Simson Garfinkel

A View from Simson Garfinkel

Hackers in the News

It’s about the people, not the technology.

  • March 6, 2007

A trio of interesting stories about computer hackers crossed my laptop this morning.

Randall Schwartz was a system administrator at Intel back in 1993, when he was arrested for running a password-cracking program called “crack” on one of Intel’s computer systems. I knew of Schwartz because he was the author of the best-selling O’Reilly book Learning Perl. How could another O’Reilly author be a criminal?

Although the facts of Schwartz’s case are confusing, we know that he had basically tried to crack the password file of Intel’s Supercomputer Systems Division (SSD) after he had terminated a consulting job with that part of Intel and moved on to another. In his defense, he said that he had been upset about the poor status of the group’s security and was trying to demonstrate the problem. That explanation didn’t fly with the court, and Schwartz was convicted of a felony. It was widely believed at the time that Schwartz was attacked by members of his old group because of bad blood: they wanted to run an internal group with little security, and he wanted to demonstrate that their actions were materially jeopardizing the company. Well, after 10 years as a felon, Schwartz has finally been granted a pardon and had his sentence expunged. He’s no longer a felon. CNET has a summary of the article.

The big lesson here is to remember that, as a consultant, you have fewer rights at a company than an employee does. And don’t ever white-hack without a get-out-of-jail-free card, which is an authorization from the company to do what you want to expose its weaknesses.

Joanna Rutkowska is an impressive hacker in Europe who has made her name by finding low-level exploits based on the architecture of modern computer systems. She created a “red pill/blue pill” set of exploits that used the new virtualization instructions on modern computers as a super “rootkit” that’s very hard to detect (because it’s running outside of the operating system). I love her work! Now she has given a demonstration of how rootkits can defend themselves against computer forensic tools that use direct memory access to read their memory. You can read about it in Techworld too.

Photo Credit: Dave Bullock

Unnamed hacker in France has broken into a computer system used by Jean-Marie Le Pen and leaked the names of elected officials in France who have promised to endorse him in an upcoming election. According to Dan Goodin’s article, “Le Pen needs the endorsement of 500 of France’s 42,000 elected officials by March 16 in order to run.” What a weird election system they have in France.

Goodin’s article, incidentally, was written in San Francisco for the U.K.-based Register. Oh, how I love the Internet.

Tech Obsessive?
Become an Insider to get the story behind the story — and before anyone else.

Subscribe today

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

Want more award-winning journalism? Subscribe to Insider Premium.
  • Insider Premium {! insider.prices.premium !}*

    {! insider.display.menuOptionsLabel !}

    Our award winning magazine, unlimited access to our story archive, special discounts to MIT Technology Review Events, and exclusive content.

    See details+

    What's Included

    Bimonthly home delivery and unlimited 24/7 access to MIT Technology Review’s website.

    The Download. Our daily newsletter of what's important in technology and innovation.

    Access to the Magazine archive. Over 24,000 articles going back to 1899 at your fingertips.

    Special Discounts to select partner offerings

    Discount to MIT Technology Review events

    Ad-free web experience

    First Look. Exclusive early access to stories.

    Insider Conversations. Listen in as our editors talk to innovators from around the world.

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.