Advertisement

None

Reading Rudenstine's Email

Right now, I'm reading your electronic mail. I have no idea who you are, but you made a mistake. All it takes is one mistake for those thoughts and secrets you held most dear to be distributed to anyone I choose. Your mistake? You left your terminal for only a second in the Science Center basement. Or you were accidentally disconnected over a dialup connection. Or I ripped your password off.

The first rule of computer security is that there isn't any. The only way to keep a computer safe is to unplug the phone line, unplug the network connection, never use diskettes and to prohibit anyone from using it. A windowless room and a handful of deadbolt locks comes in handy, too.

Anything less is an invitation to disaster. The scenario I described happens all too often with the Harvard Arts and Sciences Computer Services (HASCS) computers, the only ones most of us will see during our residence. I have seen more than one practical joke played on the unwary--ranging from replacing the greeting "husc8%" with "Hi [expletive]!" to fake email.

All of which were harmless. I have yet to encounter a truly malicious abuse. But just because I haven't heard of it doesn't mean it isn't happening.

We are very lucky. The relative indifference shown by the University towards computing (as evidenced by the resources they provide) makes targets scarce here at Harvard. We have neither the tradition of hacking nor the proper demographics to have the problems of the technical school down the river.

Advertisement

It seems hackers have been with us since the dawn of computing. "Hacker" used to be a term of respect. Now it is portrayed by the media as the title of a nefarious criminal.

Hacking was popularized in the movie "War Games." It took a young high school student nothing more tan a 300-baud modem and a computer less powerful than some calculators to bring the would to the brink of nuclear war. Prior to this he had changed his grades form borderline passing to honor roll. This was an exploit everyone could relate to.

The motivation behind backing varies. The most malicious is that done by disgruntled employees. They have nothing to lose and knows and system intimately. The most common is the young make (female backers are few and car between). With a few hundred dollars of equipment, the world is at his fingertips.

Most of these young hackers are explorers. They believe strongly in freedom of information. Everything should be known by everyone--or at least by those few both skillful and determined enough to root it out.

Their illegal activities begin small. Stealing free phone service is a favorite so they can call "bulletin boards" across the country and converse with other hackers without their parents' illegal copies of software priced far beyond the means of an adolescent on these board either.

The phone company doesn't play around. The annual cost of pirated long distance is measured in the billions. Getting caught means jail time and a nasty fine. "Philes" on bulletin boards describe everything from breaking into phone switches to hooking up electronic video games to the phone line in order to destroy phone company computers trying to trace the hacker.

The holes here at Harvard are gaping. The five-digit access codes used by the Harvard University Student Telephone Office ensure a working one will be found in ten to 20 tries. While abuse is heavily prosecuted and the extensions are recorded, a quick survey of the wiring beneath my dorm showed that switching my phone line with my proctor's would be cake.

The computer system is even worse. A backdoor into the mail system allows even the most inept hacker to masquerade as President Rudenstine when sending electronic Mail. This means that any email receiyed could be real or it could be a blatant forgery-and the recipient has absolutely no way of knowing.

Other tidbits acquired in less than a year are how to acquire unlimited storage space, an easy method of stealing passwords and how to noxious thing to anyone using a graphics terminal.

Complete power over every file and every user is held by anyone with the root password. My friends at MIT deem Harvard's security too pathetic to be worth a challenge.

Advertisement