessing stolen property. Police are still searching for the burglars.
|
||
|
|
||
|
The office equipment was recovered from an apartment and storage facility in
|
||
|
Santa Ana.
|
||
|
|
||
|
Bettencourt matched the final stolen computer to its owner before sundown
|
||
|
Tuesday.
|
||
|
_______________________________________________________________________________
|
||
|
|
||
|
CuD's 1992 MEDIA HYPE Award To FORBES MAGAZINE
|
||
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||
|
by Jim Thomas (Computer Underground Digest)
|
||
|
|
||
|
In recent years, media depiction of "hackers" has been criticized for
|
||
|
inaccurate and slanted reporting that exaggerates the public dangers of the
|
||
|
dread "hacker menace." As a result, CuD annually recognizes the year's most
|
||
|
egregious example of media hype.
|
||
|
|
||
|
The 1992 annual CuD GERALDO RIVERA MEDIA HYPE award goes to WILLIAM G. FLANAGAN
|
||
|
AND BRIGID McMENAMIN for their article "The Playground Bullies are Learning how
|
||
|
to Type" in the 21 December issue of Forbes (pp 184-189). The authors improved
|
||
|
upon last year's winner, Geraldo himself, in inflammatory rhetoric and
|
||
|
distorted narrative that seems more appropriate for a segment of "Inside
|
||
|
Edition" during sweeps week than for a mainstream conservative periodical.
|
||
|
|
||
|
The Forbes piece is the hands-down winner for two reasons. First, one reporter
|
||
|
of the story, Brigid McMenamin, was exceptionally successful in creating for
|
||
|
herself an image as clueless and obnoxious. Second, the story itself was based
|
||
|
on faulty logic, rumors, and some impressive leaps of induction. Consider the
|
||
|
following.
|
||
|
|
||
|
|
||
|
The Reporter: Brigid McMenamin
|
||
|
|
||
|
It's not only the story's gross errors, hyperbole, and irresponsible distortion
|
||
|
that deserve commendation/condemnation, but the way that Forbes reporter Brigid
|
||
|
McMenamin tried to sell herself to solicit information.
|
||
|
|
||
|
One individual contacted by Brigid McM claimed she called him several times
|
||
|
"bugging" him for information, asking for names, and complaining because
|
||
|
"hackers" never called her back. He reports that she explicitly stated that
|
||
|
her interest was limited to the "illegal stuff" and the "crime aspect" and was
|
||
|
oblivious to facts or issues that did not bear upon hackers-as-criminals.
|
||
|
|
||
|
Some persons present at the November 2600 meeting at Citicorp, which she
|
||
|
attended, suggested the possibility that she used another reporter as a
|
||
|
credibility prop, followed some of the participants to dinner after the
|
||
|
meeting, and was interested in talking only about illegal activities. One
|
||
|
observer indicated that those who were willing to talk to her might not be the
|
||
|
most credible informants. Perhaps this is one reason for her curious language
|
||
|
in describing the 2600 meeting.
|
||
|
|
||
|
Another person she contacted indicated that she called him wanting names of
|
||
|
people to talk to and indicated that because Forbes is a business magazine, it
|
||
|
only publishes the "truth." Yet, she seemed not so much interested in "truth,"
|
||
|
but in finding "evidence" to fit a story. He reports that he attempted to
|
||
|
explain that hackers generally are interested in Unix and she asked if she
|
||
|
could make free phone calls if she knew Unix. Although the reporter stated to
|
||
|
me several times that she had done her homework, my own conversation with her
|
||
|
contradicted her claims, and if the reports of others are accurate, here claims
|
||
|
of preparation seem disturbingly exaggerated.
|
||
|
|
||
|
I also had a rather unpleasant exchange with Ms. McM. She was rude, abrasive,
|
||
|
and was interested in obtaining the names of "hackers" who worked for or as
|
||
|
"criminals." Her "angle" was clearly the hacker-as-demon. Her questions
|
||
|
suggested that she did not understand the culture about which she was writing.
|
||
|
She would ask questions and then argue about the answer, and was resistant to
|
||
|
any "facts" or responses that failed to focus on "the hacker criminal." She
|
||
|
dropped Emmanuel Goldstein's name in a way that I interpreted as indicating a
|
||
|
closer relationship than she had--an incidental sentence, but one not without
|
||
|
import -- which I later discovered was either an inadvertently misleading
|
||
|
choice of words or a deliberate attempt to deceptively establish credentials.
|
||
|
She claimed she was an avowed civil libertarian. I asked why, then, she didn't
|
||
|
incorporate some of those issues. She invoked publisher pressure. Forbes is a
|
||
|
business magazine, she said, and the story should be of interest to readers.
|
||
|
She indicated that civil liberties weren't related to "business." She struck
|
||
|
me as exceptionally ill-informed and not particularly good at soliciting
|
||
|
information. She also left a post on Mindvox inviting "hackers" who had been
|
||
|
contacted by "criminals" for services to contact her.
|
||
|
|
||
|
>Post: 150 of 161
|
||
|
>Subject: Hacking for Profit?
|
||
|
>From: forbes (Forbes Reporter)
|
||
|
>Date: Tue, 17 Nov 92 13:17:34 EST
|
||
|
>
|
||
|
>Hacking for Profit? Has anyone ever offered to pay you (or
|
||
|
>a friend) to get into a certain system and alter, destroy or
|
||
|
>retrieve information? Can you earn money hacking credit
|
||
|
>card numbers, access codes or other information? Do you know
|
||
|
>where to sell it? Then I'd like to hear from you. I'm
|
||
|
>doing research for a magazine article. We don't need you
|
||
|
>name. But I do want to hear your story. Please contact me
|
||
|
>Forbes@mindvox.phantom.com.
|
||
|
|
||
|
However, apparently she wasn't over-zealous about following up her post or
|
||
|
reading the Mindvox conferences. When I finally agreed to send her some
|
||
|
information about CuD, she insisted it be faxed rather than sent to Mindvox
|
||
|
because she was rarely on it. Logs indicate that she made only six calls to
|
||
|
the board, none of which occurred after November 24.
|
||
|
|
||
|
My own experience with the Forbes reporter was consistent with those of others.
|
||
|
She emphasized "truth" and "fact-checkers," but the story seems short on both.
|
||
|
She emphasized explicitly that her story would *not* be sensationalistic. She
|
||
|
implied that she wanted to focus on criminals and that the story would have the
|
||
|
effect of presenting the distinction between "hackers" and real criminals.
|
||
|
Another of her contacts also appeared to have the same impression. After our
|
||
|
less-than-cordial discussion, she reported it to the contact, and he attempted
|
||
|
to intercede on her behalf in the belief that her intent was to dispel many of
|
||
|
the media inaccuracies about "hacking." If his interpretation is correct, then
|
||
|
she deceived him as well, because her portrayal of him in the story was
|
||
|
unfavorably misleading.
|
||
|
|
||
|
In CuD 4.45 (File #3), we ran Mike Godwin's article on "How to Talk to the
|
||
|
Press," which should be required reading. His guidelines included:
|
||
|
|
||
|
1) TRY TO THINK LIKE THE REPORTER YOU'RE TALKING TO.
|
||
|
2) IF YOU'RE GOING TO MEET THE REPORTER IN PERSON, TRY TO
|
||
|
BRING SOMETHING ON PAPER.
|
||
|
3) GIVE THE REPORTER OTHER PEOPLE TO TALK TO, IF POSSIBLE.
|
||
|
4) DON'T ASSUME THAT THE REPORTER WILL COVER THE STORY THE WAY
|
||
|
YOU'D LIKE HER TO.
|
||
|
|
||
|
Other experienced observers contend that discussing "hacking" with the press
|
||
|
should be avoided unless one knows the reporter well or if the reporter has
|
||
|
established sufficient credentials as accurate and non-sensationalist. Using
|
||
|
these criteria, it will probably be a long while before any competent
|
||
|
cybernaught again speaks to Brigid McMenamin.
|
||
|
|
||
|
|
||
|
The Story
|
||
|
|
||
|
Rather than present a coherent and factual story about the types of computer
|
||
|
crime, the authors instead make "hackers" the focal point and use a narrative
|
||
|
strategy that conflates all computer crime with "hackers."
|
||
|
|
||
|
The story implies that Len Rose is part of the "hacker hood" crowd. The lead
|
||
|
reports Rose's prison experience and relates his feeling that he was "made an
|
||
|
example of" by federal prosecutors. But, asks the narrative, if this is so,
|
||
|
then why is the government cracking down? Whatever else one might think of Len
|
||
|
Rose, no one ever has implied that he as a "playground bully" or "hacker hood."
|
||
|
The story also states that 2600 Magazine editor Emmanuel Goldstein "hands
|
||
|
copies <of 2600> out free of charge to kids. Then they get arrested." (p. 188-
|
||
|
-a quote attributed to Don Delaney), and distorts (or fabricates) facts to fit
|
||
|
the slant:
|
||
|
|
||
|
According to one knowledgeable source, another hacker brags
|
||
|
that he recently found a way to get into Citibank's
|
||
|
computers. For three months he says he quietly skimmed off a
|
||
|
penny or so from each account. Once he had $200,000, he quit.
|
||
|
Citibank says it has no evidence of this incident and we
|
||
|
cannot confirm the hacker's story. But, says computer crime
|
||
|
expert Donn Parker of consultants SRI International: "Such a
|
||
|
'salami attack' is definitely possible, especially for an
|
||
|
insider" (p. 186).
|
||
|
|
||
|
Has anybody calculated how many accounts one would have to "skim" a few pennies
|
||
|
from before obtaining $200,000? At a dime apiece, that's over 2 million. If
|
||
|
I'm figuring correctly, at one minute per account, 60 accounts per minute non-
|
||
|
stop for 24 hours a day all year, it would take nearly 4 straight years of on-
|
||
|
line computer work for an out-sider. According to the story, it took only 3
|
||
|
months. At 20 cents an account, that's over a million accounts.
|
||
|
|
||
|
Although no names or evidence are given, the story quotes Donn Parker of SRI as
|
||
|
saying that the story is a "definite possibility." Over the years, there have
|
||
|
been cases of skimming, but as I remember the various incidents, all have been
|
||
|
inside jobs and few, if any, involved hackers. The story is suspiciously
|
||
|
reminiscent of the infamous "bank cracking" article published in Phrack as a
|
||
|
spoof several years ago.
|
||
|
|
||
|
The basis for the claim that "hacker hoods" (former "playground bullies") are
|
||
|
now dangerous is based on a series of second and third-hand rumors and myths.
|
||
|
The authors then list from "generally reliable press reports" a half-dozen or
|
||
|
so non-hacker fraud cases that, in context, would seem to the casual reader to
|
||
|
be part of the "hacker menace." I counted in the article at least 24 instances
|
||
|
of half-truths, inaccuracies, distortions, questionable/spurious links, or
|
||
|
misleading claims that are reminiscent of 80s media hype. For example, the
|
||
|
article attributes to Phiber Optik counts in the MOD indictment that do not
|
||
|
include him, misleads on the Len Rose indictment and guilty plea, uses second
|
||
|
and third hand information as "fact" without checking the reliability, and
|
||
|
presents facts out of context (such as attributing the Morris Internet worm to
|
||
|
"hackers).
|
||
|
|
||
|
Featured as a key "hacker hood" is "Kimble," a German hacker said by some to be
|
||
|
sufficiently media-hungry and self-serving that he is ostracized by other
|
||
|
German hackers. His major crime reported in the story is hacking into PBXes.
|
||
|
While clearly wrong, his "crime" hardly qualifies him for the "hacker
|
||
|
hood/organized crime" danger that's the focus of the story. Perhaps he is
|
||
|
engaged in other activities unreported by the authors, but it appears he is
|
||
|
simply a run-of-the-mill petty rip-off artist. In fact, the authors do not make
|
||
|
much of his crimes. Instead, they leap to the conclusion that "hackers" do the
|
||
|
same thing and sell the numbers "increasingly" to criminals without a shred of
|
||
|
evidence for the leap. To be sure the reader understands the menace, the
|
||
|
authors also invoke unsubstantiated images of a hacker/Turkish Mafia connection
|
||
|
and suggest that during the Gulf war, one hacker was paid "millions" to invade
|
||
|
a Pentagon computer and retrieve information from a spy satellite (p. 186).
|
||
|
|
||
|
Criminals use computers for crime. Some criminals may purchase numbers from
|
||
|
others. But the story paints a broader picture, and equates all computer crime
|
||
|
with "hacking." The authors' logic seems to be that if a crime is committed
|
||
|
with a computer, it's a hacking crime, and therefore computer crime and
|
||
|
"hackers" are synonymous. The story ignores the fact that most computer crime
|
||
|
is an "inside job" and it says nothing about the problem of security and how
|
||
|
the greatest danger to computer systems is careless users.
|
||
|
|
||
|
One short paragraph near the end mentions the concerns about civil liberties,
|
||
|
and the next paragraph mentions that EFF was formed to address these concerns.
|
||
|
However, nothing in the article articulates the bases for these concerns.
|
||
|
Instead, the piece promotes the "hacker as demon" mystique quite creatively.
|
||
|
|
||
|
The use of terms such as "new hoods on the block," "playground bullies," and
|
||
|
"hacker hoods" suggests that the purpose of the story was to find facts to fit
|
||
|
a slant.
|
||
|
|
||
|
In one sense, the authors might be able to claim that some of their "facts"
|
||
|
were accurate. For example, the "playground bullies" phrase is attributed to
|
||
|
Cheshire Catalyst. "Gee, *we* didn't say it!" But, they don't identify
|
||
|
whether it's the original CC or not. The phrase sounds like a term used in
|
||
|
recent internecine "hacker group" bickering, and if this was the context, it
|
||
|
hardly describes any new "hacker culture." Even so, the use of the phrase
|
||
|
would be akin to a critic of the Forbes article referring to it as the product
|
||
|
of "media whores who are now getting paid for doing what they used to do for
|
||
|
free," and then applying the term "whores" to the authors because, hey, I
|
||
|
didn't make up the term, somebody else did, and I'm just reporting (and using
|
||
|
it as my central metaphor) just the way it was told to me. However, I suspect
|
||
|
that neither Forbes' author would take kindly to being called a whore because
|
||
|
of the perception that they prostituted journalistic integrity for the pay-off
|
||
|
of a sexy story. And this is what's wrong with the article: The authors take
|
||
|
rumors and catch-phrases, "merely report" the phrases, but then construct
|
||
|
premises around the phrases *as if* they were true with little (if any)
|
||
|
evidence. They take an unconfirmed "truth" (where are fact checkers when you
|
||
|
need them) or an unrelated "fact" (such as an example of insider fraud) and
|
||
|
generalize from a discrete fact to a larger population. The article is an
|
||
|
excellent bit of creative writing.
|
||
|
|
||
|
|
||
|
Why Does It All Matter?
|
||
|
|
||
|
Computer crime is serious, costly, and must not be tolerated. Rip-off is no
|
||
|
joke. But, it helps to understand a problem before it can be solved, and lack
|
||
|
of understanding can lead to policies and laws that are not only ineffective,
|
||
|
but also a threat to civil liberties. The public should be accurately informed
|
||
|
of the dangers of computer crime and how it can be prevented. However, little
|
||
|
will be served by creating demons and falsely attributing to them the sins of
|
||
|
others. It is bad enough that the meaning" of the term "hacker" has been used
|
||
|
to apply both to both computer delinquents and creative explorers without also
|
||
|
having the label extended to include all other forms of computer criminals as
|
||
|
well.
|
||
|
|
||
|
CPSR, the EFF, CuD, and many, many others have worked, with some success, to
|
||
|
educate the media about both dangers of computer crime and the dangers of
|
||
|
inaccurately reporting it and attributing it to "hackers." Some, perhaps most,
|
||
|
reporters take their work seriously, let the facts speak to them, and at least
|
||
|
make a good-faith effort not to fit their "facts" into a narrative that--by one
|
||
|
authors' indication at least -- seems to have been predetermined.
|
||
|
|
||
|
Contrary to billing, there was no evidence in the story, other than
|
||
|
questionable rumor, of "hacker" connection to organized crime. Yet, this type
|
||
|
of article has been used by legislators and some law enforcement agents to
|
||
|
justify a "crackdown" on conventional hackers as if they were the ultimate
|
||
|
menace to society. Forbes, with a paid circulation of over 735,000 (compared
|
||
|
to CuDs unpaid circulation of only 40,000), reaches a significant and
|
||
|
influential population. Hysterical stories create hysterical images, and these
|
||
|
create hysteria-based laws that threaten the rights of law-abiding users. When
|
||
|
a problem is defined by irresponsibly produced images and then fed to the
|
||
|
public, it becomes more difficult to overcome policies and laws that restrict
|
||
|
rights in cyberspace.
|
||
|
|
||
|
The issue is not whether "hackers" are or are not portrayed favorably. Rather,
|
||
|
the issue is whether images reinforce a witch-hunt mentality that leads to the
|
||
|
excesses of Operation Sun Devil, the Steve Jackson Games fiasco, or excessive
|
||
|
sentences for those who are either law-abiding or are set up as scapegoats.
|
||
|
The danger of the Forbes article is that it contributes to the persecution of
|
||
|
those who are stigmatized not so much for their acts, but rather for the signs
|
||
|
they bear.
|