Upload
moureen-bushra
View
32
Download
1
Tags:
Embed Size (px)
Citation preview
Research Paper
Kevin Mitnick: Malevolent Creativity in Hacking
Moureen Abd El Shahid
900-08-0774
Research Writing 201: Section 27
Fall ’09 Semester
Professor Doris Jones
Abd El Shahid 1
Abstract
This research paper examines the actions of the most infamous computer hacker in the late
20thcentury, Kevin Mitnick, to prove to his supporters that he deserved the five year prison
sentence he received. Some people argue that Mitnick’s punishment was too harsh, on the other
hand this research paper proves that he did violate several federal laws and made hacking tools
available online and easily accessed by everyone. That is why we need a law that should prevent
the distribution of tools used to hack systems. The paper also analyzes Mitnick’s actions and the
amount of damage they caused to huge companies to strengthen the argument against those who
contend that Mitnick done nothing wrong. Finally the paper claims that computer crime is
becoming a threat to everyone not only to companies. Therefore it is important to raise the public
awareness of the negative consequences that hacking could lead to and that is why Mitnick’s
punishment was necessary.
Abd El Shahid 2
Outline
Thesis Statement: While some claim that Mitnick’s punishment for committing computer
or cyber-related crimes were deemed too harsh, he did violate several federal laws prohibiting
the invasion of private computer databases, which further warrants the need to outlaw and deter
the distribution of tools used to hack these systems.
Introduction
Background
A. The life of Mitnick.
B. The damage he caused to huge corporations.
C. Thesis statement.
Psychology of the hacker
A. Hackers justifying their actions.
B. Invasion of Privacy.
C. Fallacious arguments provided by hackers.
Hacking as an unethical behavior
A. Hacking is an unethical activity.
B. Malevolent hacking inspires further malevolent actions.
C. Creative hackers are the ones responsible for making hacking programs
available and easily accessed by everyone.
D. Survey on teenagers.
According to The California Penal Code Mitnick is found guilty
Abd El Shahid 3
A. Copying software and using it is considered a theft.
B. Mitnick caused huge corporations and institutions great damage.
C. The unconvincing claim of some authors that Mitnick’s actions were
unharmful.
Hacking is becoming a threat to everyone
A. Raise public awareness.
B. Teenagers hacking school servers.
Conclusion
Malevolent Creativity
Introduction
Nowadays systems of large corporations are increasingly getting attacked by professional
hackers. In a survey made by the FBI in the States they found that 87 percent from over a total of
2000 companies reported that their systems had been attacked. From those 87 percent, 20 percent
stated that their systems had been attacked 20 or more times. The damage caused by these
attacks costs each company an average of 24,000 dollars. That is why the activity of ethical
hacking has become so important to most companies. Ethical hackers are computer and network
experts hired by companies to attack their systems to find vulnerabilities that malevolent hackers
could take advantage of. Researchers found that companies with an ethical hacking budget
reduce their chance of being hacked by nearly one-third. “Identifying vulnerabilities in networks,
applications and systems before they can be exploited is a critical step in preventing exposure of
sensitive data, which can severely damage a corporation’s reputation” (Blum). Ethical hacking
helps in protecting systems against theft of intellectual property and improving the overall
Abd El Shahid 4
security but the problem is that some companies could not afford to have an ethical hacking
budget. How would these companies be able to protect their systems from this unethical activity?
That is why Kevin Mitnick, the most infamous computer hacker in the late 20th century, deserved
the excessive punishment he received. Mitnick served a five year prison sentence for committing
various illegal actions like gaining access to various computer networks, used cloned cellular
phones to hide his position and copying softwares. Professional hackers like Mitnick are the ones
that made the activity of ethical hacking necessary for every corporation to protect their systems
against hacking attacks.
Background
Mitnick developed from a child who loved to perform magic tricks and to gain secret
knowledge as much as he can to a dangerous computer hacker who illegally accessed numerous
computer networks, copied software, stole passwords and read private e-mails. He broke into
computer systems of huge corporations such as NEC, Motorola, Nokia, and Sun Microsystems.
He made these companies pay three hundred million US dollars to repair the damage caused by
his attacks. He was the reason that forced these companies later to hire ethical hackers to protect
their systems. Mitnick’s case raised public awareness of the security of computer systems. His
punishment was not excessive as his supporters argue; his punishment will make various hackers
think a lot before invading a private system. “Our vigorous prosecution of Kevin Mitnick sends a
message to anyone else who believes that the new technological frontier can be abused for
criminal purposes” (Mayorkas). While some claim that Mitnick’s punishment for committing
computer or cyber-related crimes were deemed too harsh, he did violate several federal laws
prohibiting the invasion of private computer databases, which further warrants the need to outlaw
and deter the distribution of tools used to hack these systems.
Abd El Shahid 5
The psychology of the hackers is what makes them believe that there is nothing wrong
with hacking. Freeman explained the psychology of the hacker and how a hacker justifies his
malevolent actions by saying that he always uses his talents to break into a system with no
harmful intention. “He justifies his actions by claiming that anything a computer operator can do
should be permitted legally, with no regard for the privacy, property, and other interests of the
owner of a system” (Freeman 4). Freeman believes that these arguments that are provided by
most hackers are false and only stated to defend themselves. Mitnick argued that he does not
consider himself a thief as he did not deprive the companies he hacked from their software he
just copied it without damage. “I've always looked at it as, what I did was wrong and I should
have been punished, but the punishment didn't fit the crime” (Mitnick). These arguments
provided by Mitnick are fallacious because copying software which is worth thousands of dollars
for free is in fact stealing it. Penenberg quoted one of Mitnick’s lawyers who said “If he never
redistributed the information, and never used it or profited from it in any way, how does the act
that he merely copied it deprive the owner of its full value?" He also stated that for such an
abstract kind of crime the punishment Mitnick received was severe. Also some of Mitnick’s
supporters argued that Mitnick’s actions were driven by his curiosity and love of knowledge.
These arguments are also fallacious because if Mitnick hacked into computer systems of large
corporations just because of his curiosity why did he copy their software? He did not just break
“the code of secrecy” of these computer networks; he made the value of these companies’
products worthless.
Because hacking has become so popular and hackers are increasing in size each day from
teenage hackers who hacks their friends’ instant messaging or social networking accounts to
professional hackers who hacks systems of large corporations, Mitnick’s punishment was
Abd El Shahid 6
necessary to reduce this unethical behavior. “Hacking is an unethical activity as it is breaking
into somebody else’s private environment even when it is done without the intention of damage”
(Freeman). Mitnick’s supporters argued that the charges made against him were not based on
actual losses but they did not take it account the tremendous amount of money corporations paid
to ethical hackers to stop malevolent hackers like Mitnick from taking advantage of their
systems. Even if Mitnick did not cause these corporations any damage, he invaded their privacy
which could negatively affect their reputation.
In addition to invasion of privacy, Leeson and Coyne argued that Mitnick was a bad
hacker whose notoriety made him a superstar in the community of hacking and inspired many
other hackers to imitate him and make him their role model. They stated that his malevolent
creativity inspired many people to the extent that his followers protested his trial and broke into
the New York Times web page and wrote a message for the readers to persuade everyone to
forgive Mitnick. They stated that creative hackers like Mitnick are the ones responsible for
making hacking programs available and easily accessed by everyone. Hacking tools have
become easily accessed on the internet by everyone and that is what makes hacking very popular
these days. In a survey made with 4,000 teenagers between the ages of 15 and 18 they found that
17 percent stated that they have advanced technical knowledge and can find hacking tools
available on the internet. Therefore based on the results of this survey the activity of hacking is
becoming very popular and there should be a severe punishment for that to prevent people from
getting into it.
Mitnick argued that he is not a thief while on the other hand according to the California
Penal Code he is certainly a thief. The California Penal Code states that “Every person who shall
feloniously steal, take, carry, lead, or drive away the personal property of another, or who shall
Abd El Shahid 7
fraudulently appropriate property which has been entrusted to him or her, or who shall
knowingly and designedly, by any false or fraudulent representation or pretense, defraud any
other person of money, labor or real or personal property, or who causes or procures others to
report falsely of his or her wealth or mercantile character and by thus imposing upon any person,
obtains credit and thereby fraudulently gets or obtains possession of money, or property or
obtains the labor or service of another, is guilty of theft.” Mitnick violated federal law not by
copying or damaging software but because he “broke the code of secrecy” which as stated by
corporations made the information worthless.
How could Mitnick’s supporters argue that his actions were not based on actual losses if
he caused huge damage to companies such as NEC, Motorola, Nokia, and Sun Microsystems
which cost them three hundred million US dollars. “Sun estimated its damages at $80 million,
the price it paid to acquire Solaris -- the Unix-based operating system -- from AT&T in 1994,
2600 reported. Nokia's damages included development costs as well as $7.5 million for testing
and "$120 million in lost revenue due to new developments being delayed in reaching the
market” (Thomas). This is a clear evidence that Mitnick’s actions caused actual losses to
companies.
Nowadays hacking is not only a threat to companies, it is becoming a threat to everyone.
Each day more and more teenagers discover hacking tools on the internet and they hack into their
friend’s Instant Messaging or social networking accounts. According to a survey by Panda
Security 67 percent of the teenagers claimed that they have hacked into the Instant Messaging or
social networking accounts of friends. This is a big problem because people are not realizing that
hacking is a serious crime that cannot be justified by curiosity. “The advanced knowledge that
many adolescents acquire through free tools and content available on the Web can often lead
Abd El Shahid 8
them to engage in illegal online activities," said Luis Corrons, technical director of Panda Labs,
the center of Panda Security's technical support services (Xinhuanet). This is another problem
because as teenagers get more and more involved with hacking they could be involved in illegal
activities without being aware. "We have found cases of teenagers using Trojans to spy on their
partners, hacking school servers to see exam papers or even stealing the identity of friends or
colleagues on social networks" (Xinhuanet). Last year Omar Khan, 18 years old, a senior at
Tesoro High School in Orange County, was accused of hacking into his school’s computers and
changing his grades. “Khan broke into the school on numerous occasions at night and on
weekends using a stolen master key. He then allegedly attempted to steal his teachers' login
credentials and passwords to change his C, D and F grades to As and Bs. Khan also allegedly
planted spyware on his teachers computers to access the school network remotely” (Hoffman).
Khan did not only change his grades but he changed the grades of 12 other students. Khan will
face 38 years in prison while another student named Tanvir Singh who helped Khan will face
three years if found guilty. The hacking tools available on the internet made it relatively easy for
teenagers to hack anything they want. As Leeson and Coyne argued creative hackers like
Mitnick are the ones responsible for making hacking programs available and easily accessed by
everyone. A teenager was really amazed at how fast and easy his friend hacked into his e-mail
and changed his password. “The power of hacking didn't really hit me until a few weeks ago. We
were in the school library working on the computers and one of my friends asked me for my e-
mail address so I gave it to him. By the end of the class period he had somehow logged in to my
e-mail and changed my password, though he did tell me what he changed it to and how to change
it back. The thing that really made me rethink the safety of the Internet wasn't the act itself, it
was how fast and easy it was for him to do it” (Jonathan).
Abd El Shahid 9
Hacking tools are becoming easily accessed by everyone these days and that is why the
punishment Mitnick received was severe to teach everyone that hacking is a serious crime that
they should avoid. It is important to raise the public awareness of the negative consequences that
hacking could lead to. “It is important to help them avoid participating in dubious activities
which are made all the easier thanks to the anonymity afforded by the web. Those who are drawn
into hacking out of curiosity, may well end up discovering the financial potential of this activity,
and becoming criminals themselves," said Corrons (Xinhuanet). Hacking tools nowadays are
indistinguishable from essential tools that are used for finding vulnerabilities in computer
systems. They are illegal when hackers misuse them to break into computer systems. That is why
there should be a law to criminalize hacking tools to discourage people to use them.
Abd El Shahid 10
Works Cited
Blum, Rick. “Ethical Hacking.” British Telecommunications. May 2009. Web. 3 Dec. 2009.
Freeman, Edward H. "The Legend and Legacy of Kevin Mitnick." Information Systems Security
10.2 (2001): 5. Academic Search Complete. EBSCO. Web. 19 Oct. 2009.
Gardner, Jason. “Computer Hacking and Unauthorized Access Laws.” National Conference of
State Legislatures. May 2009. Web. 6 Nov. 2009.
Hoffman, Stefanie. “Teen Faces 38 Years In Prison For Hacking School Computers.” The
Channel Wire. June 2008. Web. 3 Dec. 2009.
“Interview with Kevin Mitnick.” 2006. Online video clip. YouTube. Accessed on 19 Oct. 2009.
<http://www.youtube.com/watch?v=8_VYWefmy34>
Jonathan. “WhyHack?” News Hour. Web. 3 Dec. 2009.
Leeson, Peter, and Coyne, Christopher. The Economics of Computer Hacking. Cald, 2008. Web.
16 Oct. 2009.
Mayorkas, Alejandro. “Kevin Mitnick sentenced to nearly four years in prison; computer hacker
ordered to pay restitution to victim companies whose systems were compromised.” U.S.
Department of Justice. July 2000. Web. 8 Nov. 2009.
Millard, Elizabeth. “FBI: Most Companies Get Hacked.” NewsFactor. 20 Jan. 2006. Web. 3 Dec.
Abd El Shahid 11
2009.
Mitnick, Kevin, and Simon, William. The Art of Deception: controlling the human element of
security. Wiley, 2002. Web. 19 Oct. 2009.
Penenberg, Adam L. "The demonizing of a hacker." Forbes 163.8 (1999): 50-51. Academic
Search Complete. EBSCO. Web. 19 Oct. 2009.
Thomas, Douglas. Hacker Culture. University of Minnesota Press, 2002. Web. 19 Oct. 2009.
Thomas, Douglas. “How much damage did Mitnick do?” Wired. May. 1999. Web. 19 Oct. 2009.
Xinhuanet.“Survey: Internet hacking popular among teenagers.” 14 May 2009. Web. 3 Dec.
2009.