On Tue, 23 Apr 1996, Dermot Tynan wrote:
> Bruce Marshall wrote:
> > Wait a minute.. How did we get from hackers to virus writers? These
> > are typically two different classes of people.
> What I'm suggesting, is that perhaps the traditional hacker as an
> intelligent social misfit (excuse the pigeonholing) will give way to
> people who are bent on destruction and self-promotion - akin to the
> virus writers. That the old image of a hacker will be superceded by a
> more Gen-X image of someone who's out to make life "hell on the
> Internet."
Personally, I don't really see any reason that such a change in the
social structure of the hacking realm would happen. I would grant you
that with the increased popularity of the Internet you are more likely to
have such individuals, as they increase proportionately with the rest of
the net denizens.
This destructiveness also tends to occur in stage-like situations
anyway, so it is likely that the majority of these people will move on to
other things as they get bored with malicious hacking.
> > These people have been on the Internet since before RTM Jr.
> > decided to 'share' his worm with the world.
>
> But I think we're talking about a different beast. The RTMs of the
> world were people who were willing to finesse the finer details of IP
> (or buffer overruns!) to attack a system, almost as a proof of
> concept. Again looking at virii, the original work was almost
> revolutionary. The idea of a self-replicating program. Once the
> ground work was laid, it was easy for the copycat brigade to use the
> existing technology for their own purposes.
True. But your original comment seemed to be to portraying an image
of the Internet being free of virus authors until recently. This is far
from the truth. The birth of the WWW has ushered in a new day of VX
(virus exchange) sites though as it makes transfering programs much easier.
> Extending this to the
> Internet, CERT are reporting a rapid increase in familiar attacks.
> These aren't down to one person, they're down to people who are just
> compiling the code, and hammering the systems.
Once again, while this is increasing I would wager that it is a
relatively proportionate amount to total Internet growth.
> They don't care about
> firewalls. If 50% of the sites (and I don't know what the magic
> number is) are protected by firewalls, they'll concentrate on the
> other 50%.
I read a statistic somewhere recently that said a good number (around
30% maybe) of sites with firewalls installed were still hacked. And
hackers are finding ways to circumvent "secure" systems all the time.
> To use an analogy, the first wave are people who do the
> hard work of finding and exploiting the holes. Maybe just for the
> sake of it, or because they know they can. The second wave take this
> technology and without necessarily understanding it, use it to launch
> far more attacks, and for other motivations.
I believe your analogy of the first wave is pretty accurate, but why
do you assume that the inheritors of their work would necessarily be
malicious? Most hackers, or security professionals for that matter,
don't find new holes right after they enter the field. They look at
existing holes and work to increase their knowledge to a point where they
are able to discover flaws on their own. Usually it is a progressive
process.
> Unfortunately, while they do appear to grow up and move on, they are
> replaced. What motivated them originally will motivate someone else.
Yes, we will always have to put up with these types of individuals.
The trick is to take away all incentives of participating in such activities.
Bruce Marshall
References:
|
|
