Opinion: Difficult to become a hacker? It's easier than you think
                                                      
   With Symantec's Web client for pcANYWHERE, you can hack away without really trying.
  
   February 12, 1999
   by Mark Gibbs From...
   Network World Fusion
   
   (IDG) -- Ever wonder how hard it is to become a hacker? I can tell you firsthand it's probably
   easier than you may think.
   
   It all started when I was testing Symantec's Web clients for pcANYWHERE on my office network. I
   downloaded the software from Symantec's site and ran it. Wonder of wonders, it worked perfectly --
   way cool and very impressive.
   
   As I was about to leave for a conference I thought it would be useful if I could use pcANYWHERE to
   access my machines while I was away. So I decided to test it by dialing up an ISPand looping back to
   my office via my digital subscriber line connection.
   
   Imagine my surprise when I ran the applet and was given a list of six pcANYWHERE clients of which
   only one was mine.
   
   Aha! Let's see if anyone forgot to set a password on his or her copy. Lo and behold, there it was, 2
   a.m. and one copy was unsecured. Suddenly I was observing the screen of someone else's machine!
   Wild.

[This is the same problem @home customers were finding. That anyone on
their network suddenly had full control of their computers. The problem was that Win95 
was sharing file systems with no restrictions. This allowed anyone to connect and view
any file on another customer's drive. Did that make them hackers? Hell no. This is 
basic user functionality.]
   
   The owner was in the process of using a speech recognition system to dictate a letter to his
   girlfriend (no, nothing very steamy), and there at the bottom of the screen was his name (we'll call
   him Ralph).
   
   I think the reason I could see his name was that it was part of the training data loaded into the
   speech recognition system. I thought I should let him know he had a security problem, so I put the
   cursor in the window his spoken words were appearing in and typed "Yo, Ralph." Nothing. He did not
   notice. I tried changing windows to Notepad but the speech recognition system switched back to the
   first window.
   
   So to get his attention, I switched to my word processor, typed a long message, copied it to my
   clipboard, copied my clipboard over to his clipboard, and pasted the message into his active window.
   This time he noticed. He immediately pulled the plug on his computer, and the connection vanished.
   
   I felt bad. I'd freaked Ralph out, and there was no opportunity to explain. So how to find him?
   Well, I knew his IP address but that was not much use so I went searching. Luckily he had an unusual
   last name, which made life easier.
   
   I went to several search engines, including InfoSeek and AltaVista, and I found lots of dud leads
   (dead links and near misses). But eventually I hit pay dirt. I found a Web site and discovered what
   Ralph looks like (he has a picture of himself eating lobster) and that he is a scriptwriter. Then I
   went to switchboard.com and found him there, too.
   
   From Ralph's Web site I knew where he'd been on holiday and some other trivia of his life. From
   switchboard.com I had learned Ralph's street address, telephone number and e-mail address. It had
   taken me all of 15 minutes.

[And this makes you a hacker? A hacker could have potentially pulled his Social
Security #, credit history, and everything else. This is basic user funcionality.]
   
   So trying to be a nice guy, I sent him e-mail explaining what had happened, that I hadn't done
   anything to his PC, and noting that he should password-protect his copy of pcANYWHERE.
   
   Next day there was no reply, so I called him. We had a nonconversation.
   
   I explained who I was ("Uh-huh," he said), I assured him that I wasn't a hacker, ("Uh-huh"), that I
   hadn't done anything to his PC ("Uh-huh"), and that he should secure his system ("Uh-huh"). I
   explained that a hacker could have had a field day ("Uh-huh") and, well, I hardly got a response.
   Ho-hum.
   
   It was such a simple hole in his system and one that I could have exploited without him having a
   clue what was going on. On the other hand, he probably wouldn't have been of much interest to a real
   hacker. But what if Ralph had been your chief financial officer? That could lead to all sorts of
   infiltrations into your corporate network. Frightening.
   
   I would never have guessed that being a hacker was so easy.

[If you drop the standard for being considered a hacker, sure, it is easy.]