nishri@utcsstat.UUCP (Alex Nishri) (10/11/83)
There is an interesting article on computer crime which quotes Dave Sherman
(utcsrgv!dave), Laura Creighton (utcsstat!laura), Ian Darwin (utcsstat!ian),
and Geoff Collyer (utcsstat!geoff) on the front page of the Saturday Toronto
Star (Oct 10/83). Parts of the article, written by Walter Stefaniuk,
follow. The system mentioned as being broken into is a version of V7 Unix
running on an IBM/370 3033 (with restricted sh and most commands removed).
COMPUTER CROOKS FACE THE BITE OF NEW LAWS
All it took to invade the University of Toronto's instructional computer
last year was lots of complicated homework. The "Etobicoke Kid" programmed
his home micro-computer to do it for him. The first-year arts and science
student knew the passwords were stored in coded form. He had to find how
there were encrypted. So he fed a computerized dictionary of 20,000 common
words into the micro, adding the names of professors of long ago, and matched
every word against the encrypted form of the passwords.
Once two of them matched, the rest was easy. It was just a matter of going
to one of the U of T's terminal rooms, which remain open day and night, sitting
in front of one of 50 video display terminals, and riding piggyback into the
system on an authorized password.
"When I first broke in, it was, like, vertigo. A power thrill," the Kid said.
Changes in the Criminal Code aimed at bringing computer crooks to justice
could zap young computer freaks who use their home micros to invade corporate
systems for the fun of it. Proposed amendments could make even electronically
looking around inside a computer system without autorization -- just as the
Kid did -- an offence, with penalties ranging to six months in jail or
a $500 fine. More serious incidents, such as the delibrate destruction of
costly programs, would be treated the same as theft over $200, with penalties
ranging up to 10 years.
/* .skipping 8 paragraphs */
Lawyers specializing in computer law are generally in favour of the proposed
Criminal Code amendments. But Judith Kingston, who also has degrees in
computer sciences and applied math, said some of the proposed terms and
definitions are technical in nature and could be interpreted in different ways.
Lawyer David Sherman, who runs a computer software consulting business,
suggested the definitions were so broad that a pocket calculator might be
considered as having a computer "function."
Sherman also wondered whether parts of the changes were unecessarily harsh.
"Kids just getting on a computer system and looking in does not, to me, seem
that serious, unless they're looking at classified information," he said.
The Etobicoke Kid -- who consented to an interview only if an alias was used
even though U of T officials have his name and escapades on file -- said he
did it for the fun of exploring the system, and was careful not to damage
files or programs. He said he was reformed. He hasn't tried to invade the
system this term. "Besides, it's too secure now; its depressing when a
system is secure."
Passwords are now numbers. Other security improvements guard the system,
which was new last year. This term, not one unauthorized entry has been
logged.
/* .skipping 2 paragraphs -- NOTE TORONTO STAR DEFINITION OF 'HACKER' NEXT */
The Kid, who has two micro-computers in his Etobicoke apartment, considers
himself a serious hacker -- an enthusiast who enjoys exploring the limits
of his computer's capabilities and programs for the sheer love of it.
"To me, it is a crime to go into somebody's bank computer system and start
looking about," he said.
Serious hackers say computer freaks who try to invade systems, particularly
those who cause damage, are not really hackers. They're out for thrills and,
says United States computer expert Geoffrey Goodfellow, "tarnishing the
profession of hacking and giving it a bad name."
/* .skipping one paragraph */
Laura Creighton, 21, a computer hacker who's between computer jobs, said
youngsters who break into computers seem to "have no concept that what they're
doing is wrong" ethically, if not legally.
"We call them crackers, because that's what they are," said Ian Darwin, 32,
a systems programmer at U of T's computing services. "Some hackers are
malicous. So are some doctors, accountants, lawyers, and furniture mackers."
Darwin and colleague Geoff Collyer, 25, doubted that computer vandals who
cause damage have the expertise to be called hackers. "Witnesses said they
saw them sort of floundering around, not sure what they were doing and
damaging parts of the system," Collyer said. A couple of U of T's computer
raiders were caught last year.
/* .skipping 11 paragraphs to end of article */