Chapter 11 Analysis and design
probation, 400 hours of community service and a fine of $10,050. He is now an assistant
professor at MIT, where he originally released his worm to disguise its creation at Cornell
University.
●
Kevin Poulsen – In 1990 Poulsen took over all telephone lines into the Los Angeles radio
station KIIS-FM, assuring that he would be the 102nd caller. Poulsen won a Porsche
944 S2. This was one of many hacks conducted while he worked for hi-tech company SRI
International by day and hacked at night. He was eventually traced and, in June 1994,
he pleaded guilty to seven counts of mail, wire and computer fraud, money laundering
and obstruction of justice, and was sentenced to 51 months in prison and ordered to pay
$56,000 in restitution. It was the longest sentence ever given for hacking. He is now a
computer security journalist.
●
Kevin Mitnick – The first hacker to be featured on an FBI ‘Most wanted’ poster, Mitnick
was arrested in 1995. He later pleaded guilty to four counts of wire fraud, two counts of
computer fraud and one count of illegally intercepting a wire communication. He admit-
ted that he broke into computer systems and stole proprietary software belonging to
Motorola, Novell, Fujitsu, Sun Microsystems and other companies. He was sentenced to
46 months. Following his sentence he became a security consultant and is now a leading
commentator on security and has made many TV appearances and written books and
articles.
Gaining access to a system may be perceived by the hacker as simply a technical challenge.
The term ‘hacking’ traditionally refers to the process of creating program code, another
form of technical challenge. This can almost be considered as a pastime, albeit an unethi-
cal one. The BBC (2003) reported that TruSecure, a US hacking monitoring organisation,
currently tracks more than 11,000 individuals in about 900 different hacking groups and
gangs.
Three main forms of gaining unauthorised access to computer systems can be identified.
First, the normal entry points to systems through usernames and passwords can be used.
Tools are available to try different alternative log- ins, although most modern systems will
refuse access after several attempts. Hacking can be combined with identity theft to gain an
idea of the passwords used.
The second form of hacking exploits known vulnerabilities in systems. Although these
vulnerabilities are publicly known and will be posted on the vendor’s website and special-
ist security websites, there will be many system administrators who have not updated their
systems with the latest security update or ‘patch’. This is partly because there are so many
security vulnerabilities, with new ones being announced every week.
Thirdly, Kevin Mitnick refers to ‘
Do'stlaringiz bilan baham: |