- The Morris worm of November 1998. Robert Morris was an
undergrad at Cornell U. His father was/is a famous computer security
expert. Morris knew about various security holes in Unix systems via his
father & common knowledge at the time.
Morris wrote a self-replicating program that spread itself from
computer to computer.
- A "worm" is a self-replicating program that
does not serve any other purpose than its own
- ... versus a "virus," which
is a self-replicating program that attaches itself to a legitimate program
- ... versus a phage, which completely replaces a legitimate program
- (in practice, it's sometimes hard to tell one from the other)
Morris' worm infected a good proportion of the Unix computers on
the Internet at the time over a period of a couple of days. Most of
the source code is (was) available; local copy here.
From ftp://ftp.cerias.purdue.edu/pub/doc/morris_worm/FAQ :
Robert T. Morris, the author of the Internet Worm program, was
convicted of a Federal felony in the case. The law involved was 18 USC
1030 (A)(5)(a), the Computer Crime and Abuse Act of 1986. He was found
guilty in February of 1990 in US District Court in Syracuse, NY.
In May of 1990, he was sentenced -- outside of Federal sentencing
guidelines -- to 3 years of probation, 400 hours of community service,
and $10,050 in fines plus probation costs. His lawyers appealed the
conviction to the Circuit Court of Appeals, and the conviction was
upheld. His lawyers then appealed to the Supreme Court, but the Court
declined to hear the case -- leaving the conviction intact.
Morris was the first to be tried under the Computer Fraud
and Abuse Act of 1986. His worm served as a wake-up call to the security
world. The most evident concrete outcome was the formation of
CERT, with the purpose of being
a central source for reporting computer security incidents, as well as
maintaining listings of key personnel at Internet sites in the US.
- Operation SunDevil and the Hacker Crackdown. As chronicled in
Stirling's
Hacker Crackdown, Barlow's Crime and
Puzzlement and elsewhere, law enforcement took an active role in
fighting computer crime in 1990.
The US Secret Service (part of the Treasury Department) played
a leading role that has since been taken by the FBI. They obtained
search (usually not arrest) warrants and confiscated lots of
computer equipment, mostly belonging to teenagers. Almost no criminal
charges were ever filed.
Some BBS operators, including Steve Jackson Games, also suffered
as a result of having copies of illicit documents, including the
famous E911
document (local copy).
Part of the impetus against SJG & others was the
risk and dollar value of the E911 document: nearly $80K, plus
fear that the document would give hackers control over emergency
services.
In the end, the main long-term impact outside of the individuals
involved was the formation of the EFF, through a partnership of
John Perry Barlow, Mitch Kapor and Harry Silverstein. The EFF still
exists, though seriously diluted by corporate contributions, and played
a key role in the DVD case.
- Kevin Mitnick did not break into NORAD's computers, by
all accounts (including the DoD's). But he was a computer criminal, with
an emphasis on "social engineering." He had strong skills with cell
phones as well.
His main assets are creativity and persistence. Using well-known
techniques, he would talk his way into getting insider information
at organizations, then use this as a springboard to elevate his
access.
Mitnick didn't sell information he got, and evidently never profited
from his crimes (he held "straight" jobs most of the time). But he did
get caught, several times, and spent time in jail.
On July 4, 1994, the New York Times published a front-page article
by John Markoff citing Mitnick as the world's most dangerous computer
hacker. On December 25, 1994, somebody broke into the home computer
of UCSD computer expert Tsotomu Shimomura. Shimomura became convinced
that it was Mitnick, and began working with Markoff to track him down.
On February 15, 1995, Mitnick was arrested in Raleigh, NC. He
stayed in prison until January 21, 2000 (just shy of 5 years). His release
was a result of a plea bargain. Mitnick was denied a bail hearing,
and spent many months in solitary confinement and other months with
violent offenders - the basis of this was the dollar value of his
alleged crimes, totalling hundreds of millions of dollars for
possessing source code to cell phones and operating systems.
See "NYTimes Reporter Issues Weak Response to Charges of Libelous and
Defamatory Reporting January 23, 2000" in kevinmitnick.com for Kevin's
refutation of Markoff's claims against him.
- Back Orifice. See the Web site at bo2k.com, current developments (if
any) at sorceforge.net.
Back Orifice is a tool for remote administrative access to Win95/98
computers. It is similar to legitimate (commercial) tools for this
purpose.
BO & BO2k are feared and misunderstood. They are flagged
as viruses by scanners from Norton and McAffee. However, they have
all the features of commercial remote management software and then
some, but without the price tag or support. (But with source code.)
The writers of BO2k work hard to make sure they are not taken
seriously, see cultdeadcow.com,
and have not been charged with crimes.
- Recent email viruses. 2 years ago, common knowledge was that
email viruses were impossible. This is because email is content, not
programs.
Macro processing capability built into MS Office (and other tools)
has changed this. Because email attachments may be easily or automatically
opened, and those attachments might contain macros or similar instructions,
there is potential for mis-use.
What steps have you taken to protect yourself against email
viruses?
|