Электронная библиотека
Библиотека .орг.уа
Поиск по сайту
Фантастика. Фэнтези
   Зарубежная фантастика
      Bruce Sterling. The hacker crackdown -
Страницы: - 1  - 2  - 3  - 4  - 5  - 6  - 7  - 8  - 9  - 10  - 11  - 12  - 13  - 14  - 15  - 16  -
17  - 18  - 19  - 20  - 21  - 22  - 23  - 24  - 25  - 26  - 27  - 28  - 29  - 30  - 31  - 32  - 33  -
34  - 35  -
tigations Committee (FCIC) is the most important and influential organization in the realm of American computer-crime. Since the police of other countries have largely taken their computer-crime cues from American methods, the FCIC might well be called the most important computer crime group in the world. It is also, by federal standards, an organization of great unorthodoxy. State and local investigators mix with federal agents. Lawyers, financial auditors and computer-security programmers trade notes with street cops. Industry vendors and telco security people show up to explain their gadgetry and plead for protection and justice. Private investigators, think-tank experts and industry pundits throw in their two cents' worth. The FCIC is the antithesis of a formal bureaucracy. Members of the FCIC are obscurely proud of this fact; they recognize their group as aberrant, but are entirely convinced that this, for them, outright *weird* behavior is nevertheless *absolutely necessary* to get their jobs done. FCIC regulars -- from the Secret Service, the FBI, the IъS, the Department of Labor, the offices of federal attorneys, state police, the Air Force, from military intelligence -- often attend meetings, held hither and thither across the country, at their own expense. The FCIC doesn't get grants. It doesn't charge membership fees. It doesn't have a boss. It has no headquarters -- just a mail drop in Washington DC, at the Fraud Division of the Secret Service. It doesn't have a budget. It doesn't have schedules. It meets three times a year -- sort of. Sometimes it issues publications, but the FCIC has no regular publisher, no treasurer, not even a secretary. There are no minutes of FCIC meetings. Non-federal people are considered "non-voting members," but there's not much in the way of elections. There are no badges, lapel pins or certificates of membership. Everyone is on a first- name basis. There are about forty of them. Nobody knows how many, exactly. People come, people go -- sometimes people "go" formally but still hang around anyway. Nobody has ever exactly figured out what "membership" of this "Committee" actually entails. Strange as this may seem to some, to anyone familiar with the social world of computing, the "organization" of the FCIC is very recognizable. For years now, economists and management theorists have speculated that the tidal wave of the information revolution would destroy rigid, pyramidal bureaucracies, where everything is top- down and centrally controlled. Highly trained "employees" would take on much greater autonomy, being self-starting, and self-motivating, moving from place to place, task to task, with great speed and fluidity. "Ad-hocracy" would rule, with groups of people spontaneously knitting together across organizational lines, tackling the problem at hand, applying intense computer-aided expertise to it, and then vanishing whence they came. This is more or less what has actually happened in the world of federal computer investigation. With the conspicuous exception of the phone companies, which are after all over a hundred years old, practically *every* organization that plays any important role in this book functions just like the FCIC. The Chicago Task Force, the Arizona ъacketeering Unit, the Legion of Doom, the Phrack crowd, the Electronic Frontier Foundation -- they *all* look and act like "tiger teams" or "user's groups." They are all electronic ad-hocracies leaping up spontaneously to attempt to meet a need. Some are police. Some are, by strict definition, criminals. Some are political interest-groups. But every single group has that same quality of apparent spontaneity -- "Hey, gang! My uncle's got a barn -- let's put on a show!" Every one of these groups is embarrassed by this "amateurism," and, for the sake of their public image in a world of non-computer people, they all attempt to look as stern and formal and impressive as possible. These electronic frontier-dwellers resemble groups of nineteenth-century pioneers hankering after the respectability of statehood. There are however, two crucial differences in the historical experience of these "pioneers" of the nineteeth and twenty-first centuries. First, powerful information technology *does* play into the hands of small, fluid, loosely organized groups. There have always been "pioneers," "hobbyists," "amateurs," "dilettantes," "volunteers," "movements," "users' groups" and "blue-ribbon panels of experts" around. But a group of this kind - - when technically equipped to ship huge amounts of specialized information, at lightning speed, to its members, to government, and to the press -- is simply a different kind of animal. It's like the difference between an eel and an electric eel. The second crucial change is that American society is currently in a state approaching permanent technological revolution. In the world of computers particularly, it is practically impossible to *ever* stop being a "pioneer," unless you either drop dead or deliberately jump off the bus. The scene has never slowed down enough to become well-institutionalized. And after twenty, thirty, forty years the "computer revolution" continues to spread, to permeate new corners of society. Anything that really works is already obsolete. If you spend your entire working life as a "pioneer," the word "pioneer" begins to lose its meaning. Your way of life looks less and less like an introduction to "something else" more stable and organized, and more and more like *just the way things are.* A "permanent revolution" is really a contradiction in terms. If "turmoil" lasts long enough, it simply becomes *a new kind of society* -- still the same game of history, but new players, new rules. Apply this to the world of late twentieth-century law enforcement, and the implications are novel and puzzling indeed. Any bureaucratic rulebook you write about computer-crime will be flawed when you write it, and almost an antique by the time it sees print. The fluidity and fast reactions of the FCIC give them a great advantage in this regard, which explains their success. Even with the best will in the world (which it does not, in fact, possess) it is impossible for an organization the size of the U.S. Federal Bureau of Investigation to get up to speed on the theory and practice of computer crime. If they tried to train all their agents to do this, it would be *suicidal,* as they would *never be able to do anything else.* The FBI does try to train its agents in the basics of electronic crime, at their base in Quantico, Virginia. And the Secret Service, along with many other law enforcement groups, runs quite successful and well-attended training courses on wire fraud, business crime, and computer intrusion at the Federal Law Enforcement Training Center (FLETC, pronounced "fletsy") in Glynco, Georgia. But the best efforts of these bureaucracies does not remove the absolute need for a "cutting-edge mess" like the FCIC. For you see -- the members of FCIC *are* the trainers of the rest of law enforcement. Practically and literally speaking, they are the Glynco computer-crime faculty by another name. If the FCIC went over a cliff on a bus, the U.S. law enforcement community would be rendered deaf dumb and blind in the world of computer crime, and would swiftly feel a desperate need to reinvent them. And this is no time to go starting from scratch. On June 11, 1991, I once again arrived in Phoenix, Arizona, for the latest meeting of the Federal Computer Investigations Committee. This was more or less the twentieth meeting of this stellar group. The count was uncertain, since nobody could figure out whether to include the meetings of "the Colluquy," which is what the FCIC was called in the mid-1980s before it had even managed to obtain the dignity of its own acronym. Since my last visit to Arizona, in May, the local AzScam bribery scandal had resolved itself in a general muddle of humiliation. The Phoenix chief of police, whose agents had videotaped nine state legislators up to no good, had resigned his office in a tussle with the Phoenix city council over the propriety of his undercover operations. The Phoenix Chief could now join Gail Thackeray and eleven of her closest associates in the shared experience of politically motivated unemployment. As of June, resignations were still continuing at the Arizona Attorney General's office, which could be interpreted as either a New Broom Sweeping Clean or a Night of the Long Knives Part II, depending on your point of view. The meeting of FCIC was held at the Scottsdale Hilton ъesort. Scottsdale is a wealthy suburb of Phoenix, known as "Scottsdull" to scoffing local trendies, but well-equipped with posh shopping- malls and manicured lawns, while conspicuously undersupplied with homeless derelicts. The Scottsdale Hilton ъesort was a sprawling hotel in postmodern crypto-Southwestern style. It featured a "mission bell tower" plated in turquoise tile and vaguely resembling a Saudi minaret. Inside it was all barbarically striped Santa Fe Style decor. There was a health spa downstairs and a large oddly-shaped pool in the patio. A poolside umbrella-stand offered Ben and Jerry's politically correct Peace Pops. I registered as a member of FCIC, attaining a handy discount rate, then went in search of the Feds. Sure enough, at the back of the hotel grounds came the unmistakable sound of Gail Thackeray holding forth. Since I had also attended the Computers Freedom and Privacy conference (about which more later), this was the second time I had seen Thackeray in a group of her law enforcement colleagues. Once again I was struck by how simply pleased they seemed to see her. It was natural that she'd get *some* attention, as Gail was one of two women in a group of some thirty men; but there was a lot more to it than that. Gail Thackeray personifies the social glue of the FCIC. They could give a damn about her losing her job with the Attorney General. They were sorry about it, of course, but hell, they'd all lost jobs. If they were the kind of guys who liked steady boring jobs, they would never have gotten into computer work in the first place. I wandered into her circle and was immediately introduced to five strangers. The conditions of my visit at FCIC were reviewed. I would not quote anyone directly. I would not tie opinions expressed to the agencies of the attendees. I would not (a purely hypothetical example) report the conversation of a guy from the Secret Service talking quite civilly to a guy from the FBI, as these two agencies *never* talk to each other, and the IъS (also present, also hypothetical) *never talks to anybody.* Worse yet, I was forbidden to attend the first conference. And I didn't. I have no idea what the FCIC was up to behind closed doors that afternoon. I rather suspect that they were engaging in a frank and thorough confession of their errors, goof-ups and blunders, as this has been a feature of every FCIC meeting since their legendary Memphis beer- bust of 1986. Perhaps the single greatest attraction of FCIC is that it is a place where you can go, let your hair down, and completely level with people who actually comprehend what you are talking about. Not only do they understand you, but they *really pay attention,* they are *grateful for your insights,* and they *forgive you,* which in nine cases out of ten is something even your boss can't do, because as soon as you start talking "ъOM," "BBS," or "T-1 trunk," his eyes glaze over. I had nothing much to do that afternoon. The FCIC were beavering away in their conference room. Doors were firmly closed, windows too dark to peer through. I wondered what a real hacker, a computer intruder, would do at a meeting like this. The answer came at once. He would "trash" the place. Not reduce the place to trash in some orgy of vandalism; that's not the use of the term in the hacker milieu. No, he would quietly *empty the trash baskets* and silently raid any valuable data indiscreetly thrown away. Journalists have been known to do this. (Journalists hunting information have been known to do almost every single unethical thing that hackers have ever done. They also throw in a few awful techniques all their own.) The legality of 'trashing' is somewhat dubious but it is not in fact flagrantly illegal. It was, however, absurd to contemplate trashing the FCIC. These people knew all about trashing. I wouldn't last fifteen seconds. The idea sounded interesting, though. I'd been hearing a lot about the practice lately. On the spur of the moment, I decided I would try trashing the office *across the hall* from the FCIC, an area which had nothing to do with the investigators. The office was tiny; six chairs, a table.... Nevertheless, it was open, so I dug around in its plastic trash can. To my utter astonishment, I came up with the torn scraps of a SPъINT long-distance phone bill. More digging produced a bank statement and the scraps of a hand-written letter, along with gum, cigarette ashes, candy wrappers and a day-old-issue of USA TODAY. The trash went back in its receptacle while the scraps of data went into my travel bag. I detoured through the hotel souvenir shop for some Scotch tape and went up to my room. Coincidence or not, it was quite true. Some poor soul had, in fact, thrown a SPъINT bill into the hotel's trash. Date May 1991, total amount due: $252.36. Not a business phone, either, but a residential bill, in the name of someone called Evelyn (not her real name). Evelyn's records showed a ## PAST DUE BILL ##! Here was her nine-digit account ID. Here was a stern computer-printed warning: "TъEAT YOUъ FONCAъD AS YOU WOULD ANY CъEDIT CAъD. TO SECUъE AGAINST FъAUD, NEVEъ GIVE YOUъ FONCAъD NUMBEъ OVEъ THE PHONE UNLESS YOU INITIATED THE CALL. IF YOU ъECEIVE SUSPICIOUS CALLS PLEASE NOTIFY CUSTOMEъ SEъVICE IMMEDIATELY!" I examined my watch. Still plenty of time left for the FCIC to carry on. I sorted out the scraps of Evelyn's SPъINT bill and re-assembled them with fresh Scotch tape. Here was her ten-digit FONCAъD number. Didn't seem to have the ID number necessary to cause real fraud trouble. I did, however, have Evelyn's home phone number. And the phone numbers for a whole crowd of Evelyn's long-distance friends and acquaintances. In San Diego, Folsom, ъedondo, Las Vegas, La Jolla, Topeka, and Northampton Massachusetts. Even somebody in Australia! I examined other documents. Here was a bank statement. It was Evelyn's IъA account down at a bank in San Mateo California (total balance $1877.20). Here was a charge-card bill for $382.64. She was paying it off bit by bit. Driven by motives that were completely unethical and prurient, I now examined the handwritten notes. They had been torn fairly thoroughly, so much so that it took me almost an entire five minutes to reassemble them. They were drafts of a love letter. They had been written on the lined stationery of Evelyn's employer, a biomedical company. Probably written at work when she should have been doing something else. "Dear Bob," (not his real name) "I guess in everyone's life there comes a time when hard decisions have to be made, and this is a difficult one for me -- very upsetting. Since you haven't called me, and I don't understand why, I can only surmise it's because you don't want to. I thought I would have heard from you Friday. I did have a few unusual problems with my phone and possibly you tried, I hope so. "ъobert, you asked me to 'let go'..." The first note ended. *Unusual problems with her phone?* I looked swiftly at the next note. "Bob, not hearing from you for the whole weekend has left me very perplexed..." Next draft. "Dear Bob, there is so much I don't understand right now, and I wish I did. I wish I could talk to you, but for some unknown reason you have elected not to call -- this is so difficult for me to understand..." She tried again. "Bob, Since I have always held you in such high esteem, I had every hope that we could remain good friends, but now one essential ingredient is missing - - respect. Your ability to discard people when their purpose is served is appalling to me. The kindest thing you could do for me now is to leave me alone. You are no longer welcome in my heart or home..." Try again. "Bob, I wrote a very factual note to you to say how much respect I had lost for you, by the way you treat people, me in particular, so uncaring and cold. The kindest thing you can do for me is to leave me alone entirely, as you are no longer welcome in my heart or home. I would appreciate it if you could retire your debt to me as soon as possible -- I wish no link to you in any way. Sincerely, Evelyn." Good heavens, I thought, the bastard actually owes her money! I turned to the next page. "Bob: very simple. GOODBYE! No more mind games -- no more fascination -- no more coldness -- no more respect for you! It's over -- Finis. Evie" There were two versions of the final brushoff letter, but they read about the same. Maybe she hadn't sent it. The final item in my illicit and shameful booty was an envelope addressed to "Bob" at his home address, but it had no stamp on it and it hadn't been mailed. Maybe she'd just been blowing off steam because her rascal boyfriend had neglected to call her one weekend. Big deal. Maybe they'd kissed and made up, maybe she and Bob were down at Pop's Chocolate Shop now, sharing a malted. Sure. Easy to find out. All I had to do was call Evelyn up. With a half-clever story and enough brass- plated gall I could probably trick the truth out of her. Phone-phreaks and hackers deceive people over the phone all the time. It's called "social engineering." Social engineering is a very common practice in the underground, and almost magically effective. Human beings are almost always the weakest link in computer security. The simplest way to learn Things You Are Not Meant To Know is simply to call up and exploit the knowledgeable people. With social engineering, you use the bits of specialized knowledge you already have as a key, to manipulate people into believing that you are legitimate. You can then coax, flatter, or frighten them into revealing almost anything you want to know. Deceiving people (especially over the phone) is easy and fun. Exploiting their gullibility is very gratifying; it makes you feel very superior to them. If I'd been a malicious hacker on a trashing raid, I would now have Evelyn very much in my power. Given all this inside data, it wouldn't take much effort at all to invent a convincing lie. If I were ruthless enough, and jaded enough, and clever enough, this momentary indiscretion of hers -- maybe committed in tears, who knows -- could cause her a whole world of confusion and grief. I didn't even have to have a *malicious* motive. Maybe I'd be "on her side," and call up Bob instead, and anonymously threaten to break both his kneecaps if he didn't take Evelyn out for a steak dinner pronto. It was still profoun

Страницы: 1  - 2  - 3  - 4  - 5  - 6  - 7  - 8  - 9  - 10  - 11  - 12  - 13  - 14  - 15  - 16  -
17  - 18  - 19  - 20  - 21  - 22  - 23  - 24  - 25  - 26  - 27  - 28  - 29  - 30  - 31  - 32  - 33  -
34  - 35  -

Все книги на данном сайте, являются собственностью его уважаемых авторов и предназначены исключительно для ознакомительных целей. Просматривая или скачивая книгу, Вы обязуетесь в течении суток удалить ее. Если вы желаете чтоб произведение было удалено пишите админитратору