hackers
who to fear?
we are supposed to fear hackers. we are led to believe they will attack us and ruin our lives for no good reason. we are led to believe they are a threat to national security; both because governments like enemies and the media likes easy headlines.
but should you fear a fourteen-year-old kid who accidentally moves a satellite; or should you fear the government agency whose security was so bad it could be breached by a curious kid? don't think this is far-fetched, it's a real case; discussed in the documentary "hackers" (© Intercon 1992). a fourteen-year-old really did change the course of a satellite. he really was arrested.
hackers drive home what we don't like to admit - our security is poor, our lives and identities entrusted to flawed systems. if a curious kid can get your credit card details using a computer, modem and their spare time; then should you be pissed at the kid, or pissed at your bank?
it's convenient to have enemies
governments like to have enemies. large, powerful governments like that in america could almost be said to need enemies just to function. when you have an enemy, you have something to hold up for the population to fear. if the population fears something, you can act however you like in order to take away that fear. this is unrelated from any actual results.
communism was a great enemy for the US. it challenged the American Way, so it wasn't hard to get people to fear it. it was so poorly understood that you could accuse anyone of being a communist; which could conveniently ruin their life and career. communism - or rather the "threat" of communism - fueled years of military and intelligence funding.
but when the cold war ended, new enemies had to be found. for a while that was taken care of by the Gulf War, but you can't interrupt the oil supply too long. so there was a lull, which coincided with a period when the internet was relatively young and underground. a great many computer systems were online but poorly defended; while a great many curious young hackers were learning fast how to break into them and find out what was being hidden behind those digital walls.
so all of a sudden there was a new enemy - "hackers". they were poorly understood, they challenged the status quo, they were said to have the ability to ruin your way of life. many hackers were classic outcasts... geeks, basically. there are a lot of people who dislike geeks in the first place. so if you have a weedy geek hacker, you have a convenient packaged enemy.
the new enemy
in the present day, the focus has shifted away from hackers somewhat. why? september eleven, 2001. because a few extremists proved that airline security could not prevent terrorists hijacking a plane and flying it into a building. because one single attack was so shocking, the western world could never be the same.
so now, a new enemy; quickly named, branded and promoted... the "war on terror". possibly america's best enemy yet, since it's such a nebulous enemy that there will never be a clear end. perhaps it will eventually get filed next to the "war on drugs" which america has been fuelling and fighting for years.
so when is hacking a crime?
the really difficult question is when a hacker becomes a criminal. when they learn your system better than you know it? no. when they identify methods to break into your system? no. when they break in but don't touch anything... under current laws, probably. when they break in and destroy it, definitely.
so, yes, hacking can be a crime. but what if a hacker breaks into a system and releases information which should have been public record? information which has been suppressed? information which should not have been collected in the first place?
what if a hacker breaks into a system critical to the continued existence of your bank acount... only to put their mark on it and leave it intact? what if they break into your banking system and send you a message telling you your bank's security is lax?
so even if you accept that a crime has been committed, do you question the hacker; the law; or the people who were supposed to be protecting your data? so some kid stole your credit card number and racked up a large bill. yes, punish the kid. but shouldn't the bank be punished for being so negligent?
what about hackers who trash the servers of child pornographers? would you have them punished? or would you prefer those servers destroyed?
things are not always black and white. the problem is that laws are created by people who would like things to be so simple... when it suits them. after all, the government can access your banking records whenever they'd like to. all they need to do is accuse you of a crime. they don't need to hack anything.
what's in a name
"hackers" are a sorely mis-represented group. in fact, most of the time the word "hacker" is used to mean "computer criminal" or "cracker"; which in many peoples' opinion is like calling a "biker" a "bikie". a biker is someone who rides a motorbike. a bikie is a member of a gang, all of whom ride motorbikes. having a bike and being able to ride it does not make you a criminal. being in a gang puts you under suspicion. but only committing a crime makes you a criminal.
originally at least, a hacker was simply someone who hacked. "hack" is a term used to describe making use of an ability; particularly in an advanced manner. a common usage of the word was the classic "I hack X for Y", eg. the often-quoted "I hack Unix for MIT", meaning you work for MIT doing Unix stuff [see the jargon dictionary for more info].
however, now the most common usage of the word "hacker" is to describe someone who breaks into (or otherwise manipulates) computer systems.
a cracker seeks to break into a system to do damage or take some other action that the owner of that system has not authorised (and probably doesn't want to happen). a hacker seeks to break into a system for the challenge of doing so; or to prove it can be done.
is it important to distinguish between the two? well, conceptually; yes. but in reality the difference is pretty grey and generally you can be prosecuted for both. it's basically an academic difference. but it's typical of hackers that they'd care. these days it'd probably be better to distinguish between legal and illegal hacking/hackers.
hackers are driven by curiosity and a thirst for knowledge. this is reflected in the two most common sayings of the hacking community:
- information wants to be free
- knowledge is power
both of these statements turn up quickly whenever the idea of hackers is broached. i personally have always felt that information wants to be free is more of an ideal; whereas knowledge is power is a self-evident truth. if you know something, that gives you power over someone who doesn't know it. it may give you more power regardless of whether anyone else knows it or not. the more important the knowlege, the more power you have. so if you know how to fix a dripping tap, you have the power to save some money. if you know how to bring down a bank's computer system, you probably couldn't put an accurate price on the knowledge.
so what if you do know how to bring down a bank's computer system? if your intent is to cause criminal damage and widespread chaos, then you probably will bring it down. if you're simply curious, you'll probably file that information away and move on to the next target. if you did it for the kudos, you'll brag to your mates then move on to the next target.
quotes
general
"They fear us because we oftentimes understand a lot more about their computers and their networks than they themselves do. And they feel threatened by this, because they don't understand us and they don't know what we're capable of doing." - Phiber Optik
"People target whatever seems the most unreachable. People here [a 2600 club meeting] target military systems because they say military targets can't possibly be breached... and if they can't then what's the harm? If they can be then we'd better start breaching them to figure out how they can be breached. I'd much rather have a hacker do it than an enemy agent." - Emmanuel Goldstein
"Every company on the internet of any size whatsoever has been attacked and has probably been broken into... and if they think they haven't been broken into then the odds are they just don't know they've been broken into." - Dan Farmer, data security worker.
on "hackers" the movie
"Hack the planet" they cried. Well, it was a good movie, but beware, it's a hollywood version of the hacker culture. The messages and hacker ethics portrayed are pretty accurate, but the idea that hackers are young, ultra-hip and cool teens is a little... well, hopeful :)
So what do notable hacker figures think of it?....
People who aren't hackers will enjoy the plot. People who are hackers will enjoy the message. - Emmanuel Goldstein
It remains the most loyal compared to other movies recently released on the subject. - Phiber Optik
links
- 2600, the hacker magazine.
- The New Hacker's Dictionary - Table of Contents
- Wikipedia: Hackers.
- The Hacker Crackdown, law and disorder on the electronic frontier by Bruce Sterling - Project Gutenberg (free etext).