the ethics of hacking: the worm of 1988
DESCRIPTION
The Ethics of Hacking: The Worm of 1988. Thanks in advance to: thefuturesite.com time.com world.std.com/~franl www.eos.ncsu.edu/eos/info/computer_ethics. Takeshi Toyohara CS99 Presentation on March 7, 2000. Computing Ethics. The Worm?. Not talking about Dennis Rodman - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/1.jpg)
The Ethics of Hacking:The Worm of 1988
Thanks in advance to:
• thefuturesite.com• time.com• world.std.com/~franl• www.eos.ncsu.edu/eos/info/computer_ethics
Takeshi Toyohara
CS99 Presentation on March 7, 2000.
![Page 2: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/2.jpg)
Computing Ethics
![Page 3: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/3.jpg)
The Worm?
Not talking about Dennis Rodman
Creation of Robert Morris– Son of the former Chief Scientist at NSA
![Page 4: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/4.jpg)
What’s A Worm
Characteristics – Propagates itself across a network using
resources on one machine to attack other machines.
Not like a virus – Program fragment that inserts itself into other
programs– Also unlike viruses, worms are not always
malicious in purpose.
![Page 5: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/5.jpg)
Worm Stats
Released on November 2, 1988
Ended up infecting over 6,000 network computers across the U.S.
Infects computers running 4.2 or 4.3 BSD UNIX and derivatives like SunOS
![Page 6: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/6.jpg)
How Does the Worm Work?
The worm program attempts to connect to other machines
Bypasses user authentication via – loopholes in the software– “favorite” password cracking
Creates copies of itself, which search out other computers and infect them.
![Page 7: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/7.jpg)
Security Loophole #1
Rsh and rexec are network services which let you execute remote commands
Looks for a remote account with the same name
![Page 8: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/8.jpg)
Security Loophole #2
If rsh and rexec fail, the worm attempts to use a bug in the finger program.
Bug in gets()– Worm sends extra 24 bytes that overflow the
buffer and cause the process to run worm code.
![Page 9: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/9.jpg)
Security Loophole #3
If those fail, the worm tries to exploit sendmail
Bug lets you specify a command line as the recipient of a message – Released version was compiled in DEBUG
mode
![Page 10: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/10.jpg)
A Day in the Life
NOVEMBER 2, 1988 6:00 PM At about this time the Worm is launched. 8:49 PM The Worm infects a VAX 8600 at the University of
Utah 9:09 PM The Worm initiates the first of its attacks to infect
other computers from the infected VAX 9:21 PM The load average on the system reaches 5 - usually
level is 1. 9:41 PM The load average reaches 7
![Page 11: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/11.jpg)
A Day in the Life
10:01 PM The load average reaches 16 10:06 PM At this point there are so many worms infecting
the system that no new processes can be started. No users can use the system anymore.
10:20 PM The system administrator kills off the worms 10:41 PM The system is reinfected and the load average
reaches 27 10:49 PM The system administrator shuts down the system.
The system is subsequently restarted 11:21 PM Reinfestation causes the load average to reach
37.
![Page 12: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/12.jpg)
Worm Effects
In under 90 minutes from the time of infection, the Worm had made the infected system unusable
Over 6,000 machines affected No physical damage, but between $100,000 and
$10,000,000 were lost due to lost access
![Page 13: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/13.jpg)
An Ethical Worm?
Look at what the worm did and did not do.
![Page 14: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/14.jpg)
The Worm is Good?
Did not delete a system's files Did not modify existing files Did not modify other programs to do its work
for it Did not install trojan horses Did not record or transmit cracked passwords Did not make use of any special privileges
gained
![Page 15: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/15.jpg)
The Worm Did What?
Did show sysadmins numerous security holes
Did show that convenience is nothing without security
Did raise the world’s awareness to the vulnerability of the Internet
Did show other important lessons– Cooperation,diversity of networks, logging
![Page 16: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/16.jpg)
Real Hacking
Hacking Cracking
“Hacking is generally accepted to be the arena of very smart people"
"Denial of service attacks, like what happened to Yahoo and eBay, are seen as bottom-of-the-barrel assaults; they don't require a lot of brains."
![Page 17: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/17.jpg)
The Hacker Ethic
Information-sharing is a powerful positive good– ethical duty of hackers to share their expertise
by writing free software and facilitating access to information and to computing resources wherever possible.
System-cracking for fun and exploration is ethically OK as long as the cracker commits no theft, vandalism, or breach of confidentiality.
![Page 18: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/18.jpg)
Hacking Ethically?
Highest forms of hacker courtesy– break into a system– explain to the sysadmin, how it was done and
how the hole can be plugged Hacker sense of community
– actively willing to share technical tricks, software, and computing resources with others
– Sysadmins just need to look for this info
![Page 19: The Ethics of Hacking: The Worm of 1988](https://reader036.vdocuments.us/reader036/viewer/2022062315/5681585f550346895dc5bae2/html5/thumbnails/19.jpg)
My Thoughts
We should take a Machiavellian attitude towards hacking.
Morris’s release of the Worm was unethical, but the idea behind it had much merit.