Def Con makes the news. This 19th
convention wins more attention than the first one did. Now billions of
people own computers, and are online - even nominally poor people. For
years, the mainstream media have reported breaches of financial information
revealing the personal details of millions of people. Successful attacks
against the computers of government agencies - Defense, the FBI, the Senate -
are only passing news. And then there was Wikileaks.
Just as defenders of the Second Amendment point out that the
instrument is not the offender, so, too, is there another side to
hacking. The moral high ground does not get much attention. Steven
Levy’s Hackers: Heroes of the Computer Revolution first came out in
1984. (It enjoyed a 10-year and then a 25-year publication.) Hacking
is only figuring things out, reverse engineering. Hacking is the
discovery of new aspects to the known. Knowing how big
computers worked, they invented the little ones we have today. Way
back when, even in science fiction (for instance the World of Null-A by
A. E. van Vogt, or Isaac Asimov’s Multivac stories), the expectation was for
one or a few large machines. Expectations of personal computing were rare,
until the advent of “cyberpunk” also about 1984, defined perhaps by the release
of the Apple Macintosh. (See
the iconic commercial here. )
Today, our community colleges teach computer literacy, computer
programming, computer repair, computer security, website design, e-commerce,
and many more permutations. In 1984, you had to figure it out for
yourself. And, largely, you stlll do. The leading edge of computing
moves ahead of college classes. It must, by definition.
As for those breaches in security, revelations of weaknesses are
better than a fallacious faith in non-existent strengths. You know that
when you shut off your computer, except for the clock and few other things,
most of what is in memory is lost. RAM is volatile.
Working on a master’s degree at Princeton, J. Alex Halderman (blog here) figured
out the “cold boot attack.” Pour liquid nitrogen on an electronic circuit
and when power is removed, you still have time to physically transfer the
circuit and re-power it.
Today, Dr. Halderman teaches at the University of Michigan. His
latest hacks involve voting machines. He remotely programmed one in
Washington DC to play the Wolverine fight song, “Hail to the Victors.” En
route to a conference in India, the police of the world’s largest democracy
detained him at the airport for several days, and then shipped him back, not
allowing him to speak to the convention. Voting fraud is nothing
new; but the means of carrying it out are. You need to know that. Your
governments are not going to tell you about it. Someone else will.
The upside to hacking can be pure whimsy. At a meeting of ArbSec
(formerly DefCon 734), one of the attendees demonstrated a desk telephone with
a cellular telephone built in. We see people walking and driving on their
phones all time, but a desk phone catches your eye.
We accept our wifi connections without a second thought. There
was a time when telephones were a monopoly. The average home paid about
$8 a month and the average business about $35 a month - and a “data grade” line
cost even more. You never owned your equipment: it belonged to Ma Bell
(or other); and you leased it.
Hackers invented the hardware such as the Hayes Smartmodem and
software such as Xmodem that enabled ordinary homes to use their voice grade
lines to carry computer messages. FidoNet was born - and vigorously
opposed by telephone monopolies that attempted to bring the full power of state
regulation down on the creators and users of BBSes (electronic bulletin board
systems). Ultimately, they failed. The Modified Final Judgment
broke up the Bell monopoly. Fax machines go back 100 years, but only
became common after 1984. Our cellphones were the “car phones” and “radio
phones” of a previous generation - available only to the wealthy.
Answering machines were advertised in the early 1950s, but no one could afford
them.
But if we enjoy the technical wonders, we also know that we are left
exposed. Banking, credit, and medical information are all vulnerable to
inadvertent (or intended) compromise. That applies also to corporate
information, of course.
A few years ago, I guarded a jewelry factory. Employees exited
through a metal detector. One evening on her way out the door, one
of the computer people stopped at our desk. She waved her cellphone at
us. “Which is more valuable,” she asked, “an ounce of gold or next
season’s designs?”
Hackers are not interested in stealing fashion designs. However,
they are very competent at warning us that the computers on which we write,
draw, and communicate, are not secure. Google is one company that pays
rewards to hackers who find security flaws. More should.
In security, we often run “red team” exercises where someone attempts
physical access. Sometimes overzealous managers whose pass keys, gate
cards, and passwords let them in think it proves something to sneak up on a
guard. It proves that the manager is misdirected. But the concept
is valid.
Cryptographers know a historical narrative in which clever people made
up "unbreakable" codes and ciphers which skilled analysts (those with
“cipher sense”) broke easily. Cryptographers know that only someone who
has broken codes and ciphers is qualified to design them. So too, with
computer security, or security in general: “Set a thief to catch a thief.”
From my curriculum vitae:
Quoted on computer hacking in “A sociology of hackers,” Sociological
Review Vol: 46 Issue: 4 (11/1998) by Tim Jordan and Paul Taylor; and in Hackers:
Crime in the Digital Sublime by Paul Taylor, London: Routledge, 1999; and
in Hacking: Digital Media and Technological Determinism by Tim Jordan,
Cambridge: Polity Press, 2008.
“Protecting Data With Cryptography,” (2-part
series) NADGUG Focus, Austin, Texas, April 1994 - May 1994.
“Online with the Super Hacker,” Loompanics Annual Catalog, Port
Townsend, Washington, , January 1994.
“Property Rights in Cyberspace,” Loompanics Annual Catalog,
Port Townsend, Washington, March 1993.
“Did Thomas Jefferson Wear Mirrorshades?” Loompanics Annual Catalog,
Port Townsend, Washington; , January 1991.
“Software viruses,” Data General Review, September, 1989.
The Code Book, 3rd edition, Loompanics Unlimited,
Port Townsend, Washington, 1987.
ALSO ON NECESSARY FACTS
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.