Maximum Security:
A Hacker's Guide to Protecting Your Internet Site and Network
3
Hackers and Crackers
The focus of this chapter is on hackers, crackers, and the differences between
them.
What Is the Difference Between a Hacker and a Cracker?
There have been many articles written (particularly on the Internet) about the
difference between hackers and crackers. In them, authors often attempt to correct
public misconceptions. This chapter is my contribution in clarifying the issue.
For many years, the American media has erroneously applied the word hacker
when it really means cracker. So the American public now believe that a hacker
is someone who breaks into computer systems. This is untrue and does a disservice
to some of our most talented hackers.
There are some traditional tests to determine the difference between hackers and
crackers. I provide these in order of their acceptance. First, I want to offer the
general definitions of each term. This will provide a basis for the remaining portion
of this chapter. Those definitions are as follows:
- A hacker is a person intensely interested in the arcane and recondite
workings of any computer operating system. Most often, hackers are programmers. As
such, hackers obtain advanced knowledge of operating systems and programming languages.
They may know of holes within systems and the reasons for such holes. Hackers constantly
seek further knowledge, freely share what they have discovered, and never, ever intentionally
damage data.
- A cracker is a person who breaks into or otherwise violates the system
integrity of remote machines, with malicious intent. Crackers, having gained unauthorized
access, destroy vital data, deny legitimate users service, or basically cause problems
for their targets. Crackers can easily be identified because their actions are malicious.
These definitions are good and may be used in the general sense. However, there
are other tests. One is the legal test. It is said that by applying legal reasoning
to the equation, you can differentiate between hackers (or any other party) and crackers.
This test requires no extensive legal training. It is applied simply by inquiring
as to mens rea.
Mens Rea
Mens rea is a Latin term that refers to the guilty mind. It is used to
describe that mental condition in which criminal intent exists. Applying mens
rea to the hacker-cracker equation seems simple enough. If the suspect unwittingly
penetrated a computer system--and did so by methods that any law-abiding citizen
would have employed at the time--there is no mens rea and therefore no crime.
However, if the suspect was well aware that a security breach was underway--and he
knowingly employed sophisticated methods of implementing that breach--mens rea
exists and a crime has been committed. By this measure, at least from a legal point
of view, the former is an unwitting computer user (possibly a hacker) and the latter
a cracker. In my opinion, however, this test is too rigid.
At day's end, hackers and crackers are human beings, creatures too complex to
sum up with a single rule. The better way to distinguish these individuals would
be to understand their motivations and their ways of life. I want to start with the
hacker.
To understand the mind-set of the hacker, you must first know what they do. To
explain that, I need to briefly discuss computer languages.
Computer Languages
A computer language is any set of libraries or instructions that, when properly
arranged and compiled, can constitute a functional computer program. The building
blocks of any given computer language never fundamentally change. Therefore, each
programmer walks to his or her keyboard and begins with the same basic tools as his
or her fellows. Examples of such tools include
- Language libraries--These are pre-fabbed functions that perform common actions
that are usually included in any computer program (routines that read a directory,
for example). They are provided to the programmer so that he or she can concentrate
on other, less generic aspects of a computer program.
- Compilers--These are software programs that convert the programmer's written
code to an executable format, suitable for running on this or that platform.
The programmer is given nothing more than languages (except a few manuals that
describe how these tools are to be used). It is therefore up to the programmer what
happens next. The programmer programs to either learn or create, whether for profit
or not. This is a useful function, not a wasteful one. Throughout these processes
of learning and creating, the programmer applies one magical element that is absent
within both the language libraries and the compiler: imagination. That is the programmer's
existence in a nutshell.
Modern hackers, however, reach deeper still. They probe the system, often at a
microcosmic level, finding holes in software and snags in logic. They write programs
to check the integrity of other programs. Thus, when a hacker creates a program that
can automatically check the security structure of a remote machine, this represents
a desire to better what now exists. It is creation and improvement through the process
of analysis.
In contrast, crackers rarely write their own programs. Instead, they beg, borrow,
or steal tools from others. They use these tools not to improve Internet security,
but to subvert it. They have technique, perhaps, but seldom possess programming skills
or imagination. They learn all the holes and may be exceptionally talented at practicing
their dark arts, but they remain limited. A true cracker creates nothing and destroys
much. His chief pleasure comes from disrupting or otherwise adversely effecting the
computer services of others.
This is the division of hacker and cracker. Both are powerful forces on the Internet,
and both will remain permanently. And, as you have probably guessed by now, some
individuals may qualify for both categories. The very existence of such individuals
assists in further clouding the division between these two odd groups of people.
Now, I know that real hackers reading this are saying to themselves "There is
no such thing as this creature you are talking about. One is either a hacker or a
cracker and there's no more to it."
Randal Schwartz
If you had asked me five years ago, I would have agreed. However, today, it just
isn't true. A good case in point is Randal Schwartz, whom some of you know from his
weighty contributions to the programming communities, particularly his discourses
on the Practical Extraction and Report Language (Perl). With the exception of Perl's
creator, Larry Wall, no one has done more to educate the general public on the Perl
programming language. Schwartz has therefore had a most beneficial influence on the
Internet in general. Additionally, Schwartz has held positions in consulting at the
University of Buffalo, Silicon Graphics (SGI), Motorola Corporation, and Air Net.
He is an extremely gifted programmer.
NOTE: Schwartz has authored or co-authored
quite a few books about Perl, including Learning Perl, usually called "The
Llama Book," published by O'Reilly & Associates (ISBN 1-56592-042-2).
His contributions notwithstanding, Schwartz remains on the thin line between hacker
and cracker. In fall 1993 (and for some time prior), Schwartz was employed as a consultant
at Intel in Oregon. In his capacity as a system administrator, Schwartz was authorized
to implement certain security procedures. As he would later explain on the witness
stand, testifying on his own behalf:
- Part of my work involved being sure that the computer systems were secure, to
pay attention to information assets, because the entire company resides--the product
of the company is what's sitting on those disks. That's what the people are producing.
They are sitting at their work stations. So protecting that information was my job,
to look at the situation, see what needed to be fixed, what needed to be changed,
what needed to be installed, what needed to be altered in such a way that the information
was protected.
The following events transpired:
- On October 28, 1993, another system administrator at Intel noticed heavy processes
being run from a machine under his control.
- Upon examination of those processes, the system administrator concluded that
the program being run was Crack, a common utility used to crack passwords on UNIX
systems. This utility was apparently being applied to network passwords at Intel
and at least one other firm.
- Further examination revealed that the processes were being run by Schwartz or
someone using his login and password.
- The system administrator contacted a superior who confirmed that Schwartz was
not authorized to crack the network passwords at Intel.
- On November 1, 1993, that system administrator provided an affidavit that was
sufficient to support a search warrant for Schwartz's home.
- The search warrant was served and Schwartz was subsequently arrested, charged
under an obscure Oregon computer crime statute. The case is bizarre. You have a skilled
and renowned programmer charged with maintaining internal security for a large firm.
He undertakes procedures to test the security of that network and is ultimately arrested
for his efforts. At least, the case initially appears that way. Unfortunately, that
is not the end of the story. Schwartz did not have authorization to crack those password
files. Moreover, there is some evidence that he violated other network security conventions
at Intel.
For example, Schwartz once installed a shell script that allowed him to access
the Intel network from other locations. This script reportedly opened a hole in Intel's
firewall. Another system administrator discovered this program, froze Schwartz's
account, and confronted him. Schwartz agreed that installing the script was not a
good idea and further agreed to refrain from implementing that program again. Some
time later, that same system administrator found that Schwartz had re-installed the
program. (Schwartz apparently renamed the program, thus throwing the system administrator
off the trail.) What does all this mean? From my point of view, Randal Schwartz probably
broke Intel policy a number of times. What complicates the situation is that testimony
reveals that such policy was never explicitly laid out to Schwartz. At least, he
was given no document that expressly prohibited his activity. Equally, however, it
seems clear that Schwartz overstepped his authority.
Looking at the case objectively, some conclusions can immediately be made. One
is that most administrators charged with maintaining network security use a tool
like Crack. This is a common procedure by which to identify weak passwords or those
that can be easily cracked by crackers from the void. At the time of the Schwartz
case, however, such tools were relatively new to the security scene. Hence, the practice
of cracking your own passwords was not so universally accepted as a beneficial procedure.
However, Intel's response was, in my opinion, a bit reactionary. For example, why
wasn't the matter handled internally?
The Schwartz case angered many programmers and security experts across the country.
As Jeffrey Kegler wrote in his analysis paper, "Intel v. Randal Schwartz:
Why Care?" the Schwartz case was an ominous development:
- Clearly, Randal was someone who should have known better. And in fact, Randal
would be the first Internet expert already well known for legitimate activities to
turn to crime. Previous computer criminals have been teenagers or wannabes. Even
the relatively sophisticated Kevin Mitnick never made any name except as a criminal.
Never before Randal would anyone on the `light side of the force' have answered the
call of the 'dark side.'
Cross Reference: You can find Kegler's
paper online at http://www.lightlink.com/spacenka/fors/intro.html.
I want you to think about the Schwartz case for a moment. Do you have or administrate
a network? If so, have you ever cracked passwords from that network without explicit
authorization to do so? If you have, you know exactly what this entails. In your
opinion, do you believe this constitutes an offense? If you were writing the laws,
would this type of offense be a felony?
In any event, as stated, Randal Schwartz is unfortunate enough to be the first
legitimate computer security expert to be called a cracker. Thankfully, the experience
proved beneficial, even if only in a very small way. Schwartz managed to revitalize
his career, touring the country giving great talks as Just Another Convicted Perl
Hacker. The notoriety has served him well as of late.
TIP: The transcripts of this trial are
available on the Internet in zipped format. The entire distribution is 13 days of
testimony and argument. It is available at http://www.lightlink.com/spacenka/fors/court/court.html.
Why Do Crackers Exist?
Crackers exist because they must. Because human nature is just so, frequently
driven by a desire to destroy instead of create. No more complex explanation need
be given. The only issue here is what type of cracker we are talking about.
Some crackers crack for profit. These may land on the battlefield, squarely between
two competing companies. Perhaps Company A wants to disable the site of Company B.
There are crackers for hire. They will break into almost any type of system you like,
for a price. Some of these crackers get involved with criminal schemes, such as retrieving
lists of TRW profiles. These are then used to apply for credit cards under the names
of those on the list. Other common pursuits are cell-phone cloning, piracy schemes,
and garden-variety fraud. Other crackers are kids who demonstrate an extraordinary
ability to assimilate highly technical computer knowledge. They may just be getting
their kicks at the expense of their targets.
Where Did This All Start?
A complete historical account of cracking is beyond the scope of this book. However,
a little background couldn't hurt. It started with telephone technology. Originally,
a handful of kids across the nation were cracking the telephone system. This practice
was referred to as phreaking. Phreaking is now recognized as any act by which
to circumvent the security of the telephone company. (Although, in reality, phreaking
is more about learning how the telephone system works and then manipulating it.)
Telephone phreaks employed different methods to accomplish this task. Early implementations
involved the use of ratshack dialers, or red boxes. (Ratshack was a term to
refer to the popular electronics store Radio Shack.) These were hand-held electronic
devices that transmitted digital sounds or tones. Phreakers altered these off-the-shelf
tone dialers by replacing the internal crystals with Radio Shack part #43-146.
NOTE: Part #43-146 was a crystal, available
at many neighborhood electronics stores throughout the country. One could use either
a 6.5MHz or 6.5536 crystal. This was used to replace the crystal that shipped with
the dialer (3.579545MHz). The alteration process took approximately 5 minutes.
Having made these modifications, they programmed in the sounds of quarters being
inserted into a pay telephone. From there, the remaining steps were simple. Phreaks
went to a pay telephone and dialed a number. The telephone would request payment
for the call. In response, the phreak would use the red box to emulate money being
inserted into the machine. This resulted in obtaining free telephone service at most
pay telephones.
Schematics and very precise instructions for constructing such devices are at
thousands of sites on the Internet. The practice became so common that in many states,
the mere possession of a tone dialer altered in such a manner was grounds for search,
seizure, and arrest. As time went on, the technology in this area became more and
more advanced. New boxes like the red box were developed. The term boxing
came to replace the term phreaking, at least in general conversation, and
boxing became exceedingly popular. This resulted in even further advances, until
an entire suite of boxes was developed. Table 3.1 lists a few of these boxes.
Table 3.1. Boxes and their uses.
Box |
What It Does |
Blue |
Seizes trunk lines using a 2600MHz tone, thereby granting the boxer the same privileges
as the average operator |
Dayglo |
Allows the user to connect to and utilize his or her neighbor's telephone line |
Aqua |
Reportedly circumvents FBI taps and traces by draining the voltage on the line |
Mauve |
Used to tap another telephone line |
Chrome |
Seizes control of traffic signals |
There are at least 40 different boxes or devices within this class. Each was designed
to perform a different function. Many of the techniques employed are no longer effective.
For example, blue boxing has been seriously curtailed because of new electronically
switched telephone systems. (Although reportedly, one can still blue box in parts
of the country where older trunk lines can be found.) At a certain stage of the proceedings,
telephone phreaking and computer programming were combined; this marriage produced
some powerful tools. One example is BlueBEEP, an all-purpose phreaking/hacking tool.
BlueBEEP combines many different aspects of the phreaking trade, including the red
box. Essentially, in an area where the local telephone lines are old style, BlueBEEP
provides the user with awesome power over the telephone system. Have a look at the
opening screen of BlueBEEP in Figure 3.1.
Figure 3.1.
The BlueBEEP opening screen.
It looks a lot like any legitimate application, the type anyone might buy at his
or her local software outlet. To its author's credit, it operates as well as or better
than most commercial software. BlueBEEP runs in a DOS environment, or through a DOS
shell window in either Windows 95 or Windows NT. I should say this before continuing:
To date, BlueBEEP is the most finely programmed phreaking tool ever coded. The author,
then a resident of Germany, reported that the application was written primarily in
PASCAL and assembly language. In any event, contained within the program are many,
many options for control of trunk lines, generation of digital tones, scanning of
telephone exchanges, and so on. It is probably the most comprehensive tool of its
kind. However, I am getting ahead of the time. BlueBEEP was actually created quite
late in the game. We must venture back several years to see how telephone phreaking
led to Internet cracking. The process was a natural one. Phone phreaks tried almost
anything they could to find new systems. Phreaks often searched telephone lines for
interesting tones or connections. Some of those connections turned out to be modems.
No one can tell when it was--that instant when a telephone phreak first logged
on to the Internet. However, the process probably occurred more by chance than skill.
Years ago, Point- to-Point Protocol (PPP) was not available. Therefore, the way a
phreak would have found the Internet is debatable. It probably happened after one
of them, by direct-dial connection, logged in to a mainframe or workstation somewhere
in the void. This machine was likely connected to the Internet via Ethernet, a second
modem, or another port. Thus, the targeted machine acted as a bridge between the
phreak and the Internet. After the phreak crossed that bridge, he or she was dropped
into a world teeming with computers, most of which had poor or sometimes no security.
Imagine that for a moment: an unexplored frontier.
What remains is history. Since then, crackers have broken their way into every
type of system imaginable. During the 1980s, truly gifted programmers began cropping
up as crackers. It was during this period that the distinction between hackers and
crackers was first confused, and it has remained so every since. By the late 1980s,
these individuals were becoming newsworthy and the media dubbed those who breached
system security as hackers.
Then an event occurred that would forever focus America's computing community
on these hackers. On November 2, 1988, someone released a worm into the network.
This worm was a self-replicating program that sought out vulnerable machines and
infected them. Having infected a vulnerable machine, the worm would go into the wild,
searching for additional targets. This process continued until thousands of machines
were infected. Within hours, the Internet was under heavy siege. In a now celebrated
paper that provides a blow-by-blow analysis of the worm incident ("Tour of the
Worm"), Donn Seeley, then at the Department of Computer Science at the University
of Utah, wrote:
- November 3, 1988 is already coming to be known as Black Thursday. System administrators
around the country came to work on that day and discovered that their networks of
computers were laboring under a huge load. If they were able to log in and generate
a system status listing, they saw what appeared to be dozens or hundreds of "shell"
(command interpreter) processes. If they tried to kill the processes, they found
that new processes appeared faster than they could kill them.
The worm was apparently released from a machine at the Massachusetts Institute
of Technology. Reportedly, the logging system on that machine was either working
incorrectly or was not properly configured and thus, the perpetrator left no trail.
(Seely reports that the first infections included the Artificial Intelligence Laboratory
at MIT, the University of California at Berkeley, and the RAND Corporation in California.)
As one might expect, the computing community was initially in a state of shock. However,
as Eugene Spafford, a renowned computer science professor from Purdue University,
explained in his paper "The Internet Worm: An Analysis," that state of
shock didn't last long. Programmers at both ends of the country were working feverishly
to find a solution:
- By late Wednesday night, personnel at the University of California at Berkeley
and at Massachusetts Institute of Technology had `captured' copies of the program
and began to analyze it. People at other sites also began to study the program and
were developing methods of eradicating it.
An unlikely candidate would come under suspicion: a young man studying computer
science at Cornell University. This particular young man was an unlikely candidate
for two reasons. First, he was a good student without any background that would suggest
such behavior. Second, and more importantly, the young man's father, an engineer
with Bell Labs, had a profound influence on the Internet's design. Nevertheless,
the young man, Robert Morris Jr., was indeed the perpetrator. Reportedly, Morris
expected his program to spread at a very slow rate, its effects being perhaps even
imperceptible. However, as Brendan Kehoe notes in his book Zen and the Art of
the Internet:
- Morris soon discovered that the program was replicating and reinfecting machines
at a much faster rate than he had anticipated--there was a bug. Ultimately, many
machines at locations around the country either crashed or became `catatonic.' When
Morris realized what was happening, he contacted a friend at Harvard to discuss a
solution. Eventually, they sent an anonymous message from Harvard over the network,
instructing programmers how to kill the worm and prevent reinfection.
Morris was tried and convicted under federal statutes, receiving three years probation
and a substantial fine. An unsuccessful appeal followed. (I address this case in
detail in Part VII of this book, "The Law.")
The introduction of the Morris Worm changed many attitudes about Internet security.
A single program had virtually disabled hundreds (or perhaps thousands) of machines.
That day marked the beginning of serious Internet security. Moreover, the event helped
to forever seal the fate of hackers. Since that point, legitimate programmers have
had to rigorously defend their hacker titles. The media has largely neglected to
correct this misconception. Even today, the national press refers to crackers as
hackers, thus perpetuating the misunderstanding. That will never change and hence,
hackers will have to find another term by which to classify themselves.
Does it matter? Not really. Many people charge that true hackers are splitting
hairs, that their rigid distinctions are too complex and inconvenient for the public.
Perhaps there is some truth to that. For it has been many years since the terms were
first used interchangeably (and erroneously). At this stage, it is a matter of principle
only.
The Situation Today: A Network at War
The situation today is radically different from the one 10 years ago. Over that
period of time, these two groups of people have faced off and crystallized into opposing
teams. The network is now at war and these are the soldiers. Crackers fight furiously
for recognition and often realize it through spectacular feats of technical prowess.
A month cannot go by without a newspaper article about some site that has been cracked.
Equally, hackers work hard to develop new methods of security to ward off the cracker
hordes. Who will ultimately prevail? It is too early to tell. The struggle will likely
continue for another decade or more.
The crackers may be losing ground, though. Because big business has invaded the
Net, the demand for proprietary security tools has increased dramatically. This influx
of corporate money will lead to an increase in the quality of such security tools.
Moreover, the proliferation of these tools will happen at a much faster rate and
for a variety of platforms. Crackers will be faced with greater and greater challenges
as time goes on. However, as I explain in Chapter 5, "Is Security a Futile Endeavor?"
the balance of knowledge maintains a constant, with crackers only inches behind.
Some writers assert that throughout this process, a form of hacker evolution is occurring.
By this they mean that crackers will ultimately be weeded out over the long haul
(many will go to jail, many will grow older and wiser, and so forth). This is probably
unrealistic. The exclusivity associated with being a cracker is a strong lure to
up-and-coming teenagers. There is a mystique surrounding the activities of a cracker.
There is ample evidence, however, that most crackers eventually retire. They later
crop up in various positions, including system administrator jobs. One formerly renowned
cracker today runs an Internet salon. Another works on systems for an airline company
in Florida. Still another is an elected official in a small town in Southern California.
(Because all these individuals have left the life for a more conservative and sane
existence, I elected not to mention their names here.)
The Hackers
I shall close this chapter by giving real-life examples of hackers are crackers.
That seems to be the only reliable way to differentiate between them. From these
brief descriptions, you can get a better understanding of the distinction. Moreover,
many of these people are discussed later at various points in this book. This section
prepares you for that as well.
Richard Stallman Stallman joined the Artificial Intelligence Laboratory
at MIT in 1971. He received the 250K McArthur Genius award for developing software.
He ultimately founded the Free Software Foundation, creating hundreds of freely distributable
utilities and programs for use on the UNIX platform. He worked on some archaic machines,
including the DEC PDP-10 (to which he probably still has access somewhere). He is
a brilliant programmer.
Dennis Ritchie, Ken Thompson, and Brian Kernighan Ritchie, Thompson, and
Kernighan are programmers at Bell Labs, and all were instrumental in the development
of the UNIX operating system and the C programming language. Take these three individuals
out of the picture, and there would likely be no Internet (or if there were, it would
be a lot less functional). They still hack today. (For example, Ritchie is busy working
on Plan 9 from Bell Labs, a new operating system that will probably supplant UNIX
as the industry-standard super-networking operating system.)
Paul Baran, Rand Corporation Baran is probably the greatest hacker of them
all for one fundamental reason: He was hacking the Internet before the Internet even
existed. He hacked the concept, and his efforts provided a rough navigational tool
that served to inspire those who followed him.
Eugene Spafford Spafford is a professor of computer science, celebrated
for his work at Purdue University and elsewhere. He was instrumental in creating
the Computer Oracle Password and Security System (COPS), a semi-automated system
of securing your network. Spafford has turned out some very prominent students over
the years and his name is intensely respected in the field.
Dan Farmer Farmer worked with Spafford on COPS (Release 1991) while at
Carnegie Mellon University with the Computer Emergency Response Team (CERT). For
real details, see Purdue University Technical Report CSD-TR-993, written by Eugene
Spafford and Daniel Farmer. (Yes, Dan, the byline says Daniel Farmer.) Farmer later
gained national notoriety for releasing the System Administrator Tool for Analyzing
Networks (SATAN), a powerful tool for analyzing remote networks for security vulnerabilities.
Wietse Venema Venema hails from the Eindhoven University of Technology
in the Netherlands. He is an exceptionally gifted programmer who has a long history
of writing industry-standard security tools. He co-authored SATAN with Farmer and
wrote TCP Wrapper, one of the commonly used security programs in the world. (This
program provides close control and monitoring of information packets coming from
the void.)
Linus Torvalds A most extraordinary individual, Torvalds enrolled in classes
on UNIX and the C programming language in the early 1990s. One year later, he began
writing a UNIX-like operating system. Within a year, he released this system to the
Internet (it was called Linux). Today, Linux has a cult following and has the distinction
of being the only operating system ever developed by software programmers all over
the world, many of whom will never meet one another. Linux is free from copyright
restrictions and is available free to anyone with Internet access.
Bill Gates and Paul Allen From their high school days, these men from Washington
were hacking software. Both are skilled programmers. Starting in 1980, they built
the largest and most successful software empire on Earth. Their commercial successes
include MS-DOS, Microsoft Windows, Windows 95, and Windows NT.
The Crackers
Kevin Mitnik Mitnik, also known as Condor, is probably the world's best-known
cracker. Mitnik began his career as a phone phreak. Since those early years, Mitnik
has successfully cracked every manner of secure site you can imagine, including but
not limited to military sites, financial corporations, software firms, and other
technology companies. (When he was still a teen, Mitnik cracked the North American
Aerospace Defense Command.) At the time of this writing, he is awaiting trial on
federal charges stemming from attacks committed in 1994-1995.
Kevin Poulsen Having followed a path quite similar to Mitnik, Poulsen is
best known for his uncanny ability to seize control of the Pacific Bell telephone
system. (Poulsen once used this talent to win a radio contest where the prize was
a Porsche. He manipulated the telephone lines so that his call would be the wining
one.) Poulsen has also broken nearly every type of site, but has a special penchant
for sites containing defense data. This greatly complicated his last period of incarceration,
which lasted five years. (This is the longest period ever served by a hacker in the
United States.) Poulsen was released in 1996 and has apparently reformed.
Justin Tanner Peterson Known as Agent Steal, Peterson is probably most
celebrated for cracking a prominent consumer credit agency. Peterson appeared to
be motivated by money instead of curiosity. This lack of personal philosophy led
to his downfall and the downfall of others. For example, once caught, Peterson ratted
out his friends, including Kevin Poulsen. Peterson then obtained a deal with the
FBI to work undercover. This secured his release and he subsequently absconded, going
on a crime spree that ended with a failed attempt to secure a six-figure fraudulent
wire transfer.
Summary
There are many other hackers and crackers, and you will read about them in the
following chapters. Their names, their works, and their Web pages (when available)
are meticulously recorded throughout this book. If you are one such person of note,
you will undoubtedly find yourself somewhere within this book. The criterion to be
listed here is straightforward: If you have done something that influenced the security
of the Internet, your name likely appears here. If I missed you, I extend my apologies.
For the remaining readers, this book serves not only as a general reference tool,
but a kind of directory of hackers and crackers. For a comprehensive listing, see
Appendix A, "How to Get More Information." That appendix contains both
establishment and underground resources.
© Copyright, Macmillan Computer Publishing. All
rights reserved.
|