In a decision that sets a precedent in the realm of hacking, the Norwegian supreme court ruled Tuesday that probing computer networks linked to the Internet is not illegal.
The University of Oslo charged a private security-software company, Norman Data Defense Systems, with attempted break-ins and disruptions on machines linked to its computer network. Norman Data conducted the network probes in 1995 on behalf of a Norwegian public news network, which was filming a program about the Internet and wanted to demonstrate the inner workings of open systems and the pitfalls therein.
"The essence of [the ruling] is that if you want to join the Internet, you have to assure that you're protected," said Gunnel Wullstein, president and CEO of Norman Data Security. "If you don't want to be visited, close your ports."
The case also illustrates the fine line between hackers and crackers. The former describes those who merely want to explore computer systems, while the latter refers to intruders with malicious intent. They exploit networks using specialized tools and tricks of the trade, including unauthorized access operations.
During the experiment, the company's engineers used finger commands to find out which users were logged on to the university's machines and information related to their session. They used telnet -� a remote login command �- to verify email addresses on the university's mail port. They also ran scans to see if any ports were open.
The University of Oslo could not be contacted in time for this story.
One of the engineers involved in the experiment, who asked not to be identified, stressed that all of these operations are based on open protocols and were not designed to break into systems. Rather, the test was done to show what information is freely available from machines hooked to the Internet. During the experiment, he said, no user IDs or other such information was retrieved.
