“Hugo Cornwall” and the Hacker's Handbook (2009)

 

Site Contents: © Peter Sommer, 2012. Not to be reproduced without permission

PO Box 6447  London N4 4RX UK

In the 1980s I wrote three books under the pseudonym “Hugo Cornwall”, the best known of which was The Hacker’s Handbook which went into four editions.    Rather to my surprise I still get asked about it and the purpose of this web-page is to answer the most common questions and to provide a location for authoritative downloads since all are out-of-print though OCR’d editions have been available on the Internet for years.

The Hacker’s Handbook  was the idea of a publisher called Simon Dally whom I met in 1983 on one of the UK’s pioneer bulletin boards.   I had been a publisher myself and my legal background told me such a project was “tricky”, even though the UK  Computer Misuse Act didn’t appear until 1990.  In fact the book was mostly about making computers talk to the outside world - if enthusiasts had modems at all then, they were usually acoustic couplers. While writing the book I was always aware that within me was an editorial fight between prudence and the accusation of punch-
pulling.  Most of the time prudence won and just before publication I was afraid that most readers would regard it as rather feeble.  But shortly before publication the book was condemned (at the prompting of an enterprising journalist) by the the head of the then very new Met Computer Crime Unit.  And very soon afterwards Steve Gold and Rob Schiffreen were arrested, accused of  hacking the Prestel account of Prince Philip. (Prestel was a very early public information access service run by British Telecom).  Such publicity cannot be planned but was very advantageous  and the book was for several weeks in the Sunday Times best-seller list.   It was interesting being the author of a “cult” but I should say now that there never was a suppressed edition with more detail nor were there any hidden instructions.   There were four editions in all, the last of which was the responsibility of Steve Gold, I having “moved on”.

 By 1989 it was becoming much more difficult to say as I had done:

hacking is a recreational and educational sport; it consists of attempting to make unofficial entry into computers and to explore what is there. The sport's aims and purposes have been widely misunderstood; most hackers are  not  interested in perpetrating massive frauds, modifying their personal banking, taxation and employee records or inducing one world super-power into inadvertently commencing Armageddon in the mistaken belief that another super-power is about to attack it. Every hacker I have ever come across has been quite clear where the fun lies: it is in developing an understanding of a system and finally producing the skills and tools to command it. In the vast majority of cases the processes of 'getting in' and exploring the architecture of the operating system and applications is much more satisfying than what is in the end discovered from protected data files.


And Parliament was just about to introduce the Computer Misuse Act with the effect that the book would become an incitement to a section 1 offence. The Hacker’s Handbook was allowed to go quietly out of print.   I am offering the third edition for download, as a historic snapshot of times that were more innocent and the technology a lot simpler and cruder.


DataTheft, published in 1987,  is a much more serious book, which attempted to put datacrime (as it was then called) into the historical and social context of change within corporations and businesses.  I referred to this activity as “one of the least anticipated by-products of the on-going information revolution”.  Although it wasn’t planned that way,  the book set the direction of my return to academia, as it is this approach rather than the one which consists largely of terrifying anecdotes and startling statistics  - or the belief that “computer security” is a series of  purely technical problems with technical solutions -  that dominates the way in LSE colleagues and I analyse and teach the subject.

The book was briefly updated a year later for a paperback edition but otherwise remains as is.  It is pre-Internet, of course,  and also pre-dates the very wide-spread ownership of personal computers, mobile phones etc.  However on re-reading it,  particularly the sections on fraud, dataspying and methods of risk assessment it seems to me that the fundamentals have not  changed that much,  even if the precise technologies have - and of course one would now be selecting more recent case material.  But perhaps there are lessons in realising that  human and organisational  behaviour have not changed anywhere near as fast as the technologies

The Industrial Espionage Handbook,  published in 1992, was superficially a return to the “handbook” format, and there were obvious publisher’s marketing reasons for doing so.    But there was another practical reason.  By then I had had a fair amount of experience working for a number of well-known“corporate gumshoes” as the press liked to call them - they themselves tended to use terms like “security advisor” or “competitor intelligence analysts”.  I thought it would be useful to reveal, or explain, the techniques.   In doing so I wanted to show how much is carried out from “open sources” , friendly gossip and careful inferences rather than the use of exotic technologies.  

Plainly it would have been journalistically terrific to have named victims and perpetrators , but in writing such books you have to make a choice between the quality of access to useful sources and respecting confidences.  In addition it is one thing to be told interesting anecdotes over a lunch table and quite another to have the solid documentary back-up and financial resources to withstand defamation litigation.   The “handbook” format was a reasonably neat solution.

The book is obviously pre-Internet, pre-Google, pre-social networking sites, all things that make open source commercial intelligence so much easier now.   Some of the  technological methods described are now quaint;  there are no references to USB thumb drives, for example, nor the ease with which wireless LANs can be compromised, nor that sophisticated bugs now use cellphone facilities to transmit conversations to anywhere on earth.  But many of the principles are still valid.


from Hacker News https://ift.tt/1Ia6SC6