Hackers Crackers or What, v1.0

(That's Part 1, for all ya' non-tech-heads out there)

Hackers.

Everyone has heard of them: Degenerate destroyers of innocent websites with nothing better to do than steal secret files, spread malicious viruses and pirate software, all the while scoffing at the law. A dark, sinister force of evil in the glorious technological landscape of the Internet. Right?

Or wrong?

Origins

In his article on the subject of hackers and hackerdom (

www.tuxedo.org/~esr/writings/hacker-history/), self-styled "observer-participant anthropologist in the Internet hacker culture," Eric S. Raymond writes that the first "hackers" never even conceived of the term; it wasn't until in the 1980s, when "Real Programmer" became the moniker of choice, that this decades-old subculture of tech experts came up with a name for itself. The term "hacker" was still far over the horizon. But Real Programmers have existed since the dawn of computers and computer technology - as far back as 1945 - and have claimed among their ranks some of the brightest minds in the field. These men (for in those early days, the high tech field was most definitely a boy's club) were the pioneers of the "technical enthusiast" culture. Part of that culture involved not only building, but tinkering with, hardware and especially, software - what better way to learn about and encourage the advancement of computers than to dissect their "bodies" and "minds"?

It was these men, with their numerous academic credentials, their fondness for ham radios and arcane machine languages, and a wardrobe consisting largely of white socks, dark shoes, polyester button-front shirts and geek glasses, that paint society's clich�d picture of today's technical enthusiasts; and while Real Programmers may have often dressed like dating disasters, until the early 1970s, they were the daring souls who wrangled room-sized mainframes for government and industry, designing, building and maintaining the vast networks which even today control our airlines, telephones, traffic lights, power grids, banking systems, and so much more - truly going where no men had dared go before; some of these men have remained active into the new century.

But how good were they, really? Raymond points out that Seymour Cray, designer of the legendary Cray line of supercomputers, was once said "to have toggled an entire operating system of his own design into a computer of his own design through its front-panel switches. In octal. Without an error. And it worked."

In other words, he hacked.

In time, batch computing and the mega mainframes gave way to smaller, interactive computers and their availability at universities and as part of networks. Raymond pinpoints the year 1961 as the beginning of hacker culture as we know it. That was when MIT's Tech Model Railroad Club (web.mit.edu/ tmrc/www/main.html) received the first PDP-1 machine and invented programming tools, slang and the hacker culture. The influence of these early hackers eventually extended onto the Internet's ancestor, ARPANET that, as Raymond describes it, "... was the first transcontinental, high-speed computer network. It was built by the Department of Defense (www.defenselink.mil/) as an experiment in digital communications, but grew to link together hundreds of universities and defense contractors and research laboratories. It enabled researchers everywhere to exchange information with unprecedented speed and flexibility, giving a huge boost to collaborative work and tremendously increasing both the pace and intensity of technological advance."

Suddenly, the hacker tribe was networked.

Warez the Problem?

The way Raymond tells the story, it's hard to see how hackers have gained the bad reputation they have today. A group of eccentric computer professionals sharing information with one another sounds benign enough. But things changed with the advent of local BBS systems, Linux, the Internet and the mainstream popularity of what, during the 1990s, grew to become the World Wide Web.

The Jargon File (TJF, www.fwi.uva.nl/~mes/jargon) places the responsibility for this negative perception at the clay feet of the press. "The use of 'hack' to mean 'security breaker' is a confusion on the part of the mass media," the file states. "We hackers refuse to recognize that meaning, and continue using the word to mean 'Someone who loves to program and enjoys being clever about it.'"

So what happened between MIT's PDP-1 and the Internet?

Although there are no single, easy answers, two phenomena appear to have been involved with the changing culture of hacking and the media's perception of it:

1) The tradition of open source code among hackers vs. an increasingly closed and proprietary hardware/software industry.

2) The introduction of young, self-educated, rogue programmer-hackers to the culture.

In defining hacker speech patterns, TJF explains that, "From the early 1980s onward, a flourishing culture of local, MS-DOS-based bulletin boards has been developing separately from Internet hackerdom. The BBS culture has, as its seamy underside, a stratum of 'pirate boards' inhabited by crackers, phone phreaks and warez d00dz [italics added - Ed.]. These people (mostly teenagers running IBM-PC clones from their bedrooms) have developed their own characteristic jargon, heavily influenced by skateboard lingo and underground rock-slang."

Although often quite talented at their craft, this new generation of self-taught tech-heads has lived on the fringes of more respectable hacker culture and, due to their often radical methods of interacting with authority figures and corporate culture, have gained the media's attention - and are thus viewed as more representative of the hacker culture than they may truly be. "Though crackers often call themselves 'hackers," TJF explains, "they aren't. (They typically have neither significant programming ability, nor Internet expertise, nor experience with UNIX or other true multi-user systems.)" Even the language used by crackers differs from that used by hackers.

While hackers love word games, puns and other mind teasers, crackers and phreakers further enjoy customizing their written language by intentionally misspelling or substituting letters. For instance, "phone" becomes "fone" and "freak" becomes "phreak"; words with "z's" convert to words with "s's"; random characters are used after post lines for emphasis; words are abbreviated compulsively; the letter "k" is used frequently ("k-rad," "k-kool"); capital letters are used to make text appear "louder"; and the number "0" is regularly substituted for the letter "o" as in "d00d" or "l0zer."

Clearly a far step removed from the polyester shirt-and-tie crowd of the days of yore with what TJF calls the hacker's "... precise diction, careful word choice, relatively large vocabulary, and relatively little use of contractions or street slang." Clearly, crackers and warez d00dz do not follow the hacker belief that, "One should use just enough jargon to communicate precisely and identify oneself as a member of the culture; overuse of jargon or a breathless, excessively gung-ho attitude is considered tacky and the mark of a loser."

The brave new world of computer tinkering does not take kindly to losers or clueless newbies. Nor to authority figures, in or out of the computer industry. That's something hackers, crackers and phreakers can all agree on.

Breaking the Code, Breaking the Law

In his essay, What is a Hacker? (www.cs.berkeley.edu/~bh/hacker.html), Brian Harvey writes, "Hackers have a tendency to be purists. A 'computer hacker' then, is someone who lives and breathes computers, who knows all about computers, who can get a computer to do anything. Equally important, though, is the hacker's attitude. Computer programming must be a hobby, something done for fun, not out of a sense of duty or for the money. (It's okay to make money, but that can't be the reason for hacking.)"

This sort of thinking is part of what drives the hacker's love of open source code and loathing for closed source code software; but the line between hacker and cracker starts to blur when someone capable of hacking a system does so without authorization. As Harvey points out, "There are specialties within computer hacking. An algorithm hacker knows all about the best algorithm for any problem. A system hacker knows about designing and maintaining operating systems. And a 'password hacker' knows how to find out someone else's password. That's what Newsweek (www.msnbc.com/news/NW-front_Front.asp) should be calling them. Someone who sets out to crack the security of a system for financial gain is not a hacker at all. It's not that a hacker can't be a thief, but a hacker can't be a professional thief. A hacker must be fundamentally an amateur, even though hackers can get paid for their expertise. A password hacker whose primary interest is in learning how the system works doesn't necessarily refrain from stealing information or services, but someone whose primary interest is in stealing isn't a hacker. It's a matter of emphasis."

A prime example of a hacker in the truest sense is Linus Torvalds (www.cs.helsinki. fi/u/torvalds), Finnish creator of the Linux operating system (www.linux.com) - the open source OS that has long infuriated Microsoft (www.microsoft.com) while delighting hackers and bleeding-edge compu-tech enthusiasts worldwide. (Interestingly, Microsoft recently launched Microsoft.NET (www.microsoft.com/net), which it calls "a revolutionary new platform, built on open Internet protocols and standards...") Surely the man who has literally given away invaluable code to the world does not qualify for the vilification normally affiliated with the word "hacker."

The webjackers who seized control of the respected adult resource site, JanesGuide (www.janesguide.com), were thieves, stealing and diverting domain access in order to make a profit. They unquestionably qualify as crackers in the most negative sense of the word. Similar webjackings have occurred at mainstream sites, including shoe manufacturing giant, Nike (www.nike.com), although for political instead of financial reasons.

More problematic for definition is Kevin Mitnick (www.kevinmitnick.com), found guilty by the U.S. government of hacking numerous computer systems and removing code. Though Mitnick never attempted to profit financially from his activities, his most recent parole, begun in January, initially included a number of stipulations that, for a hacker, might very well be seen as tantamount to a death sentence: three years with absolutely no access to, use, or possession of any computer hardware, software, or wireless equipment whatsoever - done as much to send a message to those who might wish to emulate the high-profile hacker as to punish Mitnick for his actions.

Some of the restrictions regarding Mitnick's access to online communication have since been relaxed; nonetheless, many in the hacker-friendly community feel that the sentence, and the government's conduct during the proceedings, was an extreme reaction to the case.

And what of the authors and distibutors of the DeCSS DVD-cracking software? They claim their goal was simply to create a program allowing users to view studio-made, store bought DVDs on their Linux-based computers, since, at the time, no industry-approved software was available to do so; but in a recently-concluded lawsuit in New York District Court (the outcome of which will have been decided by the time you read this - transcripts are available for reading at www.2600.org), the MPAA (www.mpaa.org) and others argued the program can and has been used to pirate DVDs as well.

Hackers or crackers? Heroes or villains?

Right or wrong?

Who Will Watch the Watchers?

Whether they are merely eccentric modern Peeping Tom's delighting in a glimpse into cyber medicine cabinets, modern Marco Polo's expanding their understanding of how technology works, unwholesomely inquisitive and na�ve busy-bodies meddling where they should not, or malicious thieves looking to profit from the work of others, webmasters and technophiles in general would prefer to have their systems free of unexpected visits from strangers. At least one insurance company, the famous Lloyd's of London (www.lloyds.com/Index.I_htm), has come to the rescue of cyber property owners with anti-hacker coverage of up to US$100 million to clients of Counterpane Internet Security (www.counterpane.com), a computer security firm.

Some companies hire what they call "reformed hackers" as security personnel, believing that their understanding of the mindset and culture will help protect against unauthorized snooping or outright attacks. Others contend that those who engage or have engaged in unauthorized hackering are essentially like child molesters or drug addicts, incapable of change and easily lead back into temptation. Dr. Charles C. Palmer, manager of Network Security and Cryptography (www.zurich.ibm.com/~sti/g-kk/gkk.htm) and head of the Global Security Analysis Lab (www.research.ibm.com/net_security/gsalpub.html), doesn't feel that reformed hackers have anything to contribute professionally and states in an interview with CNN (www.cnn.com) that, "The number of really gifted hackers in the world is very small, but there are lots of wannabes... when we do an ethical hack, we could be holding the keys to that company once we gain access. It's too great a risk for our customers to be put in a compromising position. With access to so many systems and so much information, the temptation for a former hacker could be too great - like a kid in an unattended candy store."

Eric Croley, who prefers the handle, Emmanuel Goldstein, is editor-in-chief of the online The Hacker Quarterly (the aforementioned 2600.org) and sees things a bit differently. In a companion CNN interview, Goldstein opines that, "hackers are necessary, and the future of technology and society itself (freedom, privacy, etc.) hinges on how we address the issues today that hackers are very much a part of. This can be the dawning of a great era. It can also be the beginning of true hell." Goldstein sees the temptation to authorized hackers as originating from a different area than Palmer. The distinction further points out the differences in hacker vs. "mundane" (hackerspeak for "ordinary") thinking. As Goldstein sees it, "Just as you can use hacker ability to attain a life of crime, you can use that ability to become a corporate success. Some are able to hold onto their hacker ideals. Others, sadly, lose them. It's especially hard when young people who haven't worked it all out yet are approached and tempted with huge amounts of money by these entities. It can be very hard to resist and the cost is often greater than anticipated." Further, Goldstein feels that the fear instilled in computer users with regard to hackers, is largely overblown. "In all the time I've been in the scene, which is a pretty long time, I've never come across anyone I consider to be a 'cyberterrorist,' whatever that is. Most people who talk of such creatures either have something to sell or some bill to pass. This is not to say that such a concept is impossible. But I believe the current discussions aren't based on reality and have very suspicious ulterior motives."

Next month: Notorious cases.