Chapter 1. Introduction: Some Fundamental Questions
In today's world of international networks and
electronic commerce, every computer system is a potential target.
Rarely does a month go by without news of some major network or
organization having its computers penetrated by unknown computer
criminals. These intrusions have become especially sinister in recent
years: computers have been turned into attack platforms for launching
massive denial of service attacks, credit-card numbers have been
plundered from databases and then used for fraud or extortion,
hospital medical records have been accessed by children who then used
the information to play malicious practical jokes on former patients,
business records have been surreptitiously altered, software has been
replaced with secret "back doors"
in place, and millions of passwords have been captured from
unsuspecting users. There are also reports of organized crime, agents
of hostile nation states, and terrorists all gaining access to
government and private computer systems, and using those systems for
All attacks on computer systems are potentially damaging and costly.
Even if nothing is removed or altered, system administrators must
often spend hours or days analyzing the penetration and possibly
reloading or reconfiguring a compromised system to regain some level
of confidence in the system's integrity. As there is
no way to know the motives of an intruder, and the worst must always
People who break into systems simply to
"look around" do real damage, even
if they do not access confidential information or delete files.
different kinds of people break into computer systems. Some people
are the equivalent of reckless teenagers out on electronic joy rides.
Similar to youths who "borrow" fast
cars, their main goal isn't necessarily to do
damage, but to have what they consider to be a good time. Others are
far more dangerous: some people who compromise system security are
sociopaths—their goal is to break into as many systems as
possible for the mere challenge of doing so. Others see themselves as
being at "war" with rival hackers;
woe to innocent users and systems who happen to get in the way of
cyberspace "drive-by shootings!"
Still others are out for valuable corporate information, which they
hope to resell for profit or use for blackmail. There are also
elements of organized crime, spies, saboteurs, terrorists, and
HACKER noun 1. A person who enjoys
learning the details of computer systems and how to stretch their
capabilities—as opposed to most users of computers, who prefer
to learn only the minimum amount necessary. 2. One who programs
enthusiastically or who enjoys programming rather than just
theorizing about programming.
—Eric S. Raymond, et al., The Hacker's Dictionary
There was a time when computer security professionals argued over the
term hacker. Some
thought that hackers were excellent and somewhat compulsive computer
programmers, such as Richard Stallman, founder of the Free
Software Foundation. Others thought that hackers were criminals, like
the celebrity hacker Kevin Mitnick. Complicating this discussion was
the fact that many computer security professionals had formerly been
hackers themselves—of both persuasions. Some were anxious to
get rid of the word, while others wished to preserve it.
Today the confusion over the term hacker has largely been resolved.
While some computer professionals continue to call themselves
hackers, most don't. In the mind of the public, the
word hacker has been firmly defined as a person exceptionally
talented with computers who often misuses that skill. Use of the term
by members of the news media, law enforcement, and the entertainment
industry has only served to reinforce this definition.
In this book we will generally refrain from using the word
hacker—not out of honor or respect, but because the term is now
so widely used to describe so many different things that it has
virtually ceased to be informative. So instead of the word
we'll try to use descriptive terms such as
attacker, code breaker,
vandal, and thief, as
appropriate. Occasionally, we'll use more generic
terms such as bad guy or, simply,
The most dangerous computer criminals are usually insiders (or former
insiders), because they know many of the codes and security measures
that are already in place. Consider the case of a former employee who
is out for revenge. The employee probably knows which computers to
attack, which files will cripple the company the most if deleted,
what the defenses are, and where the backup tapes are stored.
Nevertheless, when these people attack, they may well come in from
the Internet—perhaps from a compromised computer system in
Eastern Europe or South America—to obscure their true
Despite the risks, having an Internet
presence has become all but a fundamental requirement for doing
business in the United States, Western Europe, and, increasingly, the
rest of the world. Every day, the number of Internet-connected
computers increases. What's more, our concept of
what is a computer continues to broaden as well.
It is now common for handheld devices weighing 8 ounces or less to
have wireless Internet connections; some of these systems even run an
embedded Unix operating system. By all indications, we are likely to
see both more computers and more kinds
of computers attached to the Internet in the years to
come, and they are likely to be always on and always connected. All
of these systems demand protection so that they can be run securely.
Interest in Unix has grown hand-in-hand
with the deployment of the Internet. For many years, Unix ran the
Internet; the majority of web servers on the Internet are still
Unix-based. Unix systems likewise make great firewalls, mail servers,
domain name servers, and more. What's more, you can
download and install a fully functional, up-to-date free Unix system
with only a floppy disk and a high-speed Internet connection.