Date: Wed, 27 Oct 1999 07:32:00 -0600 From: mea culpa <jericho@DIMENSIONAL.COM> Subject: Re: [ISN] Study Says Hacker Sites Fuel Crime To: ISN@SECURITYFOCUS.COM Reply From: "Robert G. Ferrell" <root@rgfsparc.cr.usgs.gov> >CARLSBAD, Calif. (APBnews.com) [10.19.99] -- Web sites offering >instructions and software for computer hacking are helping to fuel the >growth of cybercrime, according to a survey by a high-tech research firm. In a *very* few specific cases where encouraging blatantly criminal acts is the only reason for the site's existence, I can agree with this point. The vast majority of the information available online, however, is posted in keeping with the spirit of open sharing of information that has become the hallmark of the Internet over its 20+ year history. I think that any critical analysis of the ethics surrounding the posting of potentially harmful information must center on the apparently increasingly unfashionable principle of free will. I, as a rational, sentient being, can choose not to commit a crime, even though the means for doing so is right in front of me. I can go down to the hardware store and get a sledge hammer any time I want to. I can choose to use it for its intended purpose, or I can beat someone to death with it. The choice is mine. Even if I dump hot coffee all over myself, I'm still to blame. No one made me do it; suing the person who heated it up (at my request) is not only unjust, it's clearly insane. Those of us who choose to defend the infrastructure, rather than attack it, need the information contained in most of these sites desperately. There exists no obvious way to tell the "white hats" from the "black hats" when disseminating information over the Internet. Logically, if dangerous information is illegal to obtain, then only people who break the law will be able to get it. That means that only outlaws will have the tools for breaking the law. Since it often requires more knowledge about a particular attack methodology to defend against it than to employ it, restricting exploit information effectively gives the attackers a huge advantage. History has shown us that attacks will continue unabated no matter how strict the controls placed on dangerous information become; the response to these attacks must be either to understand the attackers so well that you can prevent/negate their deleterious acts or to give up and go back to clay tablets. I don't know about you, but I'm not ready to concede defeat yet. RGF Robert G. Ferrell Internet Technologist National Business Center, US DoI Robert_G_Ferrell@nbc.gov ISN is sponsored by Security-Focus.COM