What Is the Difference Between a Hacker and a Cracker?
0 views
Skip to first unread message
MuhammaD Us@F aL!
Nov 26, 2005, 1:51:43 PM11/26/05
to uet...@googlegroups.com, Uet Group for Linux
Hackers and Crackers
The focus of this chapter is on hackers, crackers, and the differences between them.
What Is the Difference Between a Hacker and a Cracker?
There
have been many articles written (particularly on the Internet) about
the difference between hackers and crackers. In them, authors often
attempt to correct public misconceptions. This chapter is my
contribution in clarifying the issue.
For many years, the American media has erroneously applied the word hacker when it really means
cracker.
So the American public now believe that a hacker is someone who breaks
into computer systems. This is untrue and does a disservice to some of
our most talented hackers.
There
are some traditional tests to determine the difference between hackers
and crackers. I provide these in order of their acceptance. First, I
want to offer the general definitions of each term. This will provide a
basis for the remaining portion of this chapter. Those definitions are
as follows:
- A hacker is a person intensely interested in the arcane and recondite workings of any computer operating system. Most often, hackers are programmers. As such, hackers obtain advanced knowledge of operating systems and programming languages. They may know of holes within systems and the reasons for such holes. Hackers constantly seek further knowledge, freely share what they have discovered, and never, ever intentionally damage data.
- A cracker is a person who breaks into or otherwise violates the system integrity of remote machines, with malicious intent. Crackers, having gained unauthorized access, destroy vital data, deny legitimate users service, or basically cause problems for their targets. Crackers can easily be identified because their actions are malicious.
These
definitions are good and may be used in the general sense. However,
there are other tests. One is the legal test. It is said that by
applying legal reasoning to the equation, you can differentiate between
hackers (or any other party) and crackers. This test requires no
extensive legal training. It is applied simply by inquiring as to mens rea.
Mens Rea
Mens rea
is a Latin term that refers to the guilty mind. It is used to describe
that mental condition in which criminal intent exists. Applying mens rea to the
hacker-cracker equation seems simple enough. If the suspect unwittingly
penetrated a computer system--and did so by methods that any
law-abiding citizen would have employed at the time--there is no mens rea
and therefore no crime. However, if the suspect was well aware that a
security breach was underway--and he knowingly employed sophisticated
methods of implementing that breach--mens rea
exists and a crime has been committed. By this measure, at least from a
legal point of view, the former is an unwitting computer user (possibly
a hacker) and the latter a cracker. In my opinion, however, this test
is too rigid.
At
day's end, hackers and crackers are human beings, creatures too complex
to sum up with a single rule. The better way to distinguish these
individuals would be to understand their motivations and their ways of
life. I want to start with the hacker.
To
understand the mind-set of the hacker, you must first know what they
do. To explain that, I need to briefly discuss computer languages.
Computer Languages
A
computer language is any set of libraries or instructions that, when
properly arranged and compiled, can constitute a functional computer
program. The building blocks of any given computer language never
fundamentally change. Therefore, each programmer walks to his or her
keyboard and begins with the same basic tools as his or her fellows.
Examples of such tools include
- Language libraries--These are pre-fabbed functions that perform common actions that are usually included in any computer program (routines that read a directory, for example). They are provided to the programmer so that he or she can concentrate on other, less generic aspects of a computer program.
- Compilers--These are software programs that convert the programmer's written code to an executable format, suitable for running on this or that platform.
The
programmer is given nothing more than languages (except a few manuals
that describe how these tools are to be used). It is therefore up to
the programmer what happens next. The programmer programs to either
learn or create, whether for profit or not. This is a useful function,
not a wasteful one. Throughout these processes of learning and
creating, the programmer applies one magical element that is absent
within both the language libraries and the compiler: imagination. That
is the programmer's existence in a nutshell.
Modern
hackers, however, reach deeper still. They probe the system, often at a
microcosmic level, finding holes in software and snags in logic. They
write programs to check the integrity of other programs. Thus, when a
hacker creates a program that can automatically check the security
structure of a remote machine, this represents a desire to better what
now exists. It is creation and improvement through the process of
analysis.
In
contrast, crackers rarely write their own programs. Instead, they beg,
borrow, or steal tools from others. They use these tools not to improve
Internet security, but to subvert it. They have technique, perhaps, but
seldom possess programming skills or imagination. They learn all the
holes and may be exceptionally talented at practicing their dark arts,
but they remain limited. A true cracker creates nothing and destroys
much. His chief pleasure comes from disrupting or otherwise adversely
effecting the computer services of others.
This
is the division of hacker and cracker. Both are powerful forces on the
Internet, and both will remain permanently. And, as you have probably
guessed by now, some individuals may qualify for both categories. The
very existence of such individuals assists in further clouding the
division between these two odd groups of people. Now, I know that real
hackers reading this are saying to themselves "There is no such thing
as this creature you are talking about. One is either a hacker or a
cracker and there's no more to it."
Randal Schwartz
If
you had asked me five years ago, I would have agreed. However, today,
it just isn't true. A good case in point is Randal Schwartz, whom some
of you know from his weighty contributions to the programming
communities, particularly his discourses on the Practical Extraction
and Report Language (Perl). With the exception of Perl's creator, Larry
Wall, no one has done more to educate the general public on the Perl
programming language. Schwartz has therefore had a most beneficial
influence on the Internet in general. Additionally, Schwartz has held
positions in consulting at the University of Buffalo, Silicon Graphics (SGI), Motorola Corporation, and Air Net. He is an extremely gifted programmer.
NOTE: Schwartz has authored or co-authored quite a few books about Perl, including Learning Perl , usually called "The Llama Book," published by O'Reilly & Associates (ISBN 1-56592-042-2).
His
contributions notwithstanding, Schwartz remains on the thin line
between hacker and cracker. In fall 1993 (and for some time prior),
Schwartz was employed as a consultant at Intel in Oregon.
In his capacity as a system administrator, Schwartz was authorized to
implement certain security procedures. As he would later explain on the
witness stand, testifying on his own behalf:
Part
of my work involved being sure that the computer systems were secure,
to pay attention to information assets, because the entire company
resides--the product of the company is what's sitting on those disks.
That's what the people are producing. They are sitting at their work
stations. So protecting that information was my job, to look at the
situation, see what needed to be fixed, what needed to be changed, what
needed to be installed, what needed to be altered in such a way that
the information was protected.
The following events transpired:
- On October 28, 1993, another system administrator at Intel noticed heavy processes being run from a machine under his control.
- Upon examination of those processes, the system administrator concluded that the program being run was Crack, a common utility used to crack passwords on UNIX systems. This utility was apparently being applied to network passwords at Intel and at least one other firm.
- Further examination revealed that the processes were being run by Schwartz or someone using his login and password.
- The system administrator contacted a superior who confirmed that Schwartz was not authorized to crack the network passwords at Intel.
- On November 1, 1993, that system administrator provided an affidavit that was sufficient to support a search warrant for Schwartz's home.
- The search warrant was served and Schwartz was subsequently arrested, charged under an obscure Oregon computer crime statute. The case is bizarre. You have a skilled and renowned programmer charged with maintaining internal security for a large firm. He undertakes procedures to test the security of that network and is ultimately arrested for his efforts. At least, the case initially appears that way. Unfortunately, that is not the end of the story. Schwartz did not have authorization to crack those password files. Moreover, there is some evidence that he violated other network security conventions at Intel.
For
example, Schwartz once installed a shell script that allowed him to
access the Intel network from other locations. This script reportedly
opened a hole in Intel's firewall. Another system administrator
discovered this program, froze Schwartz's account, and confronted him.
Schwartz agreed that installing the script was not a good idea and
further agreed to refrain from implementing that program again. Some
time later, that same system administrator found that Schwartz had
re-installed the program. (Schwartz apparently renamed the program,
thus throwing the system administrator off the trail.) What does all
this mean? From my point of view, Randal Schwartz probably broke Intel
policy a number of times. What complicates the situation is that
testimony reveals that such policy was never explicitly laid out to
Schwartz. At least, he was given no document that expressly prohibited
his activity. Equally, however, it seems clear that Schwartz
overstepped his authority.
Looking
at the case objectively, some conclusions can immediately be made. One
is that most administrators charged with maintaining network security
use a tool like Crack. This is a common procedure by which to identify
weak passwords or those that can be easily cracked by crackers from the
void. At the time of the Schwartz case, however, such tools were
relatively new to the security scene. Hence, the practice of cracking
your own passwords was not so universally accepted as a beneficial
procedure. However, Intel's response was, in my opinion, a bit
reactionary. For example, why wasn't the matter handled internally?
The
Schwartz case angered many programmers and security experts across the
country. As Jeffrey Kegler wrote in his analysis paper, "Intel v. Randal Schwartz: Why Care?" the Schwartz case was an ominous development:
Clearly,
Randal was someone who should have known better. And in fact, Randal
would be the first Internet expert already well known for legitimate
activities to turn to crime. Previous computer criminals have been
teenagers or wannabes. Even the relatively sophisticated Kevin Mitnick
never made any name except as a criminal. Never before Randal would
anyone on the `light side of the force' have answered the call of the
'dark side.'
Cross Reference: You can find Kegler's paper online at http://www.lightlink.com/spacenka/fors/intro.html.
I
want you to think about the Schwartz case for a moment. Do you have or
administrate a network? If so, have you ever cracked passwords from
that network without explicit authorization to do so? If you have, you
know exactly what this entails. In your opinion, do you believe this
constitutes an offense? If you were writing the laws, would this type
of offense be a felony?
In
any event, as stated, Randal Schwartz is unfortunate enough to be the
first legitimate computer security expert to be called a cracker.
Thankfully, the experience proved beneficial, even if only in a very
small way. Schwartz managed to revitalize his career, touring the
country giving great talks as Just Another Convicted Perl Hacker. The
notoriety has served him well as of late.
TIP: The transcripts of this trial are available on the Internet in zipped format. The entire distribution is 13 days of testimony and argument. It is available at http://www.lightlink.com/spacenka/fors/court/court.html .
Why Do Crackers Exist?
Crackers
exist because they must. Because human nature is just so, frequently
driven by a desire to destroy instead of create. No more complex
explanation need be given. The only issue here is what type of cracker
we are talking about.
Some
crackers crack for profit. These may land on the battlefield, squarely
between two competing companies. Perhaps Company A wants to disable the
site of Company B. There are crackers for hire. They will break into
almost any type of system you like, for a price. Some of these crackers
get involved with criminal schemes, such as retrieving lists of TRW
profiles. These are then used to apply for credit cards under the names
of those on the list. Other common pursuits are cell-phone cloning,
piracy schemes, and garden-variety fraud. Other crackers are kids who
demonstrate an extraordinary ability to assimilate highly technical
computer knowledge. They may just be getting their kicks at the expense
of their targets.
Where Did This All Start?
A
complete historical account of cracking is beyond the scope of this
book. However, a little background couldn't hurt. It started with
telephone technology. Originally, a handful of kids across the nation
were cracking the telephone system. This practice was referred to as phreaking.
Phreaking is now recognized as any act by which to circumvent the
security of the telephone company. (Although, in reality, phreaking is
more about learning how the telephone system works and then
manipulating it.)
Telephone phreaks employed different methods to
accomplish this task. Early implementations involved the use of ratshack dialers, or red boxes. (Ratshack
was a term to refer to the popular electronics store Radio Shack.)
These were hand-held electronic devices that transmitted digital sounds
or tones. Phreakers altered these off-the-shelf tone dialers by
replacing the internal crystals with Radio Shack part #43-146.
NOTE: Part #43-146 was a crystal, available at many neighborhood electronics stores throughout the country. One could use either a 6.5MHz or 6.5536 crystal. This was used to replace the crystal that shipped with the dialer (3.579545MHz). The alteration process took approximately 5 minutes.
Having
made these modifications, they programmed in the sounds of quarters
being inserted into a pay telephone. From there, the remaining steps
were simple. Phreaks went to a pay telephone and dialed a number. The
telephone would request payment for the call. In response, the phreak
would use the red box to emulate money being inserted into the machine.
This resulted in obtaining free telephone service at most pay
telephones.
Schematics
and very precise instructions for constructing such devices are at
thousands of sites on the Internet. The practice became so common that
in many states, the mere possession of a tone dialer altered in such a
manner was grounds for search, seizure, and arrest. As time went on,
the technology in this area became more and more advanced. New boxes
like the red box were developed. The term boxing came to replace the term phreaking,
at least in general conversation, and boxing became exceedingly
popular. This resulted in even further advances, until an entire suite
of boxes was developed. Table 3.1 lists a few of these boxes.
Table 3.1. Boxes and their uses.
| Box
| What It Does |
| Blue |
Seizes trunk lines using a 2600MHz tone, thereby granting the boxer the same privileges as the average operator |
| Dayglo |
Allows the user to connect to and utilize his or her neighbor's telephone line |
|
Aqua |
Reportedly circumvents FBI taps and traces by draining the voltage on the line |
|
Mauve | Used to tap another telephone line
|
| Chrome |
Seizes control of traffic signals |
There
are at least 40 different boxes or devices within this class. Each was
designed to perform a different function. Many of the techniques
employed are no longer effective. For example, blue boxing has been
seriously curtailed because of new electronically switched telephone
systems. (Although reportedly, one can still blue box in parts of the
country where older trunk lines can be found.) At a certain stage of
the proceedings, telephone phreaking and computer programming were
combined; this marriage produced some powerful tools. One example is
BlueBEEP, an all-purpose phreaking/hacking tool. BlueBEEP combines many
different aspects of the phreaking trade, including the red box.
Essentially, in an area where the local telephone lines are old style,
BlueBEEP provides the user with awesome power over the telephone
system. Have a look at the opening screen of BlueBEEP in Figure3.1.
It
looks a lot like any legitimate application, the type anyone might buy
at his or her local software outlet. To its author's credit, it
operates as well as or better than most commercial software. BlueBEEP
runs in a DOS environment, or through a DOS shell window in either
Windows 95 or Windows NT. I should say this before continuing: To date,
BlueBEEP is the most finely programmed phreaking tool ever coded. The
author, then a resident of Germany, reported that the
application was written primarily in PASCAL and assembly language. In
any event, contained within the program are many, many options for
control of trunk lines, generation of digital tones, scanning of
telephone exchanges, and so on. It is probably the most comprehensive
tool of its kind. However, I am getting ahead of the time. BlueBEEP was
actually created quite late in the game. We must venture back several
years to see how telephone phreaking led to Internet cracking. The
process was a natural one. Phone phreaks tried almost anything they
could to find new systems. Phreaks often searched telephone lines for
interesting tones or connections. Some of those connections turned out
to be modems.
No
one can tell when it was--that instant when a telephone phreak first
logged on to the Internet. However, the process probably occurred more
by chance than skill. Years ago, Point- to-Point Protocol (PPP) was not
available. Therefore, the way a phreak would have found the Internet is
debatable. It probably happened after one of them, by direct-dial
connection, logged in to a mainframe or workstation somewhere in the
void. This machine was likely connected to the Internet via Ethernet, a
second modem, or another port. Thus, the targeted machine acted as a
bridge between the phreak and the Internet. After the phreak crossed
that bridge, he or she was dropped into a world teeming with computers,
most of which had poor or sometimes no security. Imagine that for a
moment: an unexplored frontier.
What
remains is history. Since then, crackers have broken their way into
every type of system imaginable. During the 1980s, truly gifted
programmers began cropping up as crackers. It was during this period
that the distinction between hackers and crackers was first confused,
and it has remained so every since. By the late 1980s, these
individuals were becoming newsworthy and the media dubbed those who
breached system security as hackers.
Then an event occurred that would forever focus America's
computing community on these hackers. On November 2, 1988, someone
released a worm into the network. This worm was a self-replicating
program that sought out vulnerable machines and infected them. Having
infected a vulnerable machine, the worm would go into the wild,
searching for additional targets. This process continued until
thousands of machines were infected. Within hours, the Internet was
under heavy siege. In a now celebrated paper that provides a
blow-by-blow analysis of the worm incident ("Tour of the Worm"), Donn
Seeley, then at the Department of Computer Science at the University of
Utah, wrote:
November 3, 1988
is already coming to be known as Black Thursday. System administrators
around the country came to work on that day and discovered that their
networks of computers were laboring under a huge load. If they were
able to log in and generate a system status listing, they saw what
appeared to be dozens or hundreds of "shell" (command interpreter)
processes. If they tried to kill the processes, they found that new
processes appeared faster than they could kill them.
The
worm was apparently released from a machine at the Massachusetts
Institute of Technology. Reportedly, the logging system on that machine
was either working incorrectly or was not properly configured and thus,
the perpetrator left no trail. (Seely reports that the first infections
included the Artificial Intelligence Laboratory at MIT, the University
of California at Berkeley, and the RAND Corporation in California.) As
one might expect, the computing community was initially in a state of
shock. However, as Eugene Spafford, a renowned computer science
professor from Purdue University, explained in his paper "The Internet
Worm: An Analysis," that state of shock didn't last long. Programmers
at both ends of the country were working feverishly to find a solution:
By late Wednesday night, personnel at the University
of California at Berkeley and at Massachusetts Institute of Technology
had `captured' copies of the program and began to analyze it. People at
other sites also began to study the program and were developing methods
of eradicating it.
An unlikely candidate would come under suspicion: a young man studying computer science at Cornell
University. This particular young man was an unlikely candidate for two
reasons. First, he was a good student without any background that would
suggest such behavior. Second, and more importantly, the young man's
father, an engineer with Bell Labs, had a profound influence on the
Internet's design. Nevertheless, the young man, Robert Morris Jr., was
indeed the perpetrator. Reportedly, Morris expected his program to
spread at a very slow rate, its effects being perhaps even
imperceptible. However, as Brendan Kehoe notes in his book Zen and the Art of the Internet:
Morris
soon discovered that the program was replicating and reinfecting
machines at a much faster rate than he had anticipated--there was a
bug. Ultimately, many machines at locations around the country either
crashed or became `catatonic.' When Morris realized what was happening,
he contacted a friend at Harvard to discuss a solution. Eventually,
they sent an anonymous message from Harvard over the network,
instructing programmers how to kill the worm and prevent reinfection.
Morris
was tried and convicted under federal statutes, receiving three years
probation and a substantial fine. An unsuccessful appeal followed. (I
address this case in detail in Part VII of this book, "The Law.")
The
introduction of the Morris Worm changed many attitudes about Internet
security. A single program had virtually disabled hundreds (or perhaps
thousands) of machines. That day marked the beginning of serious
Internet security. Moreover, the event helped to forever seal the fate
of hackers. Since that point, legitimate programmers have had to
rigorously defend their hacker titles. The media has largely neglected
to correct this misconception. Even today, the national press refers to
crackers as hackers, thus perpetuating the misunderstanding. That will
never change and hence, hackers will have to find another term by which
to classify themselves.
Does
it matter? Not really. Many people charge that true hackers are
splitting hairs, that their rigid distinctions are too complex and
inconvenient for the public. Perhaps there is some truth to that. For
it has been many years since the terms were first used interchangeably
(and erroneously). At this stage, it is a matter of principle only.
The Situation Today: A Network at War
The
situation today is radically different from the one 10 years ago. Over
that period of time, these two groups of people have faced off and
crystallized into opposing teams. The network is now at war and these
are the soldiers. Crackers fight furiously for recognition and often
realize it through spectacular feats of technical prowess. A month
cannot go by without a newspaper article about some site that has been
cracked. Equally, hackers work hard to develop new methods of security
to ward off the cracker hordes. Who will ultimately prevail? It is too
early to tell. The struggle will likely continue for another decade or
more.
The
crackers may be losing ground, though. Because big business has invaded
the Net, the demand for proprietary security tools has increased
dramatically. This influx of corporate money will lead to an increase
in the quality of such security tools. Moreover, the proliferation of
these tools will happen at a much faster rate and for a variety of
platforms. Crackers will be faced with greater and greater challenges
as time goes on. However, as I explain in Chapter 5, "Is Security a
Futile Endeavor?" the balance of knowledge maintains a constant, with
crackers only inches behind. Some writers assert that throughout this
process, a form of hacker evolution is occurring. By this they mean
that crackers will ultimately be weeded out over the long haul (many
will go to jail, many will grow older and wiser, and so forth). This is
probably unrealistic. The exclusivity associated with being a cracker
is a strong lure to up-and-coming teenagers. There is a mystique
surrounding the activities of a cracker.
There
is ample evidence, however, that most crackers eventually retire. They
later crop up in various positions, including system administrator
jobs. One formerly renowned cracker today runs an Internet salon.
Another works on systems for an airline company in Florida. Still another is an
elected official in a small town in Southern California. (Because all
these individuals have left the life for a more conservative and sane
existence, I elected not to mention their names here.)
The Hackers
I
shall close this chapter by giving real-life examples of hackers are
crackers. That seems to be the only reliable way to differentiate
between them. From these brief descriptions, you can get a better
understanding of the distinction. Moreover, many of these people are
discussed later at various points in this book. This section prepares
you for that as well.
Richard Stallman
Stallman joined the Artificial Intelligence Laboratory at MIT in 1971.
He received the 250K McArthur Genius award for developing software. He
ultimately founded the Free Software Foundation, creating hundreds of
freely distributable utilities and programs for use on the UNIX
platform. He worked on some archaic machines, including the DEC PDP-10
(to which he probably still has access somewhere). He is a brilliant
programmer.
Dennis Ritchie, Ken Thompson, and Brian Kernighan
Ritchie, Thompson, and Kernighan are programmers at Bell Labs, and all
were instrumental in the development of the UNIX operating system and
the C programming language. Take these three individuals out of the
picture, and there would likely be no Internet (or if there were, it
would be a lot less functional). They still hack today. (For example,
Ritchie is busy working on Plan 9 from Bell Labs, a new operating
system that will probably supplant UNIX as the industry-standard
super-networking operating system.)
Paul Baran, Rand Corporation
Baran is probably the greatest hacker of them all for one fundamental
reason: He was hacking the Internet before the Internet even existed.
He hacked the concept, and his efforts provided a rough navigational
tool that served to inspire those who followed him.
Eugene Spafford
Spafford is a professor of computer science, celebrated for his work at
Purdue University and elsewhere. He was instrumental in creating the
Computer Oracle Password and Security System (COPS), a semi-automated
system of securing your network. Spafford has turned out some very
prominent students over the years and his name is intensely respected
in the field.
Dan Farmer
Farmer worked with Spafford on COPS (Release 1991) while at Carnegie
Mellon University with the Computer Emergency Response Team (CERT). For
real details, see Purdue University Technical Report CSD-TR-993,
written by Eugene Spafford and Daniel Farmer. (Yes, Dan, the byline
says Daniel Farmer.) Farmer later gained national notoriety for
releasing the System Administrator Tool for Analyzing Networks (SATAN),
a powerful tool for analyzing remote networks for security
vulnerabilities.
Wietse Venema
Venema hails from the Eindhoven University of Technology in the
Netherlands. He is an exceptionally gifted programmer who has a long
history of writing industry-standard security tools. He co-authored
SATAN with Farmer and wrote TCP Wrapper, one of the commonly used
security programs in the world. (This program provides close control
and monitoring of information packets coming from the void.)
Linus Torvalds
A most extraordinary individual, Torvalds enrolled in classes on UNIX
and the C programming language in the early 1990s. One year later, he
began writing a UNIX-like operating system. Within a year, he released
this system to the Internet (it was called Linux). Today, Linux has a
cult following and has the distinction of being the only operating
system ever developed by software programmers all over the world, many
of whom will never meet one another. Linux is free from copyright
restrictions and is available free to anyone with Internet access.
Bill Gates and Paul Allen
From their high school days, these men from Washington were hacking
software. Both are skilled programmers. Starting in 1980, they built
the largest and most successful software empire on Earth. Their
commercial successes include MS-DOS, Microsoft Windows, Windows 95, and
Windows NT.
The Crackers
Kevin Mitnik
Mitnik, also known as Condor, is probably the world's best-known
cracker. Mitnik began his career as a phone phreak. Since those early
years, Mitnik has successfully cracked every manner of secure site you
can imagine, including but not limited to military sites, financial
corporations, software firms, and other technology companies. (When he
was still a teen, Mitnik cracked the North American Aerospace Defense
Command.) At the time of this writing, he is awaiting trial on federal
charges stemming from attacks committed in 1994-1995.
Kevin Poulsen
Having followed a path quite similar to Mitnik, Poulsen is best known
for his uncanny ability to seize control of the Pacific Bell telephone
system. (Poulsen once used this talent to win a radio contest where the
prize was a Porsche. He manipulated the telephone lines so that his
call would be the wining one.) Poulsen has also broken nearly every
type of site, but has a special penchant for sites containing defense
data. This greatly complicated his last period of incarceration, which
lasted five years. (This is the longest period ever served by a hacker
in the United States.) Poulsen was released in 1996 and has apparently
reformed.
Justin Tanner Peterson
Known as Agent Steal, Peterson is probably most celebrated for cracking
a prominent consumer credit agency. Peterson appeared to be motivated
by money instead of curiosity. This lack of personal philosophy led to
his downfall and the downfall of others. For example, once caught,
Peterson ratted out his friends, including Kevin Poulsen. Peterson then
obtained a deal with the FBI to work undercover. This secured his
release and he subsequently absconded, going on a crime spree that
ended with a failed attempt to secure a six-figure fraudulent wire
transfer.
Summary
There
are many other hackers and crackers, and you will read about them in
the following chapters. Their names, their works, and their Web pages
(when available) are meticulously recorded throughout this book. If you
are one such person of note, you will undoubtedly find yourself
somewhere within this book. The criterion to be listed here is
straightforward: If you have done something that influenced the
security of the Internet, your name likely appears here. If I missed
you, I extend my apologies.
For
the remaining readers, this book serves not only as a general reference
tool, but a kind of directory of hackers and crackers. For a
comprehensive listing, see Appendix A, "How to Get More Information."
That appendix contains both establishment and underground resources.
LIFE GIVES ANSWERS IN THREE WAYS
IT SAYS YES AND GIVES WHATEVER U WANT ,
SAYS NO AND GIVES U SOMETHING BETTER
SAYS WAIT AND GIVES U THE BEST
--
Muhammad Yousaf Ali
Reply all
Reply to author
Forward
0 new messages