My thoughts: Many parts of this book are still very relevant today. Computers often seem secure, and we are frequently assured by manufacturers that they are, but small things, like guest accounts, easy to guess passwords, and other things can easily bring down a system. Clearly, cybersecurity still doesn't have very many safety nets; the field is evolving faster than the law, and it is the end user's burden to keep their systems secure.
Back in the early days of electronics and the Internet, there weren't very many safety nets in the event of a hacking. In fact, the very word hacker originally meant "someone good and creative on a computer". So when Clifford Stoll, astronomer turned computer scientist noticed a 75 cent imbalance in the supercomputer accounts at Lawrence Berkeley Labs, he starting digging into it himself. He realized it wasn't just a simple accounting error by the software; no, a hacker was stealing supercomputer time and had inadvertently left behind a trail. For the next year, Stoll would follow this hacker through phone lines, computer bills, and all the way to Germany before he got to the bottom of the case.
LBL labs isn't classified, but contains lots of information about various scientific topics. The hacker, though, is more interested in accessing the military's MILNET from LBL. From there, he worms his way through military computers, guessing obvious passwords like "guest" and gaining access to unprotected computers. He thinks nobody is noticing, but Clifford is silently tracking him, reporting to various government agencies. Unfortunately, there is no centralized system, and everyone tells him, we want information, but enforcement isn't in our jurisdicttion. When the hacker finally gets to stealing important information, the FBI steps in, and they are able to trace the phone lines from Oakland Tymnet, across the country, then the ocean, all the way to Hannover, Germany.
Along the way, Stoll earns valuable lessons, like choosing non-dictionary passwords, and never sharing them via permanent channels like email.
"Since the software on the systems that he had legal access to “didn’t turn me on anymore, I enjoyed the lax security of the systems I had access to by using [international] networks.” Computing had become an addiction for Pengo."
"In early 1986, Hagbard and Pengo were routinely breaking into computers in North America: mostly high-energy physics labs, but a few NASA sites as well."
"Even more important to the KGB was obtaining research data about Western technology, including integrated circuit design, computer-aided manufacturing, and, especially, operating system software that was under U.S. export control."
"The computer has become a common denominator that knows no intellectual, political, or bureaucratic bounds; the Sherwin Williams of necessity that covers the world, spanning all points of view."
"People blame every software quirk on viruses, public-domain software lies underused, and our networks become sources of paranoia."
"Once, I too, would have seen no mischief in this virus. But over the past two years, my interest changed from a micro-problem (a 75-cent discrepancy) to macro-issues: the welfare of our networks, a sense of common fair play, legal implications of hacking, the security of defense contractors, commonweal ethics in computing …"
"Whenever someone forgets that the networks she loves to play on are fragile, and can only exist when people trust each other. Whenever a fun-loving student breaks into systems as a game (as I might once have done), and forgets that he’s invading people’s privacy, endangering data that others have sweated over, sowing distrust and paranoia."
No comments:
Post a Comment