Sunday, August 7, 2011


Def Con makes the news.  This 19th convention wins more attention than the first one did.  Now billions of people own computers, and are online - even nominally poor people.  For years, the mainstream media have reported breaches of financial information revealing the personal details of millions of people. Successful attacks against the computers of government agencies - Defense, the FBI, the Senate - are only passing news.  And then there was Wikileaks.  

Just as defenders of the Second Amendment point out that the instrument is not the offender, so, too, is there another side to hacking.  The moral high ground does not get much attention.  Steven Levy’s Hackers: Heroes of the Computer Revolution first came out in 1984.  (It enjoyed a 10-year and then a 25-year publication.)  Hacking is only figuring things out, reverse engineering.  Hacking is the discovery of new aspects to the known.    Knowing how big computers worked, they invented the little ones we have today.  Way back when, even in science fiction (for instance the World of Null-A by A. E. van Vogt, or Isaac Asimov’s Multivac stories), the expectation was for one or a few large machines. Expectations of personal computing were rare, until the advent of “cyberpunk” also about 1984, defined perhaps by the release of the Apple Macintosh.  (See the iconic commercial here. )  

Today, our community colleges teach computer literacy, computer programming, computer repair, computer security, website design, e-commerce, and many more permutations.  In 1984, you had to figure it out for yourself.  And, largely, you stlll do.  The leading edge of computing moves ahead of college classes.  It must, by definition.

As for those breaches in security, revelations of weaknesses are better than a fallacious faith in non-existent strengths.  You know that when you shut off your computer, except for the clock and few other things, most of what is in memory is lost.  RAM is volatile.  

Working on a master’s degree at Princeton, J. Alex Halderman (blog here) figured out the “cold boot attack.”  Pour liquid nitrogen on an electronic circuit and when power is removed, you still have time to physically transfer the circuit and re-power it.  

Today, Dr. Halderman teaches at the University of Michigan.  His latest hacks involve voting machines.  He remotely programmed one in Washington DC to play the Wolverine fight song, “Hail to the Victors.”  En route to a conference in India, the police of the world’s largest democracy detained him at the airport for several days, and then shipped him back, not allowing him to speak to the  convention.  Voting fraud is nothing new; but the means of carrying it out are.  You need to know that.  Your governments are not going to tell you about it.  Someone else will.

The upside to hacking can be pure whimsy.  At a meeting of ArbSec (formerly DefCon 734), one of the attendees demonstrated a desk telephone with a cellular telephone built in.  We see people walking and driving on their phones all time, but a desk phone catches your eye.

We accept our wifi connections without a second thought.  There was a time when telephones were a monopoly.  The average home paid about $8 a month and the average business about $35 a month - and a “data grade” line cost even more.  You never owned your equipment: it belonged to Ma Bell (or other); and you leased it.  

Hackers invented the hardware such as the Hayes Smartmodem and software such as Xmodem that enabled ordinary homes to use their voice grade lines to carry computer messages.  FidoNet was born - and vigorously opposed by telephone monopolies that attempted to bring the full power of state regulation down on the creators and users of BBSes (electronic bulletin board systems).   Ultimately, they failed.  The Modified Final Judgment broke up the Bell monopoly.  Fax machines go back 100 years, but only became common after 1984.  Our cellphones were the “car phones” and “radio phones” of a previous generation - available only to the wealthy.  Answering machines were advertised in the early 1950s, but no one could afford them.  

But if we enjoy the technical wonders, we also know that we are left exposed.  Banking, credit, and medical information are all vulnerable to inadvertent (or intended) compromise.  That applies also to corporate information, of course.  

A few years ago, I guarded a jewelry factory.  Employees exited through a metal detector.    One evening on her way out the door, one of the computer people stopped at our desk.  She waved her cellphone at us.  “Which is more valuable,” she asked, “an ounce of gold or next season’s designs?”  

Hackers are not interested in stealing fashion designs.  However, they are very competent at warning us that the computers on which we write, draw, and communicate, are not secure.  Google is one company that pays rewards to hackers who find security flaws.  More should.

In security, we often run “red team” exercises where someone attempts physical access.  Sometimes overzealous managers whose pass keys, gate cards, and passwords let them in think it proves something to sneak up on a guard.  It proves that the manager is misdirected.  But the concept is valid.  

Cryptographers know a historical narrative in which clever people made up "unbreakable" codes and ciphers which skilled analysts (those with “cipher sense”) broke easily.  Cryptographers know that only someone who has broken codes and ciphers is qualified to design them.  So too, with computer security, or security in general: “Set a thief to catch a thief.”

From my curriculum vitae:
Quoted on computer hacking in “A sociology of hackers,” Sociological Review Vol: 46 Issue: 4 (11/1998) by Tim Jordan and Paul Taylor; and in Hackers: Crime in the Digital Sublime by Paul Taylor, London: Routledge, 1999; and in Hacking: Digital Media and Technological Determinism by Tim Jordan, Cambridge: Polity Press, 2008.
“Protecting Data With Cryptography,” (2-part series) NADGUG Focus, Austin, Texas, April 1994 - May 1994.
“Online with the Super Hacker,” Loompanics Annual Catalog, Port Townsend, Washington, , January 1994.
“Property Rights in Cyberspace,” Loompanics Annual Catalog, Port Townsend, Washington, March 1993.
“Did Thomas Jefferson Wear Mirrorshades?” Loompanics Annual Catalog, Port Townsend, Washington; , January 1991.
“Software viruses,” Data General Review, September, 1989.
The Code Book, 3rd edition, Loompanics Unlimited, Port Townsend, Washington, 1987.


No comments:

Post a Comment