Review of 'Who's reading your E-mail" by Richard Behars
The article exposes the vulnerability of computer data and
of corporations with the popularity of the Internet. The
Internet can allow hackers access to any computer in the
world, with understated ease. Break-ins can go virtually
Major corporations and government security departments have
acknowledged that hacker break-ins are out of control. Some
companies are too fearful to join networks because of this.
Software programs brought out to deal with the growing
problem, such as firewalls, are no longer totally
effective. New technology has been developed such as
''Pilot Network Services' (offering supervised Internet
access); 'Netranger' (a monitor device used by Pentagon)
and 'Encrypton' (software that jumbles messages).
The basics of computer security (using difficult passwords,
and guarding of data) are not being met in a disturbingly
large number of American companies surveyed. A new bill
demands that system operators become responsible for
security. Hackers can be prosecuted (with subsequent heavy
penalties) only if the exposed company has actively shown
that it was security conscious. Further more, exposed
companies are liable to other companies if their lack of
security precautions allowed their computer network to
become an opening for other company break-ins.
Companies are dis-inclined to report breaches in security
as it denotes a poor image and highlights their
vulnerability. Clients demand security, and lack of it will
send them elsewhere.
Billions of dollars annually is spent on protection
devices. Others are utilizing the expertise of former
convicted hackers to fine tune and update their security
features. It is a case of befriending the enemy in order to
learn more. These hackers come out of goal with a ready
market for their expertise, and great financial rewards.
The explosion of the Internet use, and networks around the
world have brought with it a need for greater security
consciousness amongst its users and systems operation
managers. Technology needs to be constantly updated in the
war against the ever-growing insidious and malicious hacker.
Review of 'Hackers: Taking a byte out of computer crime' by
Roush discusses the changing face of computer crime with
the advent of the modem and stricter laws. The article
touches on the effect these changes are having on hackers
themselves, and the measures that are put in place to deal
with the problem. It also explores the common ground which
hackers and computer security experts agree on.
In the 1960's the dictionary definition of a hacker was
that of a "computer virtuoso". Hackers comprised of young,
computer literate and rebellious gangs vying for the status
symbol image and thrill of breaking into a computer network.
This all changed with the popularity of the modem and an
increasing number of computer users. The number of hackers
exploded and thus the image of being a hacker became passe.
The tougher security measures put in place, combined with
more stringent laws (including imprisonment) had the effect
of weeding out all but the keenest of hackers, and the most
Firms and security enforcers are now dealing with elite
hackers whose intent is now focused on sinister revenge,
malicious damage, political and defense corruption; and
monetary greed. The cost of these types of computer crimes
could run into the billions, but an accurate measure is
unavailable. This is due either to the reluctance of
corporations to report any break-ins (because they may feel
guilty about their lax security), or because the
information systems are so massive that the scale of
corruption may be too difficult to detect.
There are also a select few who choose to label themselves
as hackers with moral ethics. These second types of hacker
prevalent today are assisting companies and law enforcers
in the fight against dangerous hackers in a number of ways.
These include holding hacker conventions and on-line
information services to inform the public of new security
risks, as well as being employed by corporations to break
into their systems in order to secure and refine them.
These hackers love computers and are motivated by the anger
and frustration they feel at the prevailing laxity of
security measures in place. Despite this level of
co-operation there remains an inherent distrustful fear
between the two camps. Fear is also a motivating factor for
corporations in refusing to join networks, allocating
enormous funds for security measures; restricting access to
information; and utilizing passwords to deter alien entry.
Hacking crime is now far more sophisticated, varied and
costly to society. There is a need to continue to work with
ethical hackers in the battle for safety and order,
otherwise we face an increasingly monitored future and a
reduction in the freedom of computer use.
Review of 'The United States Vs Craig Neidorf' by D.
This article initially focuses on the US indictment of
Neidorf, a student who started an Internet publication,
'Phrack'. This publication was accused by the United States
government of being a fraudulent scheme devised by Nied and
others to steal sensitive documents and make them freely
available to the public. The court case was centered on an
article about the countries E99 emergency system, and how
he managed to fraudulently obtain a highly sensitive
document which was then published with the intent to
disrupt or halt all services.
The author had taken a keen interest in the case due to the
implications it had on threats against freedom of the
electronic press. The Electronic Frontier Foundation (EFF)
was founded with just this concern. It helps to raise
public awareness about civil liberties issues and works to
preserve and protect the constitutional rights with the
Denning was sought by Neidorf to assist in the case an
expert witness and to provide evidence throughout the
trial. The government dropped the charges after 4 days and
it was declared a mistrial. It cost Neidorf $100,000, but
potentially he stood to spend 65 years in goal.
Neidorf's case was argued that while Phrack may have seemed
to promote illegal hacking, the public itself was not
illegal. It advises readers not to engage in any
intentional damage or harm. The purpose of Phrack was the
free exchange of information as covered by the First
Amendment of Constitutional Law and Civil Liberties.
Neidorf actively co-operated with the government agents in
every way prior the indictment. Furthermore, it was found
that the supposed sensitive document (E911) was readily
available elsewhere. There was nothing in Phrack that
couldn't be found in any other published books or journals.
In addition, Neidorf argued that if the E911 text had been
a sensitive document, it certainly was not treated or
secured as such by Bellcorp.
Denning questions the rights of government to seize
documents and computer ware for extended periods, causing
severe disruption, without appropriate court orders; and
makes suggestions to rectify the process. The
responsibilities of system operators are also called into
question. They should take greater care from unauthorized
break-ins, as they may be vulnerable to lawsuits if accused
of taking inadequate protection. Denning also suggests an
update of the current law, to bring it more into line with
the UK Computer Misuse Act of 1990. There is an
acknowledgement of a new threat emerging where computer
criminals, as opposed to juvenile hackers, are potentially
capable of industrial espionage and damaging
infrastructures. There is also a final suggestion that the
teaching of computer ethics could decrease the incidence of
A Compilation of Viewpoints.
The articles written by Roush, Denning and Behar, as
summarized earlier, have many common themes. Issues about
hackers, the Internet, on line publications, invasions,
security measures, and current laws are discussed within
Denning's article approaches the topics through the lens of
a court case involving Neidorf, a law student and the
publisher of Phrack (an Internet billboard). The case
highlights that there is a fine but distinct line between
the right for freedom of information, and the unauthorized
theft and use of it. In a subtle way, Denning also
distinguishes between the two prevalent types of hacker.
Roush's article focuses primarily on the history and
changing profile of today's hacker, and their interaction
with companies and corporations.
Behar discusses vulnerabilities via networks and the
various measures available to prevent or circumnavigate
All authors agree that the profile of hackers has changed
since the early computer heydays of the 1980's. Juveniles
who hacked for the thrill of it have been replaced by two
distinct types of hackers. The first is the hacker with a
self-professed personal code of moral ethics. These hackers
invade networks, not only for the challenge, but to make
the public aware of weak security links. They abhor lax
security measures and feel justified in their actions,
claiming a superior authority by publishing their exploits.
Neidorf's case inadvertedly alluded to this, and the other
articles pointed to ethical hackers who assist companies,
or start security firms utilizing their expertise. These
hackers are acknowledged by non-hackers with a reluctant
acceptance. The second comprises of an elite number of
hackers focused on malicious intent and greed.
The issue of on-line publications and information networks
were discussed in different perspectives. All authors agree
that the abundance of information and interaction available
on- line is beneficial. Denning's article may suggest
inadvertedly that there is a distinction between freedom of
information and the moral overtones of freedom of
publication. In Neidors case there was a clear distinction,
according to the law. All agree that being on-line to a
network leaves your system vulnerable to exposure by
hackers from anywhere in the world.
The laws and penalties were discussed at length in
Denning's article, with suggestions for improvements. Roush
and Behar pointed out that convicted hackers had a
lucrative ready made market for their expertise when they
ended their prison term - being paid to assist corporations
by breaking into their systems. They all agreed that prison
sentences had deterred a large number of juvenile thrill
seekers, and mature hackers.
Roush and Behar discuss the enormous, yet understated cost
of company computer invasions. They point out the
reluctance of those victims to report occurrences because
of embarrassment, and the loss of trust client's feel with
their security measures. They also suggest that invasions
are understated because many companies do not even realize
they have been corrupted. Hacking is very much out of
control. Denning'' article indirectly showed how easily
sensitive information could be extrapolated from a system.
All articles show those hackers with strong social skills
and graces can charm the information out of a beguiled or
proud computer owner/manager.
Lastly, all the articles discussed the important overall
theme of security measures. Roush and Behar point out that
the most basic of measures, use of a difficult password,
was sadly lacking in many companies surveyed. Dennings
article features heavily on the inference of sensitive
data, but the hypocrisy of BellSouth's not adequately
securing it. Behar extends into great detail about the
effectiveness of security measures available, and the
acceptance and use of them. All agree that system operator
managers are being forced legally to take more
responsibility in their security measures.
The articles demonstrate from different perspectives the
growing problem associated with the rapid rise in computer
networks. The media provides us with further revelations on
the matter. There is no doubt that the inherent psychology
of human behavior determines that there will always be
those whose intellectual and technological pursuits will
find an outlet in those of computer intrusions. If
convicted computer hackers are able to successfully utilize
their same skills in a more productive manner, then perhaps
we are missing the point altogether. Hackers need a
suitable outlet for their expertise and instincts for
challenge. Perhaps we should be looking at ways to channel
that enthusiasm appropriately, before they discover the
In addition, perhaps the advent of the hackers is a
blessing in disguise. If the articles stated research lends
us to believe that many companies are lax in their
responsibility to security measures then perhaps an
intrusion followed by a court case is what is required to
make managers sit up, take notice and take action. I am not
suggesting the issue is open and clear cut. The advent of
continuous new technology demands continuous changes within
society, and new approaches. There are at least two ways to
resolve the hacker problem: deal with it as it is
encountered; or take a different and proactive approach.
Either way, it is largely determined by our innovation and
motivation, just as it is with budding hackers, really!
Roush, W. (1995). 'Hackers: Taking a byte out of computer
crime' in Technology Review, April, pp. 32-40.
Denning, D. E. (1991). 'The United States Vs Craig Neidorf'
in Communications of the ACM, 34, 3, 1991, pp. 24-32.
Behar, R. 'Who's Reading Your E-mail?' in Time, February 3,
1997, pp. 64-67.