Why hackers love Hollywood

By WND Staff

Editor’s note: Russ McGuire is the online director of Business Reform Magazine. Each issue of Business Reform features practical advice on operating successfully in business while glorifying God

If you live in Delaware, Illinois, Michigan, Oregon, Pennsylvania, or Wyoming, it may already be illegal for you to secure your home or business network against cracker1 attacks. If you live in Arkansas, Colorado, Florida, Georgia, Massachusetts, Tennessee or Texas, pay attention, you could be next.

According to the Electronic Frontier Foundation (EFF), the Motion Picture Association of America (MPAA) has been quietly lobbying in statehouses across the nation to enact new laws that outlaw the common practices that have been most effective at protecting networks from Internet-based crackers. It appears that the MPAA is being joined in these efforts by cable television network operators and telephone companies.

Although the legislation for each state is somewhat unique, they all seem to focus on banning two types of activities:

  1. Connecting any equipment to a communications service network (such as a broadband Internet connection) without the express authorization of the service provider.
  2. Concealing the origin or destination of any communication from the service provider.

The MPAA’s reason for pushing this legislation is to shut down piracy of intellectual property. However, the laws that have already been passed and those that are in process are overly broad in pursuing this intent. The EFF also claims that the laws are unnecessary since the activities they intend to stop are already covered under existing legislation.

My big concern is with the threat that these laws represent to the ability of individuals and businesses to protect their networks against attack.

In general, there are two types of attacks to which Internet users are vulnerable. The type we most commonly see encompasses viruses and worms. These attacks generally involve convincing a user to install and/or run software that causes problems for the user or damages his computer. These types of attacks most often are accomplished by delivering the damaging payload via e-mail. The most effective defenses against this type of attack are to always run up-to-date anti-virus software and to exercise caution and common sense. The MPAA-sponsored bills have little effect on these security measures (although I could argue they are an attack against common sense).

The second type of attack is much more dangerous. In this case, an unauthorized cracker takes control of a computer. The cracker can then do just about anything. They can access any information on the computer. They can spy on authorized users of that computer. They can use the computer as a launch pad for other attacks and for sending out spam. If the computer they conquer has special access to other computers or has information used to access other computers, cracking one system can open the door to other, more valuable systems. If the cracked computer includes bank account information, tax records, etc., the cracker has more than enough information to perform identify theft. If the cracked system holds credit card information (for example, an e-commerce web server), the cracker can use that information for widespread credit card fraud.

The best defense against crackers is to keep computers, especially those with sensitive information, isolated from the Internet. This is best performed by having a dedicated “firewall” device between the Internet service provider and all of the computers on the local network.

Under the MPAA-sponsored legislation, unless your service provider has expressly authorized use of your specific firewall device, then it is a criminal act to use a firewall to protect your network.

Nearly all firewalls incorporate a number of security mechanisms. One of the most useful has been IP address spoofing using Network Address Translation (NAT). When used as part of a firewall solution, what this does is hide all of your computers behind a single address on the Internet. Therefore, anyone on the Internet can only get to the one “public” device on your network, namely the firewall. This measure alone provides tremendous protection against a cracker taking control of any of your computers. It also provides for very efficient use of Internet addresses, allowing the service provider to burn a single address while allowing you to support a virtually unlimited number of devices through that one address.

Under the MPAA-sponsored legislation, the use of NAT is illegal.

In short, under these laws it is illegal to protect your network against attack.

The EFF website raises a number of other issues with the MPAA-sponsored laws. Some of these concerns are very frightening. (For example, if charged by a service provider under these laws, if I lose I have to pay the provider’s legal fees. If I win, they don’t have to pay my legal fees.) If this issue concerns you, especially if you live in one of the above mentioned states, I strongly recommend you dig into the details. The EFF site includes links to all of the individual state bills.

It is sad that, in this modern age, we may need an amendment to the Constitution guaranteeing our right to “keep and bear firewalls.” It is doubly sad that it is industry that is threatening to take away our right to defend ourselves. What have we come to?

1The term “hacker” originally was coined to describe someone who “hacks” away at a computer program until it works. In the pre-Internet era, a programmer would be proud to be called a hacker. However, in recent years the media has confused the term “hacker” with the term “cracker” – someone who “cracks” into systems. The headline of this article intentionally misuses the term “hacker” since that is the phrase with which general readers will be most familiar. The text of the article correctly uses the term “cracker”, at least in part in an attempt to educate on proper terminology. I apologize for any resulting confusion.


Russ McGuire is Online Director for Business Reform. Prior to joining Business
Reform, Mr. McGuire spent over twenty years in technology industries, performing various roles from writing mission critical software for the nuclear power and defense industries to developing core business strategies in the telecom industry. Mr. McGuire is currently focused on helping businesspeople apply God’s eternal truths to their real-world business challenges through
Business Reform’s online services. He can be reached at [email protected].