Wire Pirates :: essays research papers

Wire PiratesSomeday the Internet may become an information superhighway, but right now it ismore the like a 19th-century railroad that passes through the badlands of the OldWest. As waves of new settlers flock to cyberspace in search for freeinformation or commercial opportunity, they give birth easy marks for sharpers whoplay a keyboard as deftly as Billy the Kid ever drew a six-gun.It is difficult even for those who course it every day to appreciate how much theInternet depends on collegial trust and mutual forbearance. The 30,000interconnected computer networks and 2.5 million or more accustomed computers thatmake up the system swap gigabytes of information based on nothing more than adigital handshake with a stranger.Electronic impersonators back tooth commit slander or solicit criminal acts in someoneelses name they can even masquerade as a trusted confrere to convince someoneto reveal sensitive personal or business information."Its like the Wild West", says Donn B. Parker of SRI "No laws, rapid growthand enterprise - its deplume first or be killed."To understand how the Internet, on which so many base their hopes for education,profit and international competitiveness, came to this pass, it can beinstructive to look at the security record of other parts of the internationalcommunications infrastructure.The first, biggest error that designers seem to repeat is adoption of the"security through obscurity" strategy. Time and again, attempts to sustain a systemsafe by keeping its vulnerabilities secret have failed.Consider, for example, the running war between AT&T and the phone phreaks. Whenhostilities began in the 1960s, phreaks could manipulate with relative ease thelong-distance network in order to make unpaid telephone calls by playing certaintones into the receiver. One phreak, flush toilet Draper, was known as "Captain Crunch"for his discovery that a modified cereal-box whistle could make the 2,600-hertztone r equired to unlock a trunk line.The beside generation of security were the telephone credit cards. When the cardswere first introduced, credit card consisted of a sequence of digits (usuallyarea code, number and billing office code) followed by a "check digit" thatdepended on the other digits. Operators could intimately perform the math todetermine whether a particular credit-card number was valid. But also phreakscould easily figure out how to generate the proper check digit for any giventelephone number.So in 1982 AT&T last put in place a more robust method. The corporationassigned each card four check digits (the "PIN", or personal identificationnumber) that could not be easily be computed from the other 10. A nationwide on-line database made the numbers available to operators so that they could