HPPUB BOOK REVIEW

Author (or Editor): Verton, Dan

Title: The Hacker Diaries: Confessions of Teenage Hackers

Fiction? Anthology?  

Publisher: McGraw-Hill

Date: 2002

ISBN:  0-07-222364-2

Series Name:

Physical description: hardbound

Relevance to HPPUB: 

Review:

As the title implies, this book tries to get into the minds and motivations of teen and young adult hackers over the past fifteen years (not all have been male). The book gives historical details of a number of famous hackers, ranging from Kevin Mitnick to “MafiaBoy” and “RaFa.”

There is no magical explanation, of course, of the hacking problem. Part of the problem lies in the nature of open systems and modern computing, where any component (“object”) of a network (Internet) can access any other component directly, if the appropriate methods have been developed. This is in contrast to mainframe business paradigms (and even consolidated data stores) where individual users communicate with one another only through a central database (sometimes with a teleprocessing monitor like CICS). Modern computing intermixes business or content processing with technical details in a way that structured design and older security paradigms (emphasizing separation of functions) did not. The actual technical processes of hacking are varied, but are derived from the capabilities of various scripting languages (hence the term “script kiddies”. The processes range from eavesdropping through “buffer overflow” to web site defacement and the planting of viruses and Trojans on other machines and servers, for example to facilitate the launching of distributed denial of service attacks or to cause organizations to cough up confidential customer information.  

The rapid change in technology gives opportunities to persons who do not want to be constrained by old-fashioned rules and who may feel threatened by the pressure to “succeed” as defined by their elders. Some hackers are motivated by the idea that information and content should be public and perceive themselves as doing good (and they may not grasp the ethical intricacies of copyright infringement). Others may be motivated more by a desire to become destructive: they achieve a sense of power and control in a world that they do not perceive as having legitimate values.

There is a certain kind of mechanical “male” curiosity about “how things work” and very intense mental concentration in hacking, perhaps akin to the concentration of speed chess (especially for players good with tactics and endgame calculations). This is a talent different than that previously required by businesses who needed steady but sometimes colorless performance from systems analysts. Yet, at least one hacker said that he could fix computers but not cars, so it is still a matter of personality investment. 

In general, however, “computer geeks” really represent all kinds of personalities. Not all are introverted “nerds” who cannot compete in an “ordinary.” The hacking problem is a bit like insider trading, perhaps.  One cannot generalize. For example, by self-publishing and placing my own materials on the Internet I can “infect” public debate in a non-intrusive and non-destructive way. But I have incentive to play by the rules of law.

A good (but older) text on hacking and security is Lars Klander, Hacker Proof: A Guide to Network Security, Houston: Jamsa Press, 1997.

In 2003, Dan Verton came out with a sequel, Black Ice: The Invisible Threat of Cyber-Terrorism (New York: McGraw Hill/Osborne: 2003), ISBN 0-07-222787-7. Verton does a pretty thorough job of documenting the vulnerabilities of our inter-connected society, and he comes up with some startling fictional terrorist scenarios. Many of his predictions, however, still involve physical destruction of infrastructures as much as hacking. Hackers, however, can corrupt medical records, 911 systems, Internet routing controls, and banking transactions.One wonders why some critical infrastructure controls can be reached through the public Internet at all. One issue that he could go into more is the responsibility of the individual home user or small business owner, and maybe the idea that some users should be licensed to make sure that they understand data security. If someone’s computer or serve is hijacked to participate in an attack (or, more likely, misused by a household member like a kid) that person could face criminal or at least civil liability. A related article is Barton Gellman, The Washington Post, June 27, 2002: “Cyber Attacks by Al Qaeda Feared: Terrorists at Threshold of Using Internet as Tool of Bloodshed, Experts Say.”

Related: Movies: Hackers, The Net