|
articles & issues
TOPIC of the day: HACKING
Computer
Hacking
Written by
David M. Stone,
University
Laboratory High School,
Urbana, IL
Introduction
Unlike most
computer crime / misuse areas which are
clear cut in terms of actions and
legalities (e.g.
softwarepiracy),
computer hacking is more difficult to
define. Computer hacking always involves
some degree of infringement on the
privacy of others or damage to
computer-based property such as files,
web pages or software. The impact of
computer hacking varies from simply
being simply invasive and annoying to
illegal. There is an aura of mystery
that surrounds hacking,and a prestige
that accompanies being part of a
relatively "elite" group of individuals
who possess technological savvy and are
willing to take the risks required to
become a true "hacker". An interesting
alternative view of how hackers
positively impact areas such as software
development and hacker ideology is
presented in
Technology and
Pleasure: Considering Hacking
Constructive.
Even attempting
to define the term "hacker" is
difficult. Perhaps the premiere WWW
resource in introducing individuals to
hacking is the
The New Hacker's
Dictionary
(http://www.logophilia.com/jargon/jargon_toc.html),
a resource which encompasses everything
from hacker slang, jargon, hacker
folklore, writing style and speech to
general appearance, dress, education and
personality characteristics. According
to TheNew
Hacker's Dictionary,
a hacker can be defined as:
-
A person who
enjoys exploring the details of
programmable systems and how to
stretch their capabilities, as
opposed to most users, who prefer to
learn only the minimum necessary.
-
One who
programs enthusiastically (even
obsessively) or who enjoys
programming rather than just
theorizing about programming.
-
A person
capable of appreciating hack value.
-
A person who
is good at programming quickly.
-
An expert at a
particular program, or one who
frequently does work using it or on
it.
-
An expert or
enthusiast of any kind. One might be
an astronomy hacker, for example.
-
One who enjoys
the intellectual challenge of
creatively overcoming or
circumventing limitations.
-
[deprecated] A
malicious meddler who tries to
discover sensitive information by
poking around. Hence 'password
hacker', 'network hacker'. The
correct term for this sense is
cracker.
Even within
hacker society, the definitions range
from societally very positive (dare I
say characteristic of gifted and
talented individuals) to criminal. In
his book, "Fighting
Computer Crime: A New Framework for
Protecting Information"
(1998), Donn B. Parker lists two basic
principles hacker live by:
-
The belief
that information sharing is a
powerful good and that it is the
ethical duty of hackers to share
their expertise by writing free
software and facilitating access to
information and to computing
resources whenever possible.
-
The belief
that system cracking for fun and
exploitation is ethically OK as long
as the cracker commits no theft,
vandalism or breach of
confidentiality.
Parker
differentiates between benign and
malicious hackers based on whether
damage is performed, though in reality
all hacking involves intrusion and a
disregard for the efforts, works and
property of others.
Issues
A number of
issues arise in considering hacking from
the educator perspective. First, we need
to consider the fact that the public
perception of hackers is mixed, and that
"hacking" and "being considered a
hacker" can be quite appealing to
students who are going through
developmental periods in which they are
defining themselves, as well as
challenging authority and rules. There
is often a Robin Hood mentality to early
actions, though it is unclear exactly
who "the poor" are, and how they are "beingcompensated".
Second, the anonymity of actions which
hackers perform against others often
enhances the severity of actions. For
example, an adolescent who would never
consider picking someone's pocket or
physically damaging someone else's
property or home, might be quite willing
to steal people's credit card numbers or
destroy poorly protected business or
government files, since files and credit
card numbers are not tangible entities,
and the damage is done anonymously.
The media often
presents these individuals in a
glamorous light. Adolescents may
fantasize about their degree of
technological skills and, lacking the
social skills required to be accepted
well by others, move online in search of
those who profess to have technological
skills the students desire. A simple
search using the term "hacker" with any
search engine results in hundreds of
links to illegal serial numbers, ways to
downloadand
pirate
commercial software, etc. Showing this
information off to others may result in
the students being considered a "hacker"
by their less technologically savvy
friends, further reinforcing antisocial
behavior. In some cases, individuals
move on to programming and destruction
of other individuals programs through
the writing of
computer viruses
and Trojan horses,
programs which include computer
instructions to execute a hacker's
attack. If individuals can successfully
enter computers via a network, they may
be able to impersonate an individual
with high level security clearance
access to files, modifying or deleting
them or introducing computer viruses or
Trojan horses. As hackers become more
sophisticated,they may begin using
sniffers
to steal large amounts of confidential
information, become involved in burglary
of technical manuals, larceny or
espionage.
Ways to
Minimize Potential for Hacking
There are a
number of ways for schools to minimize
potential for hacking.
-
Schools need
to clearly establish acceptable use
policies and delineate appropriate
and inappropriate actions to both
students and staff.
-
Students and
staff need to instructed regarding
hacking, the mentality associated
with it, the consequences of various
hacking actions and possible
consequences of interacting and
forming online relationships with
anonymous individuals who claim to
be proficient in invading others'
privacy.
-
The use of
filters may be considered in
reducing access to unauthorized
software serial numbers and
hacking-related materials,
newsgroups, chatrooms and hacking
organizations.
-
Teachers need
to be aware of student activities in
the computer labs and pay special
attention to things they hear in
terms of hacking behavior.
Many schools
have taken intiative in having teachers
work with technology-oriented students
who exhibit many of the characteristics
which may eventually lead to
hacking-type behaviors. Recent web-based
activities and competitions, including
ThinkQuest,
Web to the Edge
and
ExploraVision,
are outstanding opportunities for these
and other technologically oriented
students to utilize their interests,
energies and abilities in a postive way.
Annotated Web
Sites
The New Hacker's
Dictionary
(http://www.logophilia.com/jargon/jargon_toc.html)
A resource which introduces the reader
to everything from hacker slang, jargon,
hacker folklore, writing style and
speech style to general appearance,
dress, education and personality
characteristics. If you are going to
examine a single resource regarding
hacking, this should be it!
Technology and
Pleasure: Considering Hacking
Constructive
(http://firstmonday.org/issues/issue4_2/gisle/)
Fascinating VERY ALTERNATIVE discussion
of history of the hacker community and
hacker ideology.
ConcerningHackers
Who Break into Computer Systems
(http://www-swiss.ai.mit.edu/6095/articles/denning_defense_hackers.txt)
Interesting discussion of hackers,
hacker ethics and how hacking relates to
issues and practices of an information
society.
Active Matrix's
Hideaway
(http://www.hideaway.net/)
Written by a "true hacker", one who
seeks knowledge rather than robbery and
destruction, this alternative site
presents a view of hacking as an art and
science.
Hacking Documents
(http://www.houghton.demon.co.uk/hacking/document/index.htm)
This is the source many use for initial
ventures into hacking. It consists of 1)
The Guide to Mostly Harmless Hacking, 2)
Beginner's Documents, and 3) Other
Various Documents. There is also a link
called Hacking Archives. Quite user
friendly, it becomes clear how kids
could easily be lured into this site and
its activities.
Defcon 7
(http://www.thecodex.com)
Voted one of the top hackers sites by PC
Magazine (is it any wonder our kids have
little difficulty finding these sites?),
this site consists of hundreds of links
which walk individuals step-by-step
through the myriad of different hackers
activities.
AstaLaVista H/C
Search Engine(http://astalavista.box.sk)
Here's something new - a search engine
designed for hackers. Includes links to
all types of software, serial numbers,
sniffers, etc.
What is a
Hacker?
Brian Harvey
University of California, Berkeley
In one sense
it's silly to argue about the ``true''
meaning of a word. A word means whatever
people use it to mean. I am not the
Academie Française; I can't force
Newsweek to use the word
``hacker'' according to my official
definition.
Still,
understanding the etymological history
of the word ``hacker'' may help in
understanding the current social
situation.
The concept of
hacking entered the computer culture at
the Massachusetts Institute of
Technology in the 1960s. Popular opinion
at MIT posited that there are two kinds
of students, tools and hackers. A
``tool'' is someone who attends class
regularly, is always to be found in the
library when no class is meeting, and
gets straight As. A ``hacker'' is the
opposite: someone who never goes to
class, who in fact sleeps all day, and
who spends the night pursuing
recreational activities rather than
studying. There was thought to be no
middle ground.
What does this
have to do with computers? Originally,
nothing. But there are standards for
success as a hacker, just as grades form
a standard for success as a tool. The
true hacker can't just sit around all
night; he must pursue some hobby with
dedication and flair. It can be
telephones, or railroads (model, real,
or both), or science fiction fandom, or
ham radio, or broadcast radio. It can be
more than one of these. Or it can be
computers. [In 1986, the word ``hacker''
is generally used among MIT students to
refer not to computer hackers but to
building hackers, people who explore
roofs and tunnels where they're not
supposed to be.]
A ``computer
hacker,'' then, is someone who lives and
breathes computers, who knows all about
computers, who can get a computer to do
anything. Equally important, though, is
the hacker's attitude. Computer
programming must be a hobby,
something done for fun, not out of a
sense of duty or for the money. (It's
okay to make money, but that can't be
the reason for hacking.)
A hacker is an
aesthete.
There are
specialties within computer hacking. An
algorithm hacker knows all about the
best algorithm for any problem. A system
hacker knows about designing and
maintaining operating systems. And a
``password hacker'' knows how to find
out someone else's password. That's what
Newsweek should be calling
them.
Someone who
sets out to crack the security of a
system for financial gain is not a
hacker at all. It's not that a hacker
can't be a thief, but a hacker can't be
a professional thief. A hacker
must be fundamentally an amateur, even
though hackers can get paid for their
expertise. A password hacker whose
primary interest is in learning how the
system works doesn't therefore
necessarily refrain from stealing
information or services, but someone
whose primary interest is in stealing
isn't a hacker. It's a matter of
emphasis.
Ethics and
Aesthetics
Throughout most
of the history of the human race, right
and wrong were relatively easy concepts.
Each person was born into a particular
social role, in a particular society,
and what to do in any situation was part
of the traditional meaning of the role.
This social destiny was backed up by the
authority of church or state.
This simple
view of ethics was destroyed about 200
years ago, most notably by Immanuel Kant
(1724-1804). Kant is in many ways the
inventor of the 20th Century. He
rejected the ethical force of tradition,
and created the modern idea of autonomy.
Along with this radical idea, he
introduced the centrality of rational
thought as both the glory and the
obligation of human beings. There is a
paradox in Kant: Each person makes free,
autonomous choices, unfettered by
outside authority, and yet each person
is compelled by the demands of
rationality to accept Kant's ethical
principle, the Categorical Imperative.
This principle is based on the idea that
what is ethical for an individual must
be generalizable to everyone.
Modern
cognitive psychology is based on Kant's
ideas. Central to the functioning of the
mind, most people now believe, is
information processing and rational
argument. Even emotions, for many
psychologists, are a kind of theorem
based on reasoning from data. Kohlberg's
theory of moral development interprets
moral weakness as cognitive weakness,
the inability to understand
sophisticated moral reasoning, rather
than as a failure of will. Disputed
questions of ethics, like abortion, are
debated as if they were questions of
fact, subject to rational proof.
Since Kant,
many philosophers have refined his work,
and many others have disagreed with it.
For our purpose, understanding what a
hacker is, we must consider one of the
latter, Sören Kierkegaard (1813-1855). A
Christian who hated the established
churches, Kierkegaard accepted Kant's
radical idea of personal autonomy. But
he rejected Kant's conclusion that a
rational person is necessarily compelled
to follow ethical principles. In the
book Either-Or he presents
a dialogue between two people. One of
them accepts Kant's ethical point of
view. The other takes an aesthetic point
of view: what's important in life is
immediate experience.
The choice
between the ethical and the
aesthetic is not the choice between
good and evil, it is the choice
whether or not to choose in terms of
good and evil. At the heart of the
aesthetic way of life, as
Kierkegaard characterises it, is the
attempt to lose the self in the
immediacy of present experience. The
paradigm of aesthetic expression is
the romantic lover who is immersed
in his own passion. By contrast the
paradigm of the ethical is marriage,
a state of commitment and obligation
through time, in which the present
is bound by the past and to the
future. Each of the two ways of life
is informed by different concepts,
incompatible attitudes, rival
premises. [MacIntyre, p. 39]
Kierkegaard's
point is that no rational argument can
convince us to follow the ethical path.
That decision is a radically free
choice. He is not, himself, neutral
about it; he wants us to choose the
ethical. But he wants us to understand
that we do have a real choice to make.
The basis of his own choice, of course,
was Christian faith. That's why he sees
a need for religious conviction even in
the post-Kantian world. But the ethical
choice can also be based on a secular
humanist faith.
A lesson on the
history of philosophy may seem out of
place in a position paper by a computer
scientist about a pragmatic problem. But
Kierkegaard, who lived a century before
the electronic computer, gave us the
most profound understanding of what a
hacker is. A hacker is an aesthete.
The life of a
true hacker is episodic, rather than
planned. Hackers create ``hacks.'' A
hack can be anything from a practical
joke to a brilliant new computer
program. (VisiCalc was a great hack. Its
imitators are not hacks.) But whatever
it is, a good hack must be aesthetically
perfect. If it's a joke, it must be a
complete one. If you decide to turn
someone's dorm room upside-down, it's
not enough to epoxy the furniture to the
ceiling. You must also epoxy the pieces
of paper to the desk.
Steven Levy, in
the book Hackers, talks at
length about what he calls the ``hacker
ethic.'' This phrase is very misleading.
What he has discovered is the Hacker
Aesthetic, the standards for art
criticism of hacks. For example, when
Richard Stallman says that information
should be given out freely, his opinion
is not based on a notion of property as
theft, which (right or wrong) would be
an ethical position. His argument is
that keeping information secret is
inefficient; it leads to
unaesthetic duplication of effort.
The original
hackers at MIT-AI were mostly
undergraduates, in their late teens or
early twenties. The aesthetic viewpoint
is quite appropriate to people of that
age. An epic tale of passionate love
between 20-year-olds can be very moving.
A tale of passionate love between
40-year-olds is more likely to be comic.
To embrace the aesthetic life is not
to embrace evil; hackers need not be
enemies of society. They are young and
immature, and should be protected for
their own sake as well as ours.
In practical
terms, the problem of providing moral
education to hackers is the same as the
problem of moral education in general.
Real people are not wholly ethical or
wholly aesthetic; they shift from one
viewpoint to another. (They may not
recognize the shifts. That's why Levy
says ``ethic'' when talking about an
aesthetic.) Some tasks in moral
education are to raise the
self-awareness of the young, to
encourage their developing ethical
viewpoint, and to point out gently and
lovingly the situations in which their
aesthetic impulses work against their
ethical standards.
|
