nishri@utcsstat.UUCP (Alex Nishri) (10/11/83)
There is an interesting article on computer crime which quotes Dave Sherman (utcsrgv!dave), Laura Creighton (utcsstat!laura), Ian Darwin (utcsstat!ian), and Geoff Collyer (utcsstat!geoff) on the front page of the Saturday Toronto Star (Oct 10/83). Parts of the article, written by Walter Stefaniuk, follow. The system mentioned as being broken into is a version of V7 Unix running on an IBM/370 3033 (with restricted sh and most commands removed). COMPUTER CROOKS FACE THE BITE OF NEW LAWS All it took to invade the University of Toronto's instructional computer last year was lots of complicated homework. The "Etobicoke Kid" programmed his home micro-computer to do it for him. The first-year arts and science student knew the passwords were stored in coded form. He had to find how there were encrypted. So he fed a computerized dictionary of 20,000 common words into the micro, adding the names of professors of long ago, and matched every word against the encrypted form of the passwords. Once two of them matched, the rest was easy. It was just a matter of going to one of the U of T's terminal rooms, which remain open day and night, sitting in front of one of 50 video display terminals, and riding piggyback into the system on an authorized password. "When I first broke in, it was, like, vertigo. A power thrill," the Kid said. Changes in the Criminal Code aimed at bringing computer crooks to justice could zap young computer freaks who use their home micros to invade corporate systems for the fun of it. Proposed amendments could make even electronically looking around inside a computer system without autorization -- just as the Kid did -- an offence, with penalties ranging to six months in jail or a $500 fine. More serious incidents, such as the delibrate destruction of costly programs, would be treated the same as theft over $200, with penalties ranging up to 10 years. /* .skipping 8 paragraphs */ Lawyers specializing in computer law are generally in favour of the proposed Criminal Code amendments. But Judith Kingston, who also has degrees in computer sciences and applied math, said some of the proposed terms and definitions are technical in nature and could be interpreted in different ways. Lawyer David Sherman, who runs a computer software consulting business, suggested the definitions were so broad that a pocket calculator might be considered as having a computer "function." Sherman also wondered whether parts of the changes were unecessarily harsh. "Kids just getting on a computer system and looking in does not, to me, seem that serious, unless they're looking at classified information," he said. The Etobicoke Kid -- who consented to an interview only if an alias was used even though U of T officials have his name and escapades on file -- said he did it for the fun of exploring the system, and was careful not to damage files or programs. He said he was reformed. He hasn't tried to invade the system this term. "Besides, it's too secure now; its depressing when a system is secure." Passwords are now numbers. Other security improvements guard the system, which was new last year. This term, not one unauthorized entry has been logged. /* .skipping 2 paragraphs -- NOTE TORONTO STAR DEFINITION OF 'HACKER' NEXT */ The Kid, who has two micro-computers in his Etobicoke apartment, considers himself a serious hacker -- an enthusiast who enjoys exploring the limits of his computer's capabilities and programs for the sheer love of it. "To me, it is a crime to go into somebody's bank computer system and start looking about," he said. Serious hackers say computer freaks who try to invade systems, particularly those who cause damage, are not really hackers. They're out for thrills and, says United States computer expert Geoffrey Goodfellow, "tarnishing the profession of hacking and giving it a bad name." /* .skipping one paragraph */ Laura Creighton, 21, a computer hacker who's between computer jobs, said youngsters who break into computers seem to "have no concept that what they're doing is wrong" ethically, if not legally. "We call them crackers, because that's what they are," said Ian Darwin, 32, a systems programmer at U of T's computing services. "Some hackers are malicous. So are some doctors, accountants, lawyers, and furniture mackers." Darwin and colleague Geoff Collyer, 25, doubted that computer vandals who cause damage have the expertise to be called hackers. "Witnesses said they saw them sort of floundering around, not sure what they were doing and damaging parts of the system," Collyer said. A couple of U of T's computer raiders were caught last year. /* .skipping 11 paragraphs to end of article */