kaiser@jaws.DEC (Pete Kaiser 225-5441 HLO2-1/N10) (12/16/84)
I've seen recently lots of netnews traffic about "security", "hackers", and
computer crime. But if you were doing a performance analysis of where to apply
your efforts in stopping the security leaks, misuse, and crime, you'd have to
be aware of this:
Study after study done by the nation's law-enforcement agencies shows that the
greatest money losses from crime come from white-collar crime committed by
trusted insiders. And I suspect most of us [reading this note] know that this
is also true in our workplaces. People abuse their privileges (I'm ashamed to
say that I did this once myself, although it wasn't criminal, but unethical --
I used UN*X root privilege to read someone else's mail in searching for some
code) and misuse their resources in criminal ways. Some persons profit from
this, deliberately. They are criminals. Most are never detected, much less
caught, tried, or convicted of their crimes.
If we absolutely stopped all irresponsible hacking (or "cracking", if you
prefer the term), and completely plugged every conceivable technical hole in
computer security, the amount of security gained, the amount of crime halted,
would be a trivial part of the true total of computer crime and breaches of
security and privacy.
So we shouldn't let ourselves be seduced into thinking that "{h,cr}ackers" and
technical holes in computer security are the biggest part of the problem. They
aren't; they're just the most dramatic ("romantic"?) and visible parts. When
we get serious about security and crime, we'll attack them at the roots ... but
unfortunately, that will be much more difficult than anything we've done so
far. Will someone please get in touch with me if there appear any signs that
this may happen?
---Pete
Kaiser%JAWS.DEC@decwrl.arpa, Kaiser%BELKER.DEC@decwrl.arpa
{allegra|decvax|ihnp4|ucbvax}!decwrl!dec-rhea!dec-jaws!kaiser
DEC, 77 Reed Road (HLO2-1/N10), Hudson MA 01749 617/568-5441