CYBERPUNKS.AT A TIME WHEN THE INTERNET IS BECOMING EVER MORE IMPORTANT, A NEW GENERATION OF HACKERS IS THREATENING TO BRING IT CRASHING DOWN David Brumley sees a lot of loose talk on the Internet. Part of his job, as a computer-security officer at Stanford University Stanford University, at Stanford, Calif.; coeducational; chartered 1885, opened 1891 as Leland Stanford Junior Univ. (still the legal name). The original campus was designed by Frederick Law Olmsted. David Starr Jordan was its first president. , is to eavesdrop eaves·drop intr.v. eaves·dropped, eaves·drop·ping, eaves·drops To listen secretly to the private conversation of others. in chat rooms, just in case someone tips off a nasty bit of hacking. On February 8, Brumley stumbled onto a link to the newest boomlet in Internet monkey business. A number of people were exchanging messages in a chat room when one of them asked the others to name a Web site "they really hated." The answer came back: eBay. About 30 minutes later, eBay crashed. No one knows for sure if this conversation led directly to the crash, or even if the discussion involved someone behind it, but Brumley says, "We have four or five pieces of independent evidence that are leading toward [that] one person." Very likely, these were the first, small rumblings of an earthquake that over the next week would level some of the Web's most popular sites: Yahoo, eBay, Amazon, CNN CNN or Cable News Network Subsidiary company of Turner Broadcasting Systems. It was created by Ted Turner in 1980 to present 24-hour live news broadcasts, using satellites to transmit reports from news bureaus around the world. . An anonymous hacking force had commandeered computers belonging to others and programmed these machines to bombard bom·bard tr.v. bom·bard·ed, bom·bard·ing, bom·bards 1. To attack with bombs, shells, or missiles. 2. To assail persistently, as with requests. See Synonyms at attack, barrage2. 3. major sites with huge amounts of data and countless requests for service. As a result, the rush-hour volume of traffic on these branches of the information superhighway was brought temporarily to a bumper-to-bumper halt. And the world suddenly became very aware of the term used to describe this disruption: "denial of service A condition in which a system can no longer respond to normal requests. See denial of service attack. ." For years, the Years, The the seven decades of Eleanor Pargiter’s life. [Br. Lit.: Benét, 1109] See : Time term "hacker" has summoned up images of young men, sitting for long hours at their computers, rooting about in obscure corners of computer networks. And "hacking" has been thought of as mostly benign, with a few invasions of forbidden territory and no real damage. But now there are increasing indications that some of these people have nasty or greedy motives--leading to a distinction between "white hat" (or good guy) hackers and "black hat" (or bad guy) hackers. At a time when the Internet has become an important source of commerce, the blocking of a place like Amazon.com can represent a considerable financial loss. Worries over the unreliability of the Internet for sales purposes actually caused some high-tech stocks to lose value in late February. VANDALS OR `HACKTIVISTS'? No one claimed responsibility for the denial-of-service attacks, and the investigators assembled to track down the offenders had to slowly assemble possible names and motives. There was no ransom note, no electronic manifesto. No indication of whether the attacks were the work of "hacktivists"--the name given to the growing movement of cyber political activists who try to advance their causes by demonstrating on the Internet--or possibly teenagers engaged in what one security expert calls "the cyber-yuppie equivalent of keying a car." Several computer experts even suggested that the attacks were the work of a new breed of electronic criminal who steal information or make their money by manipulating electronic markets. "The problem is that if you're smart about this, there is no trail for law enforcement to follow," says Scott Charney, until recently the Justice Department's top computer-crime official and now a vice president at Price Waterhouse Coopers. The world of the computer underground has always, for obvious reasons, been mysterious. No one knows with any precision who these people are, but computer-security experts have come up with a rough profile of the average hacker: a male between the ages of 16 and 25, living in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. . He is a computer user, but not a programmer, who hacks with software written by others. His primary motivation is to gain access to Web sites and computer networks, not to profit financially. Everyone assumes that hackers are young male computer geeks Computer Geeks is an Internet discount retailer of computer hardware, peripherals and consumer electronics to businesses, resellers and consumers. Computer Geeks focuses on purchasing manufacturers' excess inventories, closeouts and out-of-date products which allows the company to , and that description fits the most notorious hackers, going all the way back to the beginnings of the movement in the 1960s. The first ancestors of modern hackers were "phone phreaks," self-described hobbyists who tampered with telephone networks to get free long-distance calls, explore the technology, and play pranks on each other. Among the phone phreaks who transferred their obsessions to computers in the late 1970s and early 1980s were Steven Jobs and Stephen Wozniak, the co-founders of Apple Computer. THE PIONEERS The first true computer hackers, however, were students at the Massachusetts Institute of Technology Massachusetts Institute of Technology, at Cambridge; coeducational; chartered 1861, opened 1865 in Boston, moved 1916. It has long been recognized as an outstanding technological institute and its Sloan School of Management has notable programs in business, (MIT MIT - Massachusetts Institute of Technology ) who had a passion for taking things apart to understand better how they work. Only after the appearance of the movie Wargames in 1983, in which Matthew Broderick portrays a teenager with a modem who breaks into Defense Department computers and almost starts World War III World War III (abbreviated WWIII), or the Third World War, is a term used to describe a hypothetical conflict on the scale of World War I and World War II, or even larger, such as a nuclear holocaust. , did the term come to mean someone who was a computer criminal. As a Los Angeles high school Los Angeles High School, founded in 1873, is the oldest public high school in the Southern California Region and in the Los Angeles Unified School District. Its colors are blue and white and the teams are called the Romans. student in the 1970s, Kevin Mitnick Kevin David Mitnick (born October 6, 1963) is a controversial computer cracker and convicted criminal in the United States. Mitnick was convicted in the late 1990s of illegally gaining access to computer networks and stealing intellectual property. was arrested for breaking into a college computer network. Over the next two decades, he became notorious as he was arrested four more times for trespassing on computer networks and stealing software. Mitnick, now 36, was released from jail last month after serving almost five years in prison. David L. Smith David L. Smith can refer to:
In the past year, hacking has taken a more ominous turn. An Eastern European hacker called Maxus stole the credit-card numbers of more than 300,000 customers of a music retailer on the Internet, CD Universe, and demanded $100,000. The theft dramatically highlighted the risks of e-commerce. BLACK, WHITE, AND GRAY The pressure to defend against intruders has complicated the ethical world of hacking. White-hat hackers are recruited to ward off black-hat hackers, and there are even gray-hat hackers, like the LOpht (pronounced "loft") collective in Boston, which searches for security flaws and then makes the information available to anyone. The best example of a hacker who changed hats is Robert Tappan Morris Robert Tappan Morris (rtm, born 1965) is an associate professor at Massachusetts Institute of Technology. He is best known for creating the Morris Worm in 1988, considered the first computer worm on the Internet. , a Cornell University Cornell University, mainly at Ithaca, N.Y.; with land-grant, state, and private support; coeducational; chartered 1865, opened 1868. It was named for Ezra Cornell, who donated $500,000 and a tract of land. With the help of state senator Andrew D. graduate student and the son of the former chief scientist for the government's super-secret spy organization, the National Security Agency. In 1988 Morris wrote the first Internet worm (networking, security) Internet Worm - The November 1988 worm perpetrated by Robert T. Morris. The worm was a program which took advantage of bugs in the Sun Unix sendmail program, Vax programs, and other security loopholes to distribute itself to over 6000 computers on the , a software program that hopped from computer to computer in a network, jamming everything in its path. Morris admitted that he had written the program and was fined and sentenced to community service. Since then he has finished graduate school in computer science at Harvard University Harvard University, mainly at Cambridge, Mass., including Harvard College, the oldest American college. Harvard College Harvard College, originally for men, was founded in 1636 with a grant from the General Court of the Massachusetts Bay Colony. , started a successful Internet company, and now, at 34, is a faculty member at MIT. YOUNG AND DESTRUCTIVE To some extent, the story of Morris's rehabilitation is the story of a generation that grew up. And security experts worry that the hacker torch has been passed to a group whose different ethical values might allow more destructive forms of behavior. "There has been a historical trend for the people with the blackest hats to be people who are the youngest," says Mark Seiden, who is a consultant with Securify, a Silicon Valley-based computer security firm. "They have the most time to risk." The most dramatic example of the future of computer crime may have come in 1994, when Vladimir Levin Vladimir Levin is a Russian individual famed for his involvement in the attempt to fraudulently transfer US$10.7 million via Citibank's computers. The commonly known story , a 22-year-old-Russian, broke into American computers at Citibank and attempted to steal $12 million. The FBI caught him when an accomplice attempted to remove the money from a Citibank branch in San Francisco. "Now we're looking at entrepreneurial [hacker] crime in the same way you would once look at drug dealing in the '60s and '70s among middle-class and upper-class kids," says Richard Power, an editor at the Computer Security Institute, a San Francisco publishing and consulting firm. In other words Adv. 1. in other words - otherwise stated; "in other words, we are broke" put differently , we have yet to see what levels of inventiveness might be inspired by simple greed. The golden age of hacking--in more ways than one--may be about to begin. RELATED ARTICLE: WILD TIMES IN THE COMPUTER UNDERGROUND On a warm summer morning in 1998, Marc Maiffret, better known to the hacker underworld as Chameleon, woke up with the cold steel of a cop's gun pressed against his head. More than 20 federal and local law-enforcement agents had raided the 17-year-old's home in a quiet Southern California subdivision, pulling his mother screaming from the shower and wrestling him at gunpoint from his bed. "I was upset but I wasn't surprised," Maiffret remembers. "It was like, `OK, it's finally happening.'" This was no ordinary hacker bust, but then Maiffret was no ordinary hacker. The cops were there because they thought he was endangering national security through his dealings with a suspected Pakistani terrorist. It was the beginning of the end of his life in the computer netherworld, an extraordinary odyssey that seems like a story taken from the pages of a spy novel. Maiffret began his hacking career as a lonely boy in love with the machine in his bedroom. "Computers and hacking was my escape," he says. But at 16, Maiffret went from being a rather ordinary teen to something far more mysterious and sinister. He dropped out of school and traveled around the country, staying with fellow hackers. A GANG CALLED NOID NOID Notice of Intention to Discontinue (Workers' Compensation Benefits) While on the road, Maiffret joined a gang called Noid, whose members across the U.S., Canada, and Belgium had launched a series of high-profile invasions of Web sites for the American military and NASA NASA: see National Aeronautics and Space Administration. NASA in full National Aeronautics and Space Administration Independent U.S. . "I would never say what I was doing wasn't illegal, and I feel bad for the guy who got in trouble," Maiffret says. "But any site we hacked, we would help the administrator fix it." Maiffret's secret life began to crash when some friends broke into military computers and downloaded software that controls the positioning of satellites. Although he claims that he never had the software himself, Maiffret took $1,000 in money orders from a man who identified himself as a foreign terrorist who wanted to buy the program. When the program never arrived, Maiffret began to receive threatening e-mails from the man, whom authorities later identified as Khalid Ibrahim, a member of a Pakistani terrorist group linked to Osama bin Laden Osama bin Laden: see bin Laden, Osama. , who has been connected to the 1998 bombing of two American embassies in Africa. By this time, the FBI was monitoring Maiffret's every move, and a month after he had cashed the money orders, reality came crashing through his door. After a seven-hour interrogation interrogation In criminal law, process of formally and systematically questioning a suspect in order to elicit incriminating responses. The process is largely outside the governance of law, though in the U.S. , his computers were confiscated con·fis·cate tr.v. con·fis·cat·ed, con·fis·cat·ing, con·fis·cates 1. To seize (private property) for the public treasury. 2. To seize by or as if by authority. See Synonyms at appropriate. adj. and the agents left without charging Maiffret with a crime. It was the first known case of a foreign terrorist approaching an American teenager for illegally obtained programs. Maiffret now says, "I guess you could say I was lucky." At that point, Maiffret turned his life around, swearing off illicit hacking and cofounding eEye, a network security firm. He gives lectures to organizations like NASA and has written a program, Retina, to help companies protect themselves from exactly the kind of person he once was. Maiffret is still true to his nickname--his hair color jumps from blue to green to black. And he sees strong parallels between what he does now and what he did as a hacker. "I still get the same feeling I got when I was Chameleon--I would find holes and tell people how to fix them," he says. "The only difference now is I now get paid a lot more." --Anthony Lappe RELATED ARTICLE: REAL TIME FOR VIRTUAL CRIME Let's say you're sitting around one night hacking the Department of Defense computer system. You've run an HTTP HTTP in full HyperText Transfer Protocol Standard application-level protocol used for exchanging files on the World Wide Web. HTTP runs on top of the TCP/IP protocol. PHF PHF Public Health Foundation PHF Paired Helical Filaments PHF Pakistan Hockey Federation PHF Paul Harris Fellow PHF Potentially Hazardous Food PHF Peak Hour Factor (highway capacity, civil engineering) PHF Psychiatric Health Facility Vulnerability Check and a Portscan Detection Attack with no luck. So you think, of course, to try a DNSH Info Request Decode. Bingo. You're in. But before programming that nuclear launch on Antarctica you've been dreaming about, think a minute. You might be in quite a bit of trouble here. Warning: Hacking--the unauthorized intrusion into a computer network--is a felony punishable by up to five years in prison and a $250,000 fine. Federal law also prohibits the planting of viruses and the launching of attacks like the ones that shut clown several Internet sites recently. The law pretty much covers all forms of hacking. Even hacking a password to break into a system puts you at risk. "It's rare that you break in without violating the statute in some way," says Marc Swillinger, a trial attorney in the computer crime section of the Justice Department. PENALTIES COULD DOUBLE Hackers also face possible prosecution from states, many of which have their own anti-hacking statutes. In addition, hackers bent on theft can be prosecuted for business fraud or espionage under other federal statutes. The law may get tougher, too. Congress is considering a bill that would double the penalties for hacking to 10 years for a first offense and 20 years for a second. Scared yet? Critics say you needn't be. The FBI investigated 1,154 hacker attacks last year, about double the year before. But in 1999, the FBI closed the books on 912 hacker cases without finding enough evidence to prosecute. The number of hackers who have been prosecuted up to now has been minuscule. Government critics say the problem is not with the law, but with the enforcement. "The hacking technology is sometimes two or three generations ahead," says Jay Valentine, president of InfoGlide Corp., an Internet security company. "The criminals are using machine guns, and the FBI is using slingshots." --Peter Vilbig RELATED ARTICLE: THE HACKER HALL OF FAME (OR SHAME) In the hacker underground you aren't "elite," as top hackers are called, until the feds have busted down your door. Here's a short list of the world's most notorious hackers and the price they paid for their exploits. Of course, the real elite hackers are the ones you never hear about. --Anthony Lappe Kevin Mitnick, 36 HANDLE: The Condor HOME: San Fernando Valley San Fernando Valley Valley, southern California, U.S. Northwest of central Los Angeles, the valley is bounded by the San Gabriel, Santa Susana, and Santa Monica mountains and the Simi Hills. , Calif. CLAIM TO FAME: World's most famous hacker. After spending more than four years in lockdown Lockdown A specified period when an employee of a public company is barred from selling - and occasionally buying - their company's stock. Notes: These types of equity transaction restrictions can be imposed by securities regulators or underwriting firms if a company has without the possibility of bail while awaiting trial, he pleaded guilty to stealing code from tech companies including Sun Microsystems. His downfall came when he messed with a bigtime big·time or big-time Informal adj. Significant or important; major: a bigtime comedian. adv. To an extreme degree; very much: Sales are expanding, big-time. San Diego computer expert, prompting front-page coverage and a dramatic manhunt man·hunt n. An organized, extensive search for a person, usually a fugitive criminal. manhunt Noun an organized search, usually by police, for a wanted man or fugitive Noun 1. that took the FBI across the country. Inspired two books and a Skeet Ulrich movie, Takedown Takedown 1. The price at which underwriters obtain securities to be offered to the public. 2. The portion of securities that each investment banker will distribute in a secondary or initial pubic offering. Notes: 1. , which has yet to be released. SENTENCE: Released from prison in January 2000. FUN FACT: In jail, became a martyr for thousands of hackers around the world, including a group called Hackers For Girlies, who posted obscenities and pictures of naked women on The New York New York, state, United States New York, Middle Atlantic state of the United States. It is bordered by Vermont, Massachusetts, Connecticut, and the Atlantic Ocean (E), New Jersey and Pennsylvania (S), Lakes Erie and Ontario and the Canadian province of Times Web site in retaliation for what it said was overblown o·ver·blown v. Past participle of overblow. adj. 1. a. Done to excess; overdone: overblown decorations. b. coverage of Mitnick. Kevin Poulsen, 34 HANDLE: Dark Dante HOME: Los Angeles CLAIM TO FAME: While on the lam from the FBI, Poulsen supported himself by rigging radio call-in contests, winning thousands of dollars, a Hawaii vacation, and a Porsche. SENTENCE: Held without bail for 51 months, convicted on money-laundering and wire-fraud charges, then sentenced retroactively. FUN FACT: Today, is a columnist on computer crime for ZDNet, a tech Web site. Enud Tenebaum, 20 HANDLE: The Analyzer HOME: Israel CLAIM TO FAME: Israeli teenager, along with two teenage accomplices, orchestrated what was called the biggest break-in in Pentagon history in northern California. Also claims to have infiltrated computers at Harvard, Yale, MIT, NASA, and the U.S. Navy. Called "damn good" by then-Israeli Prime Minister Benjamin Netanyahu. SENTENCE: After his California proteges were caught, Tenebaum threatened to take down the entire U.S. Department of Defense computer system if they were punished. He was caught a week later and indicted INDICTED, practice. When a man is accused by a bill of indictment preferred by a grand jury, he is said to be indicted. on charges of conspiracy and harming computer systems. His trial begins in the spring. His buddies got off with a slap on the wrist. FUN FACT: Shortly after his arrest, was featured in ads for an Israeli computer company and then drafted into the Israeli army. David L Smith, 31 HANDLE: None HOME: Aberdeen, N.J. CLAIM TO FAME: Mild-mannered New Jersey programmer developed one of the most aggressive computer viruses in history, called Melissa. Charged with causing $80 million worth of damage, calculated in time spent by administrators to fix problem. SENTENCE: In December, pleaded guilty to state charge of computer-related theft and federal charge of transmitting a virus with intent to cause damage. Faces up to five years without parole on federal charge, and 10 years on the state charge. Sentencing in May. FUN FACT: Named the virus after a stripper Stripper Slang for an individual homeowner who strips the equity out of his or her home through mortgage refinancing. Proceeds are generally not re-invested, but spent on consumer goods. Notes: Most people get rich by saving and investing wisely. he had a crush on in Florida. Eric Burns, 19 HANDLE: Zyklon HOME: Seattle CLAIM TO FAME: Known as the "White House Hacker," he attacked computers controlling Web sites for NATO NATO: see North Atlantic Treaty Organization. NATO in full North Atlantic Treaty Organization International military alliance created to defend western Europe against a possible Soviet invasion. , a U.S. embassy, and Vice President Gore. Altered White House Web site to read "Your box [computer] was owned" and "Stop all the war," and posted shout-outs to hackers including himself. SENTENCE: Facing 15 months in prison and $36,240 in damages. Won't be allowed to touch a computer for three years after his release. FUN FACT: Led a hacker gang called Global Hell that declared "war" on the FBI, was raided soon after. Justin Peterson, 38 HANDLE: Agent Steal HOME: Los Angeles CLAIM TO FAME: One-legged cyberpunk A futuristic, online delinquent: breaking into computer systems; surviving by high-tech wits. The term comes from science fiction novels such as "Neuromancer" and "Shockwave Rider. who hung out at Sunset Strip rock clubs and became a paid FBI informant. Helped bust other hackers, including Poulsen and Mitnick. SENTENCE: Sentenced to 41 months for crimes including computer fraud, possession of a stolen vehicle transported across state lines, and illegally accessing TRW TRW The Real World (TV reality show) TRW The Right Way TRW Tactical Reconnaissance Wing TRW The Retriever Weekly (University of Maryland, Baltimore, MD) TRW Thompson Ramo Wooldridge Inc credit files. Arrested while planning a $150,000 bank heist. FUN FACT: While on the lam, left a taunting message for police on his voicemail, saying "I'm gone, baby." JOHN MARKOFF covers technology for The New York Times. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion