Law Enforcement and Computer Security Discourse

How Big is Hacking?

It would be good to know how common hacking is, to be able to understand why the computer security discourse sees it as a large problem. Unfortunately figures vary widely and are hard to estimate with accuracy. In 1990, Sterling estimated that there were five thousand hackers, of which a couple hundred were "elite." Clough and Mungo (1992, ctd. in Jordan and Taylor) estimated two thousand "really dedicated, experienced, probably obsessed computer freaks" and up to ten thousand less dedicated ones. The primary in-print hacking magazine, 2600: The Hacker Quarterly, had under three thousand subscribers in 1990. With increasing access to computers and rapid growth in the Internet, hacking has undoubtedly grown since then.

Most corporations have problems with hacking, and it likely increasing. The Computer Security Institute survey of over 500 companies, banks, universities and government agencies showed 64% having a problem with hacking in 1997 (with ĺ of the attacks causing a financial loss), compared to 48% in 1996 (ctd. in Van Slambrouck). Military targets are especially popular. According to the General Accounting Office, the Department of Defense was attacked as many as 250,000 times in 1995. Taylorís 1993 survey of 200 organizations found 64.5% had been hacked, 18.5% only had a virus (probably introduced unintentionally), and 17% had no known activity (ctd. in Taylor and Jordan). He argued that hacking was likely underestimated in surveys as companies do not realize or do not want to admit that their security is lacking. A 1996 WarRoom survey of 236 organizations found that during the past year 58% had been hacked, 29.8% did not know, and 12.2% had no attacks (ctd. in Taylor and Jordan).

The increase in website hacking, as documented by www.attrition.org, is obviously exponential:


Year       Number of website defacements
1995       4
1996       18
1997       39
1998       194
1999       1905 (for the year up until 09/01/99)

The financial loss is also very hard to quantify but estimated in the billions. Estimates from computer or telco (telephone company) security companies are often biased upwards. In congressional testimony, Mr. Haugh, who works for a private telco consultation firm estimated telephone fraud at $4 to$5 billion in 1993. Peter Tippet, of Symantec Corporation, testified that the cost of viruses to companies was $1 billion, between 1990 and 1993, and rapidly growing.


Index
Introduction
Theoretical Framework
Methodology
Hacking History
Phone Hacking
What is Hacking?
Juvenile Discourse, Black Hats, and White Hats
Hacker Language
Juvenility and Carding
Problems with the White Hat Hacking Discourse
Nostalgic Discourse
Problems with the Nostalgic Discourse
Law Enforcement and Computer Security Discourse
The Legal Discourse
Problems with the Law Enforcement Discourse
Media Discourse
Technopower
Hackers as Resistance (illegal and legal)
Limitations to Resistance
Conclusion
Works Cited