Hackers: illegal/immoral?

It is not often that one has the opportunity to listen to any hacker put his or her viewpoint, let alone some of the world’s most (in-)famous, but this was possible during a packed keynote session at the infosecurity event in Olympia, London. The lineup comprised Winn Schwartau, President of Interpact and bestselling author of Information Warfare, Time Based Security and Cybershock, Sir Dystic of Cult of the Dead Cow, the oldest online hacking group, and creator of Back Orifice, arguably the most notorious hacker program to date and Ken Browne, also known as rloxley, spokesman for condemned.org and a vigilante hacker who specialises in removing paedophile sites from the World- Wide Web. Timon Molloy reports.

The tone of the discussion was set by Winn Schwartau who opened by asking when is it appropriate to cross the line into illegality. He said that the US views itself as the world’s policeman but only accounts for four per cent of the global population, on top of which, he commented, some of its laws, without specifying which, make no sense. Not in doubt though is the explosive growth in e-commerce which presents an unrivalled opportunity for hackers and a continuing challenge to law enforcement. Sir Dystic said that his motivation for creating the Trojan horse virus Back Orifice was ethical; he wanted to demonstrate how easy it is for a personal computer to be manipulated without the knowledge of the legitimate user. He described the program as a “remote administration tool” rather than a hacking system and argued that perception depends upon marketing – if such a product had been offered by the information security industry it may well have been praised but the fact that it was released on to the Internet for free with full open-source architecture led to an outcry. In the event, it has proved very useful to a large number of corporate network administrators when evidence-gathering in sexual harassment and information-theft cases. Budget constraints that would have precluded discovery and resolution of such abuses did not apply to the freely downloadable Back Orifice. Sir Dystic’s view follows the old argument that it is not guns that kill people, it is people with guns who kill people. He went on to outline a number of reasons why people hack. He maintained that very few did it for financial gain; those who did were not members of the hacking community and would rapidly be shunned by the major players. In the main, it was the challenge of breaching a secure system that appealed. Ken Browne agreed. He preaches ethical hacking which encour- ages entry of systems and message-posting to site administrators to let them know how access was achieved. When this writer suggested that organised crime could devote effectively unlimited resource to penetrating systems and suborning computer specialists, he admitted that this was true but that there was a cyber army of good guys ready to resist. Returning to hacker profiles, Sir Dystic said that another group are angst-ridden disaffected teenagers who merely want media attention; they vandalise and deface sites. The third category are the (h)acktivists, those with strong views on specific issues who wish to raise public awareness. Overall however, the rationale used by the hacker was irrelevant he said; the “exploits” would happen regardless. He thought that companies were less likely to be targeted by external hackers than Internet service providers (ISPs); the ISPs would generally sacrifice security in favour of usability. The threat that companies face is primarily from other businesses – corporate hacking or “netspionage” - and from disaffected employees within the organisation itself.