taylor@hplabsc.UUCP (Dave Taylor) (11/15/86)
This article is from hplabs!hpda!decot (Dave Decot) and was received on Thu Nov 13 19:20:26 1986 > This is an article that I found. Read it and weep. Is this what our > technology has come to? > > The Night of the Hackers > .... In using machines people are responsible for their actions, or in this case, irresponsible. To me, this story really has little to do with our technology. It demonstrates the presence of the following irresponsibilities: * negligence by the children involved of ethics and manners, * negligence by parents of communicating the importance and purpose of ethics and manners to their children, and * negligence by system administrators of modern security issues. That these parents have provided entertaining, powerful toys for their children does not relieve them of their responsibilities to guide the children in the civil use of those toys. I believe the parents of these persons should be held financially responsible for any and all losses or inconveniences suffered by the victims. Dave Decot hplabs!hpda!decot
taylor@hplabsc.UUCP (Dave Taylor) (11/17/86)
This article is from conway<seismo!sjuvax.sju.edu!cc743805@hplabs.HP.COM> and was received on Sun Nov 16 15:08:52 1986 Dave Decot writes: >In using machines people are responsible for their actions, or in this case, >irresponsible. To me, this story really has little to do with our technology. > >It demonstrates the presence of the following irresponsibilities: > > * negligence by the children involved of ethics and manners, > * negligence by parents of communicating the importance and purpose of > ethics and manners to their children, and > * negligence by system administrators of modern security issues. > Being a former "hacker", ( I was - no flames please, I never did any damage to any computers/people/credit ratings :-) ) I can attest to the lack of ethics and morals among the hacker sub-culture. Credit card fraud is a good example of this lack of ethics. Most kids parents get them a Commodore 64 or something like that, then they get a modem, then everything else is "free". I personally know of people who have thousands (if not tens of thousands) of dollars worth of electronics equipment - all acquired through credit card fraud. They do not think they did anything wrong. They justify it like this: "If [insert your favorite credit card company here] doesn't have the security to stop us, then there is nothing wrong with getting free stuff." I don't have too much to say about parents, but usually once the person is accepted into the realm of hacking, parents have little to do with anything. Most hackers totally ignore their parents. If you get to the stage where you break into computers for fun/profit, your morals have been shot down for a long time. I really don't like to generalize, because I am/was the exception to what I have just stated - I have never crashed somebody else's computer, and have never participated in credit card fraud. On the subject of irresponsible SA's, system operators, etc: First: Most of the systems that get hacked are openly asking for it. If you are an SA, and you don't know all about the system security features built into Unix, or you are not using all of the security features, you are asking for it. If a hacker autodials through an exchange and picks up carriers, he immediately runs through them and eliminates all the systems that will not respond to the usual control codes/etc. Then goes through the cut down list, and tries to log on to systems using standard accounts and passwords. I can't tell you how many times I have waltzed right into HP3000's using the standard HP support accounts and passwords. If accounts have default passwords, CHANGE THEM!! Letting a teenager into your system on a default account/password that has priv's higher than the 'normal' user can spell death for your system. I know of several instances when hackers mistakenly managed to trash HP's and VAXen. Most of the hackers that I am friends with are not of the malicious type. Most just want to have the opportunity to learn about as many different computers as they can. They also like the feeling of power they get when they know they can shut down the system at a touch of the button. They also like to be able to log off the SA remotely, and then change his password, but they usually change it back before they log off. Secondly: If you are in charge of a computer with open dialup phone lines, here are some suggestions: o Do NOT identify your company name / computer type before a user logs in. This may cause the hacker to look for an 'easier' system. o If you computer's os broadcasts a 'standard' pre-login message, change it. It will be harder for a hacker if all he sees is - "LOGIN:" rather than "Unix 4.2 BSD myvax (ttydX)" Another sneaky trick is to make your system look like another completely different system. Very perplexing to the hacker. o If a hacker gets in, and you discover him, do not immediately shut him out (unless he is vandalizing your system). Send him e-mail, or better yet, get a real-time convo going with him if you can. A lot of hackers like to chat/brag. Be reeeeeaaaaalll friendly - eventually he'll give you some info as to who he is. Meanwhile, call AT&T/the police/etc, see if you can't nab him in the act. If you decide to go this route, make sure you have a very recent backup - hackers are unpredictable. Everything I say here was taken from experiences of the past 4+ years. And no, I never talked to King Blotto, but I have associated with people who regularly talk to Blotto. Oh, and if you didn't know, there are regular hack/phreak get-togethers in cities around the nation. A lot of people go there and stay there for free - airline tickets, motel rooms, and rental cars are easy to get with somebody else's credit card numbers! Chuck Conway