HACKERS IMPEDING INTERNET COMMERCE

ABSTRACT

Hackers prove to be a great threat to the development of internet commerce. Numerous break-ins to networks, transfer of funds, and intrusion into confidential information, have made hackers a serious drawback to monetary transactions on the net.

Attempts by the government to combat hackers from around the world has not been successful. Hackers are a major security factor for all commercial applications. With the number of monetary traansactions jumping from 38 per day in 1985 to 1.2 million per day in 1993, the potential for computer hackers has grown enormously.

An average $800 billion is transferred among partners in international currency markets every day; about $1 trillion is transferred daily among U.S. banks; and an average $2 trillion worth of securities are traded daily in New York markets. [Herdman, Ch.1]
The amount of money being transferred today is at least ten times the above figures from 1993. As the general population becomes adept in computer technologies, more individuals will find a ways to earn a living off other people's electronic transactions, bank accounts, and stock options.

Hackers pose a significant barrier to the growth of the internet in the realm of internet commerce. This paper will explore the methods in which hackers can intercept or modify electronic transactions, actions of hackers in the past, and potential of hackers in the future.


INTRODUCTION

Hackers are very serious about forbidden knowledge. They are possessed not merely by curiosity, but by a positive lust to know. [Sterling, Part II]

TYPES OF HACKERS

Hackers are considered to be anywhere from harmless to dangerous to national security. Hacking consists of activities from stealing other people's passwords to transferring funds from international bank accounts. The wide spectrum of activities has created the development of a few different definitions of hackers.

Hackers
Previously, hackers were generally teenagers and college students not engaged in earning a living that break codes, steal codes, and explore cyberspace. But recently hackers have covered a wide array of types of people. Unlike the white-male dominated past, many hackers are female or part of a minority. Hackers also cover a wide range of age groups from children in junior high school to hackers in their fifties. Most the activities engaged in by hackers are illegal.

Crackers
Crackers are the hackers that break into systems. Though not all hackers crack, all crackers are hackers by definition. Crackers usually have the ability to transfer funds once they have broken into the institution's system. They are considered to be extremly dangerous and threaten internet commerce extensively.

Phreaks
Phreaks endanger corporate profits by not allowing the phone company to bill them. Most phreaks work out of their home telephone or a payphone. Because of this, experienced phreaks know how to evade phone taps in addition to not being billed by the phone company. Phreaking is much more dangerous than hacking because most hacks and cracks are done on university machines with nonagressive operators.

Pirates
Pirates specialize in breaking software products, copying them, and reselling it to the public. Pirating software is a federal offense on all copyrighted code. Southeast Asia is known today to have the most pirateers of computer software.


WEAPONS USED BY HACKERS

All hackers are adept in programming skills and technique. Thus the majority of code used to break into systems, steal code, or transfer funds are created by hackers themselves. A hacker's weapon is usually software program called a virus consisting of digital bits. Some hacker web sites on the main hacker page have programs that can be downloaded from the net. At the same time, many sites have either dead links or unauthorized links to the virii. A description of a number of weapons used by hackers is given below.

LOGIC BOMB
A logic bomb is a software program which executes at a certain time specified by the hacker. This "time" can be set by an internal clock or intitialted by a certain event (i.e. accessing a file, reading mail, running a program). When it "explodes", a list of instructions are executed. These lines of code can range from transferring funds, copying files, or deleting disk drives. This type of software program can cripple an internal computer system when detonated.

SNIFFER
Capturing information sent over the network intended for other machines is called sniffing . Because computer networks are shared communication channels, it is not sensible to make secure dedicated local loops between each pair of communicating computers. Since computers share the network, computers can receive information that was intended for other machines. Sniffing can easily steal credit card numbers, account numbers, and passwords.

In local area networks(LAN) connected via an ethernet cable, packets are not encrypted. Ethernet protocols send packets throughout the whole network with information on a host and address of a receiving machine. In theory, only the receiving host will accept the packet. All other machines just ignore the message. But a machine accepting all packets regardless of the address the packet header points to, can easily intercept and view information and transactions occurring over the internet. On most LAN's, account and password information is passed along the ethernet in clear-text, and thus it is not difficult for a hacker to grab all logins and passwords of users on a network.

A sniffer program called Esniff.C can be downloaded from the Phrack magazine website.


WORMS
Found more often on computer disks or sent through email, a worm is a piece of software which copies itself continuously. This self replicating process consumes disk and memory resources eventually causing the system to crash.


HISTORY OF HACKING

The history of hacking is concisely summarized on a timeline of a major events by year and month.

The Early Days
Along with the invention of the telephone was the birth of hacking. At first hacking was timid with young males abusing the telephone system of the late 1800's by eavesdropping on conversations for their own benefit. AT&T became known as "ma'Bell" among the computer community.

1970's
In the 1970's, hacking became a phenomenon with computer experts. Most hackers in the seventies were young caucasian male yuppie high school or college students. At the time, computers were still very expensive and unknown to a large portion of the population. Only well endowed parents allowed their children to buy these expensive toys. Thus, only students with the financial ability had access to computers and hacking. [Sterling, Part I]

1980's
With the advent of the eighties, hacking went into full swing. Hackers began to span a wider variety of people besides young caucasian males. Numerous bulletin boards, newsgroups, and magazines became established on using computers and abusing the phone company. Phone phreaks became a important part of disrupting internet commerce. One of the key methods of abusing the telephone company was by using the telephone for long distance calls without being charged for it. The easiest way to do this is to steal someone else's calling card number.

This practice has been very widespread, especially among lonely people without much money who are far from home. Code theft has flourished especially in college dorms, military bases, and, notoriously, among roadies for rock bands. Of late, code theft has spread very rapidly among Third Worlders in the US, who pile up enormous unpaid long-distance bills to the Caribbean, South America, and Pakistan. [Sterling, Part II]

The simplest way to steal phone codes was to looking over someone's shoulder and memorize their access number. But hackers developed computer programs that would try random phone numbers until one of them worked. These programs would run all night an usually have a dozen or so by the morning. Soon, hackers and phreaks had a library of access codes which could be sold in the underground.

Another hacking technique of the eighties was getting access to free long distance phone calls bye the use of a "blue box." By mimicking the long distance system ringing signal of 2600 hertz, the blue box allowed anyone using it to be able to make long distance calls without being charged. Another box called the "mute box" allowed people to receive long distance calls with no charges made to the caller. This was even more difficult to trace by the phone company.

Many hacker magaziness such as Phrack and Ramparts published schematics of how to wire a blue box or a mute box. This caused a great deal of uproar by the telephone company and the governent. Although a number to the magazines were released, most were confiscated by the government saying that it was in violation of California Penal Code section 502.7 which outlaws ownership of wire-fraud devices and the selling of "plans or instructions for any instrument, apparatus, or device intended to avoid telephone toll charges." [Sterling, Part II]

Bulletin boards on the net became a gold mine of information for new hackers. Police began to take initiative in shutting down hacker sites. One this began, hackers went to more effort in guising their sites or forcing users to enter passwords to access the bulleting board. Different passwords allowed access to higher levels of code and better utilities. The government had to hire hackers themselves in order to crack down on other hackers. The Chicago Task Force, created in 1987, led a number of raids of hacker homes in the late 1980's and early 1990's. Starting in 1989, the Secret Service began raids of homes of hackers maintaining potentially dangerous bulletin boards. Their computers and disks would be confiscated and they would later be tried in court. [Sterling, Parts II and III]

Early 1990's
The 1990's have brought forth the explosion of the internet and use of the internet for commerce. As stated earlier, electronic transactions have jumped from 38 per day in 1985 to 1.2 million in 1993. This number has probably increased by one order of magnitude today (November, 1996).

Logic bombs, sniffers, worms, and boxes, became a bigger threat than ever in the nineties. With the AT&T phone crash on January 15, 1990 and September 17, 1991, a larger portion of the general public began to be effected by hacker activities.

Stealing phone access numbers has been surpassed by stealing of credit card numbers. With the advent of cellular phones, hackers have found a new portable way to use their skill. The chips inside cellular phones can be re-programmed simulate someone else's caller ID to avoid billing. This form of abusing the telephone company is extremely useful in that it cannot be tapped and it is difficult to trace well. Drug dealers use pirated cellular phone to set up drug operations and exchanges without alarm of being eavesdropped on or tracked down.

Private branch exchange (PBX) phone systems used my large corporations in the nineties has also fallen to the hands of hackers. Phreaks and hackers break into a local company's PBX system and then dial out long distance. This technique is known as "diverting" and can end up being very costly to companies. Furthermore, lawsuits between corporations and the phone companies increase the cost of dealing with hackers beyond the calls themselves.

Another area of hacking in the nineties was born with the convenience of voicemail. Phreaks can abuse voicemail by controlling portions of a corporation's voicemail system. They can either listen to messages left to high executives of a company, delete messages, create their own messages, or use the voicemail to store illegal code and information. Phreaks have been known to sell voicemail passwords to competing companies in the underground.

Mid 1990's
Hackers have made a huge impact on impeding internet security in the mid 1990's. While the world wide web has grown exponentially, hackers on the web have also grown enormously. With information on hacking, cracking, phreaking, or pirating easily available to any web browser, the estimates of the number of hackers has increased tremendously. Hackers today come from both sexes and from many nationalities, ages, and ethnic backgrounds. Hackers in the United States alone are flourishing in the thousands.

Infiltrating computer systems have become a large part of hacker activity. In 1994, a 16-year-old British hacker broke into the computer system at an Air Force laboratory in Rome, N.Y. In 1988, a Cornell student sent a worm program over the Internet that penetrated military and intelligence systems, shutting down 6,000 computers. Also in 1994, a Russian computer hacker tapped into the Citibank's funds transfer system, taking more than $10 million. Citibank only recovered about $400,000 of the millions stolen. "The point of information warfare is that you don't need fighter planes and billions of dollars to launch an attack on the United States anymore," said Winn Schwartau, an author and president of Interpact Inc., an internet security consulting firm. [Lohr]

Most computer hacking is done on a smaller scale in the business community. Grabbing credit card numbers from online transmissions and illegally buying goods and services with these cards is a very regular practice by many hackers. Methods of stealing credit card numbers and using them in ways which cannot be easily traced are even available on the net.

Other forms of hacking include vandalizing software, operating systems, and databases. Internet service providers are extremely vulnerable to hackers as anyone can access part of their file-structure. Once connected to the network-server at a particular site, a hacker uses tools which allow him to navigate around the file system. Changing webpages to ridicule the site or a person is often the result of a successful break-in. For example, in 1996 an unknown hacker jokingly changed the picture of Bill Clinton to the cover of Playboy Magazine at the whitehouse website. But when these break-ins go from changing images to changing bank accounts, the joke becomes much more serious.

Viruses created to disrupt computers are another weapon created by hackers. Famous viruses made by hackers include "Michaelangelo", "Nostradamus", and "Darth Vader". Many of these viruses cause problems with disk input/output, memory caching, and function calls.

Recently, the world wide web has been the victim of a number of hackers on the net. On August 18, 1996, the United States Department of Justice was hacked and the contents was changed dramatically. 2600 The Hacker Quarterly has maintained a site of what the site looked like before and after [local version] the break-in. The modified website read "United States Department of Injustice" with a note saying "This page is in violation of the Communications Decency Act!" The hackers broke into this site as a protest to the administrations's push to regulate the internet. It include pictures of Adolf Hitler, topless Jennifer Anniston (star of hit TV comedy show Friends), parodies of the Bill of Rights, links to Playboy, xxxpictures, Microsoft, Hillary Clinton's Hair, and the top 10 reasons for supporting the communications decency act. [O'Neil]

Another break into a government agency was done by a group of Swedish hackers called "Power Through Resistance." On September 19, 1996, the Central Intelligence Agency's world wide web site was vandalized with numerous changes in the text and images. Many of the links on the website pointed to Swedish hacker sites or to Playboy Magazine. A reproduction of the hacked site [local version] is available in the 2600 The Hacker Quarterly . [Calem]

All in all, hacking has come a long way since the 1970's. There are more ways to make money on the internet and more people doing it. This poses a great threat to the development of internet commerce. Although the Secret Service, Chicago Task Force, FBI, police, or any other government agency may attempt to stop hacking, the number of hackers on the net contiues to grow as more people become familiar with computers and the internet.


SOCIAL IMPLICATIONS

The impact of hackers on society comes in three-fold. First, the people who become hackers themselves go through a number of stages of computer wizardry. Their lifestyle also changes dramatically. Second, the general public are either directly influenced by hackers or indirectly influenced through utilities attacked by hackers. Third, businesses and government agencies are drastically affected hackers.

Life of a Hacker
The U.S. Secret Service think of computer hackers as persons "who have decided violate the laws of this nation in the mistaken belief that they can successfully avoid detection by hiding behind the relative anonymity of their computer terminals." [Sterling, Part II]

Other hackers are considered to be computer gurus who were first found at elite techinical universities like M.I.T. and Stanford. The hacker underground was believed to have begun with a group known as "Yippies" who were a mix of yuppies and hippies.

Hackers of all kinds are absolutely soaked through with heroic anti-bureaucratic sentiment. Hackers long for recognition as a praiseworthy cultural archetype, the postmodern electronic equivalent of the cowboy and mountain man. Whether they deserve such a reputation is something for history to decide. But many hackers - including those outlaw hackers who are computer intruders, and whose activities are defined as criminal - actually attempt to live up to this techno-cowboy reputation. And given that electronics and telecommunications are still largely unexplored territories, there is simply no telling what hackers might uncover. [Sterling, Part II]

In a campus environment, undergraduates, graduates, and dropouts often learn how to use the internet as a byproduct of college. Universities are a place where the search for the truth is pursued and taught. These codes of learning are the same for hackers who also have a thirst for knowledge and the truth. Indeed the university is not a place where maintaining security over information is a high priority, rather knowledge is given out in the most accessible manner possible.

Although hackers can cover a wide range of ethnic backgrounds, ages, and standards of living, most hackers begin their hacking career as teenagers and college students. Games are often the intitial method in which youngsters start hacking. After a student becomes interested in computers, she will find out about the resources of bulletin boards where computer games can be obtained for free. Some games are free (freeware) while others have had their code broken and are made available on these boards. Pirated games, stripped of copy protection, are cheap or free compared to expensive ones off the store shelves. Bulletin board can be a great resource for hints, shortcuts, and tactics for games that can give one student advantage over others who do not use bulletin boards. The anonymity of boards are also alluring to youngsters. Age is not a factor as a forteen-year-old can be accepted and taken seriously. The student can pretend to be someone else, the opposite sex, or a different age.

Soon the student has numerous contacts and has accessed boards from all over the world. But the bill coming from the phone company can be grueling. The next step is to use stolen codes found at one of the bulletin boards. At first it may seen wrong, but at the same time it is exciting. These hackers know how to and can do something their parents and friends cannot. Eventually the hacker will create his own repeat-dialling program to find and use his own phone codes. Now the hacker can post his own code on a bulletin board or create his own bulleting board. This code can be traded in order to learn other techniques of breaking the system. Once a hacker is at this stage, the level of code created or aquired escalates quickly . If the hacker is a real wizard, he may become very rich while also becoming extremely dangerous to the public, corporations, and government. [Sterling, Part II]

In time elite hackers gain a reputation and power. Concurrently, they fall into the spotlight of government agencies. While they may not get caught for their illegal activites in hacking, they will be put away for anything the police can hold against them.

Today, many computer scientists can be considered to be hackers. A hacker test made by established hackers demonstrates that most people with a technical background in computers can be thought of as hackers. More students every year become familiar with the intricate details of computers and the net. Many also learn how to take advantage of the computer networks and systems.

The General Public
The social impact of hackers on the general public is mainly a threat to security. Some will directly be effected by hackers who want to either cause trouble or gain important information. Hackers can listen to, change, or delete voicemail messages of anyone in a company or at home. This can help the hacker financially if the messages intercepted contain news on a company which will affect its stock price.

An individual can be violated by hackers who intrude into her accounts and modify files. There have been cases where a person's website has been modified or deleted. An example is when a personal website linked to the main hacker homepage was deleted by an intruder. A person's email or saved mail can be read or modified.

The public is indirectly affected by hackers who break into the bank, credit card company, telephone company, or corporation. Usually the institution is liable for any monetary damage, yet the individual must deal with a great deal of trouble in getting items back in order. Most credit card companies only hold cardholders liable for upto $50 on abused card numbers.

Because hackers can grab credit card numbers from secure and insecure transactions on the net, many people are reluctant to use their credit cards over the internet. But people do not realize that the credit card company is the one that is liable for stolen numbers. As long as the individual still has hold of the actual credit card, she is not liable for anything if someone has charged a large amount on her card. Yet, if credit card fraud increases drastically, then annual fees and charges on cards will increase and thus effect the general public.

Businesses and Government Agencies
Both companies and government agencies face a huge threat of hackers on the net. For businesses, growth of international markets through the internet will be be stunted if transactions cannot be made secure. Even with a new 128 bit key standard, this is only a sixteen character password - just like a credit card. A practice which was dominant in the eighties for calling card numbers, now moves to stealing credit card numbers. With increased computing power and network speed, programs can be written by hackers that test valid card numbers.

Financial institutions have already seen a big influence of hackers. As stated earlier, in 1994 Citibank was attacked by a Russian computer hacker who transfered over $10 million. In 1996, one bank in New York and three banks in Europe made payments of about $100,000 each to hacker extortionists. It was rumored that the weapon used to blackmail the banks was a logic bomb. [Lohr]

Although nationwide breakdowns of financial corporations have not occured in the mid 1990's, there is definite evidence that more advanced hackers are busy at work.

The Science Applications International Corp., a defense contractor and technology security firm, surveyed more than 40 major corporations who confidentially reported that they lost an estimated $800 million due to computer break-ins last year, both in lost intellectual property and money. [Lohr]

As seen by the break-ins to the websites of the White House, CIA, and U.S. Justice Department, government agencies are also at risk from hackers. Although these websites are not integral to internet commerce, other government websites do include commercial transactions (i.e. the Post Office). If these sites can be modified to charge different prices or to send money to a different address, it is possible that hackers could find monetary rewards.


THE FUTURE OF HACKING

Hacking in the future poses a great threat to internet commerce. As more children grow up with computers, the new generation will know how to manipulate the digital world much more than the last. As internet commerce grows, the potential to gain monetary rewards digitally will rise. Along with this higher potential will be an increase in the population of hackers.

By the actions taken in the 1990's, it is almost definite that hackers are creating more advanced programs every day. Hackers have extortioned $400,000 from banks in New York and Europe, stolen $10 million from Citibank, and caused $800 million of losses in money and intellectual property of other corporations. From these incidents alone, it can be seen that the future is marked with bigger break-ins and larger monetary transfers.

Stealing credit card numbers and telephone access codes will become ubiquitous in the hacker community. Thes numbers will also become easily available to the public on the black market or underground. In addition to banks, crackers will attack mutual fund companies, stock brokerages, life insurance agencies, and corporate payroll systems. Web sites engaged in selling products and services will fall victim to break-ins where images and prices will be manipulated. A commercial website may hack a competitors website and make changes in order to gain a larger market share.

With increasing use of the internet to pay utility bills, make credit card payments, and do banking, more people will become dependent on computers for these tasks. This is similar to how people have become dependent on ATM's in the 1990's. By the turn of the century, a large part of the population will use computers to take care of most of their financial responsibilities. Internet commerce will increase, but the amount of losses due to computer break-ins will also rise. As long as there is a way of making money on the internet by cracking systems, hackers will continue to grow in number. The level of sophistication in programs will also escalate. In the past the police have not been able to put and end to hacking. Although government agencies will attempt to stop break-ins in the future, they will not be successful.

The ability to do internet commerce is available today. But because of hackers and the lack of security, internet commerce will not become predominant for many years.


CONCLUSIONS

This paper has covered the role of how hackers will impede internet commerce. Hackers, phreaks, crackers, and pirates, have all engaged in illegal activities since the seventies. Hackers have abused the phone system and the internet with the help of computer virii such as logic bombs, sniffers, and worms. Attacks on financial institutions and government websites in the past can only lead to more break-ins in the future.

The social implications of the life of a hacker were discussed. In addition, the effects of hackers on the general public, business community, and government were described.

Internet commerce will develop, but hacking on the net will grow along with it. People will be skeptical of using the internet for financial purposes due to the lack of security. Because of hackers, internet commerce will not find rapid growth or quickly fulfull its potential.


BIBLIOGRAPHY
  1. Associated Press and Reuters. Cyberspace attacks threaten national security, CIA chief says, http://cnn.com/TECH/9606/25/comp.security/index.html, [local version] CNN Interactive, June 25, 1996.
  2. Calem, Robert E. Hackers Vandalize C.I.A.'s Web Page, http://www.nytimes.com/web/docsroot/library/cyber/week/0919cia.html, [local version] New York Times Cybertimes, September 19, 1996.
  3. CIA Hacked! http://www.2600.com/cia, [local version] 2600 The Hacker Quarterly, November 1, 1996.
  4. Department of Justice Hacked! http://www.2600.com/doj_2600rush, [local version] 2600 The Hacker Quarterly, August 17, 1996.
  5. Herdman, Roger C. Information Security and Privacy in Networked Environments, http://cpsr.org/cpsr/privacy/crypto/ota_report_1994, [local version] September 15, 1994.
  6. Lee, Felix, John Hayes and Angela Thomas. The Hacker Test http://members.harborcom.net/~skilskyj/hacker.txt [local version] .
  7. Lohr, Steve. A New Battlefield: Rethinking Warfare inthe Computer Age, http://www.nytimes.com/web/docsroot/library/cyber/week/0930war.html, [local version] The New York Times Cybertimes, September 30, 1996.
  8. Nelson, Brian (Anchor). Is the Internet a secure place to do business? http://cnn.com/TECH/9509/computer_security/index.html [local version] Transcript from `CNN Computer Connection', CNN Interactive, September 23, 1995
  9. Sterling, Bruce. The Hacker Crackdown: Law and Disorder on the Electronic Frontier. http://www.lysator.liu.se/etexts/hacker, [local version] 1992.
  10. Whitefield, Mimi. Your Cellular Phone Number May Be Up For Grabs, http://www.cdc.net/~x/1996/cell.asc Miami Herald, August 21, 1996
    Sorry, shut down and being being investigated...


    This paper was written in conjuction with:

    December 1996 / Home / Comments