The Hacker Crackdown: part 2, section 3

The term "hacker" has had an unfortunate history. This book, *The Hacker Crackdown,* has little to say about "hacking" in its finer, original sense. The term can signify the free-wheeling intellectual exploration of the highest and deepest potential of computer systems. Hacking can describe the determination to make access to computers and information as free and open as possible. Hacking can involve the heartfelt conviction that beauty can be found in computers, that the fine aesthetic in a perfect program can liberate the mind and spirit. This is "hacking" as it was defined in Steven Levy's much-praised history of the pioneer computer milieu, *Hackers,* published in 1984. Hackers of all kinds are absolutely soaked through with heroic anti-bureaucratic sentiment. Hackers long for recognition as a praiseworthy cultural archetype, the postmodern electronic equivalent of the cowboy and mountain man. Whether they deserve such a reputation is something for history to decide. But many hackers -- including those outlaw hackers who are computer intruders, and whose activities are defined as criminal -- actually attempt to *live up to* this techno-cowboy reputation. And given that electronics and telecommunications are still largely unexplored territories, there is simply *no telling* what hackers might uncover. For some people, this freedom is the very breath of oxygen, the inventive spontaneity that makes life worth living and that flings open doors to marvellous possibility and individual empowerment. But for many people -- and increasingly so -- the hacker is an ominous figure, a smart-aleck sociopath ready to burst out of his basement wilderness and savage other people's lives for his own anarchical convenience. Any form of power without responsibility, without direct and formal checks and balances, is frightening to people -- and reasonably so. It should be frankly admitted that hackers *are* frightening, and that the basis of this fear is not irrational. Fear of hackers goes well beyond the fear of merely criminal activity.

Subversion and manipulation of the phone system is an act with disturbing political overtones. In America, computers and telephones are potent symbols of organized authority and the technocratic business elite. But there is an element in American culture that has always strongly rebelled against these symbols; rebelled against all large industrial computers and all phone companies. A certain anarchical tinge deep in the American soul delights in causing confusion and pain to all bureaucracies, including technological ones.

There is sometimes malice and vandalism in this attitude, but it is a deep and cherished part of the American national character. The outlaw, the rebel, the rugged individual, the pioneer, the sturdy Jeffersonian yeoman, the private citizen resisting interference in his pursuit of happiness -- these are figures that all Americans recognize, and that many will strongly applaud and defend.

Many scrupulously law-abiding citizens today do cutting-edge work with electronics -- work that has already had tremendous social influence and will have much more in years to come. In all truth, these talented, hardworking, law-abiding, mature, adult people are far more disturbing to the peace and order of the current status quo than any scofflaw group of romantic teenage punk kids. These law-abiding hackers have the power, ability, and willingness to influence other people's lives quite unpredictably. They have means, motive, and opportunity to meddle drastically with the American social order. When corralled into governments, universities, or large multinational companies, and forced to follow rulebooks and wear suits and ties, they at least have some conventional halters on their freedom of action. But when loosed alone, or in small groups, and fired by imagination and the entrepreneurial spirit, they can move mountains -- causing landslides that will likely crash directly into your office and living room. These people, as a class, instinctively recognize that a public, politicized attack on hackers will eventually spread to them -- that the term "hacker," once demonized, might be used to knock their hands off the levers of power and choke them out of existence. There are hackers today who fiercely and publicly resist any besmirching of the noble title of hacker. Naturally and understandably, they deeply resent the attack on their values implicit in using the word "hacker" as a synonym for computer-criminal. This book, sadly but in my opinion unavoidably, rather adds to the degradation of the term. It concerns itself mostly with "hacking" in its commonest latter-day definition, i.e., intruding into computer systems by stealth and without permission. The term "hacking" is used routinely today by almost all law enforcement officials with any professional interest in computer fraud and abuse. American police describe almost any crime committed with, by, through, or against a computer as hacking. Most importantly, "hacker" is what computer-intruders choose to call *themselves.* Nobody who "hacks" into systems willingly describes himself (rarely, herself) as a "computer intruder," "computer trespasser," "cracker," "wormer," "darkside hacker" or "high tech street gangster." Several other demeaning terms have been invented in the hope that the press and public will leave the original sense of the word alone. But few people actually use these terms. (I exempt the term "cyberpunk," which a few hackers and law enforcement people actually do use. The term "cyberpunk" is drawn from literary criticism and has some odd and unlikely resonances, but, like hacker, cyberpunk too has become a criminal pejorative today.)

In any case, breaking into computer systems was hardly alien to the original hacker tradition. The first tottering systems of the 1960s required fairly extensive internal surgery merely to function day-by-day. Their users "invaded" the deepest, most arcane recesses of their operating software almost as a matter of routine. "Computer security" in these early, primitive systems was at best an afterthought. What security there was, was entirely physical, for it was assumed that anyone allowed near this expensive, arcane hardware would be a fully qualified professional expert. In a campus environment, though, this meant that grad students, teaching assistants, undergraduates, and eventually, all manner of dropouts and hangers-on ended up accessing and often running the works.

Universities, even modern universities, are not in the business of maintaining security over information. On the contrary, universities, as institutions, pre-date the "information economy" by many centuries and are not-for-profit cultural entities, whose reason for existence (purportedly) is to discover truth, codify it through techniques of scholarship, and then teach it. Universities are meant to *pass the torch of civilization,* not just download data into student skulls, and the values of the academic community are strongly at odds with those of all would-be information empires. Teachers at all levels, from kindergarten up, have proven to be shameless and persistent software and data pirates. Universities do not merely "leak information" but vigorously broadcast free thought. This clash of values has been fraught with controversy. Many hackers of the 1960s remember their professional apprenticeship as a long guerilla war against the uptight mainframe-computer "information priesthood." These computer-hungry youngsters had to struggle hard for access to computing power, and many of them were not above certain, er, shortcuts. But, over the years, this practice freed computing from the sterile reserve of lab-coated technocrats and was largely responsible for the explosive growth of computing in general society -- especially *personal* computing. Access to technical power acted like catnip on certain of these youngsters. Most of the basic techniques of computer intrusion: password cracking, trapdoors, backdoors, trojan horses -- were invented in college environments in the 1960s, in the early days of network computing. Some off-the-cuff experience at computer intrusion was to be in the informal resume of most "hackers" and many future industry giants. Outside of the tiny cult of computer enthusiasts, few people thought much about the implications of "breaking into" computers. This sort of activity had not yet been publicized, much less criminalized. In the 1960s, definitions of "property" and "privacy" had not yet been extended to cyberspace. Computers were not yet indispensable to society. There were no vast databanks of vulnerable, proprietary information stored in computers, which might be accessed, copied without permission, erased, altered, or sabotaged. The stakes were low in the early days -- but they grew every year, exponentially, as computers themselves grew. By the 1990s, commercial and political pressures had become overwhelming, and they broke the social boundaries of the hacking subculture. Hacking had become too important to be left to the hackers. Society was now forced to tackle the intangible nature of cyberspace-as-property, cyberspace as privately-owned unreal-estate. In the new, severe, responsible, high-stakes context of the "Information Society" of the 1990s, "hacking" was called into question. What did it mean to break into a computer without permission and use its computational power, or look around inside its files without hurting anything? What were computer-intruding hackers, anyway -- how should society, and the law, best define their actions? Were they just *browsers,* harmless intellectual explorers? Were they *voyeurs,* snoops, invaders of privacy? Should they be sternly treated as potential *agents of espionage,* or perhaps as *industrial spies?* Or were they best defined as *trespassers,* a very common teenage misdemeanor? Was hacking *theft of service?* (After all, intruders were getting someone else's computer to carry out their orders, without permission and without paying). Was hacking *fraud?* Maybe it was best described as *impersonation.* The commonest mode of computer intrusion was (and is) to swipe or snoop somebody else's password, and then enter the computer in the guise of another person -- who is commonly stuck with the blame and the bills. Perhaps a medical metaphor was better -- hackers should be defined as "sick," as *computer addicts* unable to control their irresponsible, compulsive behavior. But these weighty assessments meant little to the people who were actually being judged. From inside the underground world of hacking itself, all these perceptions seem quaint, wrongheaded, stupid, or meaningless. The most important self-perception of underground hackers -- from the 1960s, right through to the present day -- is that they are an *elite.* The day-to-day struggle in the underground is not over sociological definitions -- who cares? -- but for power, knowledge, and status among one's peers.

When you are a hacker, it is your own inner conviction of your elite status that enables you to break, or let us say "transcend," the rules. It is not that *all* rules go by the board. The rules habitually broken by hackers are *unimportant* rules -- the rules of dopey greedhead telco bureaucrats and pig-ignorant government pests. Hackers have their *own* rules, which separate behavior which is cool and elite, from behavior which is rodentlike, stupid and losing. These "rules," however, are mostly unwritten and enforced by peer pressure and tribal feeling. Like all rules that depend on the unspoken conviction that everybody else is a good old boy, these rules are ripe for abuse. The mechanisms of hacker peer-pressure, "teletrials" and ostracism, are rarely used and rarely work. Back-stabbing slander, threats, and electronic harassment are also freely employed in down-and-dirty intrahacker feuds, but this rarely forces a rival out of the scene entirely. The only real solution for the problem of an utterly losing, treacherous and rodentlike hacker is to *turn him in to the police.* Unlike the Mafia or Medellin Cartel, the hacker elite cannot simply execute the bigmouths, creeps and troublemakers among their ranks, so they turn one another in with astonishing frequency.

There is no tradition of silence or *omerta* in the hacker underworld. Hackers can be shy, even reclusive, but when they do talk, hackers tend to brag, boast and strut. Almost everything hackers do is *invisible;* if they don't brag, boast, and strut about it, then *nobody will ever know.* If you don't have something to brag, boast, and strut about, then nobody in the underground will recognize you and favor you with vital cooperation and respect. The way to win a solid reputation in the underground is by telling other hackers things that could only have been learned by exceptional cunning and stealth. Forbidden knowledge, therefore, is the basic currency of the digital underground, like seashells among Trobriand Islanders. Hackers hoard this knowledge, and dwell upon it obsessively, and refine it, and bargain with it, and talk and talk about it. Many hackers even suffer from a strange obsession to *teach* -- to spread the ethos and the knowledge of the digital underground. They'll do this even when it gains them no particular advantage and presents a grave personal risk.

And when that risk catches up with them, they will go right on teaching and preaching -- to a new audience this time, their interrogators from law enforcement. Almost every hacker arrested tells everything he knows -- all about his friends, his mentors, his disciples -- legends, threats, horror stories, dire rumors, gossip, hallucinations. This is, of course, convenient for law enforcement -- except when law enforcement begins to believe hacker legendry.

Phone phreaks are unique among criminals in their willingness to call up law enforcement officials -- in the office, at their homes -- and give them an extended piece of their mind. It is hard not to interpret this as *begging for arrest,* and in fact it is an act of incredible foolhardiness. Police are naturally nettled by these acts of chutzpah and will go well out of their way to bust these flaunting idiots. But it can also be interpreted as a product of a world-view so elitist, so closed and hermetic, that electronic police are simply not perceived as "police," but rather as *enemy phone phreaks* who should be scolded into behaving "decently."

Hackers at their most grandiloquent perceive themselves as the elite pioneers of a new electronic world. Attempts to make them obey the democratically established laws of contemporary American society are seen as repression and persecution. After all, they argue, if Alexander Graham Bell had gone along with the rules of the Western Union telegraph company, there would have been no telephones. If Jobs and Wozniak had believed that IBM was the be-all and end-all, there would have been no personal computers. If Benjamin Franklin and Thomas Jefferson had tried to "work within the system" there would have been no United States.

Not only do hackers privately believe this as an article of faith, but they have been known to write ardent manifestos about it. Here are some revealing excerpts from an especially vivid hacker manifesto: "The Techno-Revolution" by "Dr. Crash," which appeared in electronic form in *Phrack* Volume 1, Issue 6, Phile 3.

"To fully explain the true motives behind hacking, we must first take a quick look into the past. In the 1960s, a group of MIT students built the first modern computer system. This wild, rebellious group of young men were the first to bear the name 'hackers.' The systems that they developed were intended to be used to solve world problems and to benefit all of mankind. "As we can see, this has not been the case. The computer system has been solely in the hands of big businesses and the government. The wonderful device meant to enrich life has become a weapon which dehumanizes people. To the government and large businesses, people are no more than disk space, and the government doesn't use computers to arrange aid for the poor, but to control nuclear death weapons. The average American can only have access to a small microcomputer which is worth only a fraction of what they pay for it. The businesses keep the true state-of-the-art equipment away from the people behind a steel wall of incredibly high prices and bureaucracy. It is because of this state of affairs that hacking was born.(...) "Of course, the government doesn't want the monopoly of technology broken, so they have outlawed hacking and arrest anyone who is caught.(...) The phone company is another example of technology abused and kept from people with high prices.(...) "Hackers often find that their existing equipment, due to the monopoly tactics of computer companies, is inefficient for their purposes. Due to the exorbitantly high prices, it is impossible to legally purchase the necessary equipment. This need has given still another segment of the fight: Credit Carding. Carding is a way of obtaining the necessary goods without paying for them. It is again due to the companies' stupidity that Carding is so easy, and shows that the world's businesses are in the hands of those with considerably less technical know-how than we, the hackers. (...) "Hacking must continue. We must train newcomers to the art of hacking.(....) And whatever you do, continue the fight. Whether you know it or not, if you are a hacker, you are a revolutionary. Don't worry, you're on the right side."

The defense of "carding" is rare. Most hackers regard credit-card theft as "poison" to the underground, a sleazy and immoral effort that, worse yet, is hard to get away with. Nevertheless, manifestos advocating credit-card theft, the deliberate crashing of computer systems, and even acts of violent physical destruction such as vandalism and arson do exist in the underground. These boasts and threats are taken quite seriously by the police. And not every hacker is an abstract, Platonic computer-nerd. Some few are quite experienced at picking locks, robbing phone-trucks, and breaking and entering buildings.

Hackers vary in their degree of hatred for authority and the violence of their rhetoric. But, at a bottom line, they are scofflaws. They don't regard the current rules of electronic behavior as respectable efforts to preserve law and order and protect public safety. They regard these laws as immoral efforts by soulless corporations to protect their profit margins and to crush dissidents. "Stupid" people, including police, businessmen, politicians, and journalists, simply have no right to judge the actions of those possessed of genius, techno-revolutionary intentions, and technical expertise.