The impact of hackers on the internet commerce

Table of contents

1 INTRODUCTION
1.1 THE ISSUE OF THE ASSIGNMENT
1.2 THE STRUCTURE OF THE ASSIGNMENT

2 THE TERM ‘HACKER’
2.1 DEFINITION
2.2 THE TERM HACKER IN A BROADER SENSE
2.2.1 Phone Phreaking
2.2.2 Sport intruders
2.2.3 Computer sabotage
2.2.4 Computer espionage
2.2.5 Computer deceit

3 THE HISTORY AND DEVELOPMENT OF THE HACKING SCENE
3.1 THE BEGINNING
3.1.1 The telephone people
3.1.2 The computer people
3.2 THE FURTHER DEVELOPMENT OF THE HACKING SCENE
3.3 THE IMPACT OF TECHNOLOGY ON THE HACKERDOM

4 THE MOTIVATION AND ETHICS OF HACKING
4.1 THE HACKER’S ETHIC
4.2 THE IMPROVEMENT OF SECURITY
4.3 THE ACADEMIC MOTIVATION
4.4 THE PROTECTORS OF THE SOCIETY
4.5 SOCIAL AND POLITICAL REASONS
4.6 CRIMINAL ENERGY

5 IMPENDING THE INTERNET COMMERCE
5.1 THE GENERAL PUBLIC
5.1.1 The direct impact
5.1.2 The indirect impact
5.2 BUSINESS AND GOVERNMENT AGENCIES
5.3 DEFENCE ACTIONS

6 CONCLUSIONS
6.1 SUMMARY
6.2 OUTLOOK
6.3 FINAL STATEMENT

7 BIBLIOGRAPHY

1 Introduction

"I am chaos. I am the substance from which your artists and scientists build rhythms. I am the spirit with which your children and clowns laugh in happy anarchy.

I am chaos. I am alive, and tell you that you are free."

- Eris, Goddess Of Chaos, Discord Confusion

1.1 The issue of the assignment

Today the technologies are developing faster and faster to an extent that seems to become less manageable since with the speed of progress the amount of lacks and hidden bugs in those technologies is getting larger and larger. There are people who try to seek gaps to access computer systems without permis- sion in order to profit from information that is none of their business or simply to wreak havoc. Those so-called ‘hackers’ and ‘crackers’ can affect entire busi- nesses because they can access, manipulate and corrupt the companies’ vital data. The purpose of this assignment is to reveal the impact of hackers on the internet commerce. It will point out the phenomenon ‘hacker’ and explain their motivations. In addition it will mainly concentrate on the historical development of the scene up to now and stress its impact on different sectors of society.

1.2 The structure of the assignment

The assignment is divided into four main parts. It will start with highlighting sev- eral definitions of the term ‘hacker’, explained by referring to a few examples. At the same time different interpretations of those definitions will be provided and should give the reader an overview over the distinct views towards hackers.

The following section comprises the history as well as the development of the hackers’ scene. It is important to stress how it has changed over the time. Thus one can learn more about the hackers’ intentions and attitudes.

Chapter four is about the motivation of hacking. It should emphasize the diffe- rent justifications of their activities.

The next section uses the results of the previous sections to highlight the impact of the hacking activity on the internet. From the point of view of companies and governments it is to determine to what extend hackers threaten their ongoing operations.

The assignment will end with a summary and a conclusion of the issues dis- cussed before. Furthermore there will also be an outlook of how the situation could develop in the future as well as the discussion whether or not legislation will be able to solve the threats imposed by hackers.

2 The term ‘hacker’

2.1 Definition

Due to the undifferentiated use of the term ‘hacker‘ in the media people are us- ing the term generally without any criticism. Most of the publications are giving the impression that hackers have committed every unlawful and unethical act related to computers. But this is a false conclusion. (Frech, no year, p. 2; cited indirectly after Brand, S.: Media Lab. Computer, Kommunikation und neue Me- dien. Die Erfindung der Zukunft am MIT, 1990, p. 82)

The term is differentiated between two distinct meanings: Either it is used to mean “a clever programmer” or to mean “someone who tries to break into com- puter systems”. (WhatIs.com Encyclopedia)

You can define hacking as an unauthorized access to a network or other com- puters, hence to accounts of other users. It only means to get access to other networks and is not related to what happens after a successful break in. There- fore hacking is only the basis for several punishable or at least questionable activities, but you cannot equate the term with committing a crime. A punishable act that needs hacking as a basis will be treated separately. (Sterling, 1994, p. 65-66)

While we are using the term hacker in a sense of gaining unauthorized access to computer systems it has a distinct meaning in the hacking ‘community’: ”Hackers consider themselves members of an elite meritocracy based on ability and trade hacker techniques and ‘war stories’ amongst themselves in USENET forums, local or regional clubs, and national conferences, such as the annual DEF CON Computer Underground Convention held in Las Vegas.” (Sinnrod E.J., Reilly, W.P., 2000, p. 4-5, DEF CON is an annual computer underground party and conference for hackers held every summer in Las Vegas, Nevada, http://www.defcon.org). Hackers are involved in communities where open- source code is produced and exchanged among its members to commonly de- velop tools that outsmart current commercial software applications or network technologies.

2.2 The term hacker in a broader sense

In a broader sense the term ‘hacker’ can related to several distinct activities. This chapter should give a brief overview of them by presenting the core issues of each activity followed by a short example.

2.2.1 Phone Phreaking

Phone Phreaks are people that have specialized in analyzing telephone net- works. Between 1965 and 1975 ATT used an acoustic signal that was sent out to the company when at least one of both telephone users hung up her phone. This signal was used to stop only the unit-counter of the user but not the con- nection. Some people found out about this acoustic signal and imitated it by using a whistle that was included in a Cornflakes box called “Capt’n Crunch”, which reproduced exactly the frequency of the signal (2600 hertz). Later John Draper built a box (the so-called blue box) that could electronically imitate dif- ferent signals. Those people, who owned such a blue box were able to phone around the world for free until ATT found out and changed its system so that

both the connection and the unit-counter were closed by the signal. (Sterling, 1994, p. 58-63)

2.2.2 Sport intruders

“Sport intruders are the stereotypical Internet hackers” (Moyer, 1997). Their mo- tivation is based mainly on the incentive to detect weaknesses in security sys- tems and to break into the system behind them. They want to show their com- puter skills and make people aware of existing security lacks – there is no evil purpose behind it. Therefore there is no modification or corruption of particular data intended.

An example for this approach of hacking is the famous ‘Chaos Computer Club e.V.’ in Germany, which once detected an error in a software tool that estab- lished an internet connection to a former interactive videotext provider in Ger- many. The club found out, that due to this error the login and password of a user for entering the service were readable within a very short period of time when the user was changing sites quickly. So they got to know the password of a leading bank. They set up their own videotext site, which charged DM 10 (ex- change rate is almost DM1 = NZ$1) for accessing the page. A hacker of the club faked his identity by using the bank’s access password and entered this particular website repeatedly until costs of almost DM 135,000 were created. At that time they stopped their activity and let both the bank and the public know about the lack in the internet provider’s security system. Later the hacker club paid the money back to the bank.

The question is, whether one can convict this activity in terms of morale and ethics, since (apart from the loss of the image to the bank) nothing was dam- aged during the hacker’s activity and the public benefited from it because a very dangerous error had been detected and could be fixed. (Moyer, 1997; Stein- hauer, 1998)

2.2.3 Computer sabotage

Computer sabotage consists of the intentional corruption or deletion of data. In most cases the hackers manipulate a software product or threat a company with using their captured secret information against them if they refuse to pay a fee to them. A very famous case was concerned with the ‘Aids’-floppy disks that were sent to thousands of hospitals and banks to inform them about the disease Aids. But the installation modified some essential system files and the only way to restore them was to register the software product at a particular bank institute in Panama that charged a license fee of US$ 378. The producer of the software was not able to cover and undo the damage. Nevertheless this case did not base on a real hack rather than on the use of a virus or trojan horse program. (Marx, 1997)

Those people, who try to break into computer systems and manipulate data on purpose just to let the computer crash are called ‘crashers’ or ‘crackers’. Their motivation is in most cases based on revenge or pure vandalism. Even though hacking is a prerequisite of crashing, you have to distinguish between the pure hacker and a crasher, since the intention of those two groups differs. A pure hacker has not the intentional purpose of causing damage: “The basic differ- ence is this: hackers build things, crackers break them.” (Potter, 1999; Ray- mond, 2000)

2.2.4 Computer espionage

Computer espionage uses hacking to get access to computers in order to get confidential or secret data with the intention to use it commercially afterwards. Usually the captured information is used to blackmail its owner. In business re- lated computer espionage the main purpose is to use the captured data to benefit from the secretly kept knowledge of competitors. Military data will often be sold to other countries. One of the most famous example is the ‘KGB-Hack’. A German pupil hacked the US military network and downloaded secret military files about the locations of military airbases and SDI buildings. Even though

they recognized the hack it was very difficult to locate the position of the hacker. With the assistance of the FBI and CIA they were able to find and arrest the hacker in the end.

Computer espionage requires an intentional purpose. You cannot equate it with the earlier stated definition of hacking because it only bases on hacking that is followed by the real crime.

2.2.5 Computer deceit

The computer deceit bases on using computers for ones personal enrichment. Those delicts are often committed by insiders of a company, seldom there are hackers from outside involved. The previously presented case of the Chaos Computer Club could be regarded as a computer deceit as well, but in that par- ticular case the motivation was not based on the enrichment of the hackers.

3 The history and development of the hacking scene

3.1 The beginning

In the beginning, the late sixties, there were two distinct types of hackers. On the on hand there were the phone phreakers, who applied the technique a la Capt’n Crunch. On the other hand there were the computer-wizards at the uni- versities. Later those two streams merged to one and those people were called ‘hackers’. Both streams will be analyzed separately:

3.1.1 The telephone people

The group of people that applied ‘phone phreaking’ usually consisted of per- sons, who had nothing else in mind than having fun and reducing their high

phone bills which were caused by their mailbox communication on their self- assembled computers. Often those people could not afford the charges, so they were looking for methods to outsmart the carriers. Endurance and luck let them achieve their aim. They found more and more methods to get control over the computers of the telephone carriers. People were able to block several tele- phone-ports, change phone numbers or even disconnect a whole district from the telephone network. Although it was fun to the one side it was devastating to the other side since the increasing losses of the phone carriers as well as their fear of unsatisfied customers suing high amounts of money for damages forced them to react. The real hacking activities of this group began when they found out that there were many computers, which were connected via a telephone line. Since then they were able to break into computers (if they knew the proper telephone number) and began to steal passwords to be able to phone without being the one who is charged for it. (Frech, no year, p. 3-4; cited indirectly after Hafner / Markoff: Cyberpunk. Die Welt der Hacker. Vienna, 1993, p. 22)

3.1.2 The computer people

It all started at the Institute of Technology in Massachusetts (MIT) where a small group of model railway freaks called it a ‘hack’ when they build a very efficient railway track or when they optimized their railroad system in a way that seemed to be better in the end than they have actually imagined. Those, who spent all their time with that hobby were called ‘hackers’. (Raymond, 2000, p. 2)

In spring 1959 a new course had been introduced at the institute that dealt with the topic of artificial intelligence whereas a new computer should assist the course. From now on the hackers spent all their time on the computer learning how to use and program it. Later they started to modify the operating system of the computer and changed its hardware. Nobody of them wanted to get a copy- right of their work and that united them in their opinion, the original ethic of the hackers, that all the information should be free and accessible to everybody and nobody should be allowed to deny the access of a particular piece of data. (Jasek, 1999; Frech, no year, cited indirectly after Amman, T.: Hacker für Mos- kau. Deutsche Computerspione im Dienst des KGB., Reinbeck, 1989, p. 171)

The hackers of MIT also created the first video game. They programmed a small game in which two space ships had to shoot torpedoes at each others. Since the control of the game over keyboard was not very comfortable they in- vented the joysticks.

Those people were the first real hackers. They did not use their hacking skills for evil purposes. They only wanted to follow their ethical principles (free access to all data) and show how good they could control and use the computer. Since the beginning they have differentiated themselves from people who used the computer for evil purposes. But as time went by the number of hackers that stick to their ethical rules decreased. At that time many young hackers thought that hacking was only a game. They were living only for their own advantage and started attaching copyrights to their programs. The original mythos got lost over the time. (Sterling, 1994, p. 71-72)

[...]