Beginnings & The purpose of the Survey

What comes to mind when thinking of banks? Money, security, trust? Federal agencies may be corrupt, but we generally perceive them to be vulnerable only from the inside - no one can steal from the FBI and get away with it. A congresswoman might take bribes, but crooks won't break into her office and steal important documents. Newspapers might show us only the news that they see fit to print, but at least we can trust that the headline is what they intended to publish. We routinely give our credit card numbers to restaurants, mail-order companies, hotel reservationists, etc., without giving it a second thought.

The list goes on, but the fact remains: there are many organizations and social institutions that we take for granted as being trustworthy. We may love them, we may curse them, but they are all part of the social and cultural fabric that makes our lives bearable by their dependability; our social security is less in a government trust fund than in the social constructs that we create in our daily lives. Can we reasonably expect the WWW to support this web of trust in the virtual domain as well?

Perhaps naturally, as the phenomenon known as the World Wide Web (aka the WWW, or simply, "the Web") has touched more and more people, these social constructs were among the first major non-computer specific organizations to make their presence felt. You can now hear the president's cat Socks, tour the Louvre, and read the New York Times without leaving the relative safety of your keyboard. Joy (well, ok, I must admit I liked hearing Socks meow, and my cats are now convinced I'm hiding another kitty in the computer.)

As important or as mundane as the WWW can be, however, I'm enthralled by culture and the Internet. The fact that such agencies as the CIA and DOJ and other really significant organizations can be broken into is really fascinating; what's equally interesting to me is the lack of accountability in this sort of activity. What most people don't seem to understand is that with individual instances of computer crime on the Internet (e.g. breaking into the CIA) there is almost no chance that the perpetrator(s) will ever be found or caught, unless they talk to people about their exploits. Computer crimes (perhaps all crimes?) are usually solved by extreme carelessness, sheer stupidity, and human factors that are unrelated to the technical aspects or merits of the incident.

Technically speaking it is incredibly difficult to track someone down. The reason that Tsutomu Shimomura caught Kevin Mitnick (the last big "hacker chase") was not because of Tsutomu's awesome technological prowess (which he has, in spades), but because his prey kept attacking, kept repeating his patterns in a rather obsessive vein. It was the constant duplication and predictability of the methods used to compromise computer systems that sunk him. To put it more plainly - if the President of the United State's WWW site was either broken into or taken down the attackers would not be caught. No matter how much effort was put into it. It would almost be inconceivable technically, unless they were incredibly unlucky, or, much more likely, they talked to their pals about the exploit. Juxtapose this with someone physically breaking into the White House itself! Unfortunately for the miscreants (fortunately for others, perhaps?), law breakers seem to thrive on machismo and bragging to others.

Technically speaking, it is relatively easy to do a survey of the security of any number of computer systems on the Internet. Socially speaking however, it isn't clear if doing such a thing without explicit permission of the systems and sites involved would be undesirable or otherwise unacceptable behavior. In the next section I'll attempt to address these issues, as well as tell what sites were chosen and why I chose them for the survey.


Next page...