Hacking through the Inner Circle

Press, 18 January 1986, Page 20

Hacking through the Inner Circle

Out of the Inner Circle. By Bill Landreth. Microsoft Press, 1985. 230 pp. $3O (limp). (Reviewed by A. J. Petre) Business and institutions which have computers connected to the telephone lines have long been the target of “hackers,” who try to break into systems, read files, and sometimes cause damage. “Cracking” a system is a great challenge to a bright youngster; Landreth was one of the brightest and most successful young hackers in the United States until the F. 8.1. caught up with him. In this entertaining well-written book, he looks at computer security from the hacker’s viewpoint — and gives good advice on how to keep a system secure. Hackers succeed because of the ineffective, inefficient and generally lazy security of systems owners, operators and users, Landreth says. Security laxities in the design of some older systems do not help. “Computer owners and operators should take the time and effort to educate their users. If they did, hacking as it is today would fall to such a low level of activity it could be considered dead. It’s that simple.” The weakest points are usually passwords, and the way users select and use them, Landreth says. Many users just stick with the initial default: “PASSWORD.” They never bother to change it. Many of those who do change it, cannot be bothered typing in a full word. They merely select one letter of the alphabet — which does not leave many choices for a hacker to try. Others think they are being exceptionally clever by picking such words as SECRET, PLEASE, PASS, HELLO, LOVE, WORK, INTRO, ACCOUNT, DOLLAR, SYSTEM, GOD, OKAY, or their first name. Unfortunately all these very common choices are well known to hackers. Many systems have accounts left on them from the time they were installed — usually with such passwords as DEMO, TEST, or .GAMES. Once a hacker is into the system, the system operator is in trouble. The skilled hacker will quickly find his way into the rest of the system, probably acquiring many new passwords, and thus a selection of accounts. Some even set up private bulletin boards for their computer friends, and suddenly the computer has 30 or 40 unofficial new users. Once into a system the hacker can set up a “Trojan Horse” — a program that will capture and file passwords for the hacker’s later use, when the

program is run. Typically the hacker will put a small program called SECRET on the files. Humans being what they are, everyone to spot this will run the program. They will be asked to identify themselves (and their password) then be told not to mess around with secret files, and be returned to the main menu. To them, that is all there is to it. To the hacker, it is another password filed away.

Sometimes such a program will be organised to be run only by a senior user of the computer, and it will give the hacker a powerful new account —' even a system operator’s account — by. invisibly using the authority of the person who has unconsciously looked up SECRET and run the program. This is just one of many clever tricks that Landreth details and expose. He warns computer users and operators what to look for; how to tell that a hacker has breached the security of their system.

Landreth knows what he is talking about — his record alone proves that. He has produced a book that should be required reading for all system operators. Computer enthusiasts will find the book entertaining and informative, although the reader who hopes to get step-by-step lessons on how to be a hacker is likely to be disappointed.

The title of the book came from that of the group of expert teen-aged hackers, of which Landreth was the unofficial leader. The Inner Circle had access to hundreds of computers, large and small, across the United States. They were even (unofficially) asked for 1 security advice by major computer users, and gave it. Now New Zealand system operators can take advantage of this fund of practical knowledge. As they read of the security failures of others, many will undoubtedly feel a warm flush of embarrassment.