the ethics of hacking: the worm of 1988

19
The Ethics of Hacking: The Worm of 1988 Thanks in advance to: • thefuturesite.com • time.com • world.std.com/~franl www.eos.ncsu.edu/eos/info/comp uter_ethics Takeshi Toyohara CS99 Presentation on March 7, 2000.

Upload: ting

Post on 31-Jan-2016

40 views

Category:

Documents


0 download

DESCRIPTION

The Ethics of Hacking: The Worm of 1988. Thanks in advance to: thefuturesite.com time.com world.std.com/~franl www.eos.ncsu.edu/eos/info/computer_ethics. Takeshi Toyohara CS99 Presentation on March 7, 2000. Computing Ethics. The Worm?. Not talking about Dennis Rodman - PowerPoint PPT Presentation

TRANSCRIPT

Page 1: The Ethics of Hacking: The Worm of 1988

The Ethics of Hacking:The Worm of 1988

Thanks in advance to:

• thefuturesite.com• time.com• world.std.com/~franl• www.eos.ncsu.edu/eos/info/computer_ethics

Takeshi Toyohara

CS99 Presentation on March 7, 2000.

Page 2: The Ethics of Hacking: The Worm of 1988

Computing Ethics

Page 3: The Ethics of Hacking: The Worm of 1988

The Worm?

Not talking about Dennis Rodman

Creation of Robert Morris– Son of the former Chief Scientist at NSA

Page 4: The Ethics of Hacking: The Worm of 1988

What’s A Worm

Characteristics – Propagates itself across a network using

resources on one machine to attack other machines.

Not like a virus – Program fragment that inserts itself into other

programs– Also unlike viruses, worms are not always

malicious in purpose.

Page 5: The Ethics of Hacking: The Worm of 1988

Worm Stats

Released on November 2, 1988

Ended up infecting over 6,000 network computers across the U.S.

Infects computers running 4.2 or 4.3 BSD UNIX and derivatives like SunOS

Page 6: The Ethics of Hacking: The Worm of 1988

How Does the Worm Work?

The worm program attempts to connect to other machines

Bypasses user authentication via – loopholes in the software– “favorite” password cracking

Creates copies of itself, which search out other computers and infect them.

Page 7: The Ethics of Hacking: The Worm of 1988

Security Loophole #1

Rsh and rexec are network services which let you execute remote commands

Looks for a remote account with the same name

Page 8: The Ethics of Hacking: The Worm of 1988

Security Loophole #2

If rsh and rexec fail, the worm attempts to use a bug in the finger program.

Bug in gets()– Worm sends extra 24 bytes that overflow the

buffer and cause the process to run worm code.

Page 9: The Ethics of Hacking: The Worm of 1988

Security Loophole #3

If those fail, the worm tries to exploit sendmail

Bug lets you specify a command line as the recipient of a message – Released version was compiled in DEBUG

mode

Page 10: The Ethics of Hacking: The Worm of 1988

A Day in the Life

NOVEMBER 2, 1988 6:00 PM At about this time the Worm is launched. 8:49 PM The Worm infects a VAX 8600 at the University of

Utah 9:09 PM The Worm initiates the first of its attacks to infect

other computers from the infected VAX 9:21 PM The load average on the system reaches 5 - usually

level is 1. 9:41 PM The load average reaches 7

Page 11: The Ethics of Hacking: The Worm of 1988

A Day in the Life

10:01 PM The load average reaches 16 10:06 PM At this point there are so many worms infecting

the system that no new processes can be started. No users can use the system anymore.

10:20 PM The system administrator kills off the worms 10:41 PM The system is reinfected and the load average

reaches 27 10:49 PM The system administrator shuts down the system.

The system is subsequently restarted 11:21 PM Reinfestation causes the load average to reach

37.

Page 12: The Ethics of Hacking: The Worm of 1988

Worm Effects

In under 90 minutes from the time of infection, the Worm had made the infected system unusable

Over 6,000 machines affected No physical damage, but between $100,000 and

$10,000,000 were lost due to lost access

Page 13: The Ethics of Hacking: The Worm of 1988

An Ethical Worm?

Look at what the worm did and did not do.

Page 14: The Ethics of Hacking: The Worm of 1988

The Worm is Good?

Did not delete a system's files Did not modify existing files Did not modify other programs to do its work

for it Did not install trojan horses Did not record or transmit cracked passwords Did not make use of any special privileges

gained

Page 15: The Ethics of Hacking: The Worm of 1988

The Worm Did What?

Did show sysadmins numerous security holes

Did show that convenience is nothing without security

Did raise the world’s awareness to the vulnerability of the Internet

Did show other important lessons– Cooperation,diversity of networks, logging

Page 16: The Ethics of Hacking: The Worm of 1988

Real Hacking

Hacking Cracking

“Hacking is generally accepted to be the arena of very smart people"

"Denial of service attacks, like what happened to Yahoo and eBay, are seen as bottom-of-the-barrel assaults; they don't require a lot of brains."

Page 17: The Ethics of Hacking: The Worm of 1988

The Hacker Ethic

Information-sharing is a powerful positive good– ethical duty of hackers to share their expertise

by writing free software and facilitating access to information and to computing resources wherever possible.

System-cracking for fun and exploration is ethically OK as long as the cracker commits no theft, vandalism, or breach of confidentiality.

Page 18: The Ethics of Hacking: The Worm of 1988

Hacking Ethically?

Highest forms of hacker courtesy– break into a system– explain to the sysadmin, how it was done and

how the hole can be plugged Hacker sense of community

– actively willing to share technical tricks, software, and computing resources with others

– Sysadmins just need to look for this info

Page 19: The Ethics of Hacking: The Worm of 1988

My Thoughts

We should take a Machiavellian attitude towards hacking.

Morris’s release of the Worm was unethical, but the idea behind it had much merit.