Yes, it is illegal to financially damage a company, and many crackers do exactly that. This article and most of the comments here argue about the tools. As hackers we find it hard to understand why a hammer could be outlawed because it is good at breaking through the windows of houses.
Why does no one talk about the network that was broken into? Why does the general public believe that crackers are so good at their job it is impossible to secure a computer system? There are two possibilities that I can see here.
1. Most cracks happen because of a less-than-perfect system administrator. Either some subtle problem with a configuration file opened up a hole for the cracker or nobody bothered securing the network to begin with.
2. Most cracks happen because crackers have found a reliable method of discovering 0day exploits or our current computing model is fundamentally insecure.
In either case, I find it unjustifiable to declare cracking an act of terrorism without spending ANY effort reflecting back on our own security. If millions of us routinely use the same password (or a easy-to-guess pattern) for all of our accounts who is the terrorist? The people who take advantage of an easy opportunity, or the people who created that opportunity in the first place?
It is well known that users are stupid, and that two-factor authentication is much harder to break than static passwords. Bruce Schneider has been saying so for at least a decade. Why have we not moved on? As a system administrator, it should be an act of terrorism to NOT make two-factor authentication the DEFAULT way of using your service.
Why does no one talk about the network that was broken into? Why does the general public believe that crackers are so good at their job it is impossible to secure a computer system? There are two possibilities that I can see here.
1. Most cracks happen because of a less-than-perfect system administrator. Either some subtle problem with a configuration file opened up a hole for the cracker or nobody bothered securing the network to begin with.
2. Most cracks happen because crackers have found a reliable method of discovering 0day exploits or our current computing model is fundamentally insecure.
In either case, I find it unjustifiable to declare cracking an act of terrorism without spending ANY effort reflecting back on our own security. If millions of us routinely use the same password (or a easy-to-guess pattern) for all of our accounts who is the terrorist? The people who take advantage of an easy opportunity, or the people who created that opportunity in the first place?
It is well known that users are stupid, and that two-factor authentication is much harder to break than static passwords. Bruce Schneider has been saying so for at least a decade. Why have we not moved on? As a system administrator, it should be an act of terrorism to NOT make two-factor authentication the DEFAULT way of using your service.