What is Hacking?

Username: system
Password: manager
Welcome to ABL Computer Research Lab. You have five new messages.

That is how easy it was to hack into a computer network. The most prominent definition of hacking is the act of gaining access without legal authorization to a computer or computer network. A hacker first attacks an easy target, and then uses it to hide his or her traces for launching attacks at more secure sites. The goal of an attack is to gain complete control of the system (so you can edit, delete, install, or execute any file in any user’s directory), often by gaining access to a "super-user" account. This will allow both maximum access and the ability to hide your presence.

Often attacks are based on software bugs that a hacker can use to give himself or herself super-user status. The example above was used by West German hacker "Pengo" who exploited the fact that many systems came with default usernames and passwords which some buyers neglected to change. He succeeded by persistence.

Also one can get a copy of the password file (which stores usernames and encrypted passwords and is often publicly accessible) and either do a brute-force attack trying all possible combinations, or encrypt a dictionary and compare the results to see if anyone chose a password that is a dictionary word. Another method of hacking is to email someone a program that either automatically runs, or that runs when they click on an attachment. This can install a program that will give you control of their computer. L0pht Heavy Industry’s Back Orifice 2000 (a crude parody of Microsoft’s Office 2000) allows someone to have nearly complete control (running programs, deleting files, viewing the screen, logging typed keys, etc.) over the target computer without being noticed. One complicated method, known as IP spoofing, is to get one computer to pretend that it is another one which is trusted by the target system, thus gaining the access privileges of the latter.

Early hackers needed to be very knowledgeable so that they were able to identify bugs themselves (a task requiring extensive knowledge about the operating system, and reading complex manuals) and often write their own programs to exploit them. They had to keep track of the leading developments in the field (latest bugs, latest patches, latest bugs in the patches, etc.). Later hackers were able to increasingly rely upon the hacking community to identify bugs and write programs that could be adapted for their specific purpose. For instance, famed hacker Kevin Mitnick used a trojan horse written by the West German Chaos Gang to gain access to hundreds of systems. As another example, it does not take much intelligence to download a copy of Back Orifice 2000 from www.bo2k.com and send a copy of the client as an attachment disguised as a game or cute program, to an unsuspecting person. In fact, Back Orifice has been downloaded over 300,000 times (Deane 1999) and received substantial computer media coverage. In Pengo’s case it is often more a matter of dedication and trying well-known recipes until one finds a place that has not fixed the bugs, than genius.

The growing number of inexperienced hackers (deridingly called "lamers" or "crackers"), due to the growth first in BBSes and then in the Internet, helps explain the antagonism between the older generation that did more of the problem-solving for themselves and the new generation that can get a quick start by running hacker programs without understanding how they work. The reaction of the older generation is to shun the newbies, thus ignoring those who might show talent as well as those who are in it just to copy tactics.

Hacker Discourse: The Mentor’s Manifesto

So what motivates hackers? Next to Levy’s "hacker ethic," the most influential hacker document is "The Conscience of a Hacker" (a.k.a. The Hacker Manifesto). It can be found on many webpages showing that people believe it is a good representation of the hacking spirit. It appeared originally in Phrack 7 and was reprinted there after some busts in 1987 (Phrack 23). The last two paragraphs were even posted on a hacked www.votedbest.com webpage (see http://www.attrition.org/mirror/attrition/1999/12/03/www.votedbest.com/), Also it was included in the movie Hackers.

Here it is, with some of the formatting preserved from the original Phrack 7 text:


=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The following was written shortly after my arrest...

\/\The Conscience of a Hacker/\/


+++The Mentor+++

Written on January 8, 1986

Another one got caught today, it's all over the papers. "Teenager Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"... Damn kids. They're all alike.

But did you, in your three-piece psychology and 1950's technobrain, ever take a look behind the eyes of the hacker? Did you ever wonder what made him tick, what forces shaped him, what may have molded him? I am a hacker, enter my world... Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me... Damn underachiever. They're all alike.

I'm in junior high or high school. I've listened to teachers explain for the fifteenth time how to reduce a fraction. I understand it. "No, Ms. Smith, I didn't show my work. I did it in my head..." Damn kid. Probably copied it. They're all alike.

I made a discovery today. I found a computer. Wait a second, this is cool. It does what I want it to. If it makes a mistake, it's because I screwed it up. Not because it doesn't like me... Or feels threatened by me... Or thinks I'm a smart ass... Or doesn't like teaching and shouldn't be here... Damn kid. All he does is play games. They're all alike.
And then it happened... a door opened to a world... rushing through the phone line like heroin through an addict's veins, an electronic pulse is sent out, a refuge from the day-to-day incompetencies is sought... a board is found.

"This is it... this is where I belong..." I know everyone here... even if I've never met them, never talked to them, may never hear from them again... I know you all... Damn kid. Tying up the phone line again. They're all alike...

You bet your ass we're all alike... we've been spoon-fed baby food at school when we hungered for steak... the bits of meat that you did let slip through were pre-chewed and tasteless. We've been dominated by sadists, or ignored by the apathetic. The few that had something to teach found us will- ing pupils, but those few are like drops of water in the desert.

This is our world now... the world of the electron and the switch, the beauty of the baud. We make use of a service already existing without paying for what could be dirt-cheap if it wasn't run by profiteering gluttons, and you call us criminals. We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals.

Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.

I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all... after all, we're all alike.
+++The Mentor+++

Overall this manifesto argues that hacking is a legitimate, but misunderstood, activity. For instance the media portrays hackers as criminals, and argues that they do it for personal gain. As most hackers start in their teens, they are influenced by their alienated experience in school where they might be seen as "under-achievers" or cheaters. The function of school is to condition students, with bells, grades, exams, and arbitrary rules, so that they accept working nine to five jobs and follow the orders of their boss, government, and other elites. It makes sense that the school experience would alienate many freethinking students. His sarcastic tone shows the alienation and frustration that he and other hackers are experiencing (and which in his case was increased by his recent arrest). Computers, and specifically computer networks in the grassroots form of bulletin board systems, provide an intellectual challenge for socially inept hackers and an escape from a cruel misunderstanding world. Whereas in socializing hackers have a disadvantage, in computer networks they have the advantage due to their specialized knowledge. Unfortunately, having just liberated themselves from social alienation, hackers find themselves stigmatized, and labeled as criminals for their efforts to break free.

The Mentor concludes by challenging the legitimacy of the legal system to determine the boundary between legal and illegal activity. Perhaps influenced by the anarchy files that are common on computer underground BBSes, he argues that the government is criminal and does not have the right to judge hackers. He probably does not expect hackers to win the legal argument, but proclaims that they will keep on hacking regardless. This manifesto has been read by, and encouraged, thousands (possibly hundreds of thousands or millions if you include the movie) of computer hackers or possible hackers – proving that the Mentor was right.

Building boundaries between hackers and crackers

The Mentor’s critique of the media’s portrayal of hackers is an attempt to build a boundary between ethical hackers (a.k.a. "white hats") and unethical crackers (a.k.a. "black hats"). According to hacker Candy Man whereas hackers use their intelligence (Ex. extensive knowledge of Unix) to break into systems but will avoid harming data, crackers are dumb and get passwords using well-known techniques and do so with the intent of damaging the system. As another example of similar boundary drawing, Hafner and Markoff in Cyberpunk refer to Kevin Mitnick as a "dark-side" hacker due to his malicious activities such as tapping phone lines, personal threats and manipulation, breaking into telecom buildings, etc. Kevin Mitnick was eventually imprisoned for stealing 20,000 credit card numbers. Hackers are generally very supportive of this boundary. Phrack often interviewed famous phreaks or hackers, and about half of them would sharply criticize the new generation for their unethical and uneducated behavior. The criticism of crackers is fueled by the belief that they give hacking a bad name, but also they draw the attention of law enforcement and increase the chances of everyone getting caught.

Control C speaking to Phrack (Issue 45) about "What I think of the Future of the Underground:"

Ahahaha.. LAME, LAME, LAME.. In the old days we were the first to do things. We would get on a system and play with it for hours. It was a quest for knowledge... Today's new "hackers" are really assholes. They don't do it to learn. They want to mess things up. I really can't stand the new anarchy thing that is going around. We have kids logging onto the BBS that say "I have 400+ viruses". Well.. That's not cool...

The purpose of hacking is to learn. Learn the way a computer system runs. Learn how the telephone switching systems work. Learn how a packet switching network works. It's not to destroy things or make other peoples lives a mess by deleting all the work they did for the past week. The reason the Department of Justice has crackdowns on computer hackers is because so many of them are destructive. That's just stupid criminal behavior and I hope they all get busted. They shouldn't be around. You give real hackers a bad name.

In an interview, former editor of Phrack and member of the Legion of Doom (a notorious hacker group), Erik Bloodaxe, explains that he strongly supports the hacker ethic. Commenting on the bad hackers he remarks: "I find it pretty repulsive and disgusting. I am certainly not blind to the fact that there are people out there that do it, but obviously these people have a s---ty upbringing or they are just bad people" (qtd. in Gilboa).

Interviews of Scan Man (Phrack 7), Tuc (Phrack 8), Agrajag (Phrack 12), Taran King (Phrack 20), all opposed malicious hacking and were notably critical of credit carding. In the Phrack interviews, no one ever defended credit carding. The closest thing to a defense of cracking was a passive one, where people did not say anything bad about their colleagues. So whether they were defending them or not was questionable. Phrack’s refusal to publish passwords or other codes, combined with their editorial stance and its move away from publishing "anarchy" files (like drug and bomb recipes); shows that it favors white hat hacking.

Theoretical Framework
Hacking History
Phone Hacking
What is Hacking?
Juvenile Discourse, Black Hats, and White Hats
Hacker Language
Juvenility and Carding
Problems with the White Hat Hacking Discourse
Nostalgic Discourse
Problems with the Nostalgic Discourse
Law Enforcement and Computer Security Discourse
The Legal Discourse
Problems with the Law Enforcement Discourse
Media Discourse
Hackers as Resistance (illegal and legal)
Limitations to Resistance
Works Cited