Chapter 1. Introduction: Some Fundamental Questions

In today's world of international networks and electronic commerce, every computer system is a potential target. Rarely does a month go by without news of some major network or organization having its computers penetrated by unknown computer criminals. These intrusions have become especially sinister in recent years: computers have been turned into attack platforms for launching massive denial of service attacks, credit-card numbers have been plundered from databases and then used for fraud or extortion, hospital medical records have been accessed by children who then used the information to play malicious practical jokes on former patients, business records have been surreptitiously altered, software has been replaced with secret "back doors" in place, and millions of passwords have been captured from unsuspecting users. There are also reports of organized crime, agents of hostile nation states, and terrorists all gaining access to government and private computer systems, and using those systems for nefarious purposes.

All attacks on computer systems are potentially damaging and costly. Even if nothing is removed or altered, system administrators must often spend hours or days analyzing the penetration and possibly reloading or reconfiguring a compromised system to regain some level of confidence in the system's integrity. As there is no way to know the motives of an intruder, and the worst must always be assumed.

People who break into systems simply to "look around" do real damage, even if they do not access confidential information or delete files.

Many different kinds of people break into computer systems. Some people are the equivalent of reckless teenagers out on electronic joy rides. Similar to youths who "borrow" fast cars, their main goal isn't necessarily to do damage, but to have what they consider to be a good time. Others are far more dangerous: some people who compromise system security are sociopaths?their goal is to break into as many systems as possible for the mere challenge of doing so. Others see themselves as being at "war" with rival hackers; woe to innocent users and systems who happen to get in the way of cyberspace "drive-by shootings!" Still others are out for valuable corporate information, which they hope to resell for profit or use for blackmail. There are also elements of organized crime, spies, saboteurs, terrorists, and anarchists.

Who Is a Computer Hacker?

HACKER noun 1. A person who enjoys learning the details of computer systems and how to stretch their capabilities?as opposed to most users of computers, who prefer to learn only the minimum amount necessary. 2. One who programs enthusiastically or who enjoys programming rather than just theorizing about programming.

?Eric S. Raymond, et al., The Hacker's Dictionary

There was a time when computer security professionals argued over the term hacker. Some thought that hackers were excellent and somewhat compulsive computer programmers, such as Richard Stallman, founder of the Free Software Foundation. Others thought that hackers were criminals, like the celebrity hacker Kevin Mitnick. Complicating this discussion was the fact that many computer security professionals had formerly been hackers themselves?of both persuasions. Some were anxious to get rid of the word, while others wished to preserve it.

Today the confusion over the term hacker has largely been resolved. While some computer professionals continue to call themselves hackers, most don't. In the mind of the public, the word hacker has been firmly defined as a person exceptionally talented with computers who often misuses that skill. Use of the term by members of the news media, law enforcement, and the entertainment industry has only served to reinforce this definition.

In this book we will generally refrain from using the word hacker?not out of honor or respect, but because the term is now so widely used to describe so many different things that it has virtually ceased to be informative. So instead of the word hacker, we'll try to use descriptive terms such as attacker, code breaker, saboteur, intruder, vandal, and thief, as appropriate. Occasionally, we'll use more generic terms such as bad guy or, simply, criminal.

The most dangerous computer criminals are usually insiders (or former insiders), because they know many of the codes and security measures that are already in place. Consider the case of a former employee who is out for revenge. The employee probably knows which computers to attack, which files will cripple the company the most if deleted, what the defenses are, and where the backup tapes are stored. Nevertheless, when these people attack, they may well come in from the Internet?perhaps from a compromised computer system in Eastern Europe or South America?to obscure their true identities.

Despite the risks, having an Internet presence has become all but a fundamental requirement for doing business in the United States, Western Europe, and, increasingly, the rest of the world. Every day, the number of Internet-connected computers increases. What's more, our concept of what is a computer continues to broaden as well. It is now common for handheld devices weighing 8 ounces or less to have wireless Internet connections; some of these systems even run an embedded Unix operating system. By all indications, we are likely to see both more computers and more kinds of computers attached to the Internet in the years to come, and they are likely to be always on and always connected. All of these systems demand protection so that they can be run securely.

Interest in Unix has grown hand-in-hand with the deployment of the Internet. For many years, Unix ran the Internet; the majority of web servers on the Internet are still Unix-based. Unix systems likewise make great firewalls, mail servers, domain name servers, and more. What's more, you can download and install a fully functional, up-to-date free Unix system with only a floppy disk and a high-speed Internet connection.

    Part VI: Appendixes