Ken Eitelman

11-15-00

 

Computer Ethics:

Hackers Wanted

 

 

            With the rise of digital media and communication there comes a new standard of what is right and wrong.  However there is still a great deal of ambiguity as to what computer processes are actually right or wrong.  Computers have brought us to an age where information can be acquired at great speeds, but with that comes a risk.  As fast as we can get information, someone else can steal it just as fast.  The people who do this have become commonly known as hackers.  The why and how of hackers are still somewhat unclear since they never seem to have any good reasons, and their methods are changing everyday with the technology.  But it’s not only hackers we worry about.  Employers can “spy” on employees, or on one another.  There is also the issue with “internet identity”, and who actually know who and where we are.  An analysis of these technologies becomes necessary so we can see in which direction to best ensure privacy, or take it away in a justified manner.

There are numerous technologies available today, but only the basic ones need to be evaluated.  The already popular and widely used Ethernet networks have always had a long list of issues that doesn’t seem to be getting any shorter.  Wireless networks are also an option, using new technologies like Appletalk Airport, or the new Bluetooth.  Will these new wireless techs get rid of the problems we currently have with our current Internet structure, or just make more?  It’s my belief that no matter which way you go, there will still be privacy issues with networks.  And although there isn’t much that can be done with wireless nets yet, the technology is growing, and will soon be found in businesses everywhere.  What companies need to establish is a person on their payroll that can attend to these security issues in an active manner.

            In general, people like to have privacy.  Nobody likes to get junk mail, electronic or otherwise.  Nobody likes to get those annoying phone calls that play recorded messages during dinner time, or worse yet, early in the morning when they are trying to sleep.  The information that makes these things happen is something that many people don’t like the world to know.  How can we control this?  Well, to answer this, it’s good to know how the information gets out in the first place.  Many companies will simply ask you for this info, and then sell it off.  However, there are more elusive means to getting the info, which is where we get to network security.  Many companies will keep databases of their employees, which will contain a lot of confidential information, such and salaries, benefits, etc.  This information becoming public can prove to be detrimental to people’s careers, and a company’s productivity.

As it stands now, there are a few ways to get this information off a network.  The first of which would be corporate espionage.  It could very well just be someone in a company that wants to work for a different company and bring something to the bargaining table with him/her.  This isn’t common, but can happen.  The way of stealing this info that we will be more concerned about here is by stealing it off the network as people use it.  This could be done in a variety of ways.  Hackers have programs that will sniff packets of information sent over the digital medium waiting for stuff such as database files, passwords, or just the raw data that they can compile themselves as they see fit.  This information is then sold off to the competition.  A more “hardware oriented” means of hacking would be to sit down at a piece of coaxial cable or CAT-5 cabling, hooking up some alligator clips, and inserting one’s self into the network taking whatever they want.

            There are ways to prevent these acts of theft from happening.  Could wireless networking be one of them?  Wireless networking would certainly remove the wire hacking scenario, but would it remove the risk altogether?  Most likely not.  It has always been shown that no matter what new means of secure communication becomes available, someone will find a way to break into it.  Take the home movie industry.  We all thought that DVD’s would be unbreakable, or at least unbreakable for a much longer period than it was.  Now, if you care enough, anyone can have the software to take the movies off DVD’s and watch them from their computer, and/or transfer it to any other computer.  Whether or not the kids who wrote the program should have gone to jail or not is a different ethical issue.  Does it really matter if people rip the movies and watch them?  There are justifiable reasons for doing this, but in general it is not seen as a good thing to movie companies.  For instance, one of the common reasons to rip a DVD to DivX would be to save money one way or another, but this sort of thing happens all the time and is relatively unavoidable.  Big business has to make as much money as they can on it though, and make themselves look like the victims.

            How does this relate to security?  Well, hackers will always be there, but instead of working to avoid them outright, find a hacker to help you make your system more secure.  Actually have a paid, resident hacker in the company.  The best way to find  “black hackers” (the bad, immoral kind) and stop them is to have someone who knows what’s going on sitting at a desk monitoring everything.  If something out of the ordinary happens, he can kick the bad guys out of the system.  Hackers aren’t all bad.  There are those who mean ill will, but there are also those who like to see software perform at its best, and to help in that matter by stepping over the line a bit.  Why not make it legal to be a “white hacker” (the good, justice infused kind)?  There is this game that people of various age groups play called Shadowrun.  The idea is that everything in the world is pretty much computerized.  Anyway, there are people who make professions of stealing information, and those to make professions at stopping that from happening.  Shadowrun is a great simulation of how things are going to be someday.  Soon, many battles will be fought over the net, on the net, and corporations will want to have the protection they need.

            In addition to actually confronting hackers and busting them out of your network, resident hackers can provide another service.  They can test the network security to make sure it can’t be hacked easily.  Very simply, anything he/she can hack needs to be fixed.  This would be an invaluable service to any software company or e-business.  Once people realize that we need these people as much as we don’t need them, a balance will be made, and technology can progress at a more advanced rate.  There are companies with a good foresight of the future that currently do this to help make their products better.  However, they don’t talk about it much because the public image of computer hackers is pretty bad.

            Now will hackers be able to get into wireless networks as easily as they get into current networks?  Of course they will.  It’s just the nature of computer technology.  But, to avoid wireless networks altogether would be foolish, since such a technology will most likely begin to replace many parts of the Internet’s structure.  For instance, IBM will begin using the Bluetooth technology in new modems to be produced early next year sometime.  What this will allow is short-range network communication (much like a serial link), along with modem support to get on to the net.  Eventually, more aspects of the LAN will be replaced, like Bluetooth hubs, bridges, switches, etc.  If the new standard becomes more powerful, WANs become an option as well.  The tech however has a long way to go before it can accomplish anything close to this.  The future will be remarkable, but network security will still be an issue as it is today.

            Wireless networks should not make it any easier or harder to monitor employees.  Oftentimes, employers need to keep tabs on the office workers to make sure productivity stays high.  Although this is often looked down upon, if you are at a company to do work, you should probably be doing work.  Just like anything, there is a way to check what kind of traffic is coming in and out of a LAN, or to a specific host.  Although all Bluetooth signals will be broadcast, and look pretty much the same, there will be a way to break it down and see what it is…much like IP packet sniffing.

            Current networks will continue to grow with the development of new technologies like gigabit Ethernet and new fiber qualities.  And as such, they will have more problems with security that will one day be solved, and then once again need a solution.  Such is life.  Wireless technologies do not offer a way out of this cycle.  A good solution for any business with a network is to start creating positions for professional hackers to help maintain a stronger network.  Soon our networks will be too integrated and complicated to have all the problems covered, especially when it comes to hackers.  So why not fight fire with fire?  When society realizes we have a need for these people, the paradigm of network security will shift from what it is currently, that is that “networks are victimized”, to “networks are not to be messed with.”

 

 

A guide to ripping DVDs

http://www.geocities.com/jaspovdivx/Main_uk.htm

 

Shadowrun Third Edition

Copyright 1998

Numerous Authors

http://www.fasa.com

 

Specification of the Bluetooth System

http://www.bluetooth.com/developer/specification/core_10_b.pdf

Warning…it’s 1082 pages long

 

Motorola, IBM Brush up on Bluetooth

Carmen Nobel, eWeek

http://www.zdnet.co.uk/news/2000/44/ns-18914.html