Websters new hacker dictionary

ix Introduction high-speed network built by the U.S. Defense Department as a computer communications experiment. By linking hundreds of universities, defense contractors, and research laboratories, ARPANET allowed researchers around the globe to exchange information with impressive speed.1 This capability of working collaboratively advanced the field of Information Technology and was the beginnings of what is now the Internet. In hackerdom history, the 1970s decade is affectionately known as the Elder Days. Back then, many of the hackers (as with the hippies of that era) had shoulder-length hair and wore blue jeans. And while the Beatles were making it to the top of music charts with their creative songs, hackers were busy with their high-tech inventions. At the start of this decade, only an estimated 100,000 computers were in use. By the mid-1970s, Bill Gates started the Microsoft Corporation, and Intel’s chairman, Gordon Moore, publicly revealed his infamous prediction that the number of transistors on a microchip would double every year and a half.This prediction has since become known as Moore’s Law. As for other creative outputs of the 1970s, one of the most frequently mentioned is a new programming language called “C.” As was UNIX in the operating system world, C was designed to be pleasant, nonconstraining, and flexible. Though for years operating systems had been written in tight assembler language to extract the highest efficiency from their host machines, hackers Ken Thompson and Dennis Ritchie were among the innovators who determined that both compiler technology and computer hardware had advanced to the point that an entire operating system could be written in C. By the late 1970s, the whole environment had successfully been ported to several machines of different types, and the ramifications were huge. If UNIX could present the same capabilities on computers of varying types, it could also act as a common software environment for them all. Users would not have to pay for new software designs every time a machine became obsolete. Rather, users could tote software “toolkits” between different machines. The primary advantage to both C and UNIX was that they were user-friendly.They were based on the KISS, or Keep It Simple, Stupid, model.Thus, a programmer could hold the complete logical structure of C in his or her head without too much hassle. No cumbersome manual was needed. The darker side of hacking also evolved during the Elder Days. Phreaker John Draper wound up in prison for using a cereal box whistle to get free long-distance telephone calls, and counterculture Yippie guru Abbie Hoffman started The Youth International Party Line newsletter, a vehicle for letting others know the trade secrets of getting free telephone calls. Hoffman’s publishing partner Al Bell amended the name of the newsletter to TAP, meaning Technical Assistance Program.The pair argued that phreaking was not a crime. It did not cause harm to anybody, for telephone calls emanated from an unlimited reservoir. The benefits to society and to cybercriminals continued with more advances in Information Technology in the 1980s.This decade became known as the Golden Age, in part because many of the high-tech entrepreneurs became some of the world’s richest people. For example, in 1982, a group of talented UNIX hackers from Stanford University and Berkeley founded Sun Microsystems Incorporated on the assumption that UNIX running on relatively low-cost hardware would prove to be a highly positive combination for a broad range of applications. These visionaries were right. Although still priced beyond most individuals’ budgets, the Sun Microsystem networks increasingly replaced older computer systems such as the VAX and other time-sharing systems in corporations and in universities across North America. Also, in 1984 a small group of scientists at Stanford University started Cisco Systems, Inc., a company that today remains committed to developing Internet Protocol (IP)–based networking technologies, particularly in the core areas of routing and switches. Introduction x The 1980s also had their darker moments. Clouds began to settle over the MIT Artificial Intelligence (AI) Lab. Not only was the PDP technology in the AI Lab aging, but the Lab itself split into factions by some initial attempts to commercialize Artificial Intelligence. In the end, some of the AI Lab’s most talented White Hats were attracted to high-salary jobs at commercial startup companies. In 1983, the movie War Games was produced to expose to the public the hidden faces of Black Hat hackers in general and the media-exposed faces of the 414-gang, a cracker gang, in particular. Ronald Mark Austin and his 414-gang from Milwaukee started cracking remote computers as early as 1980. In 1983, after they entered a New York cancer hospital’s computer system without authorization, the gang accidentally erased the contents of a certain hospital file as they were removing traces of their intrusion into the system. As a result of this exploit, that New York hospital and other industry and government agencies began to fear that confidential or top-secret files could be at risk of erasure or alteration. After the 414-gang became famous, hackers developed a penchant for putting numbers before or after their proper names, or for using a completely new moniker or “handle” (such as “Mafiaboy”). Besides movies about the dark side of hacking in the 1980s, the U.S. and the U.K. governments passed laws to curb cracking activities. For example, in Britain, the Forgery and Counterfeiting Act of 1981 was passed to help authorities convict criminals involved in these activities, and in the United States in 1986, Congress approved the Computer Fraud and Abuse Act to curb such criminal acts. Some of the world’s most famous crackers stole media headlines during 1988. It was then that Kevin Poulsen took over all the telephone lines going into Los Angeles radio station KIIS-FM, making sure that he would be the 102nd caller for a contest and the winner of a Porsche 944 S2. Also, on November 3, 1988, Robert Morris Jr. became known to the world when as a graduate student at Cornell University, he accidentally unleashed an Internet worm that he had developed. The worm, later known as “the Morris worm,” infected and subsequently crashed thousands of computers. Finally, in 1988, cracker Kevin Mitnick secretly monitored the email of both MCI and DEC security officials. For these exploits, he was convicted of causing damage to computers and of software theft and was sentenced to one year in prison—a cracking-followed-by-prison story for Mitnick that was to repeat over the next few years. The years from 1990 through 2000 are known as the Great Hacker Wars and Hacker Activism Era because during this time, cyberwars became a media story spinner. For example, the early 1990s brought in the “Hacker War” between two hacker clubhouses in the United States—the Legion of Doom (LoD) and the Masters of Deception (MoD). LoD was founded by Lex Luthor in 1984; MoD was founded by Phiber Optik. Named after a Saturday morning cartoon, LoD was known for attracting the best hackers in existence until one of the club’s brightest members, Phiber Optik (a.k.a. Mark Abene) feuded with Legion of Doomer Erik Bloodaxe. After the battle, Phiber Optik was removed from the club. He and his talented clan then formed their own rival club, MoD. LoD and MoD engaged in online warfare for almost two years. They jammed telephone lines, monitored telephone lines and telephone calls, and trespassed into each others’ computers. Then the U.S. federal agents moved in. Phiber Optik got a one-year jail sentence for his exploits. After his release from federal prison, hundreds of individuals attended a “welcome home” party in his honor at an elite Manhattan club, and a popular magazine labeled Phiber Optik “one of the city’s 100 smartest people.”2 Political activism—such as that seen on U.S. big-city streets pushing for civil rights for minorities and equal rights for women during the 1960s and 1970s—moved to the computer screen in the 1990s. xi Introduction For example, in 1994 and 1995, White Hat hacktivists—the combining of hacking and activism— squashed the Clipper proposal, one that would have put strong encryption (the process of scrambling data into something that is seemingly unintelligible) under United States government control. By 1995, many “golden” achievements were under way. In 1995, the CyberAngels, the world’s oldest and largest online safety organization, was founded. Its mission was and continues to be the tracking of cyberstalkers, cyberharassers, and cyberpornographers. Also, the Apache Software Foundation, a nonprofit corporation, evolved after the Apache Group convened in 1995. The Apache Software Foundation eventually developed the now-popular Apache HTTP Server, which runs on virtually all major operating systems. Also in 1995, the SATAN (Security Administrator Tool for Analyzing Networks) was released on the Internet by Dan Farmer and Wietse Venema, an action that caused a major uproar about security auditing tools being made public. In this same year, Sun Microsystems launched the popular programming language Java, created by James Gosling, and the first online bookstore, Amazon.com, was launched by Jeffrey Bezos.Tatu Ylonen released the first SSH (Secure SHell) login program, a protocol for secure remote logins and other secure network services over a network deemed to be nonsecure. Finally, in 1995, the Microsoft Corporation released Windows 95. It sold more than a million copies in fewer than five days. By the year 2000, society was becoming more fearful of the dark side of hacking. For example, in February 2000, John Serabian, the CIA’s information issue manager, said in written testimony to the United States Joint Economic Committee that the CIA was detecting with increasing frequency the appearance of government-sponsored cyberwarfare programs in other countries. Moreover, on May 23, 2000, Dr. Dorothy Denning, a cybercrime expert who at the time was at Georgetown University, gave testimony before the United States Special Oversight Panel on Terrorism. She said that cyberspace was constantly under assault, making it a fertile place for cyber attacks against targeted individuals, companies, and governments—a point repeated often by White Hat hackers over the past 20 years. She warned that unless critical computer systems were secured, conducting a computer operation that physically harms individuals or societies may become as easy in the not-too-distant-future as penetrating a Website is today. During 2000, the high-profile case of a Canadian cracker with the moniker Mafiaboy (his identity was not disclosed because he was only 15 years old at the time) raised concerns in North America and elsewhere about Internet security following a series of Denial of Service (DoS) attacks on several highprofile Websites, including Amazon.com, eBay, and Yahoo!. On January 18, 2001, Mafiaboy pleaded guilty to charges that he cracked into Internet servers and used them as starting points for launching DoS attacks. In September 2001, he was sentenced to eight months in a detention center for minors and was fined $250 Canadian. The year 2001 and beyond has become known as an era marked by fears of an Apocalypse— brought about by terrorists in the actual world in combination with cyberterrorists in cyberspace. In just five years, citizens at home and at work have become bombarded by cyber worms and cyber viruses that have cute names such as the Love Bug, Melissa, and Slammer but that have caused billions of dollars in lost productivity and damage to computer networks worldwide. Even worse, many experts fear that the evolution of devastating viruses and worms is occurring at such a rapid rate that the potential for a cyber Apocalypse could occur any time now. In an attempt to halt cybercriminals, the U.S. government and other governments around the globe have passed legislation that is tougher and more controversial than ever before. For example, in the spring Introduction xii of 2002, U.S. Representatives Saxby Chambliss, R-GA, and Jane Harman, D-CA, introduced the Homeland Security Information Sharing Act to provide for the sharing of security information by U.S. Federal intelligence and law enforcement parties with state and local law enforcement agents.This Act, requiring the President to direct coordination among the various intelligence agencies, was sent to the Senate Committee on Intelligence and to the Committee on the Judiciary on April 25, 2002. On May 6, 2002, it was sent to the Subcommittee on Crime,Terrorism, and Homeland Security, and on June 13, 2002, it was reported with an amendment by the House Judiciary. It lapsed without passage. Moreover, on July 10 and 11, 2002, a United States Bill on Homeland Security was introduced by Representative Richard Armey, R-TX, to the Standing Committees in the House. It was heavily amended by the Committee on Homeland Security on July 24, 2002, and was passed by the House on July 26, 2002.The bill was received in the Senate on November 19, 2002 and passed by the Senate on November 25, 2002. The Homeland Security Act of 2002 was signed by the President of the United States as Public Law 107-296. It was meant to establish the Department of Homeland Security, and Section 225 was known as the Cyber Security Enhancement Act of 2002. On January 24, 2003, President George W. Bush swore in Tom Ridge as the first Secretary of the Department of Homeland Security, and one month later, a storm was brewing over the proposed Domestic Security Enhancement Act of 2003, also known as Patriot Act II.William Safire, a journalist with The New York Times, described the first draft of the Patriot II’s powers by suggesting that the U.S. President was exercising dictatorial control. Then, on February 7, 2003, the storm intensified when the Center for Public Integrity, a public-interest think-tank in Washington, D.C., disclosed the entire content of the Act. The classified document allegedly had been given to the Center by someone in the federal government.3 The Act ultimately did not become law. Governments and legal analysts were not the only ones motivated by cyber fears in the early 2000s. In August 2003, three crippling worms and viruses caused considerable cyber damage and increased the stress levels of business leaders and citizens alike about a possible “cyber Apocalypse.”The Blaster worm surfaced on August 11, 2003, exploiting security holes found in Microsoft Windows XP. Only a few days later, on August 18, the Welchia worm appeared on the scene, targeting active computers. It went to Microsoft’s Website, downloaded a program that fixes the Windows holes (known as a “do-gooder”), and then deleted itself.The most damaging of the three cyber pests was the email-borne SoBigF virus, the fifth variant of a “bug” that initially invaded computers in January 2003 and resurfaced with a vengeance also on August 18, 2003.The damages for lost production and economic losses caused by these worms and viruses were reportedly in excess of $2 billion for just an eight-day period. About this time, John McAfee, the developer of the McAfee anti-virus software company, claimed that there were more than 58,000 virus threats, and the anti-virus software company Symantec further estimated that 10 to 15 new viruses are discovered daily. By November 5, 2003, the media reported that a cracker had broken into one of the computers on which the sources of the Linux operating systems are stored and from which they are distributed worldwide. One day later, Microsoft Corporation took the unusual step of creating a $5 million fund to track down crackers targeting Microsoft’s Windows operating systems. That fund included a $500,000 reward for information that would lead to an arrest of the crackers who designed and unleashed the Blaster and SoBigF. This Wild West–like bounty underscored the perceived threat posed xiii Introduction by viruses and worms in an interlinked world, as well as the problems associated with finding their creators. However, some cynical security critics said that the reward had more to do with Microsoft’s public relations than with crime and punishment. By the end of 2003, the Computer Security Institute/FBI survey on computer crime, enlisting the responses of 530 computer security professionals in U.S. corporations, universities, government agencies, and financial and medical institutions, revealed that more than half of the respondents said that their organizations had experienced some kind of unauthorized computer use or intrusion during the previous 12 months. An overwhelming 99 percent of the companies whose security practitioners responded to the survey thought that they had adequate protection against cyber intruders because their systems had anti-virus software, firewalls, access controls, and other security measures. As in previous years, theft of proprietary information was reported to have caused the greatest financial losses.4 Also at the end of 2003, a survey released by Deloitte & Touche LLP indicated that chief operating officers (COOs) of companies around the world were more nervous about terrorist attacks adversely impacting on business than were their American peers.The economist Carl Steidtmann, for example, suggested that U.S. executives might be less concerned and more complacent about terrorist and cyberterrorist attacks because they felt that their country had taken more overt steps to combat terrorism, such as introducing the Homeland Security Act of 2002. Besides intrusions and terrorism, spam was a major topic for action in November 2003.The United States Federal Trade Commission (FTC) had earlier set up a national spam database and encouraged people to forward to them all the email spam they received.The FTC noted that in 2002, informants had reported more than 17 million complaints about spam messages to the federal agents for investigation, and the FTC said that it received nearly 110,000 complaints daily. To control spam, on November 25, 2003, the United States Senate passed the CAN-SPAM Act of 2003, also known as the Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003. It was to regulate interstate commerce in the United States by imposing limitations and penalties on the distributors of spam (that is, the transmission of unsolicited email through the Internet). Penalties included fines as high as $1 million and imprisonment for not more than five years for those found guilty of infringing the Act.The Act took effect on January 1, 2004. Moreover, on April 8, 2005, a landmark legal case concluded that involved spammer Jeremy Jaynes of Raleigh, North Carolina. This spammer—who went by the name “Gaven Stubberfield” and was described by prosecutors as being among the top 10 spammers in the world—was sentenced to nine years in U.S. prison.This case is considered to be important because it was the United States’ first successful felony prosecution for transmitting spam over the Internet.A Virginia jury sentenced Jaynes for transmitting 10 million emails a day using 16 high-speed lines. Jaynes allegedly earned as much as $750,000 a month on this spamming operation. The sentence has been postponed while the case is being appealed.5 In closing, little doubt exists that the cyber challenges facing governments, industry, universities, medical institutions, and individuals are enormous. Because cybercrime appears in many guises, is multifaceted, and involves jurisdictions around the world, there is no single solution to the problem.This book was written to detail the many cyber challenges that security professionals, businesses, governments, individuals, and legal experts face and to present some useful answers for staying a few steps ahead of the “dark side”—those in the cracking and cyberterrorist communities. Introduction xiv Chronology of Selected Hacker-Related Events Prehistory (1800s–1969) 1815–mid-1800s Ada Byron, the daughter of the famous poet Lord Byron, was born in 1815. During a dinner party at Mary Somerville’s home in 1834, Ada was introduced to a researcher named Babbage, who spoke of a “new calculating machine.” By 1841, he reported on its development at a seminar in Italy. Ada and Babbage continued developing this concept, and by 1843,Ada published her own paper predicting that a machine could be developed to not only compose complex music and produce graphics but also be used for a variety of scientific and practical uses. Ada also suggested that Babbage should write a plan for how the Analytical Engine might calculate Bernoulli numbers.This plan was completed and is now recognized as the initial “computer program.” In modern days, the popular programming language ADA was named in Ada Byron’s honor. 1920s–1950s Kay McNulty Mauchly Antonelli, born in 1921, was recruited by the U.S. army in the summer of 1942 to calculate by hand the firing trajectories of artillery. She was sort of a “human computer.” Later, Kay met John Mauchly, a professor and co-inventor with Presper Eckert of the first electronic computer in (known as the ENIAC or Electrical Numerical Integrator and Calculator) in 1935. In 1948, Kay married John, and two years later they, along with Presper Eckert, started their own company. The three-person team developed a new, faster computer called the Univac or Universal Automatic Computer. One of its assets was its use of magnetic tape storage to replace awkward and clumsy punched data cards and printers. At this time, the computer industry was only four years old. In the 1940s and 1950s, computer were made with 10,000 vacuum tubes and occupied more than 93 square meters of space, about the size of a spacious 3-bedroom apartment.There was a limit to how big computers could be because they could overheat and explode. Major improvements came in computer hardware technology with the development of transistors in 1947 and 1948 that replaced the much larger and power-hungry vacuum tubes. Computers developed even more with the development of integrated circuits in 1958 and 1959—putting initially only a few transistors on one chip. 1960s During the 1960s, the infamous MIT computer geeks did their hacking exploits. Computers looked quite different back then.They were not small or portable, as they are today. Instead, they were huge, and capable of overheating if they were not stored in temperature-controlled spaces.They were known as the PDP series, and their processing time was considerably slower than that of today.The computer geeks created what they called “hacks” or “programming shortcuts” to enable them to complete their computing tasks more quickly. Many times, these shortcuts were more elegant than the original program.These creative individuals became known (in a positive sense) as “hackers.” Some of these men became the center of MIT’s Artificial Intelligence (AI) Lab. Since the 1960s, the number of transistors per unit area has been doubling every one and a half years, thus increasing computing power tremendously.This amazing progression of circuit fabrication is called Moore’s Law and has remained valid since then.