I have Symantec security on my system and with it is a pretty decent firewall which of course anyone who uses a firewall will know provides me with literally hours of entertainment telling me of all the failes Sub7 trojan attacks on my system from l-users all over the world.
I have thus far been able to look up most of them, or at least the remote systems the breached to get to me with impunity. What I’d really like to do is stick it to them really good. Any tips on how to do this? Any software advice? Ping usually has no effect, WHOIS is occasionally amusing, but my long distance bill is going up. So what else is there? The FBI? My local division has only one person working computer crimes and I’m in Portland, we have a lot of cmputers in Portland. You would think maybe more than one agent for the whole city. So help me stick it to the hackers people.
Don’t bother (IMHO). They’re most likely script kiddies playing about thinking they’re “L33T”. Law enforcement authorities have doubtless got better things to be doing–and I don’t mean to suggest you’d be wasting their time, just that for the effort they’d expend it’s probably not worth it–and any action you could take might either put you in a dubious legal position or make you a bigger target.
It’s a right pain, but so long as you have sufficient firewall and A/V protection and common sense I’d just leave it.
I scan you Crusoe, I just have a lot of free time on my hands at the moment and Cyber Vigilante appeals to me (probly because I’d save $$ on dry-cleaning the costume).
I’d also love to be able to backtrace someone and pop up a little scripted window with something like “What the hell are you trying kid? Prepare to get owned” or “All your hard drive are belong to us!”.
Crusoe is doubtless right: Those are the lowest form of cracker, the script kiddie. As long as your firewall is up, they pose no threat. Just watch each seperate dying packet wrought its ghost upon the floor and wait for the inevitable person to tell you that software firewalls are an evil joke and that you should disable it and buy a hardware firewall.
Just out of curiosity, how does the Symantec firewall compare to ZoneAlarm?
zen - you could look up their IP address, as given to you by your firewall software, on www.samspade.org and report their activities to their ISP. Most ISP’s have an Acceptable Use Policy (AUP) that prohibits hacking activities. Expect to be asked to provide full logs, detailing what was done to you, when and by whom (their IP).
I definitely don’t recommend this as it is descending to their level and probably illegal, but I found it pretty amusing: a friend of mine installed Zone Alarm and noticed one particularly persistent “hacker” kept trying to gain access to his computer over a period of several days. My friend decided to turn the tables, and “browsed” to the hacker’s machine. It probably was a “script kiddy” because the “hacker” had left all his drives and printer openly shared over Windows networking. Taking pity on him (since he could have done much worse to the kid), my friend printed off a message on the script kiddy’s printer saying something like, “Stop trying to hack me…I’m watching you!”
Well I haven’t used ZE’s most recent incarnation and my version of Symantec’s software is a corporate edition as opposed to ZE marketed more towards the home user so the features are not likely to addup, but I will tell you this. The Symantec package is great for updating, and unlike Norton’s bundle it is not a resource hog. It has scaleable security and notification levels and can be configured for any number of remote terminals (not a feature I use).
My only criticism is the logging does not save easily or in an easily read format. It’s saved as a .txt file and it comes off as a huge lump of text for the eyes to digest. I would prefer a case by case annotation saved as a .doc or word pad format.
Well I haven’t used ZE’s most recent incarnation and my version of Symantec’s software is a corporate edition as opposed to ZE marketed more towards the home user so the features are not likely to add up, but I will tell you this. The Symantec package is great for updating, and unlike Norton’s bundle it is not a resource hog. It has scaleable security and notification levels and can be configured for any number of remote terminals (not a feature I use).
My only criticism is the logging does not save easily or in an easily read format. It’s saved as a .txt file and it comes off as a huge lump of text for the eyes to digest. I would prefer a case by case annotation saved as a .doc or word pad format.
Don’t assume that freeware can not match up to so-called “corporate” software. ZoneAlarm is top-quality, and at least a match for the overpriced Symantec firewall, if not better.
The truth is - a lot of the things you see in your log are background noise of the Net, which gets noisier and noisier every single year (take it from a gal who’s been on the Net since Reagan was in office). The amount of background packet traffic, misdirected packets, pings, scans, probes, etc. that mean nothing is outrageous.
The human factors route is the best way to take - I have very good luck with stopping persistant virus attempts and scans by mailing the ISP, and including the log files.
If a person is really hacking you, or harassing you online, then you really need to do what I did, which is find a lawyer in their State, and prepare to drag their sorry ass into court if they do it again.
The FBI doesn’t give a shit unless you can prove more than $10,000 in damages, and even then they don’t give a shit - if you know what I mean.
Plus, unless you are the RIAA, retribution-hacking is just as illegal as the hacking you are suffering.
That is absolutely irrelevant to my point. I don’t want certain people trespassing on my online property, illegal or not. And if I give notice that this online trespass is harassment, I do not care if they think they are just “looking at the World” or not, or whatever euphemism they want to use to convince themselves that they’re somehow not just grown-up script kiddies - they are trespassing in my space that I work and pay for, plain and simple.
Even if there is no law that says “So-and-so cannot visit your webspace”, it is still a matter of tort that I can take them to court for harassment. And I will do so. And then they can try to convince the judge that “hacker” is not equivalent to “cracker” (I’ll bet they don’t succeed, somehow…)
The Net is no longer some quaint place where “hackers” can harmlessly stroll through data, viewing credit info, personal secrets, employment records, confidential and proprietary business data, and just get away with it because they are “hackers”, and reputedly not trying to do any harm.
For many of us, the Net is our houses, our work, our lives. And I would no sooner let a hacker wander through my data to “just look around” than I would invite the local transients to come through my house at-will, to rifle through my drawers and personal affects.
I would love to see someone argue that a so-called “hacker” has a right to browse through my data at-will and without my permission, and that somehow I have implicitly given them permission by the mere existance of the data online. And I would love to see them explain that to a Judge, and see what happens.
There is no distinction whatsoever between a person who is attempting to gain access to a private system for illegal means, and a person who is attempting to gain access to a system just to get their rocks off.
And as a capper, IIRC, the Patriot Act has ended up criminalizing a few things that traditional “hackers” used to do, thus making many of them “crackers”.
And then, we could get into the debate of common usage and parlance of a term, versus what a dictionary says, but there’s no point in fighting over it or getting upset over it. Everyone else on this entire Board knows what one is talking about when they use the word “hacker”, and so everyone is going to keep using it in that context, for better or for worse.
Anth, I am trying to keep my emotions down to a low roar.
Hackers would never tresspass. They don’t vandalize. They don’t destroy or steal or rape or murder. They simply look at the world in terms of problems they can solve with their minds. Most of those problems are technical in nature, because they generally have an easier time interfacing with things instead of people. But that isn’t central: Hackers pursue knowledge. They find out a bit more than they have to, learn the whys instead of just the hows, and try to share the pleasure of learning and knowing with the world. Learning is what motivates hackers.
How do I know? I am one. Asocial? You bet. I’d rather find out how a particular device driver works, or the etymological origin of a word I just learned, or a hundred other things others find boring and stupid, than try to strike up a conversation with a cute blond. Being with people drains me, being with computers and books energizes me. I was the kid in class who was wishing he could spend recess in the library instead of outside, even though his reading level was far beyond anything there. I am the guy who thinks Chaucer is better company than anyone at the ball game. My main joy in life is learning. About pretty much anything, in fact, not just computers, but computers give me something special: An object complex enough to interact with me, yet something I can completely control. While processing math, it can create graphics. Fascinating stuff, something that has never failed to enthrall me.
I am a hacker.
So why do you equate me with lawbreakers? That hurts. Really, despite my asocialness, I do care what certain people think of me. When intelligent people say I’m in the same class as thieves and graffiti sprayers, I get angry and tense and emotional. It hurts a lot of those in my group, actually, which is why we created a word specifically to describe computer criminals: Crackers. We ourselves use it in the placers we control, such as slashdot and The Register. We cannot convince CNN to use it, but CNN isn’t as personal as the individual who thinks ‘hacker == evil’. CNN doesn’t send my systolic into a bull market. You do. So please, use the correct word.
The thing is that I believe you have referred to the “hacker’s Jargon” guide as your definintion of “hacker”. And when I read it, I see the following under the entry “hacker ethic”:
Look at the above - you came in here, as you have many times before, and chided me and others for “misuse” of the term “hacker”. Yet if I look at the “official” definition of “hacker ethic” above, I see things in the ethic that are trespasing and an invasion of my privacy. In fact, they even refer to it themselves as “cracking”.
And yes, their definition of “hacker” sorta glosses over the “hacker ethics”. But you cannot have one without the other.
So. Is a hacker that cracks still just a hacker? How can the “hacker ethic” include “cracking”? Where do you draw the line? I understand your personal view and philosophy, and that’s great. But you cannot come in to every thread and assert people are misusing “hacker” when the definition of “hacker ethic” clearly and unambiguously includes the very behavior complained about in the OP.
In short, my friend - you cannot mince words over “hacker” as long as “hacker ethic” includes “cracking”. You said the following:
Which is at odds with these lines above:
Do you understand why we are at a disagreement here?
I don’t need unpaid people trying to break into my system out of some sort of phenomenally bizarre definition of a “favor” to me. It is not their legal right to do so. I’ve already had hackers attack me, trying to find weaknesses in my system - one of them posts on this very Board, in fact. It has taken me a lot of Una-time and effort to stop him, and the purchase of extra equipment.
Tell me, Derleth - to whom do I send the bill? I bill my profressional “hacking” expertise (yes, for I too am a “hacker” under a portion of your definition) at $1000 a day. My lawyer and I have accumulated a detailed, itemized, notarized affadavit in the form of a bill proving that this person has cost me more than $20,000 of person-time. Outside of a lawsuit, which he is just one visit away from, how do I get compensation for my time, and for the harassment he has caused?
If they crash and burn my entire system, and cause an outage to my 300+ Members, what is the cost of that inconvenience and harassment? And of the time to get things back up again? Who do I send the bill to?
Breaking into a system, and risking damaging and revealing data and software, especially when the person doing it takes no monetary or legal responsibility for the negative results of their actions, is highly unethical. It can hurt real people, and can cost real money.
Listen up - the way you describe yourself is as an intelligent, honorable person. And I believe you. But I do not equate you with lawbreakers, based on how you describe yourself above. It is you yourself who have chosen to use a word that clearly connotes lawbreaking, trespass, and unauthorized access to personal and business information. Or, if nothing else, has a common usage in the language of half a billion people that has a negative connotation.
I have nothing but good feelings and wishes towards you, Derleth. But don’t assume I have not done research into what “hacking” and “hacker ethic” really mean. To read that the “hacker ethic” includes acting as an upaid, unsolicited, unwanted “tiger team” to break into my systems makes my systolic rise.
What also made my systolic rise is that we have people here trying to discuss a topic of preventing unauthorized and unwanted access into our systems, which for me can at least be equated to a real-world dollar value and a feeling of my privacy being violated, and your comment was simply that we are using the wrong words. Why couldn’t instead you have shared your expertise with us to stop the “crackers” as you call them, to help people like me feel safer? If you would have chided me on the word, yet supplied some assistance, suggestions, or at a minimum commiseration, then I would not have bothered to respond so indignantly.
Do you understand why I felt put out? It’s like me saying “there’s someone robbing my house!” and having a person respond with “no, they’re burglarizing your house, not robbing it.”
