Hacking in a wider sense...
In hierdie geskrif behandel ek egter nie kappery in 'n eng rekenaarverwante sin nie, maar poog om die konsep van kappery binne 'n groter raamwerk van innovering en improvisasie te bekyk. Ek sal egter ook nader aan die einde meer sê oor rekenaars.
Kappery kan in verskeie soorte kategorieë verdeel word, en elke soort kategorisering beklemtoon iets anders, of werk beter in 'n bepaalte veld. Hierna gaan ons kyk na ses soorte klassifikasiestelle.
Omdat ons veral vrae vra oor rekenaarkappery, wil ek voorstel dat ons eers kyk na een spesifieke klassifikasiemodel, en dan gedurig onsself afvra hoe daardie model in al die ander klassifikasiestelle kan inpas. Daardie klassifikasiemodel behels dat kappery onderverdeel word in vier soorte kappery, naamlik hardeware-, sagteware-, stelsel-, en datakappery.
Die ses klassifikasiestelle is:
- information technology (main model)
- hardware
- software
- systems
- data
- levels of complicatedness
- electronic
- mechanical
- manual
- thing vs. thinger
- computer wizz
- goal orientation
- goal known -- purposive
- goal vague or unknown -- purposive
- goal vague or unknown -- accidental
- no goal -- accidental
- the improvisation matrix
- normal function, normal means
- normal function, abnormal means
- abnormal function, abnormal means
- abnormal function, normal means (rarely ever?)
Die laaste model, naamlik die improviseringsmatriks, gaan ek later eers behandel, en wel wanneer ek innovering as veld behandel. Dit is 'n ander manier om na kappery te kyk, en moet liefs nie as deel van hierdie eerste bespreking beskou word nie.
Hieronder bespreek (oftewel noem) ek vervolgens voorbeelde van die verskillende soorte klassifikasiestelle:
Information technology (formal)...
- hardware: using a headphone as a microphone
- software: altering a program to allow extra functions
- system: sending a multi-prompt to a remote host in order to rise priority
- data: editing a spreadsheet file in text format to allow additional colomns
Swakpunte van hierdie model is dat dit moeilik kan wees om tussen die verskillende kategorieë te onderskei, bv. is die kruis van 'n brandmuur 'n stelsel- of 'n sagtewarekap, en is die bons van 'n netwerk 'n hardeware- of 'n stelselkap, en is die skryf van 'n klein intermezzoprogrammetjie om onversoenbare applikasies te versoen 'n data of 'n stelselkap?
Dis ook soms maar moeilik om onderskeid te tref tussen sagteware- en datakappery, asook tussen stelsel- en data- en sagtewarekappery. Kennis van die stelsel is baie keer nodig om 'n kap uit te voer, maar dit maak nie noodwendig van die kap 'n stelselkap nie.
By datakappery... moet ons ook mooi onderskeid tref tussen sg. "data processing" en "data manipulation".
Data processing is the organising of data in order to create or derive useful information; whereas...
Data manipulation is the restructuring of the data record layout, in order either to facilitate optimal data processing, to facilitate optimal data transfer, to optimise data application, or even to sabotage optimal data processing.
Hacking means altering
'n Maklike (en soms suksesvolle) manier om onderskeid te tref tussen die verskillende kategorieë is om ingedagte te hou dat om te kap beteken om te verander. Wanneer die stelsel verander word, is dit 'n stelselkap (bv. die byvoeg van 'n brandmuur); wanneer hardeware verander word, is dit 'n hardewarekap (bv. om 'n netwerk te bons d.m.v. kabeldeterminering); dieselfde met sagteware (bv. om die copyright van 'n program te verwyder of te "kraak").
Levels of complicatedness...
- electronic: banging on the television
- mechanical: lengthening the arial cable with an extension cable
- manual: changing the arial's position to improve the image
- electronic: using an master's card in the payphone creditcard slot
- mechanical: using bogus coins
- manual: pinching the handpiece between cheek and shoulder
- electronic: playing backmasking by adjusting the direction chip
- mechanical: playing backmasking by reversing the belt
- manual: playing backmasking by turning the record by hand
- electronic: cracking a computer game's piracy copy protection
- mechanical: ?
- manual: computer game stealing by simple theft and resale
Sterkpunte van hierdie klassifikasiemodel is dat nierekenaarverwante kappery maklik daarmee beskryf kan word, en werk goed vir gevalle waar daar 'n wesenlike interaksie tussen meganiese en elektroniese applikasies is, bv. by telefone.
Swakpunte van hierdie model is dat dit soms moeilik is om tussen kategorieë te kan onderskei, veral ook omdat "mechanical" soms beskou kan word as bloot 'n komplekse vorm van "manual", en omdat eletromeganies met elektronies verwar kan word.
Appliance vs. Application...
- appliance: using a soft drink instead of oil in a car
- application: using the car's heat to cook food
- appliance: ironing through a towel to flatten a paper
- application: using the iron as a paper flattener
- appliance: altering the inside structure of a headphone into a microphone
- application: using the headphone as a microphone... or is this appliance too?
- appliance: turning the television on its side for better viewing lying down
- application: using a mute static television as a fake fireplace fire
'n Sterkpunt van hierdie klassifikasiemodel is dat dit baie lekker werk met algemene huishoudelike voorwerpe en implimente.
Swakpunte van hierdie model is dat dit moeilik is om rekenaarverwante kappery hiermee te beskryf, en dat dit soms maar moeilik kan wees om tussen applikasie en toepassing te onderskei, soos in die derde voorbeeld hierbo.
Computer wizz...
- hacking: breaking through a firewall
- cracking: destroying that same firewall
- hacking: making free phonecalls at the government's expense
- cracking: making free phonecalls using stolen accounts
- hacking: accessing someone's webpage to correct some errors
- cracking: accessing someone's webpage to vandalise it
Sterkpunte van hierdie klassifikasiemodel is dat dit die model is (of lyk soos die model wat) die meeste mense in die rekenaarveld gebruik, en dit is ook baie geskik vir rekenaar- en netwerkkapklassifikasies.
Swakpunte is dat die baie moeilik is om nierekenaarverwante applikasies met hierdie model te beskryf, en dat die model blyk of dit meer behep is mee om die blaam en verantwoordelikheid te verhef en te verplaas as om werklik objektief te kyk na die saak.
Die algemene siening oor die saak word in die tabel hieronder uiteengesit:
Hacking...
- hurts goverment only
- looking only
- "legitimate" if not always legal
- satisfies curiosity only
- (?) requires great skill and knowledge
|
Cracking...
- hurts everybody, good/bad/rich/poor
- looking and touching
- "non-legitimate" even if legal
- satisfies urge to maim
- (?) requires little knowledge, only access to cracking tools
|
Goal orientation...
Hierdie klassifikasiemodel is nie soseer bedoel vir om spesifieke gevalle van kappery te beskryf nie, maar om die omstandighede rondom 'n gegewe kappery te beskryf.
- goal known -- purposive: 'n snuffelaar (surfer) wat weet waarna hy soek, en doelbewus daarna soek d.m.v. snuffelmasjiene ens.
- goal vague or unknown -- purposive: 'n snuffelaar wat nie iets spesifieks soek nie, maar tog doelbewus en elke stap welwetend d.m.v. snuffelmasjiene ens. rondkrap
- goal vague or unknown -- accidental: 'n snuffelaar wat nie iets spesifieks soek nie, en sommer lukraak hier en daar skakels en hiperskakels kliek
- no goal -- accidental: 'n snuffelaar wat toevallig op iets afkom wat hy van hou, sonder dat hy spesifiek daarvoor gaan soek het
- goal known -- purposive: 'n kapper wat met standaard metodiek op 'n afgeleë gasheer rondsoek terwyl hy weet waarvoor hy soek
- goal vague or unknown -- purposive: 'n kapper wat met standaard metodiek rondsnuffel sonder om na iets spesifieks te soek
- goal vague or unknown -- accidental: 'n kapper wat sommer lukraak dinge probeer sonder om 'n spesifieke doel voor oë te hê
- no goal -- accidental: 'n kapper wat op iets afkom wat hy van hou, sonder dat hy juis daarvoor gaan soek het, en sonder dat hy enige standaard metodes gebruik
Soos gesien kan word lyk die klassifikasiemodel in teorie baie handig, hoewel dit in die praktyk soms nogal moeilik kan wees om presies tussen die kategorieë te onderskei.
Improvisation matrix...
Die improviseringsmatriks word nie hier bespreek nie, maar in die volgende afdeling, as onderafdeling van die veld van innovering. Die matriks is behep met funksie en wyse.
Voor ek in verdere detail na die onderverdeling van innovering as veld kyk, wil ek eers 'n paar begrippe definieer. Hierdie begrippe kom klassifikasiestelle kyk, wil ek eers 'n paar definisies bepaal, wat ek in my latere genus-spesie model gaan gebruik.
Repairing is the act of improving to and up to originally intended working standard an existing but disfunctional application system.
Invention is the act of designing, building and improving to and up to an intended working standard a new application system.
Improvisation is the act of extending the range of the working standard of an existing application system.
Innovation as field
Ek verdeel die veld van innovering op in drie subvelde, naamlik herstelwerk, uitvinding, en improvisering. Die veld van improvisering word later verder bespreek onder 'n ruitmodel in terme van funksie (of doel) en wyse, die sg. innoveringsmatriks.
Opsommenderwys kan die veld as volg opgedeel en beskryf word:
- Innovation
- optimising
- working standard
- application system
Innovering kan onderverdeel word in drie subvelde:
- Repairing
- improving
- existing
- dysfunctional
- Invention
- design, build, improve
- new
- Improvisation
- extending
- working range
The improvisation matrix...
Die rede hoekom ek 'n matriks gebruik om improvisering te onderverdeel, is omdat dit nie lekker verdeel met 'n streng hiërargiese stelsel nie. 'n Mens sou dalk die veld van improvisering kon onderverdeel in twee velde, naamlik optimering (wat handel oor normale funksie) en kapping (wat handel oor abnormale funksie), maar dan sou die veld van abnormale optimering nie in dieselfde subgroep as kapping val nie, en kappery sou dus as't ware oor die spesiegrens versprei wees.
. |
within |
outwith |
function |
within function |
outwith function |
means |
within means |
outwith means |
Ek wil nie in te veel detail met hierdie ruitmatriks gaan nie, maar kom ek gee net gou 'n paar voorbeelde van algemene improvisasie, met die ruit as agtergrond:
- within function, within means: change arial position of television
- within function, outwith means: bang on television to improve image
- outwith function, (?)means: using a headphone as a microphone
Die vier ruite van die matriks blyk egter nie ewe veel voor te kom nie. Gebruike met normale funksie wat op normale wyse verkry is, is seersekerlik die volopste, gebruike met abnormale funksie wat met abnormale wyse verkry is en gebruike die tweede volopste, en gebruike met normale funksie wat met abnormale wyse verkry is die derde volopste.
Dit wil dan blyk of gebruike met abnormale funksie wat op normale wyse verkry is, amper weglaatbaar sou wees, of dan slegs in gevalle waar die applikasie nie korrek werk nie, en wel absurd funksioneer.
Toepassing van hierdie model...
Op die oomblik blyk dit moeilik te wees (of dalk net baie werk) om rekenaarkappery met hierdie model te beskryf. Dis moeilik, veral omdat die veld tans meesal uit 'n warboel ongelyke en vermengende feite bestaan, eerder as uit die gestruktureerde hiërargie wat moontlik gemaak word in hierdie model.
Vir 'n gedetaileerde bespreking van kappery (en veral rekenaarkappery) sal ek dus 'n meer algemene of vaag uitkyk gebruik, oftewel dan kapping as genus eerder as spesie beskou, hanteer en beskryf.
Towards a working definition of hacking...
The problem with popular hacking is that is defies both definition and classification. Although I have attempted some sort of classification in the previous sections, my attempts at defining it basically went as far as trueisms.
Hacking means altering. Hacking means doing much with little. Hacking also means doing a little more with much. Hacking means breaking into secure systems. Hacking is not cracking. Cracking is a form of hacking, and alas, cracking is a form of hacking.
Sheez, perhaps the only way to possibly discuss hacking, is through description.
However, an academic's approach to hacking is immediately fraught with the danger of confusing and indeed the fusing of differing opinions and moral statements regarding concepts tagged with the same word "hacking". Although in an academic reality I cannot ignore this fact in an accurate assessment, for the purposes of this last section I will do just that.
The joyrider...
A popular, and frequently accurate, analogy of hacking, is that of joyriding -- joyriding being the unlawful borrowing of someone's car for a limited period of time, such as an evening, for the assumed purpose of driving in excess of the limits of the law, at no expence to oneself, and at no longterm risk of capture.
Traditionally, computer hacking involves the flouting of security systems of public (and broad public) applications to satisfy both curiosity and the ego. Popular phreaking is just that, and most hacker literature revolves around that concept.
In a standard hack, as in a standard joyride,
- access to a secure application (a car, a computer)
- is gained illegitimately or illicitly or illegally
- in order to allow usage at not one's own expense
- with relatively little longterm risk (if you scratch the car, if you crash the computer)
- a lot of excitement (avoiding capture, or the idea of being possibly stalked)
- from getting away with it (soothes the ego, i.e. "I am smarter than them...")
As in a standard hack, standard joyriding offers several advantages over getting one's own application system (car or computer):
- There are very few start-up costs
- There are very few (if any) maintenance costs
- There are a wide variety of models to choose from, and the flexibility to try them all in several different configurations
- There are very few (if any) repairation costs
- It provides high-risk excitement.
- and others...
The excuse factor...
Of course, hackers have some advantages over joyriders, and then in the form of some pretty good excuses. It should be interesting to examine several tens of such excuses, and classify them into categories. From experience I can however deduce some form of excuse hierarchy.
- Broadly speaking, all hackers excuse themselves with the argument, "an open door may legitimately be accessed". Also broadly speaking, all access hackers excuse themselves with the argument, "an unlocked door is an open door". After that...
- hackers excuse themselves for not being crackers;
- crackers excuse themselves for not causing harm;
- harming crackers excuse themselves for not harming the meek, only the strong;
- malicious crackers excuse themselves with the argument, "a badly locked door is an unlocked door"; and finally
- unexcusing crackers stand on their rights as free citizens with total freedom of speech, freedom of mode and freedom of movement.
The admission vs. the excuse...
A common trait of humans (and this ties in beautifully with christian theology), is that they admit to having done the sinful deed, but instead of actually admitting to having sinned, they excuse their deed by stating that their action was is some way legitimate, even if it was clearly sinful.
To put it in another way, "I have sinned, but I have a very good reason, therefore I am excused from blame."
A speeding motorist says, "I have went over the speed limit, but I was in a hurry, therefore my action is permitted." Or, "... I was late for an important meeting, therefore my action is not as bad as those who speed for fun, and therefore my action is permitted." Or, "no one was hurt, therefore my action is permitted."
A child in a brawl says, "I hit him, but he insulted me, therefore my action is permitted." Or, "... he hit me first, therefore my action is permitted."
In these two examples are used the four most commonly used excuses, namely:
- there were extraodinary circumstances;
- at least I'm not as bad as some other people;
- my ego/person/property/freedom was threatened in some way; and
- they started it, they did it first.
The motorist may also say, "... no one was hurt, therefore my action is permitted." Similarly the brawling child may well say, "... he is strong enough to take it, therefore my action is permitted." Also, a dishonest car dealer may say "I sold a damaged car, but the damage will only become apparent much later, or the damage will only have a bad effect much later, therefore my action is permitted."
These last three examples are the more common secondary excuses used, and they range from silly at first to downright outrageous at last (if you'll permit me some moral and ethical prejudgment):
- no one got hurt;
- those who got hurt were able to absorb the hurt; and
- the damage is not immediately or ever apparent or of any real consequence.
Examples in hacking...
I will give single examples of each of these excuses in the field of hacking.
- Action: hacker runs password sniffers on his company's network. Excuse: hacker was merely testing the security of the system.*
- Action: hacker sends an e-mail flame worth 100 kb. Excuse: some other hackers send flames worth 10 mb or more, or even multiple messages of 100 kb or so.
- Action: hacker cracks the copyright protection of shareware. Excuse: the free flow and distibution of information and good faith was threatened.
- Action: hacker nukes another user's internet connection. Excuse: they were being difficult, or they were insulting, or they tried to nuke my connection (and failed, ha!).
- Action: hacker scans a network's e-mail for the words "pregnancy" and "sex", to read other people's e-mail. Excuse: it's good, clean fun, and no one got hurt.
- Action: hacker phreaks free phone calls. Excuse: it's a big corporation, and any damage (in terms of theft) is minimal compared to their budgets.
- Action: hacker uses someone else's credit card. Excuse: no one will notice for quite a while, or when they notice they will probably not be too worried.
*Any implied or inferred reference to Kevin Mitnick is purely accidental and not at all intended. Okay?
Hacker's ethics... briefly
Hacker's ethics asks two things: "How far down the excuse hierarchy are you?" And "How valid is your excuse?" The second of these may need no further comment, but I will briefly touch on the first one.
Question: May hackers inflict damage to an innocent, or poor, or good, or ignorant person? Or to a known friend (without his knowledge)?
- You may well steal from a rich person... but may you steal from a poor person?
- You may well damage systems of offending companies (e.g. those who operate questionable practices)... but may you damage systems of companies of whom there are no complaints?
- You may well bomb a person for being difficult on purpose... but what about a newbie, or someone who acts out of ignorance?
Two common hacker's ethics sets...
There are two very common hacker's ethics sets, namely those out to do good (the broader good, that is. *g*), and those out to have fun. Strictly speaking even the first category is out to have fun, but second category hackers often preclude the first.
To put it another way. First category hackers have a primary objective to do good, and a secondary objective to have fun. The second category hackers have a primary and secondary objective to have fun.
(1.)
The first hacker's ethics set (which is the popular "hacker proper" ethics) states that "our fight is against the establishment", i.e. the rich, the successful, the evil. This ethics therefore states that good is to be done to the good, the innocent, the ignorant and the meek (or at least, they are to be left alone), and ultimately society as a whole, or in a broad sense.
The same act may well be both in compliance and not in compliance to this rule, based on its performance in light of the "valid excuse" rule. Cracking the copyright protection of shareware may be ethically unjustifiable in the sense that it does harm to the author of the program, but ethically very justifyable in the sense that it contributes to the broader good of "free information" and "trust relationships".
This first hacker's ethics set comes in two varieties (two camps), which concerns the question: "Does doing good to the innocent and meek include or preclude doing bad to the guilty and evil?"
In answering this question, both camps commonly make their decision primarily based on the second category, namely "Is this within reasonably parameters of having fun?" (to what extent is shelling out punishment in compliance with having fun?). The decision is made secondarily based on the primary objective, namely doing good, "To what extent does shelling out punishment or revenge contribute to the lesser or broader good?"
(2.)
Of the second category of hacker's ethics not much more can be said.
Old school hackers may make the distinction (too narrow, in my opinion, but nonetheless of noteworthy value, even if only historical) between hackers and crackers by refering to the second category hackers as "cracker proper" and the first as "hacker proper".
Often in hacker literature (fiction) the theme of having fun is overplayed, and the theme of doing good is underplayed. This creates the impression among non-hackers and certain so-called "lamer" hackers and "newbie" hackers that the first category of hacking is the less commonly preferred set.
Which brings us to the next issue: what is a cracker (i.e. "cracker proper")?
Cracking as opposed to hacking...
Very few people admit to being crackers. Even hackers who shun crackers commonly use tools which are called "cracker's tools". This seemingly inconsistency is explained in the various possible descriptions of what cracking really is, and what hacking really is.
It may be said that crackers are people who
- does illegal or illegitimate hacking;
- purposively damages system which they break into;
- are up to no good;
- get paid to hack; or
- have no indepth knowledge of a system, but instead uses little programs written by hackers, programs intended for good but used for evil.
The first four descriptions may well be viewed by hackers as grey areas. The fifth one is the most common accusation thrown at the cracker proper. He does not know the system, he simply abuses it. It is him who uses an e-mail bomb without understanding the principles that lie behind it, who merely downloaded a little tool program from a site, and who uses it indiscriminately. He is the true cracker, the blunt end of hackerdom.
Perhaps I can borrow some quotes from the movie "Backdraft":
"He knows the beast, but does not love it..." -- cracker proper
"He knows the beast, and cherishes it..." -- hacker proper
"He wants to know the beast, but knows not of cherishing it..." -- wannabe or newbie
"He does not know the beast, but loves it..." -- lamer
"He does not know the beast, and cares naught for it..." -- user or luser
Let us look quickly at the movie classic cracker: he hacks into a company's computers to steal information, on behalf of a rival. He is a cracker, all right, but what if...
What if he doesn't do any structural damage? What if he doesn't get paid? What if he doesn't do it on behalf of a rival? What if he does not "steal" information, but simply "gathers" it? What if he does not do it on behalf of anybody? What if he accidently stumbled on the information? What if he accidently stumbled on the access to the information? What if the information was very poorly protected or very poorly hidden? What if his actions are not illegitimate? What if his actions are not illegal?
Perhaps even academic studies of hacking and cracking may have to eventually treat it all as a single subject -- all hacking and cracking and preaking... it's all hacking, really.
Endnote to wannabe hackers...
Do be careful. Know your ethics well. Know where you stand. And beware of crap.
This site is a Hackernews affiliate site. Visit Hackernews for intelligent articles.
http://www.hackernews.com/
ingeskrewe lid
|
(c) Samuel Murray, 1998
ordinateur@websurfer.co.za
http://geocities.datacellar.net/Wellesley/5897/le09.html
werf geskep: 1998-10-20 (vorige werf 1998-09-17)
werf hersien: 1999-07-28
werf bygewerk: 1999-11-22
lettertipes gebruik: helvetica, brandley hand, en enya
|
|
|
teken my gasteboek
lees gasteboek
|