Академический Документы
Профессиональный Документы
Культура Документы
TABLE OF CONTENTS
CONTENT .......................................................................................................................... 2
1. HACKING DEFINITION .............................................................................................. 2
2. DEFINITION OF A HACKER ...................................................................................... 2
2.1 HACKER ETHIC ........................................................................................................... 3
3. PSYCHOLOGICAL PROFILE OF A HACKER .......................................................... 3
3.1 COMPUTER NERD SYNDROME ..................................................................................... 4
4. HACKERS: DEMOCRATIC VERSUS TOTALITARIAN STATE ............................. 5
4.1 THE POLITICAL PHILOSOPHY OF CONFUCIUS ................................................................ 5
4.2 GEORGE ORWELL'S NINETEEN EIGHTY FOUR ................................................................ 6
5. HACKERS: SECURITY CONSULTANTS................................................................... 6
6. WORMS, TROJAN HORSES AND TIME BOMBS ..................................................... 6
6.1 TROJAN H ORSE........................................................................................................... 6
6.2 LOGIC BOMB OR TIME BOMB ...................................................................................... 7
6.3 VIRUS ........................................................................................................................ 7
6.4 VACCINE OR DISINFECTANT ........................................................................................ 7
6.5 WORM ....................................................................................................................... 7
6.6 TEMPEST .................................................................................................................... 8
7. LEGAL CONSTRAINTS: THE COMPUTER MISUSE ACT, 1990 ............................ 8
7.1 HISTORICAL PERSPECTIVE .......................................................................................... 8
7.2 THE THREE NEW CRIMINAL OFFENCES ........................................................................ 8
7.3 JURISDICTION ............................................................................................................. 9
8. LEGAL CONSTRAINTS: THE COMPUTER FRAUD AND ABUSE ACT (CFAA) .. 9
9. PROFESSIONAL CONSTRAINTS: ACM CODE OF ETHICS AND
PROFESSIONAL CONDUCT ......................................................................................... 10
10. ETHICAL POSITION ON HACKING...................................................................... 10
10.1 SIMPLE HACKING.................................................................................................... 10
10.2 INFORMATION OWNERSHIP ...................................................................................... 11
10.3 COMPUTERS: MATERIAL POSSESSIONS?.................................................................... 11
11. SUMMARY................................................................................................................. 12
BIS2061 1 Unit 2
Content
1. Hacking Definition
The computer ethicist Duncan Langford views hacking as an emotive term. He states
that back in the 1960s and 1970s the term hacking was used to describe an individual
working with computers who was technically gifted. In the early days of computing
there was no implication that someone known as a computer hacker would act
illegally. However, the social and computing environment has greatly changed since,
and as it tends to be with language, the use of the term hacker ‘expanded and its
definition broadened’.
Langford (1995) argues that despite historical claims his definition of hacking is
‘obtaining and exploiting unofficial access to a computer system’.
2. Definition of a Hacker
In The Hacker's Dictionary (Forestor and Morrison, 1990, Computer Ethics:
Cautionary Tales and Ethical Dilemmas in Computing,) the authors outline at least
seven different definitions of a hacker:
A person who enjoys learning the details of computer systems and how to stretch their
capabilities, as opposed to most computer users, who prefer to learn only the
minimum amount necessary
One who programs enthusiastically, or who enjoys programming rather than just
theorising about programming
A person capable of appreciating the hacker ethic, see 2.1 below.
A person who is good at programming quickly
An expert on a particular program, or one who frequently does work using it or on it
An expert of any kind
A malicious inquisitive meddler who tries to discover information by poking around.
For example, a password hacker is one who tries, possibly by deception or illegal
means, to discover other peoples' computer passwords. A network hacker is one
who tries to learn about the computer network is one who tires to learn about the
computer network, possibly because he / she wants to improve it or possibly
because he / she wants to interfere
BIS2061 2 Unit 2
2.1 Hacker Ethic
The early hackers took the position seriously enough to establish their own ethical
code, known as the Hacker Ethic. Langford (1995) argues that the creation of the
Ethic was sincere, as were its intentions. There are five principal values comprising
the Hacker Ethic:
Access to computers, and anything which might teach you something about the way
the world works, should be unlimited and total. Always yield to the hands-on
imperative
All information should be free
Mistrust authority - promote decentralisation
Hackers should be judged by their hacking, not bogus criteria such as academic
excellence, age, race or position
You can create art and beauty on a computer
The focus of the Hacker Ethic is, perhaps understandably in the circumstances, on the
hacker. Among the areas left out are the rights of owners and users of computer
systems, and consideration of a computer scientist's responsibilities to them.
The site had to be closed for nine hours while IT personnel cleaned up the offensive
messages and plugged the hole.' (Spinello, 2000)
BIS2061 3 Unit 2
In answer to the question "why do hackers hack?" and offer an explanation for the
behaviour described above, one reason that has been given is the satisfaction gained
from the intellectual challenge involved. It has been said to be similar to solving an
elaborate crossword - and the guessing of passwords and inventing means of
bypassing file protections poses intriguing problems that some individuals will go to
enormous lengths to solve (Forestor and Morrison, 1990). In other instances, hacking
has involved acts of vengeance, usually by a disgruntled employee against a former
employer. For others, hacking represents a lifestyle that rests upon severe social
inadequacy among otherwise intellectually capable individuals - so called "computer
nerd" syndrome.
The computer nerd syndrome particularly affects male adolescents between the ages
of 14 and 16. For psychologists such as Sherry Turkle of Massachusetts Institute of
Technology (MIT), hackers are individuals who use computers as people substitutes,
basically because computers do not require the kind of mutuality and complexity that
human relationships tend to demand.
However, despite this, the limited bandwidth of the computer screen, i.e. its lack of
feedback in the form of body language, etc. often causes users to seek substitutes for
it. For example, in the absence of any other non-verbal mechanisms to communicate
their emotions, electronic mail users often substitute depiction of their face to
represent how they are feeling or how their message should be interpreted. The
following collection of keyboard characters is often used to represent a smile, a wink
and a sad face respectively:
|:-) |;-) |:-(
BIS2061 4 Unit 2
4. Hackers: Democratic versus Totalitarian State
It is argued that for the sake of balance a truly democratic society should possess a
core of technically gifted but recalcitrant people. Given that more and more
information about individuals is now being stored on computers, often without our
knowledge or consent, it might be reassuring that some citizens are able to penetrate
these databases to ascertain what is going on. In this sense it could be argued that
hackers represent one way in which we can help avoid the creation of a more
centralised, even totalitarian government.
Indeed, at the time of the Chernobyl nuclear power station disaster in the former
Soviet Union, hackers from the Chaos Computer Club released more information to
the public about the developments than did the then West German government itself.
All the information was gained by illegal break-ins carried out in government
computer installations.
Hacking has the potential to cause enormous harm by utilising resources that have
tremendous power. Yet we should not forget that there are other, equally powerful
and much older ways in which similar powers can be unleashed (Forestor and
Morrison, 1990). Leaks to the press, espionage of all kinds and high quality
investigative journalism - for example, such as that which uncovered Watergate and
the Iran-Contra affair - have the power to break a government's control of information
flow to the public. This can ultimately even destroy corporations or governments that
have been shown to be guilty of unethical or criminal activities.
There is a remarkable parallel between Confucius and Plato, both of whom were
deeply immersed in philosophising about the ideal state in which justice would be
administered by a wise and virtuous ruler, and in which the concept of the common
good, benevolently supervised, would form the governing consideration. They
differed to the extent that whereas Plato advocated the principle of guardianship
whereby a ruling class would be educated and fashioned to rule the state without fear
of contradiction in their just rule, Confucius considered the populous as an intelligent
and critical check against wrong tendencies in government.
Confucius' theory of government was both paternal and democratic. The ruler is father
of his people, and his right to rule is the order of nature. He is at the same time,
responsible in detail for the welfare (material and moral) of his people. On the other
hand, the highest source of wisdom is the people themselves - they know what is good
for them - vox populi, vox dei. His humblest subject is the ruler's equal, and revolution
against tyranny is a duty.
Thus it could be argued that hackers represent the humblest subject whose duty is to
revolt against the tyranny of a totalitarian state. The hacker, in the true sense of
Confucianism, helps avoid the creation of a more centralised and totalitarian
government. This relates to the third principle of the Hacker Ethic in promoting
decentralisation (see 2.1).
BIS2061 5 Unit 2
4.2 George Orwell's Nineteen Eighty Four
George Orwell, novelist, essayist and critic is famous for his savagely angry satirical
novels Animal Farm and Nineteen Eighty Four. His distrust of authority and all
political parties inspired Nineteen Eighty Four, an elaborate satire on modern politics
prophesying a world perpetually laid waste by warring dictators. The novel above all
pictures the horrors of totalitarianism pursued to the limit, the very horrors that
hackers help avoid.
‘To some extent this is already happening: in the US, convicted hackers are regularly
approached by security and intelligence agencies with offers to join them in return for
amelioration or suspension of sentences. Other hackers have used their notoriety to
establish computer security firms and to turn their covertly gained knowledge to the
benefit of commercial and public institutions.’
BIS2061 6 Unit 2
6.2 Logic Bomb or Time Bomb
This is a program that is triggered to act when it detects a certain sequence of events,
or after a particular period of time has elapsed. For example, a popular form of logic
bomb monitors employment files and initiates systems damage (such as erasure of
hard discs or secret corruption of key programs) once the programmer's employment
has been terminated. A simple variation on the theme is to have a logic bomb virus,
that is, a virus that begins to replicate and destroy a system after it has been triggered
by a time lapse, a set of pre-programmed conditions coming into existence, or by
remote control using the appropriate password.
6.3 Virus
Vaccine or Disinfectant software is a class of program that searches your hard drive
and floppy disks for any known or potential viruses. The market for this kind of
program has expanded because of Internet growth and the increasing use of the
Internet by businesses concerned about protecting their computer assets. Here are
three of the most popular anti virus programs. You can download free trial copies
from their sites:
Some vaccines are general-purpose programs that search for a wide range of viruses,
while others are more restricted and are only capable of identifying a particular virus
type. Other forms of virus protection include isolation of the infected system(s), use
of non-writable system discs so that viruses cannot copy themselves there, and testing
of unknown software (particularly public domain software downloaded from bulletin
boards) on a minimal, isolated system.
6.5 Worm
A worm is a type of virus or replicative code that situates itself in a computer system
in a place where it can do harm. There are viruses (such as Melissa) that don't ‘worm
themselves in’to a place where they can do harm, they simply replicate themselves by
e-mail to many computers. Like most computer viruses, worms usually come in
BIS2061 7 Unit 2
Trojan horses. Worms tend to exist in memory and are non permanent, whereas
viruses tend to reside on disc where they are permanent until eradicated. In addition,
worms are network orientated, with 'segments' of the worm inhabiting different
machines and being cognisant of the existence of the other segments in other nodes of
the network. Worms actively seek out idle machines and retreat when machine load
increases.
6.6 Tempest
The term refers to the electronic emissions that computers generate as they work.
With the right equipment, these transmissions can be monitored, stored and analysed
to help discover what the computer was doing.
‘It had long been assumed in the UK that hacking was illegal; but in 1988 the House
of Lords eventually decided to the contrary. Concern following this decision led to the
Law Commission Working Paper on Computer Misuse. This paper, after a general
examination of the problems, made several specific recommendations for changes in
the law. In 1989 the Tory MP Emma Nicholson promoted a Private Member's Bill to
combat hacking but later withdrew it, following Government promises to legislate.
However, despite these promises, no official Government measures were taken. In
1990 another private member, Michael Colvin, introduced a second private bill on
computer misuse. Although this bill incorporated recommendations from the Law
Commission paper, the penalties recommended by the Commission were greatly
increased. The Bill eventually became the Computer Misuse Act in August 1990.’
(Langford, 1995)
BIS2061 8 Unit 2
Unauthorised modification of computer material. This section of the Act covers
distributing a computer virus, or malicious deletion of files, as well as direct
actions such as altering an account to obtain fraudulent credit
The latter two offences are tried before a jury. The act also includes the offence of
conspiracy to commit and incitement to commit the three main offences. This aspect
of the Act makes even discussion of specific actions, which are in breach of the main
sections, questionable practice. It is sufficient to be associated with an offender in
planning the action, or to suggest carrying out an action which is illegal under the Act,
to be in a position to be charged.
7.3 Jurisdiction
‘All the states, with the exception of Vermont, have also enacted their own computer
crime statutes, which, in some cases, go beyond the scope of the Computer Fraud and
Abuse Act. Specifically, most state laws make unauthorised use of computers a crime
regardless of the circumstances.’
(Spinello, 2000)
BIS2061 9 Unit 2
Now do Review Question 5
The general moral imperative 2.8 states "a member must access computing and
communication resources only when authorised to do so". Theft or destruction of
tangible and electronic property is prohibited by imperative 1.2.: "Avoid harm to
others". Trespassing and unauthorised use of a computer or communication system is
also addressed by this imperative. Trespassing includes accessing communication
networks and computer systems, or accounts and/or files associated with those
systems, without explicit authorisation to do so. Individuals and organisations have
the right to restrict access to their systems so long as they do not violate the
discrimination principle (see *imperative 1.4 below). No one should enter or use
another individual's computer system, software, or data files without permission. One
must always have appropriate approval before using system resources, including
communication ports, file space, other system peripherals, and computer time.
*imperative 1.4: The values of equality, tolerance, respect for others, and the
principles of equal justice govern this imperative. Discrimination on the basis of race,
sex, religion, age, disability, national origin, or other such factors is an explicit
violation of ACM policy and will not be tolerated
When a hacker gains access to a system and rummages around in a company's files
without actually altering anything, what damage has he / she caused? Have they
simply stolen a few thousandths of a penny's worth of electricity (Theft Act of 1968)?
Indeed, if the hacker informs a company of their lax security procedures, is he / she
creating a public benefit by performing a service that they might otherwise have to
pay for? In some countries, for example, Canada, it is not an offence to walk into
somebody's residence, then look around and leave - as long as nothing has been
altered or damaged. Can a hacker's walk through of a system be considered in similar
terms?
BIS2061 10 Unit 2
Now do Review Question 6
If we consider the private sector, we might even question the right of a company to
hold information on individuals, and their right to deny individuals access to that
information. For example, many commercial institutions tap into databases that hold
the credit ratings of hundreds of thousands of people. The providers of these databases
have collected information from a huge range of sources and organised it so that it
constitutes a history and an assessment of our trustworthiness as debtors. Who gave
these companies the right to gather such information? Who gave them the right to sell
it, which they do, along with subscription lists, names and addresses? What limits are
there on the consequences of this information for the quality of our lives? What rights
should we have in ensuring that our details are correct?
Now, if we imagine a hacker penetrating a system so that he / she can correct the
records of those who have denied correction of incorrect data, which of these two -
the database owner or the hacker - has committed the greatest ethical error? Are they
both equally guilty?
Should I own information about me? Or should I, as a database operator, own any
information that I have paid to be gathered and stored? On the other hand, given that
the storage of information is so pervasive and the very functioning of modern society
relies upon computer based data storage, does the public have a right to demand
absolute security in these systems? Finally, should some hackers be regarded as our
unofficial investigative journalists, finding out who holds what information on whom
and for what purposes, checking if corporations are indeed adhering to the data
protection laws; and exposing flagrant abuses that the government cannot or will not
terminate?
‘If computers are viewed as material possessions, then electronic entry to a computer
system can be looked on as very similar to physical entry into an office or home.
Unless there is a specific invitation, or previous permission to enter, this is trespass, if
not unlawful entry. Hackers have a typical defence though: they are entering to test
for loopholes in the software. Is this realistic? If challenged, many hackers claim to
know a friend of a friend, who was paid by a large company to test its computer
systems for security loopholes. This is, of course, comparable to paying a burglar to
attack your home in the hope that the burglar may reveal security weaknesses.’
(Langford, 1995)
BIS2061 11 Unit 2
However, Langford does highlight a second position on hacking which follows the
contention that computers are not to be viewed as material possessions, belonging to
one business, or another. There is, the view runs:
‘An undefined global community of computing, where the physical ownership of each
machine is secondary to the benefit of its users. Sometimes, taking the Internet as a
limited example, supporters' claim that exploring this electronic world is somehow
above such considerations as yours or mine - electrons belong to no one. If there is a
cost, big business can afford to pay it.’
Langford elaborates:
‘There are clear strengths to the idea, particularly in view of the advantages of
openness. The general enrichment, which tends to come from wide information
distribution may mean developers never have to reinvent the wheel, or needlessly
design from scratch which already exists elsewhere.’
11. Summary
This unit has introduced some of the key concepts and issues that are invoked by
unauthorised access (computer hacking). You have been presented with the ethical,
legal and professional arguments concerning computer hacking.
BIS2061 12 Unit 2