Bad Guy Personalities
EXPLAINING PERSONALITIES FOR ESPIONAGE AND DESTRUCTION
by: Thomas V. Sobczak, Ph.D., PE
INTRODUCTION
Your proprietary knowledge is at risk. Americans, secure in emerging world peace,
contribute to information weakness by embracing with certainty the fact that someone
has secured proprietary data they use daily. Those with access privilege to proprietary
data do not value nor protect it as they protect physical assets. Subcultures called
"HACKERS," "CRACKERS," "PHREAKERS," etc. create a huge security breach in the
storehouse of data that drives American capitalism. The days of James Bond and a "00"
corps are long gone and forgotten. Sam Sacker, a super computer nerd with seasoning
in hobbyist electronics is the inadvertent malefactor or spy supplanting the old style
aggressive secret agent.
Sam manipulates capitalism from home using his computer, modem, telephone and
scanning software. He uses off the shelf hardware to tap telephones, listen to cellular
and to monitor supposedly secure wireless RF. He advertises each new success on his
favorite Bulletin Board System (BBS) or on surreptitious areas of the INTERNET. No
one can know Sam's identity because he uses a Handle, i.e., a pseudonym to protect
him from detection. He is vain. Sam sacks to prove how much better he is in
comparison to other high tech cultists. He is a contrast to his ego. Tell Sam that
information in a computer in someone's factory or engineering files is unreachable and
you generate a quest for the holy grail. He will not cease his effort until he owns the
data. Years ago security experts worried about dumpster divers. To day fear of those
who breach firewalls, create virtual IPs, or collect E-mail is prevalent. Most Sams have
no use for the information they pirate. They go to extremes to prove their skills are
superior to those of any data protector. If we properly focused Sam's ability, American
capitalism would be number one in place of number five in economic growth.
I estimate 10,000 Sackers live in the United States. This compared with 110,000 bad guy
hackers and 250,000 hacker helpers, individuals who clone true hacking abilities. An
equal number at the same ratio live in technologically advanced countries around the
world. Foreign Sackers may be in the employ of governments or individuals engaged
in nefarious activities. Sacking has become a "Big Time" thrill maker. Sacking puts you,
me, and the security of America's manufacturing data at risk. These techno-cretins
share their corruptive knowledge with those limited to hacking or copying hacker
technique. It gives Sam pleasure to unleash his ego through others. Anyone knowing
the appropriate keywords or KWICs can obtain from cyberspace education necessary
to evolve into a Sacker.
Early computer hackers were predominantly high school or college students. The
availability of home computers, and the teaching computer basics at the grade school
level lowered the average age of the 1970's hacker to 13.2 years. I derive my estimate
from demographic samples developed during our research into the mentality of those
who break into computers and/or businesses for fun. The overwhelming majority of BBS
owners and users of BBS are younger than 25 years of age. We can download software
to create a BBS on any home computer from almost any Knowledge type BBS or using
FTP on the INTERNET.
Young people naturally form cliques and congregate in peer groups. Formation of
spying, telephone phreaking and hacking gangs is inevitable as egos collide. Gangs
usually choose targets randomly. They choose targets to create a sense of purpose
among participants. One might compare this with Hitler targeting the Jews. If dad works
for John Deere, attacks might take place either to get back at dad or to punish Deere for
a perceived insult to Dad. Blue Collar parents of bright teens usually do not, themselves,
understand the power and danger of the computer. Young people living at home are not
subject to the same parental restrictions that would govern the use of the family car. In
traditional families that seek to shelter their youngsters. Promiscuous computing
happens and is accepted by default, i.e., activities performed alone in ones room in the
sanctity of one's home cannot be bad. Most times these parents associate good grades
with their investment in a home computer and modem.
Middle class parents view the home computer as an excellent baby-sitting device. When
their child spends an evening quietly in his or her room with the computer, the parents
feel that their offspring cannot get into trouble. He is doing home work or studying but
definitely learning. In reality, teens may be engaging in electronic espionage that has
very serious implications. Losses to the software industry, due to pirating, i.e., stealing
commercial software by removing copy protection and then making pirated software
available on BBS that claim no liability for the programs provided to them by their users,
are enormous. Usually an ACLU lawyer prepared the prominently displayed disclaimer
at log-on to a BBS.
Many self-proclaimed gang leaders are older, more experienced college age or beyond,
perhaps graduate students or teachers. They are interested in sacking not for the
intellectual challenge, but for financial rewards. Hacking a corporate computer can earn
extra spending money when a fagin offers money for knowledge. The Sacker thinks
knowledge does not mean anything to anyone but "nerdy" engineers and/or
programmers. Major players in the Financial/Banking Industry have paid bribes
rumored to be valued in six or seven digits to obtain contractual agreements that criminal
hackers would not share their exposure on BBS.
We have identified several adult figures as the guiding forces behind the "cracking" and
distribution of pirated software for resale to the public. Many adults openly solicit credit
card numbers from juvenile hackers in exchange for fraudulently obtained software and,
often illegal, inoperative equipments. Some teenagers seek notoriety and acclaim from
their peers. They strive to be the world's best sackers or to have broken into the
greatest number of systems simply because the machines were there to be corrupted.
This is done without regard to ethics or morality. Few high schools and colleges teach
courses in computer /information /intellectual property ethics.
Some youth form gangs, such as the infamous "Milwaukee 414 gang" of yesteryear, that
are role models for current gangs.. Facilitators orient these semi-professional groups
to an industry or specific topic. A group from Delaware/New Jersey did nothing more
than become expert in satellite communications. Their research results allowed people
to contact and use FLTSATCOM on demand. Some gangs, fancifully called clubs, are
national in nature, like the "Inner Circle"; or international, like the CHAOS Club or the
Swiss Crackers. Members of these gangs equal 1960s Bikers in the electronic age.
Many code cracking and software pirating clubs have headquarters in Europe.
Significantly fewer numbers of gangs/clubs, potent in their ability to steal, are found in
India, Singapore, Japan and Israel. Fagins transfer industrial secrets to Eastern Europe,
India or Israel in minutes. A designated BBS, the main base of operations, serves as a
secure communications center. The 414s had a private BBS that was so secret it did
not have a name. The Inner Circle had Securityland BBS and illegitimate accounts on
GTE'S Telemail network and BITNET. CHAOS operates on a variety of BBS's in both
the U.S. and Western Europe. The Swiss Crackers have baffled local and international
law enforcement agencies as to the host device's true whereabouts. The Sysop has a
way of changing the BBS's logical location or IP address weekly without moving the
master computer's physical location.
The evolving Sacker is manipulative and contemptuous of others. A true Sacker genius
has crossed nodes from BITNET to INTERNET to ARPANET to MILNET to JSANS, etc.
The topology of all networks with designated crossover nodes, i.e., nodes that connect
two or more networks, are available to those with the appropriate level of privilege on
several BBS. As a research exercise one group developed the topology for the 264
super computers integrated into the NSFNET and involved itself in DOE, NASA, DOD,
etc. for no particular reason beyond doing the task as an exercise in logic. What
occurred during research was the unearthing of Col. John Alexander's hacker project at
LANL.
Sam Sacker, most likely, graduated from a good college or technical school. He has
disposable income from a good job that allows him to own quality equipment. Or, his
equipment is available in the workplace. They trust Sam so no one watches his activity.
He has an INTERNET provider. Sam blunders about the INTERNET validating locations
and links. He is more "Yuppie" than "Yippie." His "nerdiness" makes him the least likely
candidate to garner suspicion. Further, his employment and responsibilities do not
match the profile thought to be criminal. Sometime Sackers get caught. A Wall Street
Brokerage fired and is prosecuting two such individuals. Dozens of Wall Street others
remain.
Sackers are impulsive. They take unanticipated and ordinarily outlandish actions that go
unnoticed by the bureaucracy because "no one is that foolish." Hackers turn to crime
due to their low tolerance toward frustration. It bothers them not to be noticed. Social
psychologists attempting to define the psychology of a Sacker will find a narcissistic
personality In every player. Sam Sacker will call Mrs. Quayle's telephone number at the
Vice President's Office (202)456-7022 and ask to speak to Mrs. Gore. Names change
but telephone numbers remain with their office locations, except the line stolen for
Hillary's FAX during the health care Commission. That FAX, hackers still monitor it,
carries messages interesting to some.
Common sense goes a long way toward understanding and compromising a superior
sacker. A professional sacker realizes that the effort involved in changing telephone
connections to a computer are massive. He, therefore, does not use the new exchange
after a firm expands its telephone capacity. A good example is the NASA's Huntsville
facility (Marshall Space Flight Center). Smart Sackers still use the original dial-up and
access codes. Imagine beginning at Marshall Space Flight Center and migrating to the
Boeing Data Systems proprietary network or to SAIC. SAIC has single sign-on. Once
admitted to the SAIC node at Huntsville, you have access to any system SAIC is under
contract to set up or maintain. Insecurity at a small 8(a) firm outside Boston offers the
same opportunity in the Defense Intelligence Community.
When any individual takes on new responsibility, he or she should consider changing
the telephone, FAX and Beeper numbers used by his or her predecessor. Those with
a White House internal telephone directory (available on BBS) can find people by job
title. The Secret Service proves itself a bureaucracy by missing this security flaw.
Bulletin Boards become the repository of seemingly trivial data segments that, properly
organized and structured, produce knowledge affect the security of normal business.
They give away facts that should be proprietary. Insiders have said that the 13 agencies
that comprise the Intelligence Community Staff spy on each other. Poor Vicki Barr
(DCI's Intelligence Community Staff) has to make sense of their egoism.
Organized crime may use BBSes the same manner as teenage hackers use them. I
think that organized crime is controlling several BBS systems in the Midwest, the New
York City area, and in Florida. One informant claims a BBS is in a betting parlor in an
outlying county next to NYC. Criminal EDI works.
Malefactors easily recruit teenagers to act as information gatherers for organized crime.
Young people work for little or nothing and, commonly, do not even know that they are
being used. Criminals have approached adult hackers and offered large sums of money
to tamper with banking and credit-data computer systems. ATM's have been interdicted
regularly by college level sackers from technologically oriented schools. Organized
crime is moving into this new area, digital crime. There is a real and present danger if
BBSes continue to be allowed to operate without selective monitoring of malicious
software being distributed to novices who might get lucky.
The person I describe as a Sacker is incapable of loyalty to any individual or group.
Most inquisitive computer/electronics hobbyists wear "white hats" and are called "super
users" by their peers. Sam Sacker, industrial spy/data thief/techno-terrorist, may work
at manufacturing, financial or retail jobs from 8:00 A.M. to 5:00 P.M.. He is usually a
dependable and self-motivated employee. He gets raises and promotions. He would
never think of compromising the sanctuary offered by his work place. Similarly, he could
not care less whether you, I, or anyone else brooked his employer's resources, if they
leave him alone. When he leaves work, Sam Sacker is on his time, in his space, free
to do those things that are not meant to be malicious. Yet, his actions produce by-
products that cause ravage and ruin his targets.
Sam uses any one of a dozen telephone number scanning computer programs or
network sniffers to find computer hookups, Network/INTERNET access nodes, and
phone mail. He might use these to browse the data content, using the available
computing power he enters for game playing, or as a product to sell to another hacker.
Professional Sackers pass through dozens of computer nodes to reach targets to
prevent creating an audit trail of their movements in cyberspace. This professional is
virtually untraceable. The New York City Police Department has yet to find the individual
who takes control of dispatch and reeks havoc on operations in Manhattan. The
Professional Sacker will find many connections to telephone switches. To avoid
detection, a seasoned sacker seldom uses the same connection for more than three
days. Frequently he will identify the targeted device telephone number, access code ID
and password, that he misused, on other BBS when he completes his ego trip. The
follow-on users are less than professional copyists, who, by the absence of "technical
smarts" get caught, prosecuted and convicted. The FBI has yet to capture and convict
a major hacker from its Sun Devil scam.
Computer networks are path ways to hidden resources. Large corporations misuse
networks without specific intention. Security managers at these corporations have egos
that say "Sackers would not dare trouble me." Sackers hack most large supposed
secure corporations. Data is diddled as a lark. Management never admits their loss.
They pay bribes and tribute to conceal their problems.
The law favors the sacker or industrial spy. Lawyers advise that he elect jury trial when
they catch him. A large equipment manufacturer set precedent which others have
followed, i.e., back off and pay off. The paid off perpetrator does not make public the
details of how anyone exercising common sense and using tools available from BBSes
can break into this or similar systems. Imagine sitting in court and learning the
telephone numbers, IDs, Passwords and weaknesses of major corporate computer
systems. It boggles the mind when you consider that the law spends more time
protecting the rights of the accused than it does guaranteeing justice to the victim.
American freedoms are our own worse enemy now and more so in the future.