iceman@Apple.COM (Ice) (09/12/90)
Perhaps someone can help clarify to me what the SS hopes to
achieve with Operation "Screaming Fist" (oops, that was Gibson;
I guess I mean "SunDevil", or maybe :-) "Poorly lubricated Fist")
a) The secret service must surely know that the main threat of computer
crime does not come from the 18-year-olds but from the professional
crackers who get paid loads of money to raid corporate information
systems, just like the majority of "normal" crime is not the 12-year
olds who do doorbell-ditching.
b) However, I have not yet heard of a case where a professional cracker
(ie, someone who is directly making money from cracking) has been
convicted or even accussed of doing so. (If anyone knows of any,
please correct me.)
Given these two things, it seems that the SS is either trying to "clear
the field" of the petty offenders (by making the punishments so extreme
that no one dare crack casually) so as to better pursue the professionals;
and/or is trying stop the amateur hackers before they get a chance to go
pro. Now, I am not going to argue legality or constitutionality, since
I know little about either, but it would seem that the SS is destined
to fail for strictly practical reasons.
First off, if they do intend to go after the professional crackers
at some point, it would seem they are ill-equipped to do so. We have
already witnessed the stunning ability of their experts. If I were
a professional, I wouldn't be too scared. Even if they do get people
who can actually insert a floppy right-side-up, I do not think they
will ever get people of the same caliber of professional crackers.
And even if they did, information space is not like physical space,
where you will always leave behind evidence. Even the most perfect
robbery can be noticed by the fact that SOMETHING IS GONE. An excellent
cracker could get into a system, rob it blind, and leave no clues.
Any evidence of his visit is only electronic, and can thus be
manipulated or erased. Note that I am not arguing that computer
information theft is inevitable; I am merely arguing that typical police
procedures work at finding a criminal after a crime, and in computer
crime that is not always possible. Thus, the crime MUST be stopped by
making systems more secure, something which the SysOp, and not the
SS, must do.
Secondly, if the SS is trying to discourage casual crackers, it is
doing a *REALLY* lousy job of it. By choosing to pursue the associates
of the crackers instead of the crackers themselves, they are only going
to make the crackers less likely to expose themselves to non-crackers.
I would think this would result in crackers more quickly becoming
professionals (ie, only cracking when it is worth their while).
I welcome comments.
-ice
=============
"Those who understand are master to those who use, but do not undertand."
- a noted 1st century Roman historian
=============nagle@well.sf.ca.us (John Nagle) (09/13/90)
They're still learning. Remember, they've only had jurisdiction over
computer crime for two years or so, so they're still trying to get up to
speed on this. This Operation Sun Devil is in response to a real problem,
people tampering with telephone central offices. So the SS geared up
this big operation to find the people responsible. Unfortunately, despite
a massive effort, all they could find were some dumb kids. So they've
been minimizing their failure by exaggerating the damage caused by these
kids, and prosecuting minor offenses as felonies.
I suspect with all the bad publicity they've been getting, they will
do more homework next time before going overboard.
John Nagle