Information Security News mailing list archives
Re: Cyberterrorism hype
From: mea culpa <jericho () DIMENSIONAL COM>
Date: Mon, 27 Dec 1999 17:52:11 -0700
Reply From: "Robert G. Ferrell" <root () rgfsparc cr usgs gov>
I couldn't agree more. Unfortunately, you've gotten my back up. I don't know where the idea first came from, but the re-titling of the hacker and the cracker really does get our collective goats.
I think what this reply serves to point out is that the 'hacker' community doesn't even among themselves agree on what these terms mean. I, too, was a hacker long before WarGames; in fact, I started out phreaking in the early 70s, before hacking was really an option (unless you happened to have access to, say, a PDP-10). Unlike edison, however, I fundamentally agree with the terminology in the quoted article. A hacker, in my definition, is a person who evinces an obsessive drive to learn more about an operating system, program, or piece of hardware than is offered in the documentation. Hackers spend countless hours experimenting with configurations, trying things that the designers probably never imagined, looking for new and different ways to interact with the systems they study. They modify source code, look for nuances in system calls, reverse engineer from disassembled code, rebuild kernels, and in general search for ways to make systems do things they weren't supposed to be able to do, or to make them do things they were supposed to do better or faster. The payoff from this obsession is, as edison says, knowledge. Hackers have a deep need to know as much as humanly possible about their chosen topic; to possess knowledge no one else has (even for a short time) can generate as great a rush as any "extreme" sport. There were times when gaining unauthorized access was the only way to increase one's depth of knowledge on a given topic. This was especially true before the Internet went "commercial." Given this premise, most hackers would not have hesitated to break into a system. The only goal of this intrusion would have been information, however, and no malicious intent would be present (while that may not be much of a distinction from the legal point of view, it is very important in understanding hackers). The Internet has always been a bastion of freely shared information, so many people reacted (and still do react) to the concept of "proprietary" as the antithesis of "polite" Internet culture; in effect, they saw it as an abuse. While one may argue quite rightly that abuse is an inappropriate response to abuse in a society based on the rule of law, this reaction is widespread throughout even the current day hacker community. Most of us just complain about it, but a few take a more active role. I can't say that I approve of their actions, but I do sympathize with their frustrations and concur on a philosophical level. Crackers, by my definition, are motivated solely by a desire to subvert the security of a system. The illicit entry is the raison d'etre, not the knowledge to be gained by it (except inasmuch as it facilitates future intrusions). Crackers may be very sophisticated hackers gone "bad," or they may be "script kiddies" who have little understanding of the tools they use to break into a vulnerable system. The distinction between hacker and cracker, then, is one of motivation more than method. Some crackers are truly 'evil,' many more are just fed up or bored. Just another in an endless series of personal definitions.... Happy holidays, RGF Robert G. Ferrell Internet Technologist National Business Center, US DoI Robert_G_Ferrell () nbc gov ISN is sponsored by Security-Focus.COM
Current thread:
- Cyberterrorism hype mea culpa (Dec 20)
- <Possible follow-ups>
- Re: Cyberterrorism hype mea culpa (Dec 24)
- Re: Cyberterrorism hype mea culpa (Dec 27)