Book Review: Out of the Inner Circle

Out of the Inner Circle: A Hacker's Guide to Computer Security by Bill "The Cracker" Landerth, Microsoft Press

Out of the Inner Circle is one of the many books written by former criminals, but probably the first written by a former hacker or should it be reformed hacker.  It is written for middle level managers and for those who want to hear Bill Landreth describe how a hacker thinks.  It only describes so called hacker computer crime as opposed to hardcore white collar crime, where people scheme to steal secrets or large sums of money.  Landreth tries to avoid being too technical for the benefit of his readers, those who are making many of the decisions that affect security, and so he can present his guide to computer security without having to detail all possible procedures for the many different systems that exist today.

In it he describes the beginning of The Inner Circle, which was a group of hackers who were dedicated to peaceful and non-destructive hacking and were subsequently decimated with other groups, like PHALSE, by the Telenet busts of 1983.

He surveys the history of hacking and the evolution of the home computer in order to present his profile of a hacker and the motivating forces behind the hacker.  This is an important element of the book where Landreth describes the psychology and thought processes of technology's foe, the hacker.  He tries to classify them, so he can refer to them later: the student, which Landreth considers himself to be; the tourist; the crasher; and the thief.  He describes various methods of hacking in "How a Hacker Hacks" such as guessing defaults, using help files and demos.

He then goes on to discuss different general types of computers and peripherals as well as operating systems, what account privileges are, what security is, the role of the sysop, and various hacker scenarios.  The book is full of dramatic digressions into the activity of a hardcore hacker, who may spend as much as a year to break into a system, may return to enter a system with 100 or more "friends," or may even pretend to poll employees outside the target company as they go to work in order to find out usernames and any personal information that might be used as passwords.

Out of the Inner Circle is written for these management types, who will read and read, get nervous, and then lean on the system operator's to beef up security.  Landreth also refers to sysops who do not mind chatting with hackers, as well as system designers who may build trap doors into the system that they set up for you.  Then one day they may call up your computer, enter your system through the trap door that they installed and do whatever they wish.  Now, these management types may start keeping an eye on their computer experts as well as company security.  Out of the Inner Circle is also full of vignettes which may sound commonplace to the average hacker but that should scare the business-people of America - descriptions of the activities of crashers who try to erase files or halt systems and of hackers reading personal documents and entering corporate computers.

Landreth often makes mention of a system by its value.  "Someone is trying to break into your million dollar computer... " he might say.  This is the language that corporate America speaks.  Landreth is not very worried that someone may be looking at our credit information, and even less worried that there exist companies that own and sell it.

But, basically, Landreth fulfills the purpose of the book in two chapters: "Make the Most of What You've Got" and "Telltale Signs."  Together they would make a good guide of simple suggestions that could prove invaluable to sysops, system designers, and computer security consultants.

In the latter chapter, Landreth discusses how one could reduce accessibility to spare or unattended terminals, how to reduce the ability of dial-ups, change logon procedures assign complex passwords, and several other inexpensive procedures that an beef up security and keep out most hackers.

In the former, he lists some tell-tale signs for one to suspect that an intruder has been on the system, such as excessive use of help files, movement of other files, activity in normally dormant accounts, etc.  It is these two chapters alone that make the book useful.  They contain all that information that hackers know and about which they sometimes remark: "If I was running that system, this is what I would do..."

These chapters tell of the basic steps to follow to greatly reduce computer intrusion by hackers.  If these suggestions are followed, the total amount of illegal entry may decrease by a substantial percentage.  Leaving only the very clever and persistent hackers to examine corporate America from the inside.  This in turn would finally give some credibility to the myth of the computer wiz-kid.

Then again, this book can be taken in another ways: Only a few weeks ago, according to 2600 reporter Hunter Alexander, P. Michael Nugent of the Electronic Data Systems Corporation fumed about Out of the Inner Circle before the crime subcommittee of the House calling it a "How to do it [computer crime].  How do I handle that?" he asked Rep. William Hughes (D-N.J.).  Mr. Nugent ought to read the book before the hackers do, if he is so worried.