Paper: "Cybercrimes: A Practical Approach..."

tgeller writes "The Santa Clara Computer High Technology Law Journal just published a paper by lawyer Eric Sinrod and William P. Reilly: "Cybercrimes: A Practical Approach to the Application of Federal Computer Crime Laws". The 54-page paper gives an excellent overview of computer crime methods, legal remedies, and motives. And he gets the "hacker/cracker" distinction right! Download the PDF or Word version (sorry, no hypertext)." Good background info if you are interested in this.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:hacker

[porkchop_d_clown]

Well,

It used to be true that hackers needed to be skilled and were primarily interested in learning. Not anymore.

Why, in my day, we used card punches! And Liked It!

--

Greetings New User! Be sure to replace this text with a

They did *not* get "Hacker" right

[Anonymous Coward]

It's very simple why these guys continue to misuse "Hacker" throughout the text -- they didn't get the definition correct in the first place. Re-read page 4 of the text. They basically define "Hacker" as a "computer user who intends to gain unauthorized access to a computer system". They then cite the Jargon File (which, if they had bothered to read it, would have told them that this is not what Hacker means) but use it only to give the historical source for Hacker, namely the TMRC. Then they cite Steven Levy's screed on the TMRC only to state that the TMRC doesn't like the notion of "hacker" implying "illegal" (note there's no mention of the TMRC more generally not liking "hacker" implying "breaks into computers").

In other words, they manage to abuse citations of both the Jargon File andLevy/TMRC in general to spread the popular but incorrect definition of Hacker as a Person Who Breaks Into Computers.

To pour salt into the wound, they then go on to define Crackers as a specific subset of Hackers ("Hackers with criminal intent"), that is, People Who Break Into Computers For the Purpose of Committing a Crime.

Topping it off, they actually include the Jargon File definition in their appendix, as if to mock their reviewers who didn't bother to check it to see if it said what they said it said (it doesn't).

Argh.

Re:Can I?

[Wedman]

What about the use of "e" as a prefix?

It really makes me e-mad to see all of the e-companies and e-businesses making all sorts of e-jargon useing the "e" as an e-prefix. It seems that every e-billboard I see has an e-advertisment e-spouting the e-value of every e-product they e-sell.

its e-driving me outta my e-freaking e-mind

I've had e-nough of it all!

Re:This is getting absurd

[Magenta69]

NICE fake troll! Notice the W instead of a V... Wow! How the hell does Vlad rate his own imposter!

Here's an HTML version.

[pen]

I loaded the Word version into Word 2000 and it spat out a bastardized HTML version. I have slightly fixed it up. It was viewable with Netscape 4.08 and Opera 4.01 (though Opera didn't like the non-standard character set much).

The HTML file is here [hypermart.net] and the zipped HTML file is here [hypermart.net].

--

Ants trying to hold back a tidal wave

[Morgaine]

It's even worse than you suggest. In presenting such a paper, the author creates the general impression that this problem can be tackled through application of legal measures. That's a totally hilarious proposition.

Talk about trying to hold back the rising tide. How many police departments with mega-brilliant networking specialists are there in the world, and how many lawyers and judges are there with even the remotest comprehension of the issues involved? Sure, there are some ... and once those are tied up on major cases, what then?

Estimating the number of active crackers or attackers is difficult, but clearly the number is large even today. With eventual total Internet populations heading into 9 or even 10 figures, the number of cases is going to exceed any possibility of legal enforcement by huge orders of magnitude, if they don't already. In this area, the law is like ants trying to hold back not just the tide but a tidal wave.

Needless to say, the legal profession doesn't like to admit that it is utterly powerless already in any practical sense, let alone that the situation in just a few years time will be massively worse. Academic papers like this (in the worst sense of academic) probably get written by well-intentioned people in the hope that it'll help, but this is a case of massive self-delusion. The numbers just don't add up.

Cybercrime Article

[breillysf]

Thanks for the response to the article on cyber-crime. I was a co-author on the article. You have to remember the audience we were trying to educate, before you get too picky with some of the choice of words we sued in the article. We wanted to give the legal community a very fundamental basis for evaluating 18 U.S.C. Sec. 1030. There were a lot of times that we didn't really want to express things the way we did, but the audience for that particular piece was the relatively unsophisticated lawyer with little experience in technical issues. We're speaking at Def Con 8.0 in Vegas on Friday on more of the detailed application of 1030 as well as upcoming changes to the code that are going to drastically change cybercrime prosecution and civil actions. Enjoy the article, but please remember it wasn't written for the "slashdot" crowd - although, there are still legal applications of the law that you might find interesting. Bill Reilly

Re:Suspect opening sentence

[breillysf]

The reason we wrote the opening sentence that way was to diminish and poke fun at the concept of Hollywood "hackers" as portrayed in the movies - not validate it. Nothing could be more bogus than the hacker portrayal in "Hackers" - the movie. And that is exactly the point. There are real legal issues behind the Computer Fraud and Abuse Act. the point of the article was to briefly demonstrate how the "type" of hacking execution and the status of the victim can seriously impact your criminal liability. It hasn;t been really discussed in detail, and people need to understand how the nuances of technique affect the law, and maybe more importantly, affect how the law is being re-written up on Capitil Hill as we speak. As I mentioned before, much of this article is written to luddite lawyers to get them up to speed on the law. We're speaking to DefCon on Friday about the more intricate application of the code. But any critiques you have are cetainly welcome. Bill Reilly

Re:Can I?

[Nanookanano]

No arguement. Merely stating we cannot take SF writers seriously unless they show some foundation in the science they are fictionalizing, like Asimov or Clarke.

Difference Between Murder and Software Piracy...

[Sir_Winston]

The above post is probably just flamebait, but sadly enough there are many people who actually hold similar beliefs. The reality is that trading DivX and mp3 files is not only very minor--there are even conflicting studies as to whether it hurts or helps CD sales--but these days it's also arguably a form of civil disobedience.

I consider it a protest against the perversion of copyright and other IP laws by big corporations which are insinuating themselves into positions of undue influence in government; corporations have vastly more resources than individuals, and as such individuals can no longer influence their government to such a great extent as corporations can.

The whole notion that IP no longer passes into the public domain after a reasonable period of time in which its creators can derive profit, but instead remains locked up for 100 years after the death of the creator, is deplorable. Corporations like Disney made their fortunes by using public domain IP (half of Disney's cartoons are from other people's stories, used for free) which they'd have never been able to use under the IP law they've now implemented to keep their own creations indefinitely instead of giving back to the public domain they so richly borrowed from. The music industry is similarly guilty.

As such, it's a valid form of protest to pirate mp3s and DivX of songs and films created by companies which have taken from public domain IP but never contributed back. Real cybercrime involves matters more serious than trading mp3s privately rather than for profit.

Even more, I object to the notion in the paper referenced that it's a bad thing that "many countries do not share the urgency to combat cyber-crime for many reasons, including different values concerning piracy and espionage or the need to address more pressing social problems." That's one of the things I dislike most about the U.S.: cultural imperialism. The U.S. government has a tendency to try to push its own values and legal precepts onto other nations, and that's just plain wrong. Unless human rights are being violated in a very fundamental way, the U.S. has no right to attempt to coerce other countries into accepting our own cultural values.

For example, if a sovereign nation wants to adopt a policy which makes all IP public domain within a few years, that's the right of that nation to do so. Originally, copyrights in the U.S. lasted only 14 years. But instead the U.S. tries to put pressure on such countries, or else bribes them with "humanitarian" grants into accepting the U.S. position. Would we allow the largest corporation in the U.S. to bully all others into adopting particular strategies, dividing up markets, and bribing competitors into submission? No. So, why is the U.S. allowed to dictate its values to the rest of the world?

This is important because "cybercrime" as it's defined now in the U.S. includes matters which are legal in other nations, and the U.S. is attempting to pressure other nations into accepting U.S. offenses as international ones. Most of this pressure comes from the far right in this country, who are campaigning against pornography and recreational narcotics as well as trying to extend corporate hegemony.

One of the prime examples is the U.S. characterization of the Netherlands as being the largest producer of child pornography and a major point of interest in drug trafficking. Since the Reagan-Meese morality policing of the 80s, The Netherlands has been in FBI reports as the largest producer of child pornography, because the age of consent for porn in The Netherlands is 16 rather than 18. Rather skewed to call that child pornography, merely because cultural attitudes toward sex are more permissive in one country than in the most puritanical one on the planet. Also, The Netherlands actually has very strict controls placed on marijuana, which is legal to purchase in certain locales even though it's not legally easily exportable or even transportable within the country itself. That's similarly no reason for FBI reports to classify The Netherlands as a notable place for drug trafficking.

The Netherlands was replaced by Japan in FBI reports on cybercrime as the largest producer of child pornography, despite the fact that once again a cultural difference comes into play. Japan has never suffered the same sexual repression/oppression that some Western nations such as the U.S. have suffered, due to huge religious and cultural differences, hance the age of consent for pornography was lower than 18. The U.S. applied economic and political pressure to force the sovereign nation of Japan to raise its own internal age of consent for pornography production, which regardless of one's own attitudes towards sex or pornography is an inappropriate thing for one nation to do to another. Japan happily has no stigma attached to sex, and no Puritanical expectation of chastity until marriage. To include what is legal in its own nation and hosted in its own nation in cybercrime statistics is both cylturally imperialistic and dishonest.

This hasn't even touched upon the Chinese attitudes toward piracy of music and film, which would never be allowed by the U.S. to continue were it not for the fact that China is one of the most powerful nations. Were it a small, average country, the U.S. would have pressured them and economically blackmailed or bribed them already to buy into U.S. cultural values on the subject.

While the paper's details about various cracking exploits and their relationships with applicable federal laws is informative, I find its nonchalant inclusion of software piracy together with extortion and money laundering and fraud to be laughable, and its comments about laws which diverge in other countries from U.S. law to be downright offensive. It's extremely selfish and culturally imperialistic to assume that American ways are right and any others are wrong and still to be considered illegal even when permitted in the country in question. And anyone who wants to know why I harped on the differing definition of child pornography in the U.S. and in other nations, it's because the FBI likes to artificially inflate those figures in order to make the threat appear more significant than it is, in order to secure more of our tax dollars and to get away with more abuses of civil rights--after all, when anyone mentions children people start being emotional instead of rational. More about that here at this link. [slashdot.org]

Re:Suspect opening sentence

[Salsaman]

Well, that's OK then. If they believe "Hackers" was accurate, then they'll be on the lookout for a self aware computer virus called Leonardo da Vinci, which asks for five million dollars.

Re:Difference Between Murder and Software Piracy..

[grahamsz]

I usually do my utmost to avoid me-too style posts but you've done such a great job of summing that up.

Personally I feel that many people, particulaly those in the US, seem to feel that the internet belongs to their country. I'll try not to single out the USA because the same thing does happen here... until about last week britain did have very strict regulations on obscenity and yet still allowed girls of 16 to appear in soft pr0n.

What does annoy me is that some US companies use .com names when they should be using .co.us 's. In the UK it is generally accepted that if you dont expect your company to trade outside the uk then you use a co.uk. Yet I see a few websites out there using .com names (which are supposed to be global) which are only designed for us citizins.

C|Net sweepstakes is a prime example. They are quite happy to spam my .co.uk email adddress every week and yet I cant ever win anything from them because their policy excludes people who do not reside in their country.

A real life example of this would be having a shop that didn't let people from china enter it!!

Re:Double standards on hacker/cracker distinction?

[rotor]

The only thing you're missing is that 90% of the Slashdot crowd has double standards for just about everything. For example, it should be OK to pull down all the pirated MP3's you want, but don't you dare snarf any GPL code into a closed piece of software - that belongs to us!

Re:Prevention and Prosecution

[jovlinger]

I guess the moral of the story (ie, the story we should be telling management, the moral we bash them for not understanding) is that

a legal solution requires manual intervention for every incident, while a technical solution, even with a higher up front cost, will counteract each attack automatically

Re:Disagree (with reservations)

[jovlinger]

and we all know how hard it is to modify a logfile

This was one reason why I was suprised that earthlink was allowed to not install carnivore but instead perform the logging themselves.

I know if I were ever prosecuted with virtual evidence (e-evidence?) I'd do my damndest to expose all the holes in the chain of gathering that evidence.

Even if carnivore's in place, it's results are only as good as the data it's being sent.

Hrm. Not sure it starts out that well.

[jovlinger]

Computer Security Insititute, Ninety percent of survey respondents detect cyber attacks, 273 organizations report $265,589,940 in financial losses (Mar. 22, 2000) [hereinafter CSI Survey]. The report also found that:

Ninety percent of respondents (primarily large corporations and government agencies) detected computer security breaches within the last twelve months . . . [s]eventy-four percent acknowledged financial losses due to computer breaches . . . [and] [f]orty-two percent were willing and/or able to quantify their financial losses. The losses from these 273 respondents totaled $265,589,940 (the average annual total over the last three years was $120,240,180). Id.

Does anyone care to speculate on where these losses would come from? These numbers remind me of the estimated loss valuations given to the "stolen" Ma Bell documents that turned out to be available for free from their web site... (anyone care to furnish a link?)

anyway, just a nitpick. It's not like I'm gonna read a 54 page legal document. but skipping to the conclusion, we see

Successful criminal prosecution and civil litigation will require that members of the legal community familiarize themselves with the various hacking techniques to ensure that the perpetrators are tried and convicted under the relevant statutes. ... Likewise, members of the business community must understand the serious risks associated with conducting business on-line and their responsibility to the other companies for negligent maintenance of their systems.

So it looks more than a little clued in. Ugh. maybe i'll print it out for the T ride home. But 54 pages. Man. they need page limits...

[cr|h]acker almost right, then blows it

[anticypher]

Hackers consider themselves members of an elite meritocracy based on ability and trade hacker techniques and "war stories" amongst themselves in Usenet forums, local or regional clubs, and national conferences, such as the annual Def Con Computer Underground Convention held in Las Vegas.

They almost got it right, but then the report throws the underground movement in with the creative hackish crowd. Granted, they mostly go together, but I'd have associated DefCon, HacTic, CCCC, HOPE and the other cons with the cracker crowd. I've been to many of the cons in europe and the US, and ALL the discussions revolved around criminal activity, NONE of it was about building better IP stacks or the pros and cons of threads in kernel space.

The rest of the report uses Hacker in place of the term cybercriminal.

In the middle of page 20 is a distorted look at a TCP intercept attack. It isn't necessary to DoS computer B to predict a TCP sequence number and redirect the TCP flow to computer A. There seems to be a lot of misunderstandings like this through the rest of the report.

All in all, this is an excellent look at the type of information used to train law enforcement. This is the level of detail they are taught, and then they have to extrapolate this to each case they handle. They even quote a 20 year old entry in the Jargon Dictionary that telnet on a TOPS-10 is called IMPCOM. Any /. readers know a still running TOPS-10 (or 20) system?

the AC

Re:Word history

[wishus]

I used the "track changes" feature, but could not see anything that was deleted. This is also probably the third time I've used Word, so I may have missed something or done something wrong.

wish
---

Re:New Laws?

[mikpos]

You'll notice that there are never perfect analogies. Whenever you liken something in real life (vandalism, break and enter) to something in the computer world (document defacement, unauthorised access), you'll always have at least "except that" that comes up, as you have so graciously pointed out in your post. They are not perfect analogies.

I'll put my views of the justice system aside for a moment and just say that if they want to carry on the way they're going, looking at different types of crimes in a different light (and in different laws if need-be) is not a bad idea.

Re:OOGs journey

[jafac]

If I send you a dollar, will you PROMISE not to post the rest of the story?

if it ain't broke, then fix it 'till it is!

text version

[po_boy]

I read this using wordview, so when I was done I saved it as text. You can get it here:

http://cow.mooresystems.com/~amoore/cybercrime.txt [mooresystems.com].

If the author would like this copy removed, please mail me. I would be more than happy to remove it.

At least he *mentioned* the right definition

[PD]

He found the Jargon File and quoted the definition for a hacker. He seems to understand that definition.

So, I wonder why after he goes through the trouble of getting the correct definition he continues to refer to "hackers" throughout the article.

SysAdmin Responsibility

[Gregoyle]

One of the most interesting parts of the article that I saw was the part dealing with the SysAdmin having responsibility or at least partial responsibility for things that his computer does after a compromise.

All in all, this looks to be the equivalent of a Processing Crackers HOWTO, for either Law Enforcement or for corporations.

One of the problems I have with this article, is that it outlines all the different laws applicable where either the District Attourney or the corporation can prosecute, but it only goes very briefly or not at all into how a SysAdmin can actually stop these attacks.

All of these attacks can be stopped if the sysadmin is doing his job correctly. Especially if the sysadmin can be held legally responsible for attacks mounted from his system, he MUST keep on top of these things.

Obviously the article is meant to focus on the legal issues, and it can be a useful resource for someone who has already been compromised. But I know that whenever *I* as a sysadmin have a successful attack performed against *my* system, I am grateful for the heads up. Unless there is *real* and measurable damage (for instance stealing all the users' credit card numbers, etc) I do not believe in prosecuting the "hacker". YMMV.

------------

Re:This is getting absurd

[Wladinator]

Personally, I thought the paper a rather interesting summary of how a to get rid of a cracker. Recently my homepage was cracked by a mysterious WebTV [boardhost.com]. He posted defamatory statements on my personal message board also. I sent a letter [boardhost.com] to the WebTV legal department, and as expected, they did nothing. If I would have read this paper on Cybercrime perhaps none of this would have happened.

we need to enforce the laws that we already have!

[fence]

We don't need new laws in cyberspace any more than we need new laws 'in the real world'.

Legislators don't normally think this way, as most feel that their job is to push forward new legislation, but we need to concentrate on enforcement of current laws.

Maybe even remove some of the archaic laws on the books...

Don't we have a higher percentage of people in prison than any other large country?
---
Interested in the Colorado Lottery?

Disagree (with reservations)

[chazR]

I agree that expecting governments to do network security for us is insane. They'd do it badly.

Sysadmins already cooperate well together. Possibly not well enough yet, and some things need to change. If someone emails me and say's 'One of your boxes is DDoSing one of mine (not happened -yet) I *hope* I would bring the offending (cracked) box down fast, make the logs etc. available to law enforcement people and generally try to nail the criminal. In return, I would expect a level of diligence from law enforcement people to prosecute the perpetrator hard. We don't need draconian penalties. Just make them totally liable for all costs and ban them from access to the net for a period.

One of the major problems is getting evidence that is acceptable in a court. Lawyers will do anything to discredit evidence if there is the *slightest* chance it might have been tampered with; and we all know how hard it is to modify a logfile.

The laws are there. Let's use them.

News Flash!

[Golias]

News Flash! High Tech Law Journal Publishes Story About Computer Crime!

In other breaking news, Playboy Magazine publishes photographs of nude women, and the Wall Street Journal has printed yesterday's closing NYSE stock prices.

We will continue to report on these shocking events as they unfold.

Pozitiv affect

[NikeMike]

I don't know, why all the goverments fight against hackers (I mean the computer experts, who attack servers, but DO NOT make harmful actions, DO NOT steal anything). In my oppinion, hackers are necessary parts of the Internet society. They help the users, to find the most secured ways of using the Net. They also help to map the security statuses of the servers, operation systems, features etc. of the servers on the Net. At least Internet companies and ISP-s with weak security sollutions lose their so called "image". Only "strongs" will survive. Maybe my ideas are a little bit strange, but if you can confute, just do it :-).

Re:Can I?

[Nanookanano]

The joke is on you. Gibson is not a computer-jock. He got his inspiration for his "jacking-in" concept when walking around Toronto wearing one of the first Walkmans, and wrote the book on a manual typewriter.

Prevention and Prosecution

[_Sprocket_]

When threatened in unknown territory, people tend to cling to the things they do know - even if that leads to their eventual downfall. Information security is a prime field to observe this in action.

When I was a contractor for a major US Government organization, I used to attend monthly security meetings. These meetings were open to contractors as well as Civil Servants - attendies included a select few who's job was security, a handfull of admins interested in security, and a larger number of those less technically oriented but tasked to "do something" about the environments they were responsible for.

Common patterns formed each meeting.

In one example, one of the people in charge would bring up an incident or vulnerability they were concerned with. The techies would pipe in with comments and occasionally hijack the meeting with a discussion. The non-techies (mostly management) would stare at the whole proceeding with glazed eyes and confusion. Occasionally they would wince at what the technies were suggesting should be done or scoff at the costs and lack of funding for such activities.

Other times, our special guest from the local federal investigative function would begin to talk about prosecution. Comments and discussion would soon follow... but no longer did the techies have control of the meeting. It was the non-technical management corp that lit up with enthusiasm.

Technical issues are hard for the non-technical to grasp. In many organizations, it isn't the technically adept who are responsible and pressured to "do something". Faced with this ultimatum, its much easier to jump in to the physical world of prosecution than the archane technical issues involved.

The sad part of this experience is that if the same amount of enthusiasm, man hours, and funding went to solving the technical issues of information security... much of the prosecution wouldn't be neccissary. The environment would have been secure enough to avoid most incidents.

Re:Double standards on hacker/cracker distinction?

[sparty]

That's a good point, but perhaps part of the reason we don't bitch and moan at 2600 is that they know the distinction. We know they know it. Mainstream journalists, lawyers, et al, are more often ignorant of the distinction. If we bitch and moan at them, they might learn the distinction. We really can't force anyone to use terms correctly; we can only try to teach the correct definitions.

OTOH, perhaps we're just afraid of harrassing the 2600 people because we don't want to be 0wn3d? :^>

Suspect opening sentence

[sparty]

Cyber-crime, once the domain of disaffected genius teenagers as portrayed in the movies "War Games" and "Hackers," has grown into a mature and sophisticated threat to the open nature of the Internet.

Um, does anyone else see this as an inauspicious beginning to a 50-some-odd page paper on computer security? (yes, I did go on to read the rest of it) That first sentence is one of the grossest generalizations I've seen recently. "disaffected genius teenagers" is bad enough, but as portrayed in Hackers?????

• Cybercrime is the province of cybercriminals. Some are "disaffected genius teenagers", but many are not teenagers and a whole lot are definitely not geniuses.
• (sidenote to above: I think that a lot of DoS attacks are probably the work of people who only meet 2/3 qualifications of that statement.)
• Hackers, so far as I could tell, portrayed very little accurately. The only thing I remember as resembling the real world in any way, shape, or form, was the use of the switchhook on the telephone to dial a number.

OTOH, I agree with the second part of the sentence. I would be very surprised if the Internet could be completely destroyed by cybercrime, because I believe that it is a resiliant entity and enough intelligent people are involved. Damaged? Certainly. Disrupted for a couple of days? Definitely.

Re:Disagree (with reservations)

[DgtlGhost]

Well, we still runs into one soid problem, no one governemt CAN hold jurisdiction over the internet. As much as our own dear US of A tries, it can not govern the 'net. The Aussies can do what they want with servers on their soil, but they can stop people from logging into international servers.
More importantly, we can't rely on governments to regulate the net because they don't understand it! They are old systems devoted to taking years to make a decision and even longer to change their minds, if you can convince them to do so.
Unfortunatly, it's hard to get any real security for a system because we don't have access to all the tools we need, or because we have other issues to be concerned w/ (ie: the classic usability vs. security issue) so, we are forced to rely on the govenments. This of course only works if you have money for lawyers and such, and in the case of the US, LOTS of money for lots of lawyers.
Anyone have a good answer?

Finally!

[JayBees]

Nice to know not all officials are as stereotypically uneducated on the hacker/cracker difference as it would seem.

New Laws?

[ShaniaTwain]

Now how many new laws do we need?.. I mean don't most things online/digital relate to something IRL that allready has a law attached? Web defacement is vandalism etc.. (except it's even easier to clean than paint vandalism..) Do we need a ton of new 'cyber laws"?
-

It needs to be pointed out.

[Anonymous Coward]

There is *no* such thing as a cybercrime.

choice of movies

[wishus]

Cyber-crime, once the domain of disaffected genius teenagers as portrayed in the movies "War Games" and "Hackers,"

I would have thought "War Games" and "Sneakers" maybe, but "Hackers" ?? Give me a break.

That's like mentioning a Honda Civic in a paper about exotic cars.

wish
---

Word history

[ODiV]

Doesn't Word have a 'History' or something that lets you see changes (and thus stuff that might have been meant to be deleted) that have been made to the document?

Can someone who downloads the Word version check?

Just a thought.

This is getting absurd

[bguilliams]

Are we now indiscriminately submitting every story that has anything to do with the internet to Slashdot?

Can I?

[dirtyboot]

Can I suggest a permanent moratorium on the use of "cyber" as a prefix?

William Gibson has a lot to answer for.

hacker

[purefizz]

"Hacker" is a term commonly applied to a "computer user who intends to gain unauthorized access to a computer system." Hackers are skilled computer users who penetrate computer systems to gain knowledge about computer systems and how they work.

I'm not too sure about the "skilled" part. And, I'm also not sure about the "how they work" part, either. ;)

Double standards on hacker/cracker distinction?

[Phronesis]

I get uncomfortable when the geek community holds different standards for mainstream journalists versus 2600 regarding the hacker/cracker distinction. I may not have seen it, but I am unaware of the same kind of opprobrium being directed at 2600 for calling itself a hacker quarterly, when a significant fraction of its articles are pro-crime, as gets directed at more mainstream journalists when they use "hacker" in the same way 2600 does. I hope that if I am missing something important here, y'all will help me to understand my errors.

oops--typical arrogant american

[fence]

when I say 'we', I'm referring to the U.S.

I know that slashdot is an international community...
---
Interested in the Colorado Lottery?