::::::::::::::::::::::::::::::::::::::::::::::::::::::April/99
::: The Discordant Opposition Journal ::: Issue 4 - File 2 :::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

 :Hacker vs Sysadmin: 
  cronus

  Who is more right? The hacker who is just trying to learn or
the system administrator just trying to keep a server online?
This is the eternal question in the computer underground. Who
is more right and who should be victimised? Should the hacker
still be imprisoned for his curiosity? Should the sysadmin
be protected from the criminals who want to infest their boxs?

Introduction

  The hacker is a computer enthusiast who longs to learn as
much about computers, networks and security as possible. Often
a school or college student, the hacker can't usually pay for
their access and are either using a home PC or a college access
terminal. Learning from experimentation and time online playing.
  The system administrator is a computer professional who has
gone to college. They probably have some sort of degree such as
computer science or network administrating. They spend their 
days in an office working on the system that they administer. 
They are being paid for their effort and have much more advanced
and sophisticated tools at their discretion. 
  And despite the more advanced hardware and software tools that
the sysadmins have, they still get their security tested more
often then not by hackers. 

Explanation

  The hackers inhabit the computer underground and are basicly
hacking for their own gain. I don't mean that they are actually
making a profit from their activities just that they are doing
what they're doing for their own benefit. They are learning and
growing from their experiences and haven't even given any 
thought to the consequences. The side-effects of what they are
doing doesn't even cross their mind until they're so deep into
their hacking that they've already crossed the line.
  The sysadmins inhabit the nine-to-five world of corporate
life. They sit at a desk getting paid for their time. They are 
the ethical ones. The sysadmins sit on the right side of the
law and because of that, aren't shunned in the way hackers are.

Law

  Their is a thin line between legality and illegality when
hacking is talked about. The hacker usually rests just on this
imaginary line. The main problem isn't the fact that they could
cross the line and break the law, the problem rests in that 
most hackers don't know where the line is and when they've 
crossed it.
  For the sysadmin there is no real question of legality. They
always have the law on their side, but to balance they have to
deal with the annoying hackers.
  The main problem with that laws of hacking are that they are
so undefined. Wire fraud has been a problem for banks and all
sort of financial institutions for decades. And because of its
history there are strict laws to handle it. But hacking is a 
very recent phenonomine that has yet to reach the epidemic 
level that requires it to be governed. So far, traditional laws 
have been sufficient to handle the current trickle of hacking 
cases.

Ethics

  Since the law is undefined in this area. The next best thing
is morality and ethics. This isn't an article on ethics, so I
intend to simply explain it from both points if view.
  The hacker must respect the time and effort that the admin 
had put into their system. The hacker has shown their skills
by gaining access, it is not necessary to trash the content of
the server just for kicks. Keeping a backup of any information
that you change and leaving a message for the sysadmin detailing
how you got in and how to plug the hole. These are simply good
basics, the ethics of the whole hack are much more complex. Do
you intend to make any sort of financial gain from the hack ? 
Such as sell the information on the server to a competitor or
sell your skills to the sysadmin to plug the hole. Also should
the hacker deface the webpage on the server simply to 'shout 
out' to their friends ? The ethical answers to these questions
should be no, but as I said this isn't an article on ethics.
  The sysadmin should respect the fact that the hacker also put
time and effort into the hack. And although the server should
be patched and the webpage replaced with the right version, but
assuming the hacker didn't damage the server or steal valuable
information then there is little cause to try and get the hacker
arrested. He did make unneeded work for you, but it was your
job to secure the server and he showed you how to improve your
work. It would be like a customer in a shop offering money back
to the attendant because they were given too much change. Just
showing you the weakness in your work.

Interest

  The original interest is in the learning and experimenting
with computers and networks. The thrill comes later after the
hacker begins to penetrate and intrude into computers that they
shouldn't have access to. 
  For the sysadmin the interest lies in working with computers
and software and learning on a day to day basis. Their is a 
certain thrill in chasing a hacker that has infiltrated your
network. The 'Cuckoo's Egg' is a book written by Cliff Stoll 
that documents his excitement in chasing a hacker that attacked
his network. Although the sysadmin doesn't necessarily have 
to contend with hackers, but when they do they can enjoy the
thrill without the danger of breaking the law. 

Conclusion

  I reckon more hackers will read this then sysadmins, but I
hope that whoever reads this will see the two points of view.
It is important no matter which side your on to consider the
opposition and not to be overly arrogant.

   ... intoxicated with the madness ...
         cronus (at) iol (dot) ie
  ___________  ____   ____  __ __  ______
_/ ___\_  __ \/  _ \ /    \|  |  \/  ___/
\  \___|  | \(  <_> )   |  \  |  /\___ \ 
 \___  >__|   \____/|___|  /____//____  >
     \/                  \/           \/ 
      http://homepages.iol.ie/~cronus