Hackers, Crackers and Trackers

Coursing through arteries, replicating along the way, edging 2 into new sites to wreak havoc, the virus at first seemed like any other virus that eventually would be defeated by the host's defense mechanisms. This, however, was a new, more powerful virus, and it would take advantage of the system's weaknesses, infecting and reinfecting as it traveled through the host.

The "Internet Worm", as the virus came to be known, worked its way into thousands of computers connected to the national information infrastructure. Created by Cornell University student Robert Morris, it infected more than 6,000 systems, jamming hard drives and erasing valuable information before being eliminated in November 1988 by engineers at the University of California at Berkeley and at Purdue University in West Lafayette, Indiana.

That was the first time the Internet and the destructive aims of certain computer experts made the national news. It wouldn't be the last. The Internet is just as susceptible to abuse as any other form of computer technology. The only difference is that the malicious attack comes through telephone lines and across network connections. Computer vandals can break into any system. Whether it is transportation, finance or defense, no system is 100-percent safe. There will always be individuals who, for one reason or another, are eager to discover the weak spot in order to penetrate the system.

Who are these individuals and what do they want? Generally, people who break into computer systems are called "hackers". Irrespective of their aims, they tend to inspire a certain admiration because they are extremely clever and infinitely more knowledgeable than the average computer user. Breaking into computer systems—whether it is on the Internet, in a bank or a government office—is an illegal activity. However, "ordinary" hackers who penetrate and explore systems just for the intellectual challenge are regarded as less dangerous than "crackers'". The latter are people who break into systems in order to steal or to destroy information. They also can remove money from accounts, as Russian "crackers" demonstrated when they stole $10 million from Citibank's cash-management system in 1994. In fact, some experts estimate that the U.S. economy loses between $2 and $4 billion annually to computer vandals.

The increasing number of hackers and crackers has forced police departments to create computer crimes squads. These law enforcement experts who watch all these illegal activities are known as "trackers". According to a member of the new Computer Crimes Squad in San Francisco, the FBI does not want to needlessly harass the harmless hacker, but it has a duty to catch the bad ones. No society that depends heavily on computer systems can afford to ignore either the potential dangers of hacking or the moral issues that hacking has raised.

Do hackers regard themselves as criminals? Probably not. But they do make a distinction between "good" and "bad" hacking. Take, for example, the case of Ian, a 16-year-old hacker. He admits quite proudly that he knows how to defeat the registration process to get into systems which he enjoys doing just for the fun of it. 14 Nevertheless, he prefers breaking into software programs rather than systems because there is less chance of being prosecuted. Ian never hacks for profit although he knows some who do work for money and even just for the fun of causing someone else headaches. Like many members of the hacker community, he does not feel morally obliged to turn "bad" hackers over to the authorities.

Jeff, a 27-year-old hacker, has a different point of view. He feels, on the contrary, that hackers do have the moral responsibility to report "crackers". He admits that he stopped being a "bad" hacker because he didn't want to go to jail. He now works for a computer security company. In other words, he sells his skills as a hacker to a company that repairs flaws in systems to prevent break-ins by hackers of all kinds. However, in his spare time Jeff still continues his activities as a hacker because he considers it a way to expand his knowledge.

Jeff's situation raises an interesting debate among computer and information executives, both in government and private enterprise: What can you do with a hacker or what can a hacker do for you? It seems obvious that a person capable of breaking into a system would also be capable of helping repair the flaws in a system. But should hackers be allowed to continue penetrating systems after they have been hired by the computer industry? Hacking is, after all, an illegal activity.

Because computer vandals can cause real damage, Congress is taking a serious look at the security of computer systems and ways to deter intrusions by both "good" and "bad" hackers. Many public officials consider the issue of hacking one of the most important issues that government, and society as a whole, face today. However, progress has been slow because many intrusions go unreported by private and public sector organizations for fear of publicity. When a break-in occurs, companies and governmental departments are extremely reluctant to admit that their files have been stolen, damaged or destroyed. By admitting their vulnerability, they would undermine the confidence of the public.

Despite the potential danger of hackers, most computer security experts feel that people should not be afraid to use the Internet. It is a technology that, when used properly, can yield untold benefits. The Internet allows scientists to share data, it helps students research history, and it allows journalists to report the news.

In the final analysis, America needs the Internet and the hackers that come with it. If no one exposes the vulnerabilities, they never get solved. So at least in one way hackers, the non-malicious ones, help us.