302 Cnaprer 6 Cotllpurrn eNo Nrtwonr SEcunIrv

of information
into telecommunications systems, combined with the public distribution
"hacker crackdown."
related to break-ins, led to what Bruce sterling calls the
have temporarily disabled Internet-
In the past few years, denial-of-service attacks
managed by many organizations. We examine some popular denial-of-
based serveis
service attack strategies and ways of combating them'
The controversy surrounding the 2000 Presidential election in
Florida has raised
the Internet be superior to our present
the issue of online voting. would voting over
methods? We consider the benefits and risks associated with online voting'

6.2 Yiruses/ Iryorms/ and Troian Horses

active on your
There are a variety of ways in which undesired programs can become
than consume a little
computer. If you are lucky, these programs will do nothing other
may destroy valuable data
CpU time and some disk space. liyou are not so lucky, they
storedinyourcomput..'rfil.,y'tt*'Aninvadingprogrammayallowoutsidersto
seize contiol of youi computer. once this happens, they may use your computer as a
depository for stolen credit card information, u W.b t.tr.. dishing
out pornographic
images, oi a launch pad for spam or denial-of-service attacks
on a corporate server'
..computer pathologists" classifr destructive programs as viruses, worms, or Tiojan
horses. In this section ie describe these invasive programs
and summarize technical
means of defending against them'

6.2.1 Viruses
HOW VIRUSES WORK
program called
A virus is a piece of self-replicating code embedded within another
virus replicates within a computer' When a
the host [t].]igure 6.1 illustrates how a
virus, virus code executes first' The
user executes a irost program infected with a the
and replaces
virus finds another execuiable program stored in the computer's file system
After doing this, the virus allows the host
the program with a virus-infeited program.
to napP-el' If the virus does its work
proSram to execute, which is what the user expected
q"iJf.fy enough, the user may be unaware of the presence of the virus'

Because a virus is attached to a host Program, you may find

viruses anywhere you
disks, floppy disks, CD-RoMs..e.mail attachments, and so
can find program files: hard
on. viruses can be spread f.om machit e to machine via diskettes or cDs' They may
file from t)re Inte-rnet. sometimes viruses are
also be passed *he., a person downloads a
that people downldad and install on their computers'
attached to free computer games
from
A 2003 study revealed that 45 percent ofThe exef.(table files people downloaded
Kazaa contained viruses or Troian horses (which we will cover a little later) [2].
is a file accom-
Today, manyviruses are spreadvia email (Figure 6.2). An attachment
panying u., .-uil message. Attachments may be executable programs,
or they-may be
io.d pio..rring documJnts or spreadsheets containing macros, which are small pieces
of executable .od.. th. user opens an attachment containing a virus' the virus takes
lf
 6.2 VInusEs, WonMs, eNp TnoJaN HonsBs 303

et-
rf-

ed
nt

Ir
1e

ta
lo
a
ic

I
a

t
(

P, which is
Frcunn 6.r How a virus replicates. (a) A computer user executes Program
infected with a virus. (b) The virus code begini to execute.
It finds another executable
with the virus. (c) The virus passes
f.ogru- e and creates a new version of Q infected
:;;;r; to irogram P. The user who expected program P to execute' susPects nothing'

and uses these addresses to

control of the computer, reads the user's email address book,
send virus-contaminated emails to others, as illustrated
in Figure 6'3'
Somevirusesarefairlyinnocent;theysimplyreplicate.Thesevirusesoccupydisk
minor. other viruses
is relatively
space and consume cPU time, but the harm they do
aie malicious and can cause significant damage to a person's file system'
304 Cnepren 6 Colrpurrx. eNo Nprwonx Sscuntrv

Frcunr 6.2 The attachment to this email message probably contains a virus. (The author
didn't open it to find out.)

Frcunr 6.3 How an email virus spreads. A cirmputer user reads an email with an attachment
(1). The user opens the attachment, which contains a virus (2). The virus reads the user's
email address book (3). The virus sends emails with virus-containing attachments (4).
 Vtnusss, Woxtnls, aNo Tnolal HonsBs
305
6.2

WELL-KNOWN COMPUTER VIRUSES

TheBrainvirus(c.1986)wasthefirstvirustomovefromonelBMPCtoanother.The
viruswaswrittenbytheownersofaPakistanicomputerstore.calledBrainComputer
piracy in Pak-
was to determine ihe level of software
Services. They said their purpose
istan. The virus spread internationally,
but it was not malicious and caused no significant
harm to the PCs it infected [3]'
The Michelangelo virus dates backto 1991.
If a PC user executed a program infected
painter and sculptor Michelan-
with the virus on March 6, the birthday of Renaissance
gelo,thevirusoverwro,.t'itit"f"totdsonthebootdisk'tfthebootdiskwastheuser's
harddrive,thecontentsofthedrivewerelost.In|gg2themediawidelyreported.esti.
pcs would be affected by the virus. As it turned out,
mates that as many u, nu.-*iLtion
Some say the whole episode was a classic
only a few thousand .";;;;;;t;tte infected'
example of media hype t1]. others say
th; extensive media publicity encouraged insti-
have been done otherwise. According
to them,
tutions to perform .t..t , irrut *ould not already removed
because institutions had
the outbreak o. rrtur.tr-i *us not significant
the virus [5].
a macro in a Word document attached
to
The Melissa virus (c' 1999) lurked inside
anemailmessage.wt.rrrrr..activatedthevirusbyopeningthe-infectedattachment'
attachmenr to th. firrt 50 people in the-user's
Melissa sent an ..nun *"lrl"g;*iirr rn. In-
email containing the virus flooded the
address book. when rraliir-r""nrrt appeared,
It infected about 100,000 computers in
ternet, crashing *u.,y .*uir ,.,u.., *o,ld*ide.
pled guilty p:*iic the virus at an
its first weekend. David L. Smith of New )ersey !.
alt.sex.usenet group using a stolen AOL
accouni llt' f" Vfuy 2001 Smith was sentenced
hours of community service. He was also fined
to 20 months in r.a..uip'.ison plus 100
$s,ooo [6].
TheLoveBug(c.2000)wasanotherviruslurkinginsideanemailmessage.Unlike
the Love Bug
50 people in a victim's address book'
Melissa, which limited itself to the first of media
created email messag*;;;;;;;"".
in the address book. It deleted some kinds
files stored on the user,siard disk, and
it also collected passwords and emailed them to
Bug was a23-year-
several different u..o*, i., the Philippines. The creator of The Love
had
When he created the virus, the Philippines
.o-p,... ,.ience student.
old Filipino
was not prosecuted [3]'
no laws against computer hacking' and he

VIRUSES TODAY
Commercialantivirussoftwarepackagesallowcomputeruserstodetectanddestroy
keep them up-to-
th;i; computers. To be most effective, users must
viruses lurking on
datebydownloadingpatternscorrespondingtothelatestvirusesfromthevendor,sWeb
site.
Thereisevidencethatfewpeoplearediligentaboutkeepin^gtheircomputersvlrus-
Cotl".g. in August_tf 2003, they were required
free. When students ,"*".a to Oterlin
to have their computers checked for viruses.
sy"ttt* administrators found viruses in 90
operating system [7] '
percent of the computers running the Windows
308 Cnaprrn 6 Coupurpn aNo Nrrwonr Srcunrry

SASSER
The sasser worm, launched in April 2004,
exproited a previousry identified security
weakness with windows computers.
computers with up-to-date software were
the worm' but it infected about safe from
ls million computers worldwide nonetheless. The
fects of the worm were.relativery ef-
benign; inrectea .o*pui.r,
down shortly after booting. still, the
,i*iiy
,r,u, themserves
*lr* rrrua" millions unusable and
disrupted operations at Delta Airlines, the "i."-i",..,
nuropean commission, iurt.uliu, railroads,
and the British coast guard
[14].
After Microsoft offered a €250,000 reward,
a felow student pointed the finger at
German teenager Sven Iaschan, who confessed
to the .rirn. ura'ti., b.gu., working
for German computer fir,, s..u..point.
:.:u..ity Because he was ti-when he released
the worm, Iaschan was tried in a juvenile cou.t, *hich sentenced him to
years'probation and 30 hours of community one-and-a-half
service[14, 15, 16].

INSTANT MESSAGING WORMS

Two early worms to strike instant.messaging
systems were Choke and Hero, which
peared in 200r. worms were less devastiiniback ap_
people used instant messaging. Today,
then, b..;;r;;il;bout r4r million
moreihan g00 milion p.opt"i"f on instant
saging, so the impact of worms can mes_
be much greater. In April 2005 the appearance
the Kelvir worm forced. the Reuters of
,.*,
ug.rr.y to remove 60,000 subscribers from
its
Microsoft-based instant messaging service
ior 2b hours ItZ].

CONFICKER
The Conficker (or Downadup) worm,
which appeared on Windows computers in
November 2008, is notable because computer
r..u.ity.*p.rts have found it particurarry
difficult to eradicate' th: is abre io profogur. in severar ways
variant of the worm used aryr.r
buffer or.rflo*uttu.k"to sp..ad
[18]. The original
not up-to-date with the latest security patches
;";;:;;puters that were
from Microroft. a,b l;;1." how a buffer
overflow attack works, see Figure O.S. j
fhe second version of the worm, which appeared
about a month later, had t*i n.* r.utur., tiui accelerated its spread; the ability to in_
vade computers with wfaf
nas1l0rd protection and the ability to propogate through
USB memory sticks and shared files
on ro.ui"..u networks. Early in 2009,
and 15 million computers were infected between g
with conficker,.including;;;o^ of military
networks in France, the United Kingdom,
and Germany [19].
According to Rodneyloffe of the conficker
working Group, ,,Itt using the best cur_
rent practices and state of the art to
communicate and to protect itself,,
fighting the worm do not-know *t o ...ui.a [20]. Those
ii, they are unsure what its urtimate
PurPose may b9' They do know that the authors of "rathe worm
have continued to release
ever-more-sophisticated variants, and
it appears the worm rr", u.." ur.a to load soft_
.ol computer o,.., i,to purchasing u pr,o,f u,iiui.u, product
;if ,fj::::.jlr.1::
 6.2 Vtnusrs, Wonus, aNo TnoleN Honsrs 309

Return
address

Target
variable

t
\
I
t

:::1r,

fr'ff.' ll I

Frcunr 6.5 A buffer overflow attack is a common way to take control of a computer'
(a) When a computer program makes a function call, the function's parameters and local
variables are stored on the run-time stack, along with the return address-the address to
which control should return when the function completes. The local variables occupl'lorver
memory addresses than the return address. (b) In a variable attack, the goal ofthe intruder is
to change the value ofa key variable. The program expects the user to input some characters.
It has allocated a buffer to store the characters. However, the string of characters provided
by the intruder is too long, and it overflows the buffer, changing the value of the target
variable. (c) In a stack attack, the goal of the intruder is to change the value of the return
address. Again, a longer-than-expected string is input, overflowing the buffer and changing
the value of the return address to point to the start of the buffer. When the function returns,
code inserted by the intruder begins to execute, taking control of the comPuter. One rvay
to prevent these attacks is to add checks to ensure array bounds are not erceeded. Another
prevention measure is to modify the operating system so that it rvill not e\ecute instructions
stored on the run-time stack.
310 Cneprnn 6 Coupurrn aup Nrrwonx Srcunrty

In the summer of 2009 more than five million Windows computers worldwide were
infected with the conficker worm. The rate at which conficker was spreading to new
PCs roughly matched the rate at which it was being erased from other pCs [20].

6.2.3 The Internet Worm

The Internet Worm was the first worm to affect thousands of computers. The pri-
mary source for this narrative is the excellent biography of Robert Morris in Cyber-
punk: Outlaws and Hackers on the Computer Frontier, written by Katie Hafner and ]ohn
Markoff [21].

BACKGROUND OF ROBERT TAPPAN MORRIS, JR.

Robert Thppan Morris, |r., began learning about the Unix operating system when he was
still in junior high school. His father was a computer security researcher at Bell Labs, and
young Morris was given an account on a Bell Labs computer that he could access from
a teletype at home. It didn't take him long to discover security holes in Unix. In a 1982
interview with Gina Kolata, a writer for Smithsonian magazine, Morris admitted he had
broken into networked computers and read other people's email. "I never told myself
that there was nothing wrong with what I was doing," he said, but he acknowledged
that he found breaking into systems challenging and exciting, and he admitted that he
continued to do it.
As an undergraduate at Harvard, Morris majored in computer science. He quickly
gained a reputation for being the computer lab's Unix expert. After his freshman year,
Morris worked at Bell Labs. The result of his work was a technical paper describing a
security hole in Berkeley Unix.
While at Harvard, Morris was responsible for several computer pranks. In one of
them, he installed a program that required people logging in to answer a question posed
by "the Oracle" and then ask the Oracle another question. (The Oracle program worked
by passing questions and answers among people trying to log in.)

DESIGNING THE WORM

Morris entered the graduate program in computer science at Cornell University in the
fall of 1988. He became intrigued with the idea of creating a computer worm that
would exploit bugs he had found in three Unix applications: ftp, sendmai 1, and f i nger.
Morrist worm used a buffer overflow attack to take control of a target computer. His
"wish list" for the worm had about two dozen goals, including:

o Infect three machines per local area network.

. Only consume CPU cycles if the machines are idle.
. Avoid slow machines.
. Break passwords in order to spread to other computers.
The goal of the worm was to infect as many computers as possible. It would not destroy
or corrupt data files on the machines it infected.
 6.2 Vrnusrs, Wonus, eNo TnoIaN Honsr,s 31 1

LAUNCHING THE WORM

On November 2, 1988, Morris learned that a fix for the ftp bug had been posted to the
Internet, meaning his worm program could no longer take advantage of that security
hole. However, nobody had posted fixes to the other two bugs Morris knew about. After
making some last-minute changes to the worm Program> he logged in to a computer at
the MIT Artificial Intelligence Lab and launched the worm at about 7:30 p.m.
The worm quickly spread to thousands of computers at military installations, med-
ical research facilities, and universities. Unfortunately, due to several bugs in the worm's
programming, computers became infected with hundreds of copies of the worm, caus-
ing them to crash every few minutes or become practically unresponsive to the programs
of legitimate users.
Morris contacted friends at Harvard to discuss what ought to be done next. They
agreed that Andy Sudduth would anonymously post a message to the Internet. Sudduth's
message is below.Harvard's computers were not affected (the security holes had already
been patched), and you can tell from the last sentence that Sudduth was having a hard iI

time believing Morris's story: t

il
t
A Possjble virus report: I

rI
There may be a virus loose on the Internet.
Here is the gist of a message I got:

I'm sorry.

Here are some steps to prevent further

transmi ss i on :

1) don't run finger, or fix it to not

overrun its stack when reading arguments.
2) recompile sendmail w/o DEBUG defined
3) don't run rexed

Hope this helps, but more, I hope it is a hoax.

Sudduth's email was supposed to get routed through a comPuter at Brown Univer-
sity. However, computers at Brown were already infected with the virus and did not have
spare cycles to route the message. Also, the email did not have a subject line, which made
it less likely to be read during a crisis. The result is that the message was read too late to
be of any help to those fighting the worm.
System administrators at various universities worked frantically to stop the spread
of the worm. Within a day they had examined the worm's code, discovered the bugs
in sendmai I and f i ngerd, and published fixes to the Internet community. In all, about
6,000 Unix computers had been infected with the worm.
After some sleuthing by reporter John Markofl The New York Times named Robert
Thppan Morris, Jr., as the author of the worm. Morris was suspended from Cornell
312 CHeprrn 6 Col.purpn aNo Nnrwonr Srcunrry

University. A year later, he was the first person to receive a felony conviction under the
U.S. Computer Fraud and Abuse Act. He was sentenced to 3 years' probation, 400 hours
of community service, and fined $10,000. His legal fees and fines exceeded $150,000.

ETHICAL EVALUATION
Was Robert Morris, fr., wrong to unleash the Internet Worm?
A Kantian evaluation must focus on Morris's will. Did Morris have good will? His
stated goal was to see how many Internet computers he could infect with the worm.
While Morris did not want to crash these computers or destroy any data stored on them,
his motivation was fundamentally selfish: he wanted the thrill of seeing his creation
running on thousands of computers. He used others because he gained access to their
machines without their permission. There is also evidence Morris knew he was using
others: he took measures designed to prevent people from discovering that he was the
author of the worm. From a Kantian point of view, Morris's action was wrong.
From a social contract point of view, Morris's action was also wrong. He violated
the property rights of the individuals and organizations whose computers were infected
by the worm. They had the right to determine who would use their computers, and
they attempted to enforce this right by requiring people to identifr themselves by user
name and password. Morris took advantage of security holes in these computers to
gain unauthorized access to them. When his worm caused these computers to become
unresponsive or crash, he denied access to the legitimate users of these computers.
A utilitarian evaluation of the case focuses on the benefits and harms resulting
from the spread of the worm. The principal benefit of the Internet worm was that
organizations managing these Unix computers discovered there were two significant
security holes in their systems. They received the instructions they needed to patch these
holes before a truly malicious intruder took advantage of them to enter their systems
and do a lot of damage to their data. Of course, Morris could have produced the same
beneficial result simply by contacting the system administrators at UC Berkeley and
informing them of the security holes he had found.
The Internet worm had numerous harmful consequences. A large amount of time
was spent by system administrators as they defended their machines from further at-
tacks, tracked down the problem, installed patches, and brought machines back on line.
There was a disruption in email and file exchange traffic caused by computers being
taken off the network. About 6,000 computers were unavailable for a day or two. Dur-
ing this time, many thousands of people were less productive than they could have been
had the systems been up and running. Morris himself was harmed by his actions. He
was suspended from Cornell and sentenced to three years ofprobation and 400 hours of
community service. His fines and legal fees exceeded $150,000. From a utilitarian view-
point, Morris was wrong to have released the Internet Worm.
In conclusion, Morris may not have been acting maliciously, but he was acting
If he had wanted to experiment with worms, he probably could have gotten
selfishly.
permission to try out his creations on a local area network detached from the Internet,
so that even if his worm had multiplied out of control, there would have been no fallout
 6.2 Vrnusns, Wonr'rs, euo TnoJaN HonsBs 313

to the rest of the computer community. Instead, he chose to use the entire Internet as his
experimental laboratory, inconveniencing thousands of peopie.

6.2.4 Trojan Horses

A Trojan horse is a program with a benign capability that conceals another, sinister
purpose. When the user executes a Trojan horse, the program performs the expected
beneficial task. However, the program is also performing actions unknown to, and not
in the best interests of, the user.
Here are a few examples of the kinds of malicious tasks performed by Trojan horse
Programs:
o opening an Internet connection that allows an outsider to gain access to files on the
user's computer;
. logging the keystrokes of the user and storing them in a file that the attacker can
peruse to learn confidential information, such as passwords;
. looking for passwords stored on the computer and emailing them to the attacker's
address;
. destroying files on the user's computer;
. launching a denial-of-service attack on a Web site;
o turning the user's computer into a proxy server that can be used to launch spam or
stash information gained from illegal activities (such as stolen credit card numbers).

A remote access Trojan (RAT) is a Tiojan horse program that gives the attacker
access to the victim's computer. Two well-known RAIs are Back Orifice and SubSei'en.
SubSeven is notable because ofits easy-to-use point-and-click user interface. SubSeven
consists of a client program running on the attacker's computer, and a server program
running on the victim's computer. The attacker is able to capture images from the
victim's monitor, record keystrokes, read and write files, watch traffic on the victim's
local area network, and even control the mouse.
In order to gain access to another person's computer, the attacker must trick that
person into downloading the RAT server. The most popular way to do this is to hide it
inside a file posted to a Usenet newsgroup specializing in erotica. The attacker advertises
the file as containing sexually explicit videos or photos. Those rtho dorr.nload the file
bring the RAI into their computer.
In 2009 computer security experts uncovered a surveillance effort targeting the
Dalai Lama, the exiled Tibetan government, and other Tibetans. Some agency had used
RAIs to penetrate 1,295 computers in 103 countries, creating a spving system the experts
named GhostNet. When a victim opened an email attachment supposedly containing
the translation of a book, the RAI was activated. Each RAT u'as able to transfer data files
and email messages back to the controlling computer. Even more ominously, it could
access the computer's microphone, turning the PC into an eavesdropping station. Some
of the researchers that discovered GhostNet blamed the Chinese government for the
intrusions, but the Chinese government denied responsibility 122,231.
3I4 Cnepren 6 CoupurEn ano Nrrwotr Secunrry

6.2.5 BotNetworks
A bot is a software program that responds to commands sent by a command-and-
control program located on an external computer. The first bots supported legitimate
applications: Internet Relay Chat channels and multiplayer Internet games. Today, how-
ever, bots are frequently used to support illegal activities.
For example, it's been estimated that as much as 90 percent of spam is distributed
through bot networks [24]. Other bots are designed to collect personal data that can be
used to steal someone's identity. Bot networks can also be used to support distributed
denial-of-service attacks, which we will discuss in Section 6.4.

6.2.6 Defensive Measures

The ability of a computer network to withstand the attacks ofviruses, worms, and Trojan
horses depends to a great extent on the skill and dedication of its system administrators,
as well as the cooperation of the network's users.
System administrators should set up reasonable authorization and authentication
mechanisms. Authorization is the process of determining that a user has permission to
perform a particular action. For example, a system administrator has authorization lo
reboot a computer, but a typical user does not. An ordinary user should not be able to
examine the email messages of another user. Most operating systems create unique aser
identifiers, or uids, for its users. With each uid is information about the user's privileges.
The system administrator should set user privileges appropriately to prevent orr. ,rr..
from violating the privacy ofanother.
Computer security also depends upon authentication: determining that a person
is who he claims to be. There are a variety of authentication mechanisms. The most
common type is knowledge-based authentication, such as a password. Another authen-
tication mechanism is the use of tokens, such as an identification card or smart card.
A third authentication mechanism uses biometric data, such as a fingerprint or retinal
scan. It is common for highly secure computer systems to use two different authentica-
tion schemes.
The most common knowledge-based authentication scheme is the password. Sys-
tem administrators should install automatic password checking software that prevents
users from selecting passwords that are easily guessed, such as the login name, the reverse
of the login name, or a circular shift of the login name. To foil a dictionary attack-
an automated intruder attempting to guess a password by trying every word in the
dictionary-a user should always have at least one nonalphabetic character in the pass-
word.
A sure-fire way to prevent a network from being attacked by an external virus or
worm is to detach it from the Internet. If it is important that the computers on the
network be able to communicate with the Internet, installing a firewall is the next best
thing' A firewall is a compute6 positioned between a local network and the Internet, that
monitors the packets flowing in and out. One type of firewall is a packet filter, which
accepts packets only from certain trusted computers on the Internet. Another use of a
 6.3 Psnr'ers eNo Hecruns 315

firewallistolimitthenumberofservicesexternalcomputersmayaccess.Forexample, such attacks

of the f nger prograrfl. A way to prevent
many attacks t urr. turc, Jantage
nd- nger serice to outside computers'
is simply to not provide 79
late
)w- Animportantresponsibilityofthesystemadministratoristokeeptheoperating system
system up-to-date tf'" htest patches' When the provider of an operating
*itlf'
announcesasecuritypatch,theannouncementalsoinformsmaliciouspersonsthata
ted
vulnerabilityexists.sometimesanewwormislaunchedwellafterthepatchhasbeen
be
madeavailable.Up-to-datesystemsarenotvulnerabletoattacksbytheseworms.
ted
Asystemadministratorcaninstallfiltersonmailserversthatscreenoutmuch
unwantedmail,includingspamandvirus-ladenemail.Still,somecontaminatedemail
messagesarelikelytogetthroughtoindividualusers'Virusfiltersassociatedwithemail it is
readers can check incoming messages
for viruses' when such a message is found'
deleted or put in a quarantine area'
an
fS,

)n 6.5 Phreaks and Hackers

to
TelephoneandcomputerSystemsarepowerfultechnologies,promptingsomecurious
Io
invest I tot of time and energy into
learning more about how they work'
people to
they have galned.to,enter systems without
Lo
A few of ,n.,. tirt"tt' "t tf" k"o*ltdle
u.tio.r, varywidely, from simply "nosing
?r
s. authorization. once inside these systems,ih.i,
\ around,,.o.opyi,g,.",i.i".informationtoreroutingphonecalls.Inthissectionwe
hackers. This section relies
examine t*o ,ru.ritt*es of techno-.*p1o...r, nhreaks 1{
outliws andHackers on the coffiputer Frontier
upon three prir.ip"l;;;; ,rr, cybrrpuik:
go,rt ur: Heroes of the computer Revolutionby
by Katie Hurr.. ula ilil;"ri;*iit),,
Steven Levy 2r:-;;; rh' Hacker Crackdownby Bruce Sterling [26]'

6.5.1 Hackers
.HACKER'
ORIGINAL DEFINITION OF
Initsoriginalmeaning,ahackerrsanexplorer,arisktaker,someonewhoistrying of the
never done before. Hackers in this sense
to make u ,y*.* Jo slmething it has
wordaboundedatMlT,sTechModelnaitroadClubinthelg50sandlg60s.TheClub
constructedandcontinuouslyimprovedanenormousHo-scalemodeltrainlayout. switch-
Members sig""ir;;;i"*; subcommittee built an elaborate electronic
"r,n. wearing chino pants, short-sleeved
ing system . .;;;?;iihe movement oiit.lrui"r.
shirts,andpocketprotectors,themostdedicatedmemberswoulddrinkvastquantities
ofCoca-Colaandstayupallnighttoi*p.ou.thesystem.T'ft.*,a..hack-,wasanewly demon-
constructed piece of equipment that
,roi only ,.rrr.d u useful purpose, but also
calling someone a hacker was a sign of respect;
strated it, .r.ator,s t..rr.ri.ut virtuosity. created course in com-
lg5g, afler taking newly
hackers wore the label with pride. In
a
attention from model trains to
puter progra*;;;, ,";;Jf th. hu.k rs shifted theii
electronic comPuters [25]'
316 Cnapten 6 Cotupurrn. aNo Nprwonr Srcunrry

After extensive interviews with MIT hackers, Steven Levy has summarized the
"hacker ethic" with these precepts, which I quote verbatim [25]:1

o Access to computers-and anything which might teach you something about the
way the world works-should be unlimited and total. Always yield to the Hands-
On Imperative!
. All information should be free.
o Mistrust Authority-Promote Decentralization.
. Hackers should be judged by their hacking, not bogus criteria such as degrees, age,
race, or position.
o You can create art and beauty on a computer.
o Computers can change your life for the better.

Computer security expert Dorothy Denning has observed that the will of the hacker
is to make an improvement-a hacker is not malicious. A hacker is not out to destroy
data or equipment. A hacker does not commit fraud for personal profit 1271.

HACKING ON THE PDP-1

The story of MIT's PDP-I minicomputer illustrates some of the manyways that the
hacker ethic translated into particular deeds.
Digital Equipment Corporation (DEC) donated the second PDP-l it made to MIT
in the summer of 1961. The PDP-1 was DECt first product, and it came with very little
software. To help remedy this deficiency, six hackers put in about 250 man-hours in
a single weekend to convert an assembler for MIT's TX-0 computer to PDP-1 machine
language. In one weekend they produced a program that would have taken a commercial
enterprise months to complete.
Steve Russell came up with the idea of writing a shoot-em-up game for the PDP-1
that would utilize its programmable graphics display. He worked on it for over half a
year, with help from other MIT hackers. In February 1962 he unveiled Spacewar, the
first video game (Figure 6.6). Two players maneuvered space ships that shot torpedoes
(dots) at each other. The game was an instant hit, but rather than commercialize it, the
MIT group freely distributed copies of the program to other PDP-1 users.
Hackers also programmed the PDP-I to produce the sounds needed to activate
telephone switching equipment. With this capability, they were able to navigate the
international telephone system. However, their excursions were simply for the sake of
exploration, not for the purpose of defrauding AT&T. In fact, they reported problems
they uncovered to the proper telephone service groups.
Stewart Nelson thought adding a new hardware instruction to the PDP-I would
make it better. Students had been expressly forbidden from working on the computer

l. From Levy, Steven. Hackers: Heroes ofthe Computer Revolution, pp.40-45. Garden Ciry NY: Anchor
Press/Doubleday, 1984. Copyright @ 1984 Random House, Inc. All Rights Reserved.
 6.1 PHnnars auo Hecxpns 317

Frcunr 6.6 ln 1962 Steve Russell unveiled Spacewar, the first video game, and gave it away
to other users of the PDP-1 computer. (Computer History Museum)

hardware itself, but they also knew that waiting for permission to modi$. the hardware
would take months. Nelson decided not to ask for permission. One night, he and a few
cohorts opened up the cabinet of the PDP-1 and did some rewiring. They tested the
computer, and they thought they had increased the capability of the PDP-1 without af-
fecting its other functionality. However, their testing was incomplete. The next morning,
a legitimate user of the PDP-l discovered that her program, an important weather simu-
lation code, no longer worked. Adding a new instruction had caused another instruction
to malfunction.
On another occasion, Nelson was making an unauthorized, middle-of-the night ad-
justment to the power supply on an MIT computer. Needing a large screwdriver, he took
one from the locked cabinet of the machine shop craftsman. In the process of making
the adjustment, Nelson accidentally shorted out a circuit, melting the screwdriver's han-
dle. When the craftsman came to work the next morning, he opened the cabinet and saw
the ruined screwdriver with this sign attached: USED UP.

ETHICAL EVALUATION
Was Stewart Nelson wrong to modifr the PDP-1 hardware without permission? Let's
evaluate his action.
A Kantian evaluation focuses on the will behind the action, rather than its results.
We might be tempted to state that Stewart Nelson's will was to improve the PDP-I,
318 Cnaprrn.6 Cot"lpurpn aNo Nsrwonx Spcunlrv

result
but Kant writes that we should avoid a characterization that allows an expected
If we ignore the expected result' what
to provide the motivation for an action [28].
acting under the maxim "Take advantage of
doie have left? He appears to have been
skills." In his desire to demonstrate his
every opportunity to demonstrate your technical
t".h.riff pro*.rr, N.lro., made modifications to the PDP-I without authorization' He
disregarded the instructions issued by the person with legitimate
authority to control
to the machine. He also disregarded the needs of the PDP-l's legitimate users'
"...J,
whose work depended upon the reliabllity of the computer. Hence Nelson treated other
human beings as means to an end, and his action was wrong'
is similar to
From the point of view of social contract theory, this moral problem
the case of Robert Thppan Morris, |r. By modifying a system he did
not own, Nelson
legitimate owners and users of the computer. Hence his action
violated the rights of ihe
was wrong.
in such
A rule utilitarian analysis considers what would happen if everyone engaged
went ahead and
behavior. Suppose everyone who had an idea about improving a system
would make systems
made the change without asking permission. Perhaps most changes
buiinevitably .om.-p"opl. would accidentally make changes that made the
run better,
system perform worse. A few supposed improvements would result
in systems being

broken,^perhaps for long periodi of ti-.. You can also imagine

situations where two
when
differenichani., ur. beli.rg -ude to the same system. Either one of the changes,
are made, they
made in isolation, would Improve the system, but when both changes
not systematically
interfere with each other and make the system unusable. If changes
are

the missing documentation could make systems much harder to maintain'

recorded,
people who simply want to use the systems would not be able to predict when they would
consequence of such actions
be available and when theywould not, so another long-term
people to make
would likely be a lowering of productivity. In the long term, allowing
understands' We
unauthorized changes *oild ,esult in less reliable systems that no one
conclude that Nelson's action was wrong from a rule utilitarian
point of view.

Finally, let's evaluate Nelson's action from an act utilitarian point of view' The
and the computer's users' By
affected persons were Nelson, the PDP-1 administrator,
engineering, benefit. we
modifying the PDP-1, Nelson learned more about computer
a
of Nelson's failed modification:
know at least one computer user was harmed as a result
She spent a lot of timi tracking down the problem, and
she could not continue with
her work until the computer was fixed. In order to repair the computer,
it would have
harm. Fixing the computer had
to be made unavailable to its programmers, another
equipment. This cost is another
an associated cost, measured i., t.ims of labor and/or
negative effect. Nelson s deed most likely cost the PDP- I administrator
time and stress
the repair job. while we have
as he interacted with unhappy programmers and oversaw
it likely complete analysis
not assigned particular valuesto the b..r.fit and the harms, is a

would indicate Nelson's action was wrong'

modifi-
It is worth considering how our analysis would change if Nelson's midnight
and the system had worked even better after he
cation of the PDP-1 had blen successful
and rule utilitarian analysis did not take into
operated on it. The Kantian, social contract,
 6.3 Pnnsers eNo HecxPns 319

accounttheactualresultofNelson,saction,Soevenifhishackinghadbeensuccessfiil,
ii.y *""ra still have concluded that he did the wrong thing.
would
would be completely ditrer11t' Nelson
However, the act utilitarian analysis The programmers
about computer engineering.
have benefi,tted from r.urrrirrg more
of the comput". *oota-iur.lenefitted
fro* u'*or. po:werful-instruction set' With
harmed'
computer' no tne would have been
no interruptions in the daily use of the good thing, from an act
he did a
If Nersons hack had *";ili,;;" .orrta .on.todeask: what good is an ethical theory
it's fair to
utilitarian point of ,i.;.^A,-rhi;foint act
oftu'o'd *hethe' your action was right or wrong? Does
if it can only tell yoo dubious actions and then hope for
the
utilitarianism ..,.o,,.urlit;;t tt;k;;orally by the maxim
live in a world where everyone lived
best outcome? would y"'"-r*. ,"
r
"Better to ask forgiveness than Permlsslon

ENGINEERING
DUMPSTER DIVING AND SOCIAL
Intheig83movieWarGat,es,ateenagehackerbreaksintoamilitarycomputerand
-e'*ug"aao"- movie' a lot of teenagers were
nearly causes u ,o.ttu'
i'ftet seeing the
prowl.tyU"t"putt *it]r u.h:*" computer
and
excited at the thought that ttrey could and
a modem. A few of ,h;;;;;;.
highly profiient at breaking into government

corPorate comPuter networks'

Some-
password to access a comPuter system'
Typically, you need a login name and particularly when
name/password combination,
times a hacker .un go.r, u-;Jd login or passwords that apPear
system administratorr";i;*;;;io .hoor. ihort passwords
login names and passwords
techniques fo, otruirrirrg
in a dictionary. Two other effective
are dumpster diving and social
engineering'

Dumpsterdivingmeanslookingthroughgarbageforinterestingbitsofinforma-rum-
typi;"lt;;not pu; around their dumpsters. In midnight
fence
tion. Compani",
magingsessionshackershavefounduser*ut''ul''phonenumbers'loginnames'and
passwords.
Socialengineering,atermcoinedbyhackerKevinMitnick,referstothemanip- information'
i"iia. tn. organization to gain_access to.confidential
ulation of a person know each other
."*. * r"# organizatiois where people do not
Social engineering is that per-
a svstem administrator and call
very well. ro, .*u*pt"Ji;;;;k;;;"vl991ti+ know why he
of his sufervisor and'dem*qg to
son, pretendi"g t" Utif" "pt"'i'o' eager
can t access a particuiar malhine.
In this situation, a cowed system administrator'
into revealing or resetting a password [29].
to please his boss,s uo,,, *uy u. talked

MALICIOUS HACKERS
,,hacking" has come to include comPuter break-ins ac-
In the modern use of the word, confidential
so.h-as destroyiog databases or stealing
companied by -uu.ioo, u.iurior, it computerworld
personal informationl eo .*u*pt.
of this use of the-word is a story
inserted
describing h"* p"";i; ;;k;irtousa Tod'ay;swebsite on |uly 11, 2002, and
fabricated news stories [30]'
320 CneprEn 6 Coupurrn euo Nnrwonx Srcunrry

6.3.2 Phone Phreaking

A phone phreak is someone who manipulates the telephone system in order to commu-
nicate with others without payrng for the call. The prototypical phone phreaking activity
is an hours-long, coast-to-coast conference call charged to the i..o,rri ofa larg-e .orpo-
ration.
Historically, phone phreaks used a variety of methods to access long-distance ser-
vlce:

l. Stealing long- distance telephone access co des.

The easiest way to do this is by "shoulder surfing" at an airport, train station, or
other public place. A phreak simply looks over people's shoulders as they key in
their long distance access codes.
2. Guessing long- distance telephone access code s.
Phreaks learned how to program a computer to try different codes. Running a
computer all night typically resulted in about a dozen hits.
3. Using a "blue box" to get free access to long-distance lines.
A "blue box" mimicked the telephone system's own access signal, a high-pitched
tone of2600 hertz.

In the 1980s phreaks used certain computer bulletin board systems (BBSs) called "pirate
boards" to share stolen long-distance access codes and credit card numbers with each
other.
In response to these activities, telecommunications firms installed software to detect
overuse of particular long distance telephone codes. They also installed equipment to
detect and trace attemPts to guess access codes. The introduction ofdigital networks has
made 2600-hertz blue boxes obsolete.

6.5.5 The Cuckoo's Egg

I

Clifford Stoll was who took a job as a system administrator at Lawrence

a physics Ph.D.
Berkeley Laboratory so he could stay in California. When Stoll was still new in the po-
sition, he was asked to reconcile a75-cent discrepancy between two accounting systems
that charged users for computer time. He carefully searched for the missing 75 Ients and
discovered, to his chagrin, that an unauthorized user was logging onto Lawrence Berke-
ley Labt computer. Even worse, the hacker was using LBL computers as a staging point
from which to jump to computers at military installations.
Stoll observed the intruder searching these systems for files with information about
such topics as the Strategic Defense Initiative and stealth technology. Eventually inves-
tigators from the FBI, the CIA, the National Security Agency, the eir Force Office of
Special Investigations, and the Defense Intelligence Agency joined Stoll in the search for
the hacker. The trail led to a group of West German hackers who had sold various pro-
grams, but apparently no classified information, to the KGB, the intelligence serviie of
the Soviet Union. Stoll chronicled this story in a book called, The Cuckois Egg
l3ll.
 6.3 Pnnsers aNo Hecrrns 321

6.5.4 Legion of Doom

Plovernet was a popular phreak/hacker BBS operated in New York and Florida; more
than 500 people subscribed to it. In 1984 "Lex Luthor" created an invitation-only BBS
called Legion of Doom and recruited the sharpest phreaks from Plovernet. He also
created a phreak/hacker group of the same name. According to LuthoS very few users
of the Legion of Doom BBS were Legion of Doom members [32]. He took the name
Legion of Doom straight out of the comic books, but the authorities did not think the
group's activities were the least bit humorous.
One of the ways the Legion of Doom made a name for itself was by publishing The
Le gi o n of D
o o m Te chni c al J o ur n al, an obvious poke at AI&Tt Be ll L ab
s Teihni c al J o ir nal.
This electronic publication contained articles ofinterest to phreaks and hackers. AII of
the articles were published under pseudonyms, of course.
The introduction to a Lex Luthor article appearing in the first issue, "Identifring,
Attacking, Defeating, and Bypassing Physical Security and Intrusion Detection SystemJ'
reveals something about the interests of Legion of Doom members as well as their
attitude toward the establishment [33]:

The reasons for writing this article are twofold:

l. To prevent the detection and/or capture ofvarious phreaks, hackers and oth-
ers, who attempt to gain access to: phone company central offices, phone clos-
ets, corporate of6ces, trash dumpsters, and the like.

2. To create an awareness and prove to various security managers, guards, and

consultants how easy it is to defeat their security systems due to their lack of
planning, ignorance, and just plain stupidity.

In September 1988 Legion of Doom member Robert Riggs (a.k.a. .,The prophet,)
broke into a Bellsouth computer known as an Advanced Information Managlment
System. The computer contained employee email, documents, and databases. d".uur.
the system had no dial-up lines, Bellsouth thought the system was hidden from the
public and provided minimal security for it. It did not even ask users for passwords.
Rummaging around the system, Riggs found a document called "Bell South Standard
Practice 660-225-l04SV Control Of6ce Administration of Enhanced 911 Services for
Special Services and Major Account Centers dated March 1988" (the E9l I Document).
He copied the E9l1 Document to his personal computer.
Five months later, Riggs sent a copy of the E9l I Document to Craig Neidorf (a.k.a.
"Knight Lightning"), a pre-law student at the University of Missouri. Neidorf was the
publisher of Phrack, an electronic magazine widely distributed over BBSs. Both Riggs
and Neidorf had something to gain from the publication of the Egl l Document. Riggs
would be able to brag about the trophy he had bagged from a BellSouth computer. NlI-
dorf would be able to demonstrate the power of the hacker underground and thumb
his nose at the telecommunications companies. Still, neither wantedio get caught. They
edited the E9l1 Document heavily, deleting the document's NoT FoR USE oR DIS-
CLOSURE warning, phone numbers of Bellsouth employees, and other identifring and
322 Cneptnn 6 Corvrpurpn eno Nrrwonx Srcunrrv

sensitive information. By the time they were done, they had removed nearly half the ma-
terial from the report. On February 25,1989, Phrack published the document under the
pseudonym "The Eavesdropper."

6.5.5 Fry Guy

On |une 13, 1989, all calls to the Palm Beach County Probation Department in Delray
Beach, Florida, were picked up by a phone-sex hotline in New York State. Phone phreaks
thought it was a hilarious practical joke, but BellSouth was not amused. It immedi-
ately began a high-intensity, around-the-clock search for evidence of tampering with its
computerized phone switching equipment. Investigators discovered that intruders had
created new telephone numbers for themselves, manipulated proprietary databases, and
reprogrammed diagnostic functions so that they could eavesdrop on conversations. If
intruders could do these things, BellSouth reasoned, they could also reprogram 91 1 ser-
vice. What if everyone dialing 91 I were connected to a phone-sex hotline?
Within a matter of weeks, police investigating the phone-sex switcheroo got a lucky
break. Someone called Indiana Bell to brag about the terrible things his friends in the
Legion of Doom were about to do to the telephone system, including bringing the entire
network down the next Fourth ofluly. Indiana Bell traced the call back to its source, and
the Secret Service installed pen registers at his home. The pen registers revealed long-
distance telephone access code fraud. The Secret Service obtained a \Marrant, and on luly
22 it seized all the equipment and notes of an Indiana l6-year-old with the nickname
rry uuy.
Fry Guy had earned his nickname by using a password stolen from a local McDon-
ald's manager to log into a McDonald's mainframe and give raises to some of his friends.
He had moved on to stealing long-distance access codes and credit card numbers. He had
used these stolen credit card numbers to purchase goods and get cash advances from
Western Union.
The U.S. Attorney charged Fry Guywith 11 counts of computer fraud, unauthorized
computer access, and wire fraud. In September 1990 he was sentenced to ++ months'
probation and 400 hours of community service.
By Secret Service standards, a 16-year-old hacker was small fry. They were after his
heroes, the members of the Legion of Doom, who were instigating all sorts of illegal
activity through their publication of The Legion of Doom Technical Journal.
On January 15, 1990-Martin Luther King, Ir., Day-AT&T's long distance service
failed. Sixty thousand people lost all their telephone service, and about 70 million tele-
phone calls could not be completed. As we will see in Chapter 7, the crash was the result
of a software bug in the switching equipment used to route long-distance calls. It took
AI&T engineers about nine hours to understand the general cause ofthe crash. A few
weeks later, they found the bug.
Despite this information from AT&T, law enforcement officials had their own theo-
ries about what had caused the crash. After all, they had interviewed numerous hackers
who had claimed that the Legion of Doom could bring down the nationwide telephone
 6.1 Pnnrers eNo Hecxrns 323

switching system. It seemed too great a coincidence that the system should collapse on
a national holiday, just as Fry Guy had predicted. The U.S. Attorney's Office in Chicago
and the Secret Service decided it was time to take serious action against hackers and
phreaks.

6.5.6 U.S.v.Riggs
Three days after the collapse of AT&T's long distance system, two U.S. Secret Service
agents visited Craig Neidorf and accused him of causing the failure. They also confronted
him with the stolen E911 Document. Neidorf cooperated with the Secret Service agents.
He admitted that he had received the document from Riggs, and he also admitted that
he knew the document had been taken from a BellSouth computer. The next day, Secret
Service appeared at Neidorf's fraternity house with a warrant, searched his room, and
seized his computer.
The U.S. Attorney in Chicago charged Riggs and Neidorf with wire fraud, interstate
transportation of stolen property valued at $79,449, and computer fraud. Robert Riggs
pleaded guilty to wire fraud for his unauthorized access of the BellSouth computer; he
ended up serving time in a federal prison. Neidorf pleaded innocent to all charges, and
the case went to trial in Chicago in fuly 1990.
The trial was short, lasting only four days. The defense quickly established that
the information in the E911 Document was in the public domain. BellSouth was ac-
tually selling to the public tlvo documents containing more detailed information about
enhanced 911 service. These documents, which could be ordered by calling a toll-free
number, sold for 913 and $21, respectively, belying BellSouth's contention that the E911
Document was worth $79,449.In light of this new information, the prosecution moved
to dismiss the indictments against Neidorf. The judge agreed to the motion, dismissed
the jury, and declared a mistrial.
The trial against Craig Neidorf is notable for a couple of reasons. First, it demon-
strates how the long history of break-ins at telecommunications companies, the posting
of information on BBSs about the inner workings of phone switches, and the collapse of
AI&T's long distance service all combined to created an atmosphere in which the justice
system was eager to "do something" about phone phreaking and comPuter hacking. ln
its zeal to prosecute, the government uncritically accepted AI&T's inflated valuation of
the E911 Document. When the true value of the document was revealed, the govern-
ment's case against Neidorf collapsed.
Second, the prosecution was careful to depict Neidorf as a thief, rather than a
publisher. They could do this because Neidorf's "newsletter" was completelv electronic.
Viewing him as a publisher would have brought up a variety of First Amendment issues
they were eager to avoid. In the early 1970s The Netv York Tima and the Washington
Post hadpublished the Pentagon Papers, documents Daniel Ellsberg had stolen from the
Pentagon describing government policies regarding the Vietnam War. The government
never prosecuted these newspapers for publishing the documents. Should Phrack have
been entitled to the same protection as The New York Times? The prosecutors didn't want
to go there.
324 Cneprrn 6 Cotntpurrn luo Nnrwonr SEcuntrv

6.5.7 Steve fackson Games

Another victim of the "hacker crackdown" was Steve Jackson Games (SJG) of Austin,
Texas. SIG produces and sells role-playing games. In the late 1980s SIG operated a small
BBS called Illuminati that provided various kinds of support to its customers, including
email. Loyd Blankenship, a.k.a. "The Mentor" and an outspoken member of the Legion
of Doom, happened to be a professional game designer and managing editor at SIG.
Blankenship hud alr.udy published the stolen E911 Document on his own BBS, called
Phoenix Project.
On March l, 1990, the Secret Service entered Blankenship's home and SJG. It seized
four computers, including the one running the Illuminati BBS. According to the search
warrant, which was only unsealed months later, the authorities had expected to find a
copy of the stolen Egll Document on the Illuminati BBS. There was no copy of the
document on any of the seized computers, and no charges were ever filed against SfG.
Four months after the raid, the government returned most (but not all) of the hardware
it had seized. The disruption in business caused by the Secret Service raid forced SIG to
lay off half of its employees in order to survive.
The Secret Service raid of SIG is one ofthe key events that led to the creation of
the Electronic Frontier Foundation, a nonprofit organization that speaks out for the
Constitutional rights of Americans in cyberspace (see Figure 4.1). With the financial
backing of the Electronic Frontier Foundation, SIG and four Illuminati BBS users sued
the Secret Service. The case went to trial in 1993. The court ruled that the Secret Service
had violated the Electronic Communications Privacy Act when it seized, read, and
(in
judge noted
some cases) deleted email on the Illuminati BBS without a court order. The
that investigators simply could have logged on to the Illuminati BBS to determine if the
E9l1 Document had been posted there. He awarded SJG $50,000 in damages plus over
$250,000 in attorneY's fees'

6.5.8 Retrospective
In The Hacker Crackdown Bruce Sterling writes:

Hackers perceive hacking as a "game." This is not an entirely unreasonable or so-

ciopathic perception. You can win or lose at hacking, succeed or fail, but it never
feels "real." It's not simply that imaginative youngsters sometimes have a hard time
telling "make-believe" from "real life." Cyberspace is not real! "Real" things are
physical objects, such as trees and shoes and cars. Hacking takes place on a screen.
Words aren't physical, numbers (even telephone numbers and credit card numbers)
aren't physical. Sticks and stones may break my bones, but data will never hurt me'
Computers simulate reality, such as computer games that simulate tank battles or
dogfights or spaceships. Simulations are just make-believe, and the stuff in com-
puters is not real.
consider this: If "hacking" is supposed to be so serious and real-life and
dangerous, then how come nine-year-old kids have computers and modems? You
 6.1 Punrars aNo H,rcrrns 325

wouldn't give a r.rine-year-old his own car, or his own rifle, or his own chainsaw-
those things are "real."
People underground are perfectly aware that the "game" is frowned upon by
the powers that be. Word gets around about busts in the underground. Publicizing
busts is one of the primary functior.rs of pirate boards, but they also prornulgate
ar.rattitude about then'r, and their own idiosyncratic ideas of justice. The users of
r"rndergrounci boards won't cornplain if some guy is busted for crashir.rg systems,
spreading viruses, or stealing money by wire fraud. They may shake their heads
with a sneaky grin, but they won't openly defend these practices. But when a kid is
charged with some theoretical amount of theft: $264,846.14, for instance, because
he sneaked into a computer and copied something, and kept it in his house on a
floppy disk-this is regarded as a sign of near insanity on the part of prosecutors,
that they've drastically mistal<cn the immaterial game of con.rputir.rg for their
a sigr.r
real and borir.rg everybody worlcl of fatcat corporate money [26].2

We quote Sterling at length because there are parallels between this viewpoint and
the mentality of the millions of people who download MP3 files containing copyrighted
music. The first parallel is the attitude that intellectuai property is overvalued bv the
establishment. How can an AT&T technical document be worth $79,000? Horv can
distributing songs over the Internet be a $100 billion offense? The second parallel is the
use of technology as a joyride: "Hey, I can make a long-distance phone cail rr'ithout
getting a bill!" "Hey, I can make a music CD that costs me 17 cents instead oi i7
bucks!" The knowledge that actions are wrong actually makes them more fun i-31 . The
third parallel is the idea that breaking certain iaws is not that big a deal. There is the
assumption that the chance of actually getting caught is small.
There are also parallels between the response of the Secret Service to the BBSs that
posted inforn-ration about hacking and phreaking, and the response of the Recording
Industry Association of America (RIAA) to those who made available large number of
MP3 files.
On May 9, 7990, in Operation Sundevil, the Secret Service shut dortn l5 BBSs
for posting stolen long-distance telephone access codes and facilitating the erchange of
stolen credit card numbers. A press release stated:

Today, the Secret Service is sending a clear message to those computer hackers
who have decided to violate the laws of this nation in the mistaken belief that they
can successfully avoid detection by hiding behind the relatire anonvmitl, of their
computerterminals...
Ur.rderground groups have been formed for the purpose of exchanging infor-
mation relevant to theircrir-r-rinal activities. These groups otten corlurunicate with
each other through message systems between computers called "bulletin boards."

2. F'rom Sterling, Bruce. The Hocker Crackdown: Law d- Disorder ofi the Electronic Frontier, pp. 84-85.
New York: Bantam Books, 1992. Copyright O 1992 Randorn House, Inc. All Rights Reserved.
326 Cneprpn 6 Cor"rputtn eNo Nnrwonr Sscunrrv

Our experience shows that many computer hacker susPects are no longer mis-
guided teenagers, mischievously playing games with their computers in their bed-
rooms. Some are now high tech computer oPerators using computers to engage in
unlawful conduct. [26]

On September 8, 2003, the RIAA announced that its member companies had filed
261 federallawsuits against what it called "major offenders," each of whom on average
had been distributing more than 1,000 copyrighted music files through Peer-to-Peer
networks. RIAA President Cary Sherman said:

Nobody likes playing the heavy. There comes a time when you have to stand uP
and take appropriate action . . . We've been telling people for a long time that file
sharing copyrighted music is illegal, that you are not anonymous when you do it,
and that engaging in it can have real consequences . . . We hope that today's actions
will convince doubters that we are serious about protecting our rights. [35]

The message from the Secret Service and the RIAA is consistent: cyberspace ls real,
those who break the law can be tracked down, and illegal actions in ryberspace can have
severe consequences.

6.5.9 Penalties for Hacking

Under U.S. law, the maximum penalties for hacking are severe. The Computer Fraud
and Abuse Act criminalizes a wide variety of hacker-related activities, including

. transmitting code (such as a virus or worm) that causes damage to a comPuter

system;
. accessing without authorization any computer connected to the Internet, even if no
files are examined, changed, or coPied;
. transmitting classifi ed government information;
.- trafficking in computer passwords;
. computer fraud;
. computer extortion.

The maximum penalty imposed for violating the Computer Fraud and Abuse Act is 20
years in prison and a $250,000 fine.
Another federal statute related to computer hacking is the Electronic Communica-
tions Privacy Act. This law makes it illegal to intercept telephone conversations, email,
or any other data transmissions. It also makes it a crime to access stored email messages
without authorization.
The use of the Internet to commit fraud or transmit funds can be prosecuted under
the Wire Fraud Act and/or the National Stolen Property Act. Adopting the identity of
another person to carry out an illegal activity is a violation of the Identity Theft and
Assumption Deterrence Act.
 63 pnRrars aNr Hacrrns 322

6.3.10 Recent Incidents

Despitc potentially severe pcnalties for convicted hackers,
computer systems continue to
be corr.rpron.rised by o-utsiders. Many brcak-ir.rs are
orchestrat.i uy;njiuiauals or g.o.rp,
witha high degrec of expertise, but others are committed
by orclinary.o,rpu,.i ur..,
who sin.rply take advantage of a security weakness.
In 2003 a broke into computers at the university of Kansas and
personal files ofllck]
copied the
1,450 foreign students. The files contained ,.,uro.r,
Social Securiiy num-
bers, passport numbers, countries of origin, and birthdates.
The university of ral,sas
had collected the information in one place in order
to compiy with a patriot Act re-
quirement that it report the information to the Immigration
and Naturalization Sen.ice
[36]' In a similar incident two years later, an intruder broke into a University
of Nei.ada, '
Las Vegas computer containing personal information
on 5,000 foreign students tZll.
Another recent case demclnstrzrtes the tirr-re ancl effort sometimes
required to ide,-
tifl' those respol.rsibie for compLlter break-ir.rs. In April
2004 several Americar.r super-
colnPuter installations reported that irackers had broken
into con-rputers connected to a
high-speccl network called Teracricl. Before the culprits
could be apprehended, thei,had
broken into tho.sa'rds of co.uputers at American research
rurro.ut*l* o,rJ i"]
-ir,t-,.
staliatior.rs. l'hc
hackers also .ccessed computers at Cisco Systerns
."d ;;i. ,;;.;i;;,
company's software. Security experts, FBI ager.rts, and
Swedish police worked for more
than a year to identify the European c'lprits and bring the
b..uk-irr. to an end [3g].
In March 2005 someone discovered a security flaw in the online-admissions
solt-
ware produced by ApplyYourselfand used by six business
schools. The discoverer posted
instructions on a Busirtess week online forum expiaining
how business school appiicants
could circumvent the software security system and take
i look at the status ii-
cations' It took ApplyYourself or-rly nine hours to fix the flaw, "r,rr.l. p.rioa
but in the interim "pf
hundreds of eager applicar.rts had exploited the bug urr,l
p..k.d at their files. I rreek
later, carr.regie Mellon University, Harvard Universiy,
oni th. Massachusetts Institute
of Technology annoutlcecl that they rvould not acir-nit'any
of the applicants rr-ho had ac-
cesscd their computer systents witl.rout authorization
139l.
In 2004 and 2005 Internet cafi'cn.rployee leanson
Jarnes Ancheta created a netrr.ork
of about 400,000 bots, including computcrs opcrated by the
U.S. Depi11111sn1 oi De-
fer.rse' Adware cotnp.rrlies, spiulnrers, and
otheis paicl Ancheta for the use oithese com-
puters' After being arrested by the FBI, Ancheta pieaded
guilti, to ir r-arietr- of charges,
including conspirir-rg to violate the Computer Fraud AbusJct
and the CA\-SpA, Act.
In May 2005 a f-ederal judge sentenced Ancheta to 57 months
in prison and required
him to pay $15,000 in restitution to the U.S. government tbr intectine
Department of
Defense computers' Ar-rcheta also forfeited to tire government
the proceeds of his illegal
activity, including his 1993 BMW, more than $00,000 in
cash, andhis computer.qrip_
ment [40, 4t ].
In 2009 a federal grand jury ir.r New fersey indicted Albert
Gonzalezand two un-
nanled Russian co-col1spirattlrs for hacking inio several
computer systems and stealing
tnore than 130 nlillion credit ancl debit card nurnbers.
Acctrding to the indictment,
sol.ne of the creclit and clcbit carcl numbers rvere
sold online, leacling to unauthorized
328 CneptEn 6 Corrrpursn eNo Nsrwonr Sr,cuntrv

purchases and bank withdrawals. The targets of the attacks were Heartland Data Sys-
tems, a card processing company; Hannaford Brothers; 7-Eleven; and two other national
retailers, who remained unnamed. Most of the numbers were stolen from Heartland
Data Systems, which at the time of Gonzalez's indictment had already paid about $13
million in legal costs and fines levied by Visa and MasterCard 142).

6.4 Denial-oFservice Attacks

A denial-of-service (DoS) attack is an intentional action designed to prevent legitimate
users from making use of a computer service [43]. A DoS attack may involve unautho-
rized access to one or more computer systems, but the goal of a DoS attack is not to steal
information. Instead, the aim of a DoS attack is to disrupt a computer server's ability
to respond to its clients. Interfering with the normal use of computer services can result
in significant harm. A company selling products and services over the Internet may lose
business. A military organization may find its communications disrupted. A nonprofit
organization may be unable to get its message out to the public.
A DoS attack is an example of an "asymmetric" attack, in which a single person can
harm a huge organization, such as a multinational corporation or even a goyernment.
Since terrorist organizations specialize in asymmetric attacks, some fear that DoS attacks
will become an important part of the terrorist arsenal 144,45).
During the week of February 7-11,2000, a l5-year-old initiated DoS attacks that
disabled many Web sites, including Amazon.com, eBay, Yahoo, CNN.com, and Dell.
The teenager, who went by the nickname "Mafiaboy," was sentenced to eight months
in ajuvenile detention center and ayear ofprobation [46].
In October 2002 a DoS attack was launched against the Internet's 13 root servers,
which actas the Internet's ultimate authority with respect to matching domain names
to IP addresses [47].
Recently, many DoS attacks have focused on blacklist services, used by ISPs to shield
their customers from spam. "We're usually under attack from 5,000 to 10,000 servers at
once," says Steve Linford, CEO of Spamhaus [48].
The Cooperative Association for Internet Data Analysis at the University of Califor-
nia estimates that 4,000 Web sites suffer DoS attacks each week [49].
In this section we describe a variety of kinds of DoS attacks and some of the de-
fensive measures that organizations can take to guard themselves against such attacks.
Attackers do not want to give themselves away by initiating attacks from their own sys-
tems. Instead, they identifr other computers they can use to launch their attacks. For this
reason, all system administrators, not just those at targeted organizations, play a role in
preventing DoS attacks.

6.4.1 Aftacks that Consume Scarce Resources

The most common DoS attack is against a target system's network connection. A low-
tech but effective way to do this is to cut the physical connection between the target
 6.4 DrNrer--op-SEnvrcE Arr.rcrs 329

Attacker

tr*-
H
+'YN_ACK_H
+
IDl -SYN-H
LL".i)b:T)
,"""
-,/- rarset

ncx+r-J /
E [il
:
(b)

Frcunr 6.7 How a SYN flood attack works. (a) In a normal client-server connection, the
client sends the server a SYN message, the server responds with a SYN-ACK message, and
the client follows up with an ACK message. At this point the connection is established, and
the client and server can interact. (b) In a SYN flood attack, the client sends the server a S\\
message with a spoofed IP address. The server replies to a client that is unable to respond
to the SYN-ACK message. Eventually, the server will stop waiting for the ACK message,
but in the meantime the connection remains half-open, depriving legitimate clients of that
connection.

computer and its network. Hence, it is important that organizations provide their servers
with adequate physical security.
The rest of the DoS attacks we are going to describe are electronic attacks on the
server or its network.
Two Internet processes establish a TCP communication link by follorving a precise
series of steps called a "three-way handshake" (Figure 6.7a). The three-rvav handshake
assures each process that the other process is ready to communicate. Suppose process X
wishes to communicate with process Y. Process X initiates the handshake by sending Y
a SYN message. If Y agrees to communicate with X, it replies rvith a SYN-ACK message,
acknowledging receipt of X's SYN message. At this point the communication channel is
half open. In the third step of the handshake, X sends an ACK message to Y, acknowl-
edging receipt of Y's SYN-ACK message. At this point the connection betrveen X and Y
is open.
In a SYN flood attack, the attacker's computer uses IP spoofing to send the target
computer a SYN message from a phony client (Figure 6.7b). \\tren the target computer
receives this message, it sets up its side of the connection and replies with a SYN-ACK
message. This message travels to the phony client, rvhich cannot respond to the SYN-
ACK message. While the target computer waits for the ACK message, the connection
remains half-open. The attacker sends the target many such spoofed SYN messages.
330 Cneprrn 6 Conpurrn aNo Nrrwonx Srcutrrv

EI
t-ret
I]........L.@

/*,ffi\
'*t.'t/ E \ ti/.
/ Z:\
"'\ \

fr--
It
r-ffil
lt
|Y:*::MA
-,*r' ffil
W'--.r*o- ,-._FE,.--*^ ---t-----

\ tm::::_*ffi **./
-- "-*
H \
tr -----*"2
------:;
W
Attaclier
?. .-, ffi .rro/ ,/ Trr!let

@-,"- ,m ,/ *[.] /
l.Effil
871:r;W;a

FrcunE 6.8 In a smurf attack, the attacker's computer "pings" many amplifier networks,
which broadcast incoming messages. The attacker has spoofed the packet's.
IP address to
appear to be the address of the target computer. The echoes of the "pinged" computers are
.oot.d to the target computer, consuming the target's network bandwidth.

Since a server can handle only so many clients at a time, it may turn away
legitimate
users while it waits futilely for connections to complete [50]'
Another form of network attack consumes all the bandwidth on the target's net-
work by generating a large number of messages directed to that network. The smurf
attack is u', .*u*pi. of this form of DoS attack (Figure 6.8). The attacker
first identifies
routers that support broadcasting of messages to all of the computers on their local
area

networks. The attacker sends "ping" messages to these routers, which multiply them' A
computer receiving a "ping" *.SSug" is supposed to echo it. In this case, the attacker has

,poof.a the IP addlresr, r.rrt i"g it look as if the ping came from the target comPuter. AII
of th. .o*prrters receiving the ping message send an echo to the target computer'
In a
successful attack, the flooJ of incoming messages saturates the target server's network.

In a third kind of DoS attack, the attacker attempts to fill all of the available space
disk:
on the target computer's disk. Here are three ways to fill a target computer's

1. In emailbombing, the attacker sends the target a flood of email messages. The target
the
computer stor., th.r. email messages on its disk. By sending very long messages,
 6.4 DrNtal-or-Srtvrcr Arrecxs 331

attacker can quickly fill the target's disk drive. Email bombing is usually combined
with email sioofing (changing the email address of the sender) to disguise the
identifr of the attacker from the target'
2. Theattackercreatesawormthatintentionallygeneratesaverylongstreamoferrors.
Since the target computer logs errors in a data file, eventually the disk fills
up.

3. The attacker breaks in to the target computer and copies over files from another site.

Most computers have a limit on the number of processes that may be active at
one time. An attacker can disable the target's computer by penetrating it with a
\\'orm
program that quickly replicates. (This is how Morris's Internet Worm crashed manv of
ih.-.o*pu,.rs it infectel.) Even if the target computer does not crash, the presence oi
CPU.
many active processes can significantly degrade the performance of the computer's
Another form of DoS attack crashes the target computer by sending it unexpected
data, such as an oversized IP packet.

6.4.2 Defensive Measures

System administrators can take a variety of defensive measures to reduce
the threat of
DoS attacks throughout the Internet.
Ensgring the physical security of a server is an important defensive measure. Berond
the server itself, physical security encompasses the network access point, the rr'iring
closet, and the air conditioning and power systems'
System administrators should benchmark the performance of their computer
svs-

tems in order to establish baselines. Once the baselines are known, it is easier to detect
aberrations that n-ray indicate a breach ofsecurity'
Disk quota systems are another good security measure. If single users have limits-on
the amount of disk space they may use, then it is tougher for an intruder to create
hles

that eat up all the disk sPace.

Disabling unused network services is another prudent policy. Reducing a\'ailable
services reduces the options given potential attackers'
Another security measure is turning off the amplifier network capabilin oi routers,
taking a weapon out of the hands of those who wish to launch a smuri attack.
attacks.
Companies have begun to create pattern-recognition software to detect DoS
tiom "c1ients" that
The software is used to discard requests for service that are coming
have proven to be unreliable.

6.4.5 Distritruted Denial-of- Service Attacks

In a distributed denial-of-service (DDoS) attack, the attacker rents access to a bot
network from a bot-herder. At the selected time, the command-and-control computer
sends the appropriate instructions to the bots, which launch their attack on the
targeted
the initial "pings" are
system. fypi.aiy a DDoS attack is a smurf attack, except that norv
being sent from thousands of computers, so there are thousands of times more
responses

being echoed to the target system.

332 Cn*ptpn 6 Cor"rpurpn eNo NErwonx Srcunlrv

To defend against DDoS attacks, system administrators must be able to secure their
computers to keep them from being infected by bots. They can also install filters that
check outgoing messages for forged IP addresses. An outgoing message packet should
have a "from" address matching one of the local machines. If it does not, then the packet
has been forged and should not be forwarded. Filtering outgoing messages means that
even if someone has gotten into a machine, he can't use it for an attack that depends on
spoofing the addresses of IP packets.

6.4.4 BIue Security

Israeli company Blue Security created a spam-deterrence system for people tired of
receiving unwanted email. Blue Security sold the service to businesses, but individuals
could protect their home computers for free. About half a milion people signed up
for this free service. Users loaded a bot called Blue Frog on their computers. The bot
integrated with Yahoo! Mail, Gmail, and Hotmail, checking incoming email messages
for spam. When it discovered a spam message, the bot would contact a Blue Security
server to determine the source of the email. Then the bot would send the spammer an
opt-out message [51].
Spammers who indiscriminately sent emails to millions of addresses started receiv-
ing hundreds of thousands of opt-out messages, disrupting their operations. Six of the
world's top 10 spammers agreed to use Blue Security's filtering software to remove Blue
Frog users from their email lists [51].
One spammer, nicknamed PharmaMaster, did not back down. He threatened Blue
Frog users with messages such as this one: "Unfortunately, due to the tactics used by
Blue Security, you will end up receiving this message or other nonsensical spams 20-40
times more than you would normally" fza). He followed through on his threats on May
1, 2006, by sending Blue Frog users 10 to 20 times as much spam as theywould normally
receive [51].
The next day, PharmaMaster went after Blue Security itself. He launched a massive
DDoS attack from tens of thousands of bots targeting Blue Security's servers. The huge
torrent of incoming messages disabled the Blue Frog service. Later DDoS attacks focused
on other companies providing Internet services to Blue Security. Finally, the spammer
targeted the businesses that paid for Blue Security's services. When Blue Security realized
it could not protect its business customers from DDoS attacks and virus-laced emails,
it reluctantly discontinued its service. "We cannot take the responsibility for an ever-
escalating ryberwar through our continued operations," wrote Eran Reshef, CEO of
BIue Security. "We are discontinuing all of our anti-spam activities" [51]. Blue Securityb
decision to fight bots with bots-always controversial-was ultimately unsuccessfi.rl.

6.4.5 Fourth of July Aftacks

A DDoS attack on governmental agencies and commercial Web sites in the United States
and South Korea paralyzed a third of them over the Fourth of |uly weekend in 2009.
Thrgets in the United States included the White House, the Treasury Department, the
Secret Service, the New York Stock Exchange, and Nasdaq. In South Korea, the targets
 6.4 DrNrer--or-SurvrcrArrecrs 333

included the Blue House (presidential mansion), the Defense Ministry, and the National
Assembly.
The DDoS attack was relatively minor, involving a bot network containing only
50,000-65,000 computers, compared with large-scale attacks that may utilize a million
computers. Still, the attack disrupted different networks over a period of days as it shifted
targets, and some sites ir.r South Korea were unavailable or comprornised as late as |uly 9.
South Korea's National Intelligence Service blarned the North Korean government or its
sympathizers for the attack, hypothesizing that the attack was in retaliation for United
Nations sanctions against North Korea. According to computer experts, it was unlike11.
the source of the attack would ever be positively identified [52, 53].

6.4.6 Attacks on Twitter

Twitter service was unavailable for several hours on August 6,2009, due to a massive
DDoS attack. Max Kelly, the chief security officer at Facebook, said the attack rvas an
effort to silence a political blogger from the Republic of Georgia, citing as evidence the
fact that three other sites used by the activist-Facebook, Livelournal, and Google-
were also targets of DDoS attacks at the same time [54,55].
No group took responsibility for the attacks, but some noted that August 6,2009,
was the first anniversary of the war between Georgia and Russia over South Ossetia [56].

6.4.7 SATAN
In 1995 computer-security expert Dan Farmer released a program called Securitv Ad-
ministrator Tool for Analyzing Networks (SATAN). System administrators could use
SATAN to probe their computers for security weaknesses. Farmer said, "S,{TAN rras
written because we realize that computer systems are becoming more and more depen-
dent on the network, and more vulnerable to attack" [57]. In the first ferr davs after its
release, tens ofthousands ofcopies were downloaded.
Critics fretted that SATAN, with its easy-to-use interface, rrouid turn relatively
unskilled teenagers into computer hackers. A security official noted it rr'ould be easy to
create a script that would enable a hacker to probe hundreds ofsites and report on their
security holes [58]. Farmer admitted that SATAN was "a trvo-edged sivord that can be
used for good and evil."
As it turns out, a flood of SATAN-enabled computer break-ins never materialized.
Apparently, it served its purpose: helping system administrators, particularly novices,
identif, and fix security problems with their networks.
Still, nearly two years after the release of SATAN, Dan Farmer used it to survey
the security of more than 2,200 web sites. Farmer reported that more than 60 percent
of the sites were vulnerable to break-ir.rs. About half of these sites had major security
problen-rs, even though all of the security holes probed by SATAN had been publicized
by the Computer Emergency Response Team (CERT) [59].
334 Cneprrx 6 Coupurrn eNo Nrrwonr SscuRrry

6.5 Online Voting

6.5.1 Motivation for Online Voting
The 2000 Presidential election was one of the
closest contests in U.s. history. Florida
was the pivotal state; without Florida's electoral
votes, neither Democrat Al Gore nor
Republican George w. Bush had a majority of
votes in the Electoral college. After a
manual recount of the votes in four heavily Democratic
counties, the Florida Secretary
of State declared that Bush had received 2,gr2,7go
ro,., ao co.e,s total of 2,912,253.
Bush's margin of victory was incredibly small:
less than 2 votes out of every 10,000 votes
cast.

Most of these counties used a keypunch voting

machine in which voters select a
"card
candidate by using a stylus to poke oui a hole
in a next to the candidate,s name.
Two voting irregularities were traced to the
use of these machines. The first irregularity
was that sometimes the stylus doesn't punch
the r,ot. .t.unty, r.."irg a tiny, rectangular
piece of card hanging by one or more corners.
votes with ,,hanging chad,, are typically
not counted by automatic vote tabulators. The
manual ,..ou.rifo.used on identifying
ballots with hanging.chad that ought to have
been counted. The second irregularity
was that some voters in palm Beach county
were confused by its ,.butterfly balrot,, and
mistakenly punched^the hole corresponding
to Reform r.riy .."ala"te pat Buchanan
rather than the hole for Democratic iandidate
) rnt confusion may
Al Gore (Figure o.rl.
have cost Al Gore the votes he needed to
win Florida toO]."

{fiFPUETICAN}
GtO8Gt W. BUSII mrsrorrr
Sl0f, 8ll[*ft tl*mtrwrr
{fr$'iflN't
7Al &rl*l*&***,wxw*z .
t$$LAfWlt*,*awwc

Frcunn 6.9 The layout of the ballot" apparently led thousands of parm
."butterfly
countS Florida voters supporting Beach
candidate Al Gore to punch the hole associated with pat
Buchanan by mistake. lalnrVideworld photos)
 6.5 ONUNE VorINc 335

6.5.2 Proposals
The problems with the election in Florida have led to a variety of actions to improve the
reliability of voting systems in the United States. Many people have suggested that voting
via the Internet be used, at least as a way ofcasting absentee ballots. In fact, online voting
is already a reality. It was used in the 2000 Alaska Republican Presidential preference
poll and the 2000 Arizona Democratic Presidential primary [61]. Local elections in the
United Kingdom used online voting in 2001. One hundred thousand Americans in the
military and living overseas were going to have the opportunity to vote over the Internet
in the 2004 Presidential primaries as part of the Secure Electronic Registration and
Voting Experiment, until the government cancelled the experiment at the last minute
162]l.

6.5.5 Ethical Evaluation

In this section we make a utilitarian evaluation of the morality of online voting by
weighing its benefits and risks. The discussion assumes that online voting would be
implemented via a Web browser, though similar arguments could be made if another
technology were employed.

BENEFITS OF ONLINE VOTING

Advocates of online voting say it would have numerous advantages: [63]:
Online voting would give people rvho ordinarily could not get to the polls the
opportunity to cast a ballot from their homes.
Votes cast via the Internet could be counted much more quickly than votes cast on
paper.
Electronic votes will not have any of the ambiguity associated with physical votes,
such as hanging chad, erasures, etc.
Elections conducted online will cost less money than traditional elections.
Online voting will eliminate the risk of somebody tampering with a ballot box
containing physical votes.
While in most elections people vote for a single candidate, other elections allow
a person to vote for multiple candidates. For example, a school board may have three
vacancies, and voters may be asked to vote for three candidates. It would be easy to
program the voting form to prevent people from accidentally overvoting-choosing too
many candidates.
Sometimes a long, complicated ballot resuits in undervoting-where a voter acci-
dentally forgets to mark a candidate for a particular office. A Web form could be de-
signed in multiple pages so that each page had the candidates for a single office. Hence
online voting could reduce undervoting.

RISKS OF ONLINE VOTING

Critics of online voting have pointed to numerous risks associated with casting ballots
over the Web [63]:
336 Cueprrn 6 CoMpursn aNo NErwonr SrcunIry

Online voting is unfair because it gives an unfair advantage to those who are finan-
cially better off. It will be easier for people with computers and Internet connections at
home to vote.
The same system that authenticates the voter also records the ballot. This makes it
more difficult to preserve the privacy of the voter.
Online voting increases the opportunities for vote solicitation and vote selling.
Suppose person X agrees to vote for candidate Y in return for getting a payment from
Z. If person X votes from his personal computer, he could allow person Z to watch as he
cast his vote for I
proving that he fulfilled his end of the bargain. This is much less likely
to occur at an official polling place monitored by election officials.
A Web site hosting an election is an obvious target for a DDoS attack. Unlike
corporate Web sites, which have attracted the attention of teenage hackers, a national
election Web site could attract the attention of foreign governments or terrorists trying
to disrupt the electoral process. What happens if the Web site is unavailable and people
are not able to access it before the election deadline?
If voting is done from home computers, the security of the election depends on the
security of these home computers. The next few paragraphs describe ways in which the
security of home computers could be compromised.
A virus could change a person's vote without that person even suspecting what had
happened. Many people have physical access to other people's computers, giving them
the opportunity to install voter-deceiving applications in the weeks leading up to the
election. Alternatively, a rogue programmer or group of programmers within Microsoft,
AoL, or another consumer software company could sneak in a vote-tampering virus.
A remote access Tiojan such as SubSeven lurking in a voter's computer could allow
a person's vote to be observed by an outsider. A RAI could even allow an outsider to cast
a ballot in lieu of the rightful voter.

An attacker could fool a user into thinking he was connected to the vote server
when in actuality he was connected to a phony vote server controlled by the attacker.
For example, the attacker could send an email telling voters to click on a link to reach
the polling site. when voters did so, they would be connected to the phony voting site.
The attacker could ask for the voter's credentials, then use this information to connect
to the real voter site and cast a vote for the candidate(s) desired by the attacker.

UTILITARIAN ANALYSIS
A utilitarian analysis must add up the positive and negative outcomes to determine
whether allowing online voting is a good action to take. Recall from Section 2.6.2 that
not all outcomes have equal weight. We must consider the probability of the outcome,
the value of the outcome on each affected person, and the number of people affectecl.
Sometimes this calculation is relatively straightforward. For example, one of the
benefits of online voting is that people who voted online would not have to travel to
a polling place and wait in line. suppose online voting replaced polling places in the
United States. This change would affect about 50 percent of adult Americans (the ones
 6.s ONrrNr VouNc 337

who actually vote) [64]. We can estimate that the ayerage voter spends about an hour
traveling to a polling place, waiting in line, and traveling back. The average annual salary
in the United States is about $37,000, or about $18.00 per hour [65]. We could compute,
then, that the time savings associated with replacing polling places with online voting
would be worth about $18.00 times one-half the adult population, or $9.00 for every
adult.
It is more difficult to come up with reasonable weights for other outcomes. For
example, a risk of online voting is that a DDoS attack may prevent legitimate voters from
casting their votes before the deadline. While an election result that does not reflect the
will of the voters is a great harm, the weight of this harm is reduced by three probabilities:
the probability that someone would attempt a DDoS attack, the probability that a DDoS
attack would be successfirl, and the probability that a successful DDoS attack would
change the outcome of the election. Experts could have vastly different estimates of these
probabilities, allowing the scales of the utilitarian evaluation to tip one way or the other.

KANTIAN ANALYSIS
A Kantian analysis of anyvoting system would focus on the principle that the will of each
voter should be reflected in that voter's ballot. The integrity of each ballot is paramount.
For this reason, everyvote should leave a paper record, so that in the event ofcontroversy
a recount can be held to ensure the correctness of the election result. Eliminating paper
records in order to achieve the ends of saving time and money or boosting voter turnout
is wrong from a Kantian perspective.

CONCLUSIONS
We have surveyed the potential benefits and risks of holding elections online, and we
have examined the morality of online voting from a utilitarian and a Kantian point of
view
Are we holding computers up to too high a standard? After all, existing voting sys-
tems are imperfect. There are two key differences, however, between existing mechanical
or electromechanical systems and the proposed online system.
Existing systems are highly localized. A single person may be able to corrupt the
election process at a few voting places, but it is impossible to taint the election results
across an entire state. A Web-based election system would make it much easier for a
single malicious person to taint the process on a wide scale.
The second difference is that most current systems produce a paper record of the
vote. Where paper records do not exist, there is a push to make them mandatory [66].
When all else fails, the hard copy can be consulted to try to discern the intent of the
voters. A Web-based voting system would not have paper records verified by citizens as
true representations of their votes.
There is already evidence of tampering in online elections. In April 2002 Vivendi
Universal, a Paris media conglomerate, held an online vote of its shareholders. Hackers
caused ballots of some large shareholders to be counted as abstentions [63]. If a private
338 Cneprrn 6 Colrpursn aNo Nnrwonr Spcunrry

election can draw the attention of a hacker, imagine how much more
attractive a target
a California election Web site will bel
Bruce Schneier has written, "A secure Internet voting system is
theoretically pos-
sible, but it would be the first secure networked applicatiJr, !u.,
created ir, .ompuiirrg
history" [67].
Ary election system that relies upon the security of personal computers managed
by ordinary citizens will be vulnerable to electoral fraud. For this reason
alone, there
is a strong case to be made that a government should not allow online
voting to be
conducted in this way.

Summary
As computers become more fully integrated into our lives, the
issue of computer security
becomes more important. This chapter has described ways in which
programs or people
can gain unauthorized access into computer systems.

. Ulauthorized programs are categorized as viruses, worms, or Tiojan horses. A virus

is a piece of self-replicating code embedded within another p.og.u*. viruses
can be
found anywhere programs can be found. peopre can spread virrr.iy.".hunging
floppy
disks or cDs or sharing files on peer-to-peer networks. A worm is
a self-contained
program that takes advantage ofsecurityholes to spread throughout
a network. A worm
is more autonomous than a virus. once launched, a worm can spread
without any
human assistance. A Tiojan horse is an apparently benign p.ogru* that
concears a
malicious purpose. Remote access Tiojan horses (RAIsl ur. oft.rr-.oncealed
inside files
containing sexually explicit videos or photos. once downloaded, a RAT
enables the
attacker to access the victim's computer. system administrators play
an important role
in securing systems against these external threats.
A person who accesses a computer without authorization is called a hacker.
A
phreak is someone who manipulates the phone system in order
to make free calls. As
telecommunications companies began computerizingtheir equipment
in the 19g0s, the
line between hackers and phreaks got brurry. a we[-kio*r, g.oui
of hackers in the l9g0s
was the Legion of Doom. Its members wrote "how-to" arti;les
for hackers and phreaks.
These stories were widely published on BBSs. In 1990 the
U.s. )ustice Department and
the Secret Service made a number of widely publicized raids to curtail
the activities
of hackers and phreaks. Many hackers and phreaks served prison sentences
for their
activities. However, the Secret Service violated the Electronic Communications privary
Act when it shut down the BBS of Steve Iackson Games.
Denial-of-service (Dos) attacks prevent legitimate users from making
use of a com-
puter service. There are different kinds ofDos attacks, including
physical attacks on a
server, attacks that tie up a server's memory or disk space, attackls
thut .onru-e all the
network bandwidth to tie server, and attacks that attempt to ..crash,,
the server. In the
past few years, distributed denial-of-service (DDoS) attacks
have become u ,ig"ifi.""t
 Rcvrcw QursrroNs 339

new threat to prominent web sites. Again, system administrators

can take a variety of
actions to ensure the computers they are responsible for do
not contribute to DoS at-
tacks.
online voting has been suggested as one way of eliminating problems associated
with traditional voting systems, and experiments'in online votinlgiave
already begun.
While online elections would result in some benefits, the risla a.e"e*te.rsive.
In'partlcu-
lar, a networked application is only as strong as its weakest link.
If people are allowed to
vote from their home computer, that is likely to be a weak link
that could be exploited
by those determined to affect the outcome of an election.

Review Questions
1. What is a computer virus?
2. What is a computer worm?
3. What is the difference between a virus and a worm?
4' Soon after the Internet Worm was released, Andy Sudduth sent
out an email explaining
how to stop the worm. Why was this email of no help to the system
administrators
fighting the spread of the worm?
5. what are the two reasons why a fast-moving worm is usually more
dangerous than a
worm that replicates more slowlyl
6. In what way could slow-moving worm be more dangerous than a fast-mo'ing worm?
a

7' Name one virus launched by a computer science student. Name one worm
launched by
a computer science student.

8. What is a Tiojan horse?

9' Why is it dangerous for an email program to open attachments automatically,
without
waiting for the user to select them?
10. Explain the origins of the terms ..hacker,, and ,,phreak.,,
11. What was the first major network to get hacked?
12' what parallels does the author draw between hackers/phreak
and those who download
MP3 files of copyrighted music?
13. What is a denial-of-service attack?
14' In what way is email bombing like spamming? In what ways are they
different?
15. Explain how computer worms are used in certain DoS attacks.
16' Why can't the administrator of a Web server stop a DoS attack by
configuring the server
so that it refuses to accept any packets from the attackert
computer?
17. lMhy is the filtering of outgoing Internet traffic an important
tool in the fight against
DoS and DDoS attacks?
l8' Explain two different ways a vote thief could cast multiple votes in an online election.