Guided Perceptions (Summer, 1996) --------------------------------- If the media is to be believed, 250,000 hackers are out there somewhere trying to get into Defense Department computers. A quarter of a million. They sure do know how to get our attention, don't they? After reading past the initial screaming headlines, you discover that there is not, in fact, a veritable army of hackers encircling the Pentagon. OK, we can exhale a little bit. When the General Accounting Office released this figure, they meant that there were 250,000 attempts to access Defense Department computers. Oh, and, by the way, two thirds of those attempts were successful. Now it becomes interesting. We have yet to hear a straight answer as to just what is meant by 250,000 attempts to break in. Were these login attempts? Telnet sessions? FTP accessing? Perhaps even web hits? A success rate of 66 percent leads one to believe that we're dealing with incompetency on a phenomenal scale. There are systems out there where users mistype their passwords frequently enough to only have a two-thirds success rate and here we're talking about hackers somehow managing to achieve that rate. Do Defense Department computers use default passwords? Do they use passwords at all? Even more amazing than this weird story of a non-story was the media reaction to it. Even though virtually no specifics were given, the piece was given prominent placement in newspapers, magazines, and on network radio and television. And we started to wonder what this was really leading up to. It didn't take long to find out. Mere weeks after these strange figures were released, Senate hearings were held to determine what actions needed to be taken. Some of the conclusions reached are truly frightening. Senator Sam Nunn (D-Ga.) actually concluded that it was now necessary to turn the attention of the Central Intelligence Agency towards the American public, presumably so these evil hackers could be stopped from doing harm to the nation s defense. (Intelligence agencies like the CIA and the NSA have long been forbidden from focusing on domestic targets.) And Senator Jon Kyl (R-Az.) came up with this gem: The United States currently has no ability to protect itself from cyberspace attacks. No ability? What exactly is it that would make these senators feel better? Is it not enough that people like Kevin Mitnick and Bernie S. have been forced to endure more inhumane treatment than killers and rapists? If individuals accused of so little can be subjected to so much, it seems hard to believe that real criminals would ever manage to slip through the cracks. If anything, there is too much ability and not enough common sense being used when dealing with these issues. Of course, there's still that nagging little question of just what real criminals we're talking about here. Virtually everything we've been hearing seems to be based upon mere speculation. Even the Pentagon admits this, saying that there's no way to know just how many attacks there really were since few of them were noticed and because the ones that are noticed don't have to be reported. Yet they're able to make a number up, throw it to the media, and have it become the gospel truth. Imagine if all of us had that power. To us, it's very simple to see the hypocrisy and the exaggeration but it's not so readily apparent to people who depend upon the mass media as their sole source of news. People want clearly defined villains and overly simplistic and satisfying solutions. Or, at least, that's what those in charge of statistics seem to think. Maybe it's time to start giving people a little more credit and offering some alternative scenarios. We've found with both the Mitnick and Bernie S. cases that non-hackers have developed a genuine mistrust for what they have been told by the media and the government. The appalling actions of the Secret Service in the latter case have opened more eyes than anything else. It's hard to imagine where we will be in a few years if the current disintegration of trust continues. But it's bound to result in some desperate measures on the part of those in charge. What we are seeing in this Pentagon report and the ensuing Senate hearings may be one of the first signs of this frantic effort to regain our confidence. Attorney General Janet Reno has gone before the nation and made hackers out to be one of the gravest threats facing all of us, again, with no real evidence other than speculative fears to point to. The danger of this witch hunt mentality cannot be overestimated. But we must also be careful not to over generalize ourselves. We are every bit as guilty if we simply sit back and do nothing when such threats become apparent. The recent overturning of the Communications Decency Act by a three judge panel in Philadelphia is an example of what can be done when people join forces to challenge something that is unjust. And, while congratulations are certainly in order, the utter failure to do anything substantive for those people already locked away because of technophobia and/or malice towards hackers speaks volumes. The two issues are most definitely related. It's just more difficult to stand up for a person who some see as a criminal than it is to stand up for freedom and democracy on their own merits. Which is exactly why the former is so important. Naturally, we hope the striking down of the Communications Decency Act is upheld. But what we really want to see is a more aggressive stance taken in challenging the information that we're being fed. When intelligent people ask intelligent questions, we'll see less nonsense about phantom hackers, less cruel and unusual punishment, and, quite possibly, some sane and well thought out policy. It's in our hands.