Underground - Suelette Dreyfus (best novels ever .TXT) š
- Author: Suelette Dreyfus
- Performer: 1863305955
Book online Ā«Underground - Suelette Dreyfus (best novels ever .TXT) šĀ». Author Suelette Dreyfus
SKiMo is mostly a loner these days. He shares a limited amount of information about hacking exploits with two people, but the conversations are usually carefully worded or vague. He substitutes a different vendorās names for the real one, or he discusses technical computer security issues in an in-depth but theoretical manner, so he doesnāt have to name any particular system.
He doesnāt talk about anything to do with hacking on the telephone. Mostly, when he manages to capture a particularly juicy prize, he keeps news of his latest conquest to himself.
It wasnāt always that way. `When I started hacking and phreaking, I had the need to learn very much and to establish contacts which I could ask for certain thingsāsuch as technical advice,ā SKiMo said. `Now I find it much easier to get that info myself than asking anyone for it. I look at the source code, then experiment and discover new bugs myself.ā
Asked if the ever-increasing complexity of computer technology hasnāt forced hackers to work in groups of specialists instead of going solo, he said in some cases yes, but in most cases, no. `That is only true for people who donāt want to learn everything.ā
SKiMo canāt see himself giving up hacking any time in the near future.
Who is on the other side these days?
In Australia, it is still the Australian Federal Police, although the agency has come a long way since the early days of the Computer Crimes Unit. When AFP officers burst in on Phoenix, Nom and Electron, they were like the Keystone Cops. The police were no match for the Australian hackers in the subsequent interviews. The hackers were so far out in front in technical knowledge it was laughable.
The AFP has been closing that gap with considerable alacrity. Under the guidance of officers like Ken Day, they now run a more technically skilled group of law enforcement officers. In 1995-96, the AFP had about 2800 employees, although some 800 of these worked in `community policingāāserving as the local police in places like the ACT and Norfolk Island. The AFPās annual expenditure was about $270 million in that year.
As an institution, the AFP has recently gone through a major reorganisation, designed to make it less of a command-and-control military structure and more of an innovative, service oriented organisation.
Some of these changes are cosmetic. AFP officers are now no longer called `constableā or `detective sergeantāāthey are all just `federal agentsā. The AFP now has a `visionā which is `to fight crime and winā.3 Its organisational chart had been transformed from a traditional, hierarchical pyramid of square boxes into a collection of little circles linked to bigger circlesāall in a circle shape. No phallo-centric structures here. You can tell the politically correct management consultants have been visiting the AFP.
The AFP has, however, also changed in more substantive ways. There are now `teamsā with different expertise, and AFP investigators can draw on them on an as-needed basis. In terms of increased efficiency, this fluidity is probably a good thing.
There are about five permanent officers in the Melbourne computer crimes area. Although the AFP doesnāt release detailed budget breakdowns, my back-of-the-envelope analysis suggested that the AFP spends less than $1 million per year on the Melbourne computer crimes area in total. Sydney also has a Computer Crimes Unit.
Catching hackers and phreakers is only one part of the unitās job. Another important task is to provide technical computer expertise for other investigations.
Day still runs the show in Melbourne. He doesnāt think or act like a street cop. He is a psychological player, and therefore well suited to his opponents. According to a reliable source outside the underground, he is also a clean cop, a competent officer, and `a nice guyā.
However, being the head of the Computer Crimes Unit for so many years makes Day an easy target in the underground. In particular, hackers often make fun of how seriously he seems to take both himself and his job. When Day appeared on the former ABC show `Attitudeā, sternly warning the audience off hacking, he told the viewers, `Itās not a game. Itās a criminal actā.
To hackers watching the show, this was a matter of opinion. Not long after the episode went to air, a few members of Neuro-cactus, an Australian group of hackers and phreakers which had its roots in Western Australia, decided to take the mickey out of Day. Two members, Pick and Minnow, clipped Dayās now famous soundbite. Before long, Day appeared to be saying, `Itās not a criminal act. Itās a gameāāto the musical theme of `The Billā. The Neuro-cactus crowd quickly spread their lampoon across the underground via an illicit VMB connected to its own toll-free 008 number.
Although Day does perhaps take himself somewhat seriously, it canāt be much fun for him to deal with this monkey business week in and week out. More than one hacker has told me with great excitement, `I know someone who is working on getting Dayās home numberā. The word is that a few members of the underground already have the information and have used it. Some people think it would be hilarious to call up Day at home and prank him. Frankly, I feel a bit sorry for the guy. You can bet the folks in traffic operations donāt have to put up with this stuff.
But that doesnāt mean I think these pranksters should be locked up either.
If we, as a society, choose not to lock hackers up, then what should we do with them?
Perhaps a better question is, do we really need to do anything with them?
One answer is to simply ignore look-see hacking. Society could decide that it makes more sense to use valuable police resources to catch dangerous criminalsāforgers, embezzlers, white-collar swindlers, corporate spies and malicious hackersāthan to chase look-see hackers.
The law must still maintain the capacity to punish hard where someone has strayed into what society deems serious crime. However, almost any serious crime committed by a hacker could be committed by a non-hacker and prosecuted under other legislation. Fraud, wilful damage and dealing in stolen property are crimes regardless of the mediumāand should be punished appropriately.
Does it make sense to view most look-see hackersāand by that I mean hackers who do not do malicious damage or commit fraudāas criminals? Probably not. They are primarily just a nuisance and should be treated as such. This would not be difficult to do. The law-makers could simply declare look-see hacking to be a minor legal infringement. In the worst-case scenario, a repeat offender might have to do a little community service. But such community service needs to be managed properly. In one Australian case, a corrections officer assigned a hacker to dig ditches with a convicted rapist and murderer.
Many hackers have never had a jobāin part because of the high youth unemployment in some areasāand so their community service might be their first `positionā. The right community service placement must involve hackers using their computer skills to give something back to society, preferably in some sort of autonomous, creative project. A hackerās enthusiasm, curiosity and willingness to experiment can be directed toward a positive outcome if managed properly.
In cases where hacking or phreaking has been an addiction, the problem should be treated, not criminalised. Most importantly, these hackers should not have convictions recorded against them, particularly if theyāre young. As Paul Galbally said to the court at Mendaxās sentencing, `All the accused are intelligentābut their intelligence outstretched their maturityā. Chances are, most will be able to overcome or outgrow their addiction.
In practice, most Australiaās judges have been reasonably fair in their sentencing, certainly compared to judges overseas. None of the Australian hackers detailed in this work received a prison sentence. Part of this is due to happenstance, but part is also due to the sound judgments of people like Judge Lewis and Judge Kimm. It must be very tempting, sitting on the bench every day, to shoot from the hip interpreting new laws.
As I sat in court listening to each judge, it quickly became clear that these judges had done their homework. With psychologist Tim Watson-Munro on the stand, Judge Lewis rapidly zeroed in on the subject of `free willāāas applied to addictionāregarding Prime Suspect. In Traxās case, Judge Kimm asked pointed questions which he could only have formulated after serious study of the extensive legal brief. Their well-informed judgments suggested a deeper understanding both of hacking as a crime, and of the intent of the largely untested computer crime legislation.
However, a great deal of time and money has been wasted in the pursuit of look-see hackers, largely because this sort of hacking is treated as a major crime. Consider the following absurd situation created by Australiaās federal computer criminal legislation.
A spy breaks into a computer at the Liberal Partyās headquarters and reads the partyās top-secret election strategy, which he may want to pass on to the Labor Party. He doesnāt insert or delete any data in the process, or view any commercial information. The penalty under this legislation? A maximum of six months in prison.
That same spy decides he wants to get rich quick. Using the local telephone system, he hacks into a bankās computer with the intention of defrauding the financial institution. He doesnāt view any commercial or personal information, or delete or insert any files. Yet the information he reviewsāabout the layout of a bank building, or how to set off its fire alarm or sprinkler systemāproves vital in his plan to defraud the bank. His penalty: a maximum of two years prison.
Our spy now moves onto bigger and better things. He penetrates a Department of Defence computer with the intention of obtaining information about Australiaās military strategies and passing it on to the Malaysians. Again, he doesnāt delete or insert any dataāhe just reads every sensitive planning document he can find. Under the federal anti-hacking laws, the maximum penalty he would receive would also be two years prison.
Meanwhile, a look-see hacker breaks into a university computer without doing any damage. He doesnāt delete any files. He FTPs a public-domain file from another system and quietly tucks it away in a hidden, unused corner of the university machine. Maybe he writes a message to someone else on-line. If caught, the law, as interpreted by the AFP and the DPP, says he faces up to ten years in prison. The reason? He has inserted or deleted data.
Although the spy hacker might also face other chargesāsuch as treasonāthis exercise illustrates some of the problems with the current computer crime legislation.
The letter of the law says that our look-see hacker might face a prison term five times greater than the bank fraud criminal or the military spy, and twenty times greater than the anti-Liberal Party subversive, if he inserts or deletes any data. The law, as interpreted by the AFP, says that the look-see hacking described above should have the same maximum ten-year prison penalty as judicial corruption. Itās a weird mental imageāthe corrupt judge and the look-see hacker sharing a prison cell.
Although the law-makers may not have fully understood the technological aspects of hacking when they introduced the computer crimes legislation, their intent seems clear. They were trying to differentiate between a malicious hacker and a look-see hacker, but they could have worded it better.
As itās worded, the legislation puts malicious, destructive hacking on a par with look-see hacking by saying that anyone who destroys, erases, alters or inserts data via a carrier faces a prison term, regardless of the personās intent. There is no gradation in the law between mere deletion of data and `aggravated deletionāāthe maximum penalty is ten years for both. The AFP
Comments (0)