home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Hacker Chronicles - A…the Computer Underground
/
The Hacker Chronicles - A Tour of the Computer Underground (P-80 Systems).iso
/
cud2
/
cud209f.txt
< prev
next >
Wrap
Text File
|
1992-09-26
|
6KB
|
103 lines
------------------------------
From: BORGVM
Subject: The Future of Hacking and the System Security Profession
Date: 22 Oct., '90
********************************************************************
*** CuD #2.09: File 6 of 8: Hacking and System Security ***
********************************************************************
Before I begin the discussion of my views on the future of hacking and the
system security profession, I feel it necessary to offer an introduction
which I hope will aid in the understanding of my views. I am an ex-hacker,
yet in saying so I do not rule out a few things which I associate with my
personal perspective on hacking. To begin with, I have always associated
hacking with a genuine lust for knowledge. Whether or not that knowledge
was restricted solely depends on the views of the individual. For me,
however, hacking was an acquisition of knowledge a form the military likes
to give as a good reason to join it. You know, hands-on training, of
course!
It was an attempt to learn as many operating systems as possible. Their
strengths in comparison to one another, their weaknesses, and their
nuances. When I was hacking, data was sacred. It was something which
must not be harmed. I can say with genuine conviction that every time I
heard of destructive viruses, malicious crashes, or the like, I would
become enraged far more than would your common security professional, who
would most likely eye the event as a possibility to acquire cash,
reputation in the foiling of the plot, or as leverage to gain funding and
public support.
Although my respect towards data is still very healthy, my urge to hack is
not. After entering higher education, I have been granted an account on
the mainframe with internet and bitnet access. This situation had served
as a fuel towards my already healthy paranoia of law enforcement and their
new technologies: its just not worth the risk.
After my 'retirement', however, I began to ponder the devices available
during the apex of my hacking career such as ANI (Automatic Number
Identification) and CLID (Caller Line Identification) which could
instantaneously register the number of any 800 caller, and processes
inherent in some digital switching systems which register calls to local
packet-switched networks, that about 20% of my hacks could be traced right
to my doorstep by the right investigator.
I also noted the increase in these types of investigators and the
development of more organized computer-security networks involving FBI,
Secret Service, and private computer security enterprises which developed
highly efficient training methods: the numbers of security representatives
in the telephone companies and computer networks has increased
dramatically, and to a point where telephone company toll fraud is no
longer convenient, for danger and convenience rarely coexist.
I believe that the future will offer much protection from hacking, but only
to a certain extent. One needs only to examine the header of a message
originating from some microcomputer host which UUCP's it through half a
dozen Usenet sites, the Internet, and finally to its BITNET destination to
visualize, quite realistically, a phone number tagged onto the end of the
originating userid.
With digital technology advancing at its current rate, the possibilities
are endless. It is for these reasons that the private computer security
profession (at its current size) is only a short-term success sparked by
mass press-generated hysteria, and blatant disinformation. The computer
security profession did not receive its recognition from the voices of
concerned individuals or even gluttonous corporations: it received the
necessary attention and nurturing due to the paranoias of a corrupt
military-minded government which knows exactly what it keeps on its systems
and exactly why no one else must. You see, its a matter of 'national'
security! Any good real hacker who has been around a few nets knows this.
The time will come when a hacker will sit down at his terminal to hack a
computer somewhere far away. This hacker might dial up a local network
such as Tymnet or Telenet and connect to a computer somewhere. That remote
computer's standard issue security drivers will sense an intrusion (user
John Doe calling form a network address originating in California which is
inconsistent with Mr. Doe's schedule,) request the network's CLID result,
and forward the information directly to Mr. Hacker's local police
department which is, in this day and age, fully equipped with the ability
to centrally tap telco lines (data or otherwise.) The expert system at
the police department verifies that the local data tap is indeed consistent
with the victim computer's John Doe Session and sends out a dispatch.
Sound like fantasy? Every bit of it is perfectly possible with our
existing technology, and upon review of the chronology of computer security
over the last three years, certainly probable.
Data security professionals are as easily replacable by computers as are
assembly-line workers. In this day (which will be, incidentally, just
prior to the banning of Orwell's "1984") there will be a small but very
knowledgeable and powerful group of hackers able to circumvent some of
these security mechanisms. A group of hackers not large enough to present
an obvious threat, but powerful enough to give a self-perpetuating
technological dictatorship and its docile society a nice, re-asserting slap
on the rear.
********************************************************************
>> END OF THIS FILE <<
***************************************************************************
Downloaded From P-80 International Information Systems 304-744-2253 12yrs+