Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Simson Garfinkel

A View from Simson Garfinkel

Hackers in the News

It’s about the people, not the technology.

  • March 6, 2007

A trio of interesting stories about computer hackers crossed my laptop this morning.

Randall Schwartz was a system administrator at Intel back in 1993, when he was arrested for running a password-cracking program called “crack” on one of Intel’s computer systems. I knew of Schwartz because he was the author of the best-selling O’Reilly book Learning Perl. How could another O’Reilly author be a criminal?

Although the facts of Schwartz’s case are confusing, we know that he had basically tried to crack the password file of Intel’s Supercomputer Systems Division (SSD) after he had terminated a consulting job with that part of Intel and moved on to another. In his defense, he said that he had been upset about the poor status of the group’s security and was trying to demonstrate the problem. That explanation didn’t fly with the court, and Schwartz was convicted of a felony. It was widely believed at the time that Schwartz was attacked by members of his old group because of bad blood: they wanted to run an internal group with little security, and he wanted to demonstrate that their actions were materially jeopardizing the company. Well, after 10 years as a felon, Schwartz has finally been granted a pardon and had his sentence expunged. He’s no longer a felon. CNET has a summary of the article.

The big lesson here is to remember that, as a consultant, you have fewer rights at a company than an employee does. And don’t ever white-hack without a get-out-of-jail-free card, which is an authorization from the company to do what you want to expose its weaknesses.

Joanna Rutkowska is an impressive hacker in Europe who has made her name by finding low-level exploits based on the architecture of modern computer systems. She created a “red pill/blue pill” set of exploits that used the new virtualization instructions on modern computers as a super “rootkit” that’s very hard to detect (because it’s running outside of the operating system). I love her work! Now she has given a demonstration of how rootkits can defend themselves against computer forensic tools that use direct memory access to read their memory. You can read about it in Techworld too.

Photo Credit: Dave Bullock

Unnamed hacker in France has broken into a computer system used by Jean-Marie Le Pen and leaked the names of elected officials in France who have promised to endorse him in an upcoming election. According to Dan Goodin’s article, “Le Pen needs the endorsement of 500 of France’s 42,000 elected officials by March 16 in order to run.” What a weird election system they have in France.

Goodin’s article, incidentally, was written in San Francisco for the U.K.-based Register. Oh, how I love the Internet.

Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.

Subscribe today
Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Print Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.