Security and hacking
We had the privilege of hosting a guest speaker who gave us a lecture on “security and hacking” on the 20th day of November. The scope of the lecture was security on the internet and privacy. For IT enthusiast the speaker was very interesting as he linked theory with the real world experiences. He first introduced Robert Schifreen who is a self-proclaimed hacker. The captivating Robert reaffirmed the fact that with the internet revolution, we are all connected in one way or another; it is now easier than ever to talk to anybody irrespective of their geographical positioning. Also information and data is easily available and can be accessed to strangers if proper security mechanisms are not employed. From the introduction of the lecture, the one question that kept lingering in my mind was, is hacking ethical? To illustrate his point, Robert told a story of his female friend who using an online dating website had met a gentleman. To Robert’s Friend it was clear that the picture the gentleman used on his profile on the website was not his, since he looked different on meeting him. To the lady, such a scenario raises a number of questions and sets in some sense of deception upon meeting for the first time. In this simple example Robert was trying to let us see the big picture; that of similar more serious scenarios of false identification online. Due to the anonymous nature of conversations over the internet, the problem of child abuse has been on the rise. In the recent past notable TV personalities such as Jimmy Saville have been brought to book for cases of child abuse. Indeed it is becoming easier for these online predators to be traced and arrested since NSA and CIA monitor activities over the internet. However, critics are quick to point a finger at the sniffing tendencies of the NSA and CIA as being unethical. While I too hold the same point of view that monitoring my activities online is infringing on my privacy thus unethical, we are not sure how many potential crimes have been prevented by this act.
Robert told a story which indeed does qualify the self-proclaimed hacker title. Whereas Robert had no intention of being a hacker, his is a tale curiosity and persistence. In his story he told how in the mid 1980’s while working for a computing magazine he hacked into the system manager’s information using Prestel. Prestel was a piece of hardware which can be considered a “Ceefax” dial up version. Robert guessed the password of a top level unprotected account he identified as “222222222222”. The pass word for the account was “1234”. For ten months he signed on Prestel each Friday, until he was able to notice an error that Prestel hadn’t. The hardware Prestel did not encrypt or hide the system manager’s information from Robert, rather left it on the screen. Using this information, Robert was able to hack into the system by logging in as the system manager. Once logged in as the manager, he could access everybody’s login’s details. From the contacts list he found Prince Philip’s login details and went ahead to sign in as Prince Philip. Posing as Prince Philip, he contacted BT, the owners of Prestel, and made them aware of their security error. He was later arrested by the police. Since there were no laws on hacking then, the Forgery and Counterfeiting Act of 1981 was to determine his charges. In 1986 Robert was convicted and fined £750 for forgery. In the desire to prevent hacking an act was created in 1990; The Computer Misuse Act. To summarise his story, Robert drew our attention to recent such cases of hackings. In his lecture the guest speaker informed us the goals of information security which are; confidentiality, availability and integrity which he abbreviated as CIA. All the three components relate to information. Confidentiality refers to the protection of information from access to unauthorised parties. To achieve this encryption is one such solution used. In encryption, the sender encrypts the message using some algorithm; the receiver using a specific password is able to decrypt the message. Data integrity is making sure no modifications are made to the data by unauthorised parties. Availability on the other hand is making sure that authorised persons can access the data as and when needed. Robert emphasised on the need for encryption and having backups.
"Prestel password 'blunder helped hacker'", The Times, 16 April 1986.Terry Chia. (2012). Confidentiality, Integrity, Availability: The three components of the CIA Triad. Available: http://security.blogoverflow.com/2012/08/confidentiality-integrity-availability-the-three-components-of-the-cia-triad/. Last accessed 12th Dec 2014.
Krishnadev Calamur. (2013). 5 Things To Know About The NSA's Surveillance Activities. Available: http://www.npr.org/blogs/parallels/2013/10/23/240239062/five-things-to-know-about-the-nsas-surveillance-activities. Last accessed 12th Dec 2014.
Vangie Beal. (-). Encryption. Available: http://www.webopedia.com/TERM/E/encryption.html. Last accessed 12th Dec 2014.