Personal Computer News
23rd March 1985
Published in Personal Computer News #104
Hacking - A Threat Or A Red Herring - Homefront
Once upon a time, when the world was a simpler, more innocent place, a hacker was someone who played golf badly. The threat to society was limited to low-flying golf balls going out of bounds near the main road.
Now, according to some, the fabric of western civilisation lies in jeopardy. A small number of computer users armed with some software, a little black box called a modem, and enough ingenuity may bring about the collapse of financial, commercial and government institutions.
Sadly, these prophets of doom are a little short of evidence. The bulk of computer crime is straightforward fraud and embezzlement. Hacking doesn't enter the picture. The documented cases of hacking are less damaging: the break-in of Prince Philip's Prestel mailbox, a bunch of New York schoolkids who tried to order a case of Pepsi without paying, and the American group who went joy-riding through the computers of various US universities and NASA.
Of course, the doomsayers point out, the potential for damage is immense, which raises three interesting possibilities. First, hacking is a very limited pastime and those indulging in it are such good chaps they're not hurting anyone. Second, hacking is widespread and extremely damaging but the victims aren't telling anyone they've been got at.
The third, and most likely possibility, is that hacking is limited but causes some serious damage while the victims pretend it didn't.
And there's the rub. If anyone hopes for the hacking threat - both real and potential - to be taken seriously, those who have been hacked will have to come clean; and act.
It may be commercially damaging to admit publically to a breach of security but the alternative is continued uncertainty about the scale of the problem. The Pepsi incident is a great deal more serious than is obvious at first. A company named Canada Cement LaFarge had one fifth of its data wiped by the hackers blundering through the files. The search for the culprits and re-entering the data finally cost more than $250,000. The hackers were found but not prosecuted.
Until companies and governments own up to breaches of security and act against the perpetrators, no action will be taken, thus allowing the real threat to continue.
The danger does not lie in mischievous individuals breaking into mailboxes or the incidental damage to files. The opportunities open to criminal and terrorist groups are exactly the same as those available to a 16-year-old with £200-worth of computer comms equipment.
It would be easy to deride those who worry about hacking. A former IBM security chief rated hacking as only 3 per cent of the total threat to computer installations, way behind operator error, deliberate damage by employees and natural disaster.
On the other hand, it would be easier still to call for a blanket ban on the individual ownership of the necessary equipment. This would, however, hurt the innocent as computer communication has many valid, interesting and enjoyable uses (hence our "hacking" feature this week).
Cars kill people but society has evolved rules, regulations and attitudes to cope with it. We will have to do the same with computer security.
No-one should doubt the ability of any government to deal with the problems. The illegal use of citizens' band radio - arguably of far less concern - was dealt with swiftly and effectively.
One solution may be a requirement for modem owners to obtain a licence for their equipment in the manner of cars, television and ham radios. This could have beneficial side effects if some of the money generated were diverted back into the pockets of the computer industry.
However, before we start considering bureaucratic involvement, we ought to establish the scale of the problem. Hackers themselves are the least reliable source of information as they have a vested interest in either exaggerating or playing down their exploits.
It is the victims - if there are any - who must honestly answer the question: "Have you been hacked lately?"
Peter Worlock