mirror of
https://github.com/nhammer514/textfiles-politics.git
synced 2024-12-18 04:04:34 -05:00
454 lines
25 KiB
Plaintext
454 lines
25 KiB
Plaintext
|
Mail-From: ARPAnet host SRI-CSL rcvd at Wed Sep 28 15:58-PDT
|
|||
|
Date: 26 Sep 1983 20:08-PDT
|
|||
|
Sender: GEOFF@SRI-CSL
|
|||
|
Subject: Telecommunications Security and Privacy.
|
|||
|
From: the tty of Geoffrey S. Goodfellow
|
|||
|
Reply-To: Geoff@SRI-CSL
|
|||
|
To: Human-nets:,
|
|||
|
To: Telecom:,
|
|||
|
To: Security-Forum:,
|
|||
|
To: Info-Micro:
|
|||
|
Cc: csl:,
|
|||
|
Cc: others:
|
|||
|
Message-ID: <[SRI-CSL]26-Sep-83 20:08:20.GEOFF>
|
|||
|
Redistributed-To: dist:
|
|||
|
Redistributed-By: GEOFF at SRI-CSL
|
|||
|
Redistributed-Date: 28 Sep 1983
|
|||
|
|
|||
|
On Monday, September 26th, I appeared before and presented invited
|
|||
|
testimony at the U.S. House of Representatives Subcommittee on
|
|||
|
Transportation, Aviation and Materials on the subject of Telecommunications
|
|||
|
Security and Privacy.
|
|||
|
|
|||
|
Due to the activities of the Milwaukee 414s and the subsequent hoopla that
|
|||
|
has been generated in the media, HACKING has been getting a bad name. I
|
|||
|
therefore decided to address my testimony to the TRUE nature of computer
|
|||
|
hackers and hacking (in an attempt to put the entire situation in some type
|
|||
|
of perspective). I also addressed what can and should be done to help
|
|||
|
abate the 'unsavory' hacking problem. And lastly, how low tech the current
|
|||
|
hackings have been and what we might be seeing more of in the future.
|
|||
|
|
|||
|
I'm told the hearings went out live over CNN -- there were at least 16
|
|||
|
video cameras that I could count and the rest of the room was jammed to
|
|||
|
standing room only with reporters and other media.
|
|||
|
|
|||
|
Individuals who presented testimony were: Neal Patrick (of the 414s); Jimmy
|
|||
|
McClary (Los Alamos Division leader for Security); Donn Parker and myself
|
|||
|
(from SRI); and Steve Walker (formerly of DARPA/Pentagon).
|
|||
|
|
|||
|
Those interested in what I had to say about hacking and such are invited to
|
|||
|
FTP a copy of my prepared testimony from [SRI-CSL]<GEOFF>HOUSE.DOC; There
|
|||
|
is also a .LPT version with line-printer overstriking, should you want
|
|||
|
that. If you cannot FTP a copy for whatever reason, I'll be able to send
|
|||
|
one by netmail if you mail a request to Geoff@SRI-CSL.
|
|||
|
|
|||
|
Geoff
|
|||
|
...............................................................................
|
|||
|
...............................................................................
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
TESTIMONY BY GEOFFREY S. GOODFELLOW
|
|||
|
|
|||
|
Before the Subcommittee on Transportation, Aviation and Materials
|
|||
|
on the subject of Telecommunications Security and Privacy.
|
|||
|
|
|||
|
26 September 1983
|
|||
|
|
|||
|
|
|||
|
|
|||
|
1. Introduction
|
|||
|
|
|||
|
My name is Geoffrey S. Goodfellow. I am primarily employed by the
|
|||
|
Computer Science Laboratory at SRI International, Menlo Park, California.
|
|||
|
For the past 10 years at SRI, I have been involved in research efforts
|
|||
|
related with packet switched computer network communication systems,
|
|||
|
protocols and security technologies. I have also been involved in
|
|||
|
various operating and sub-system development projects. Currently, my
|
|||
|
responsibilities include a position as Principle Investigator of SRI's
|
|||
|
involvement in a Department of Defense program aimed at developing and
|
|||
|
proving secure computer systems, that operate at different security
|
|||
|
levels and communicate via networks. A detailed biography of my career
|
|||
|
from 7th grade school where I discovered computers (which
|
|||
|
eventually lead to my permanent abandonment of the formal educational
|
|||
|
system during high school) to how I got to where I am today with no
|
|||
|
degrees or any type of equivalency to my name is included at the end of
|
|||
|
my testimony.
|
|||
|
|
|||
|
I am a coauthor of the Hacker's Dictionary -- A Guide to the World of
|
|||
|
Computer Wizards, a new book being published this fall.
|
|||
|
|
|||
|
THE STATEMENTS INCLUDED HEREIN ARE MY OWN AND DO NOT NECESSARILY
|
|||
|
REPRESENT THOSE OF SRI INTERNATIONAL OR ANY CLIENTS OF SRI.
|
|||
|
|
|||
|
2. The Nature of Computer Hackers and Hacking.
|
|||
|
|
|||
|
The primary nature of a computer hacker can be defined as follows:
|
|||
|
|
|||
|
- A person who enjoys learning or knowing the details of computer
|
|||
|
systems and how to stretch their capabilities, as opposed to most
|
|||
|
users of computers, who prefer to learn or know only the minimum
|
|||
|
amount necessary in order to get their job done.
|
|||
|
|
|||
|
- One who programs computers enthusiastically, for the sheer fun of it,
|
|||
|
and gets a non professional amount of enjoyment out of using them.
|
|||
|
|
|||
|
- A person capable of appreciating the irony and beauty (i.e. `hack
|
|||
|
value') of a program.
|
|||
|
|
|||
|
- A person who is good at programming quickly or is an expert on a
|
|||
|
particular program. (This definition and the proceeding ones are
|
|||
|
correlated, and people who fit them congregate).
|
|||
|
|
|||
|
Unfortunately, though, hacking has an unsavory faction to it:
|
|||
|
|
|||
|
- A malicious or inquisitive meddler (i.e. `poacher') who tries to
|
|||
|
discover information by poking around. For example, a "password
|
|||
|
hacker" is one who tries, possibly by deceptive or illegal means, to
|
|||
|
discover other people's computer passwords. A "network hacker" is
|
|||
|
one who tries to learn about the computer network (possibly because
|
|||
|
he wants to interfere--one can tell the difference only by context,
|
|||
|
tone of voice and manner of approach).
|
|||
|
|
|||
|
Hackers of all factions, whether benign or of the unsavory flavor,
|
|||
|
consider themselves somewhat of an elite, though one to which new members
|
|||
|
are gladly welcome. Hacking is meritocracy based on ability.
|
|||
|
There is a certain self-satisfaction in identifying yourself as a hacker
|
|||
|
(but if you claim to be one and are not, you'll quickly be labelled
|
|||
|
`bogus').
|
|||
|
|
|||
|
The hacker is intensely interested in technology and is a very
|
|||
|
inquisitive person. Many are social outcasts who don't enjoy the same
|
|||
|
things as most other kids their age. Hackers of the unsavory flavor are a
|
|||
|
very curious breed of individual -- many can best be described as
|
|||
|
loners looking for someone to appreciate their talents. They know full
|
|||
|
well that what they're doing errs on the `dark side (of the force)' --
|
|||
|
to coin a phrase. Unsavory hackers want to get caught so they can be given
|
|||
|
the appreciation they desire -- and the process of getting caught adds an
|
|||
|
essence of thrill to their endeavor.
|
|||
|
|
|||
|
I would like to state for the record, that benign hackers, such as I,
|
|||
|
deplore the unsanctioned entry and subsequent rummaging of mainframe
|
|||
|
computer systems and networks. These types of activities are tarnishing
|
|||
|
the profession of hacking and giving it a bad name.
|
|||
|
|
|||
|
In the Real World, computer system organizations are generally run
|
|||
|
like totalitarian police states. This unfortunate reality fosters
|
|||
|
resentment in hackers and a desire to challenge the reverence of
|
|||
|
authority develops. As a result, the way hackers bring themselves to a
|
|||
|
system managers attention is via the medium they know and relate to best:
|
|||
|
a terminal and modem and your computer system. In most cases, the hacker
|
|||
|
wouldn't personally think of or know how to go about calling up the
|
|||
|
director of a computer system and offering his services to you as a bright
|
|||
|
young guy for the fear of reprisals or not being taken seriously.
|
|||
|
Instead, they choose to `introduce' you to them by meddling with your
|
|||
|
computer system, cavalierly circumventing security and protection
|
|||
|
mechanisms, in order to satiate their hunger for knowledge and
|
|||
|
develop an understanding of how things work.
|
|||
|
|
|||
|
The organization will respond in kind by trying to `plug the leak' of
|
|||
|
an intrusion into their system by erecting barriers. This type of
|
|||
|
reaction is precisely the wrong approach to take, because the hacker
|
|||
|
will notice the beefed-up defenses and see them as a further
|
|||
|
challenge of his prowess and ingenuity and legitimate users are subjected
|
|||
|
to greater inconvenience.
|
|||
|
|
|||
|
Instead, what an organization should do is try to befriend hackers which
|
|||
|
have penetrated their inner sanctums. The perspective that should be
|
|||
|
taken is one of "Is it helpful or useful for you to do this?" rather
|
|||
|
than "Are you authorized to do this?". You must in effect come down to
|
|||
|
the hackers level and circulate among them. Show them that you appreciate
|
|||
|
their talents. If you ask them nonforeboding questions and take a genuine
|
|||
|
interest in what they're doing, most of the time you'll find they're more
|
|||
|
than happy to tell you exactly what it is they're looking for or
|
|||
|
interested in. The hacker wants to learn and you can be their
|
|||
|
guide/teacher. This is how I was dealt with by the firm that caught
|
|||
|
me during my unsavory hacking days in 1973 when I breached security on a
|
|||
|
large commercial timesharing network and many of its host computer
|
|||
|
systems. I was very much inspired by this method of catching and steering
|
|||
|
unsavory hackers towards more constructive use of their talents.
|
|||
|
|
|||
|
There is, however, a more virulent strain of the unsavory faction, namely
|
|||
|
the electronic vandals or joy-riders (N.B. NOT HACKERS). This strain
|
|||
|
includes, for example, kids whose parents are of an affluent nature. As a
|
|||
|
result, these kids have an inflated world picture and little or no true
|
|||
|
sense of reality, due to the nature of their care-free life styles and
|
|||
|
upbringing. These kids plague computer systems and networks as they
|
|||
|
would spray paint on school walls, t-p someone's house, or engage in the
|
|||
|
use of so called 'recreational' drugs. In other words, these illicit
|
|||
|
activities are engaged in with absolute reckless abandon and disregard for
|
|||
|
the rights or sovereignty of other people's property. As with regular
|
|||
|
vandalism, the primary motivators seems to be simply doing it because
|
|||
|
they can get away with it, and because of the respect it brings them
|
|||
|
among their equally disrespectful peers. This differs from the unsavory
|
|||
|
hacker in that there is no constructive purpose or motive involved, such
|
|||
|
as learning or acquiring knowledge. This problem is further
|
|||
|
exacerbated by the juvenile age of the perpetrators and the unlikelihood of
|
|||
|
prosecution, even if caught. The perpetrators are smugly aware of their
|
|||
|
immunity in most cases!
|
|||
|
|
|||
|
3. What Can and Should Be Done to Help Abate The Unsavory Hacking Problem?
|
|||
|
|
|||
|
From my own observations and inspections of systems and from what I have
|
|||
|
been reading in the press, I have come to the conclusion that
|
|||
|
computer site administrators are not taking reasonable and prudent
|
|||
|
measures to protect their computer systems from even the most casual
|
|||
|
methods of circumvention. A rather egregious example of this would be the
|
|||
|
installation of which the 414s allegedly logged into with username "test"
|
|||
|
and password "test". Usernames and passwords of this sort are not uncommon
|
|||
|
and sites which set up logins like this are just asking for a break in
|
|||
|
-- just as someone who would leave a key in the lock on the front door of
|
|||
|
their house, complete with the WELCOME! mat out for all to see, invites
|
|||
|
the casual burglar.
|
|||
|
|
|||
|
The way I view `reasonable and prudent' measures of protection from the
|
|||
|
casual penetration is by drawing a paradigm with the way DoD classified
|
|||
|
information is handled.
|
|||
|
|
|||
|
With respect to the handling and use of classified information, it is
|
|||
|
the responsibility of the organization to which you belong, in conformance
|
|||
|
with DoD guidelines, to provide you with rules and regulations in
|
|||
|
the handling of classified information. It is also the responsibility of
|
|||
|
your organization to provide you with a safe place (i.e. a vault) to
|
|||
|
store said information and to provide adequate safeguards (such as alarm
|
|||
|
systems, security personnel and patrols) to prevent unauthorized access.
|
|||
|
|
|||
|
The same methodology should be taken to heart by administrators of
|
|||
|
computer systems. It's their responsibility to provide reasonable and
|
|||
|
prudent measures to prevent unauthorized access attempts from gaining
|
|||
|
access to the system. This means a few very basic things like:
|
|||
|
|
|||
|
- Forcing users to choose reasonable passwords - not their spouse's
|
|||
|
name or their dog's name.
|
|||
|
|
|||
|
- Setting up proper modem controls on dial-up/remote access ports so
|
|||
|
that disconnection causes any jobs (or trojan horses left on the
|
|||
|
port) to be flushed and results in resetting the port to not-logged
|
|||
|
in status.
|
|||
|
|
|||
|
- Reporting incorrect password attempts to the system console or log
|
|||
|
file.
|
|||
|
|
|||
|
- Causing line disconnection after a few successively repeated
|
|||
|
incorrect password attempts.
|
|||
|
|
|||
|
- Using encrypted passwords, so it is not possible to compromise an
|
|||
|
entire systems password list when circumvention of a systems
|
|||
|
protection mechanisms is attained. This is analogous to the DoD's
|
|||
|
compartmentalization of information -- so a breach in one area does
|
|||
|
not sacrifice security in all areas.
|
|||
|
|
|||
|
The second facet of the paradigm is the users' responsibility. I don't go
|
|||
|
out to lunch and leave my secrets sitting on my desk. I put them in a
|
|||
|
vault. And I don't go throwing them over the embassy walls. So it is
|
|||
|
the same for the computer system user. It is the users
|
|||
|
responsibility to choose reasonable passwords and not leave them written
|
|||
|
down anywhere, such as on their desk blotter or white board or to
|
|||
|
pass them out to others.
|
|||
|
|
|||
|
The third matter is a paradigm of a different nature. This has to do
|
|||
|
with socially acceptable values. Namely, when I was brought up, I was
|
|||
|
taught about trespassing. If I went to someone's house and found the front
|
|||
|
door wide open, I don't really know of anyone who would walk right in
|
|||
|
and look around. They would instead stand at the door, ring the doorbell
|
|||
|
or knock or call out. This type of responsibility or sense of morals
|
|||
|
has to be applied to the computer technology field.
|
|||
|
|
|||
|
Research into methods of improving the safeguarding of information flow
|
|||
|
through technology should be pursued. One such project is the one of which
|
|||
|
I am the Principle Investigator of at SRI, which has to do with this type
|
|||
|
of technology. Our involvement has to do with developing and proving
|
|||
|
technologies that will absolutely assure that I will only have access to
|
|||
|
information in a computer system database of which my clearance and
|
|||
|
my `need to know' entitles me too, while prohibiting me from information I
|
|||
|
am not cleared or permitted to access. However, one must carefully weigh
|
|||
|
the value of increased security with the cost in user convenience and
|
|||
|
flexibility.
|
|||
|
|
|||
|
Explicit federal and state criminal statutes should be enacted to
|
|||
|
allow a vehicle for vigorous prosecution, should it be warranted or
|
|||
|
desired, by injured parties. These explicit laws would also hopefully
|
|||
|
act as a method of deterrence.
|
|||
|
|
|||
|
4. Let Us Not Lull Ourselves into a False Sense of Security.
|
|||
|
|
|||
|
In general unsanctioned computer system penetrations can be
|
|||
|
performed by individuals who possess three basic aspects of computer
|
|||
|
knowledge: access, skill and information.
|
|||
|
|
|||
|
Access can be defined as a terminal and modem. Skill can be
|
|||
|
defined as ingenuity or familiarity with computer systems, especially
|
|||
|
with the given system type that the penetration is directed
|
|||
|
towards. Information can be defined as dial-up phone numbers, network
|
|||
|
address or means of accessing a given computer system -- perhaps even
|
|||
|
physical. Information can also include various methods, most likely in the
|
|||
|
form of 'bugs' (i.e. shortcomings) or 'features' (i.e. an aspect
|
|||
|
inherent to the hardware or software design of the system) which will
|
|||
|
permit the holder to circumvent the operating system security and
|
|||
|
protection mechanisms, and in effect gain carte blanche access to the
|
|||
|
computer. Carte blanche can be defined as allowing the holder to override
|
|||
|
file security and protection considerations, in that you can read or alter
|
|||
|
any data and even change the nature of the computer operating system
|
|||
|
software itself.
|
|||
|
|
|||
|
In the good ol' days such skill and information was not widely known.
|
|||
|
However, with the ever increasing number of computer systems, both
|
|||
|
personal and mainframe alike, information and skill is spreading to an
|
|||
|
ever increasing number of individuals and institutions.
|
|||
|
Unfortunately, not all of the individuals are as scrupulous as they
|
|||
|
should be. Such instruments as `Pirate Bulletin Board' systems are
|
|||
|
being used to disseminate this information on a nationwide, on-call, as
|
|||
|
needed basis.
|
|||
|
|
|||
|
What does this mean?
|
|||
|
|
|||
|
Up until now most unsanctioned computer system penetrations have not been
|
|||
|
the high technological acts of chicanery the media has made them out to
|
|||
|
be. They were primarily performed by individuals who were as familiar
|
|||
|
with computer technology as, say, an auto enthusiast is with what goes
|
|||
|
on under the hood of your car. The 'auto whiz' has the breadth of
|
|||
|
knowledge necessary to 'hot wire' a motor vehicle, just as your computer
|
|||
|
literate individual has the breadth necessary to perform a
|
|||
|
technological 'hot wire' inside a computer system.
|
|||
|
|
|||
|
However, the current low to medium technological approaches to
|
|||
|
system penetrations are likely to change.
|
|||
|
|
|||
|
I define the technological levels as follows: high tech is defined as a
|
|||
|
new method of circumvention. High tech methods are primarily
|
|||
|
invented by individuals or a group of individuals who have an in depth
|
|||
|
understanding of the desired technology the caper is directed against.
|
|||
|
Medium tech can be defined as an individual who has the same basic level
|
|||
|
of understanding as the high tech guy, but uses the knowledge and
|
|||
|
perhaps fine tunes or refines it a bit (i.e. the medium tech individual is
|
|||
|
a knowledgeable user). The low tech individual is just a user of
|
|||
|
the knowledge with little or no understanding of what is involved in making
|
|||
|
the technology perform its desired function.
|
|||
|
|
|||
|
In the not to distant future with higher stakes, increased levels of
|
|||
|
knowledge and other aspects better understood, I believe we will see a
|
|||
|
trend towards a more 'higher tech' level of system penetrations and
|
|||
|
circumventions. These capers will be harder to detect and deter.
|
|||
|
|
|||
|
The further development of formal specification and verification techniques
|
|||
|
and associated technologies will permit the system developers,
|
|||
|
reviewers or specifier himself to verify that a given system
|
|||
|
specification is consistent with a given model of desired operation.
|
|||
|
|
|||
|
5. Recommendations
|
|||
|
|
|||
|
In conclusion, I would like to say that I believe the scale of the
|
|||
|
hacking problem is going to escalate dramatically as more of the technology
|
|||
|
makes its way into the mass market. There is no one easy solution to
|
|||
|
these problems. The directions that need to be taken are technological,
|
|||
|
ethical/moral and social. Hopefully an increased awareness of the
|
|||
|
vulnerability of our systems to penetration and circumvention will allow us
|
|||
|
to see the light, in the form of solutions, at the end of the tunnel. And
|
|||
|
hopefully that light, is not a train.
|
|||
|
|
|||
|
6. Biography (The Making of a Hacker)
|
|||
|
|
|||
|
My first experience with computers (and the world of `hacking')
|
|||
|
manifested itself during my 7th grade school when I discovered a room
|
|||
|
full of teletypes connected to a computer system at Stanford University
|
|||
|
which offered Computer Assisted Instruction/drill programs.
|
|||
|
|
|||
|
Having discovered `The Computer Room', I started arriving at school early
|
|||
|
each day to be able to play with them. I would also spend the lunch
|
|||
|
hour, recess and as long as I could after school in the computer room, as
|
|||
|
well.
|
|||
|
|
|||
|
Luckily, that summer I was permitted to hang-out at the Stanford facility
|
|||
|
which had the computer system that served our school and others. This
|
|||
|
allowed me the opportunity to interact with the system designers and
|
|||
|
learn how everything worked. At the facility, I quickly began to
|
|||
|
develop a keen interest in system-level software, such as the
|
|||
|
operating system and privileged type programs which only `the wizards'
|
|||
|
could run or know the inner workings of. However, I did not let this
|
|||
|
fact keep me from learning about the system.
|
|||
|
|
|||
|
During the 8th grade, my parents wishing to contribute to their son's
|
|||
|
apparent avid absorption of computer technology, procured a used teletype
|
|||
|
machine and modem from a large time-sharing computer firm. I don't
|
|||
|
know how, but in the process, they managed to talk the firm out of `free'
|
|||
|
account for after hours and weekend use. The firm then promptly
|
|||
|
forgot about me. After running the usual course of computer games, which
|
|||
|
quickly became quite boring, my attention turned towards the operating
|
|||
|
system and its protection mechanism, which I took delight in finding
|
|||
|
ways around. This of course, was noticed by the time-sharing
|
|||
|
company and one summer evening, after they were sure it was me inside
|
|||
|
their system, their vice president and district manager came knocking at
|
|||
|
our door, and in effect said, "gotcha!". The result of being caught was
|
|||
|
that I was hired for the summer to help them make their system more
|
|||
|
secure and plug the holes that I had uncovered in my wanderings.
|
|||
|
|
|||
|
While employed for the summer, 1973, I chanced to meet up with another
|
|||
|
summer hire who had done some work at NASA-AMES and had knowledge of a
|
|||
|
Department of Defense computer network, called the ARPANET, which linked
|
|||
|
together computers all over the country at various research
|
|||
|
establishments, universities and military bases. My new-found friend
|
|||
|
passed me a dial-up number, and on a scrap of paper, wrote a few commands
|
|||
|
that would allow me to connect up to various systems on the network.
|
|||
|
|
|||
|
In these early days of the ARPANET (which pioneered packet
|
|||
|
switching technology, a method for allowing computers of different flavors
|
|||
|
and types to `talk' to one-another), the majority of the computers had
|
|||
|
`guest' accounts on them with purposefully obvious and published passwords.
|
|||
|
This was done in order to promote the free use of resources at other host
|
|||
|
systems and to let users of the network have a chance to explore, learn and
|
|||
|
use said systems.
|
|||
|
|
|||
|
Needless to say, this was a gold mine that no hacker, such as myself,
|
|||
|
could pass up. So I spent the better part of the summer learning and
|
|||
|
using as many different computer systems as possible, all over the country.
|
|||
|
|
|||
|
One of my favorite systems to use was the guest login account on a host
|
|||
|
called SRI-AI, a PDP-10 running the Tenex operating system, which
|
|||
|
belonged to the Stanford Research Institute's Artificial Intelligence
|
|||
|
Center. I thought it nice to have a system right in my very own home
|
|||
|
town. I made it a point to get to know the operations of this system as
|
|||
|
well as I could in hopes that perhaps someday I might have a login account
|
|||
|
of my own to use and it would be nice to be familiar with it in such an
|
|||
|
event.
|
|||
|
|
|||
|
Well, that day came when, as usual, I logged into the public guest account,
|
|||
|
and out popped a message of the form "Welcome to the SRI-AI computer
|
|||
|
public guest account. If you think you have a need for your own account,
|
|||
|
send a note (with the on-line electronic mail program, of course) to
|
|||
|
the system administrator, explaining your need."
|
|||
|
|
|||
|
Such an invitation was just to good to pass up and having my very own
|
|||
|
login account is something I had dreamed about. So, I took it upon myself
|
|||
|
to send a message saying I was a hacker who had been spending time on the
|
|||
|
public guest account learning about their system and wanted to have an
|
|||
|
increased level of access and login area of my own to store files. In
|
|||
|
return, I would freely help improve the systems capabilities thru my
|
|||
|
hacking.
|
|||
|
|
|||
|
After some initial trepidation on the part of the systems administrator
|
|||
|
was overcome, my account was granted. This allowed me to make SRI-AI my
|
|||
|
home base of network operations. I immediately proceeded to hack
|
|||
|
away to my heart's content, now that, in effect, I had become a legitimate
|
|||
|
network user.
|
|||
|
|
|||
|
After demonstrating my competence and some semblance of responsibility, I
|
|||
|
was granted system privileges (i.e. carte blanche access to all system
|
|||
|
resources). This permitted me to learn and develop a further understanding
|
|||
|
of the system.
|
|||
|
|
|||
|
So, I hung around SRI for about 9 months. I was given a building pass, so
|
|||
|
as to have physical as well as electronic (remote) access to the computer
|
|||
|
systems. This allowed me to come and go at odd hours, which are the
|
|||
|
hours hackers are best known to keep.
|
|||
|
|
|||
|
Then, there was an opening for a part-time weekend computer operator's job,
|
|||
|
and since I had demonstrated my competence, I was immediately hired
|
|||
|
for the position. I was now in my senior year of high school, and as a
|
|||
|
result of my increased access to computers, my grade average followed the
|
|||
|
typical hacker curve, i.e. down. until, two weeks into the final quarter
|
|||
|
of my senior year in high school, I dropped out, and became full-time at
|
|||
|
SRI. I have never returned to a classroom since the day I left school in
|
|||
|
1974.
|
|||
|
I dropped out, and became full-time at
|
|||
|
SRI. I have never re
|