Telco people found little comfort in objectivity when they contemplated these possibilities. It was just too close to the bone for them; it was embarrassing; it hurt so much, it was hard even to talk about.
There has always been thieving and misbehavior in the phone system. There has always been trouble with the rival independents, and in the local loops. But to have such trouble in the core of the system, the long-distance switching stations, is a horrifying affair. To telco people, this is all the difference between finding roaches in your kitchen and big horrid sewer-rats in your bedroom.
From the outside, to the average citizen, the telcos still seem gigantic and impersonal. The American public seems to regard them as something akin to Soviet apparats. Even when the telcos do their best corporate-citizen routine, subsidizing magnet high-schools and sponsoring news-shows on public television, they seem to win little except public suspicion.
But from the inside, all this looks very different. There's harsh competition. A legal and political system that seems baffled and bored, when not actively hostile to telco interests. There's a loss of morale, a deep sensation of having somehow lost the upper hand. Technological change has caused a loss of data and revenue to other, newer forms of transmission. There's theft, and new forms of theft, of growing scale and boldness and sophistication. With all these factors, it was no surprise to see the telcos, large and small, break out in a litany of bitter complaint.
In late '88 and throughout 1989, telco representatives grew shrill in their complaints to those few American law enforcement officials who make it their business to try to understand what telephone people are talking about. Telco security officials had discovered the computer-hacker underground, infiltrated it thoroughly, and become deeply alarmed at its growing expertise. Here they had found a target that was not only loathsome on its face, but clearly ripe for counterattack.
Those bitter rivals: AT&T, MCI and Sprint—and a crowd of Baby Bells: PacBell, Bell South, Southwestern Bell, NYNEX, USWest, as well as the Bell research consortium Bellcore, and the independent long-distance carrier Mid-American—all were to have their role in the great hacker dragnet of 1990. After years of being battered and pushed around, the telcos had, at least in a small way, seized the initiative again. After years of turmoil, telcos and government officials were once again to work smoothly in concert in defense of the System. Optimism blossomed; enthusiasm grew on all sides; the prospective taste of vengeance was sweet.
#
From the beginning—even before the crackdown had a name—secrecy was a big problem. There were many good reasons for secrecy in the hacker crackdown. Hackers and code-thieves were wily prey, slinking back to their bedrooms and basements and destroying vital incriminating evidence at the first hint of trouble. Furthermore, the crimes themselves were heavily technical and difficult to describe, even to police—much less to the general public.
When such crimes HAD been described intelligibly to the public, in the past, that very publicity had tended to INCREASE the crimes enormously. Telco officials, while painfully aware of the vulnerabilities of their systems, were anxious not to publicize those weaknesses. Experience showed them that those weaknesses, once discovered, would be pitilessly exploited by tens of thousands of people—not only by professional grifters and by underground hackers and phone phreaks, but by many otherwise more-or-less honest everyday folks, who regarded stealing service from the faceless, soulless "Phone Company" as a kind of harmless indoor sport. When it came to protecting their interests, telcos had long since given up on general public sympathy for "the Voice with a Smile." Nowadays the telco's "Voice" was very likely to be a computer's; and the American public showed much less of the proper respect and gratitude due the fine public service bequeathed them by Dr. Bell and Mr. Vail. The more efficient, high-tech, computerized, and impersonal the telcos became, it seemed, the more they were met by sullen public resentment and amoral greed.
Telco officials wanted to punish the phone-phreak underground, in as public and exemplary a manner as possible. They wanted to make dire examples of the worst offenders, to seize the ringleaders and intimidate the small fry, to discourage and frighten the wacky hobbyists, and send the professional grifters to jail. To do all this, publicity was vital.
Yet operational secrecy was even more so. If word got out that a nationwide crackdown was coming, the hackers might simply vanish; destroy the evidence, hide their computers, go to earth, and wait for the campaign to blow over. Even the young hackers were crafty and suspicious, and as for the professional grifters, they tended to split for the nearest state-line at the first sign of trouble. For the crackdown to work well, they would all have to be caught red-handed, swept upon suddenly, out of the blue, from every corner of the compass.
And there was another strong motive for secrecy. In the worst-case scenario, a blown campaign might leave the telcos open to a devastating hacker counter-attack. If there were indeed hackers loose in America who had caused the January 15 Crash—if there were truly gifted hackers, loose in the nation's long-distance switching systems, and enraged or frightened by the crackdown—then they might react unpredictably to an attempt to collar them. Even if caught, they might have talented and vengeful friends still running around loose. Conceivably, it could turn ugly. Very ugly. In fact, it was hard to imagine just how ugly things might turn, given that possibility.
Counter-attack from hackers was a genuine concern for the telcos. In point of fact, they would never suffer any such counter-attack. But in months to come, they would be at some pains to publicize this notion and to utter grim warnings about it.
Still, that risk seemed well worth running. Better to run the risk of vengeful attacks, than to live at the mercy of potential crashers. Any cop would tell you that a protection racket had no real future.
And publicity was such a useful thing. Corporate security officers, including telco security, generally work under conditions of great discretion. And corporate security officials do not make money for their companies. Their job is to PREVENT THE LOSS of money, which is much less glamorous than actually winning profits.
If you are a corporate security official, and you do your job brilliantly, then nothing bad happens to your company at all. Because of this, you appear completely superfluous. This is one of the many unattractive aspects of security work. It's rare that these folks have the chance to draw some healthy attention to their own efforts.
Publicity also served the interest of their friends in law enforcement. Public officials, including law enforcement officials, thrive by attracting favorable public interest. A brilliant prosecution in a matter of vital public interest can make the career of a prosecuting attorney. And for a police officer, good publicity opens the purses of the legislature; it may bring a citation, or a promotion, or at least a rise in status and the respect of one's peers.
But to have both publicity and secrecy is to have one's cake and eat it too. In months to come, as we will show, this impossible act was to cause great pain to the agents of the crackdown. But early on, it seemed possible—maybe even likely—that the crackdown could successfully combine the best of both worlds. The ARREST of hackers would be heavily publicized. The actual DEEDS of the hackers, which were technically hard to explain and also a security risk, would be left decently obscured. The THREAT hackers posed would be heavily trumpeted; the likelihood of their actually committing such fearsome crimes would be left to the public's imagination. The spread of the computer underground, and its growing technical sophistication, would be heavily promoted; the actual hackers themselves, mostly bespectacled middle-class white suburban teenagers, would be denied any personal publicity.
It does not seem to have occurred to any telco official that the hackers accused would demand a day in court; that journalists would smile upon the hackers as "good copy;" that wealthy high-tech entrepreneurs would offer moral and financial support to crackdown victims; that constitutional lawyers would show up with briefcases, frowning mightily. This possibility does not seem to have ever entered the game-plan.
And even if it had, it probably would not have slowed the ferocious pursuit of a stolen phone-company document, mellifluously known as "Control Office Administration of Enhanced 911 Services for Special Services and Major Account Centers."
In the chapters to follow, we will explore the worlds of police and the computer underground, and the large shadowy area where they overlap. But first, we must explore the battleground. Before we leave the world of the telcos, we must understand what a switching system actually is and how your telephone actually works.
#
To the average citizen, the idea of the telephone is represented by, well, a TELEPHONE: a device that you talk into. To a telco professional, however, the telephone itself is known, in lordly fashion, as a "subset." The "subset" in your house is a mere adjunct, a distant nerve ending, of the central switching stations, which are ranked in levels of heirarchy, up to the long-distance electronic switching stations, which are some of the largest computers on earth.
Let us imagine that it is, say, 1925, before the introduction of computers, when the phone system was simpler and somewhat easier to grasp. Let's further imagine that you are Miss Leticia Luthor, a fictional operator for Ma Bell in New York City of the 20s.
Basically, you, Miss Luthor, ARE the "switching system." You are sitting in front of a large vertical switchboard, known as a "cordboard," made of shiny wooden panels, with ten thousand metal-rimmed holes punched in them, known as jacks. The engineers would have put more holes into your switchboard, but ten thousand is as many as you can reach without actually having to get up out of your chair.
Each of these ten thousand holes has its own little electric lightbulb, known as a "lamp," and its own neatly printed number code.
With the ease of long habit, you are scanning your board for lit-up bulbs. This is what you do most of the time, so you are used to it.
A lamp lights up. This means that the phone at the end of that line has been taken off the hook. Whenever a handset is taken off the hook, that closes a circuit inside the phone which then signals the local office, i.e. you, automatically. There might be somebody calling, or then again the phone might be simply off the hook, but this does not matter to you yet. The first thing you do, is record that number in your logbook, in your fine American public-school handwriting. This comes first, naturally, since it is done for billing purposes.
You now take the plug of your answering cord, which goes directly to your headset, and plug it into the lit-up hole. "Operator," you announce.
In operator's classes, before taking this job, you have been issued a large pamphlet full of canned operator's responses for all kinds of contingencies, which you had to memorize. You have also been trained in a proper non-regional, non-ethnic pronunciation and tone of voice. You rarely have the occasion to make any spontaneous remark to a customer, and in fact this is frowned upon (except out on the rural lines where people have time on their hands and get up to all kinds of mischief).
A tough-sounding user's voice at the end of the line gives you a number. Immediately, you write that number down in your logbook, next to the caller's number, which you just wrote earlier. You then look and see if the number this guy wants is in fact on your switchboard, which it generally is, since it's generally a local call. Long distance costs so much that people use it sparingly.
Only then do you pick up a calling-cord from a shelf at the base of the switchboard. This is a long elastic cord mounted on a kind of reel so that it will zip back in when you unplug it. There are a lot of cords down there, and when a bunch of them are out at once they look like a nest of snakes. Some of the girls think there are bugs living in those cable-holes. They're called "cable mites" and are supposed to bite your hands and give you rashes. You don't believe this, yourself.
Gripping the head of your calling-cord, you slip the tip of it deftly into the sleeve of the jack for the called person. Not all the way in, though. You just touch it. If you hear a clicking sound, that means the line is busy and you can't put the call through. If the line is busy, you have to stick the calling-cord into a "busy-tone jack," which will give the guy a busy-tone. This way you don't have to talk to him yourself and absorb his natural human frustration.
But the line isn't busy. So you pop the cord all the way in. Relay circuits in your board make the distant phone ring, and if somebody picks it up off the hook, then a phone conversation starts. You can hear this conversation on your answering cord, until you unplug it. In fact you could listen to the whole conversation if you wanted, but this is sternly frowned upon by management, and frankly, when you've overheard one, you've pretty much heard 'em all.
You can tell how long the conversation lasts by the glow of the calling-cord's lamp, down on the calling-cord's shelf. When it's over, you unplug and the calling-cord zips back into place.
Having done this stuff a few hundred thousand times, you become quite good at it. In fact you're plugging, and connecting, and disconnecting, ten, twenty, forty cords at a time. It's a manual handicraft, really, quite satisfying in a way, rather like weaving on an upright loom.
Should a long-distance call come up, it would be different, but not all that different. Instead of connecting the call through your own local switchboard, you have to go up the hierarchy, onto the long-distance lines, known as "trunklines." Depending on how far the call goes, it may have to work its way through a whole series of operators, which can take quite a while. The caller doesn't wait on the line while this complex process is negotiated across the country by the gaggle of operators. Instead, the caller hangs up, and you call him back yourself when the call has finally worked its way through.
After four or five years of this work, you get married, and you have to quit your job, this being the natural order of womanhood in the American 1920s. The phone company has to train somebody else—maybe two people, since the phone system has grown somewhat in the meantime. And this costs money.
In fact, to use any kind of human being as a switching system is a very expensive proposition. Eight thousand Leticia Luthors would be bad enough, but a quarter of a million of them is a military-scale proposition and makes drastic measures in automation financially worthwhile.
Although the phone system continues to grow today, the number of human beings employed by telcos has been dropping steadily for years. Phone "operators" now deal with nothing but unusual contingencies, all routine operations having been shrugged off onto machines. Consequently, telephone operators are considerably less machine-like nowadays, and have been known to have accents and actual character in their voices. When you reach a human operator today, the operators are rather more "human" than they were in Leticia's day—but on the other hand, human beings in the phone system are much harder to reach in the first place.
Over the first half of the twentieth century, "electromechanical" switching systems of growing complexity were cautiously introduced into the phone system. In certain backwaters, some of these hybrid systems are still in use. But after 1965, the phone system began to go completely electronic, and this is by far the dominant mode today. Electromechanical systems have "crossbars," and "brushes," and other large moving mechanical parts, which, while faster and cheaper than Leticia, are still slow, and tend to wear out fairly quickly.
But fully electronic systems are inscribed on silicon chips, and are lightning-fast, very cheap, and quite durable. They are much cheaper to maintain than even the best electromechanical systems, and they fit into half the space. And with every year, the silicon chip grows smaller, faster, and cheaper yet. Best of all, automated electronics work around the clock and don't have salaries or health insurance.
There are, however, quite serious drawbacks to the use of computer-chips. When they do break down, it is a daunting challenge to figure out what the heck has gone wrong with them. A broken cordboard generally had a problem in it big enough to see. A broken chip has invisible, microscopic faults. And the faults in bad software can be so subtle as to be practically theological.
If you want a mechanical system to do something new, then you must travel to where it is, and pull pieces out of it, and wire in new pieces. This costs money. However, if you want a chip to do something new, all you have to do is change its software, which is easy, fast and dirt-cheap. You don't even have to see the chip to change its program. Even if you did see the chip, it wouldn't look like much. A chip with program X doesn't look one whit different from a chip with program Y.
With the proper codes and sequences, and access to specialized phone-lines, you can change electronic switching systems all over America from anywhere you please.
And so can other people. If they know how, and if they want to, they can sneak into a microchip via the special phonelines and diddle with it, leaving no physical trace at all. If they broke into the operator's station and held Leticia at gunpoint, that would be very obvious. If they broke into a telco building and went after an electromechanical switch with a toolbelt, that would at least leave many traces. But people can do all manner of amazing things to computer switches just by typing on a keyboard, and keyboards are everywhere today. The extent of this vulnerability is deep, dark, broad, almost mind-boggling, and yet this is a basic, primal fact of life about any computer on a network.
Security experts over the past twenty years have insisted, with growing urgency, that this basic vulnerability of computers represents an entirely new level of risk, of unknown but obviously dire potential to society. And they are right.
An electronic switching station does pretty much everything Letitia did, except in nanoseconds and on a much larger scale. Compared to Miss Luthor's ten thousand jacks, even a primitive 1ESS switching computer, 60s vintage, has a 128,000 lines. And the current AT&T system of choice is the monstrous fifth-generation 5ESS.
An Electronic Switching Station can scan every line on its "board" in a tenth of a second, and it does this over and over, tirelessly, around the clock. Instead of eyes, it uses "ferrod scanners" to check the condition of local lines and trunks. Instead of hands, it has "signal distributors," "central pulse distributors," "magnetic latching relays," and "reed switches," which complete and break the calls. Instead of a brain, it has a "central processor." Instead of an instruction manual, it has a program. Instead of a handwritten logbook for recording and billing calls, it has magnetic tapes. And it never has to talk to anybody. Everything a customer might say to it is done by punching the direct-dial tone buttons on your subset.
Although an Electronic Switching Station can't talk, it does need an interface, some way to relate to its, er, employers. This interface is known as the "master control center." (This interface might be better known simply as "the interface," since it doesn't actually "control" phone calls directly. However, a term like "Master Control Center" is just the kind of rhetoric that telco maintenance engineers—and hackers—find particularly satisfying.)
Using the master control center, a phone engineer can test local and trunk lines for malfunctions. He (rarely she) can check various alarm displays, measure traffic on the lines, examine the records of telephone usage and the charges for those calls, and change the programming.
And, of course, anybody else who gets into the master control center by remote control can also do these things, if he (rarely she) has managed to figure them out, or, more likely, has somehow swiped the knowledge from people who already know.
In 1989 and 1990, one particular RBOC, BellSouth, which felt particularly troubled, spent a purported $1.2 million on computer security. Some think it spent as much as two million, if you count all the associated costs. Two million dollars is still very little compared to the great cost-saving utility of telephonic computer systems.
Unfortunately, computers are also stupid. Unlike human beings, computers possess the truly profound stupidity of the inanimate.
In the 1960s, in the first shocks of spreading computerization, there was much easy talk about the stupidity of computers—how they could "only follow the program" and were rigidly required to do "only what they were told." There has been rather less talk about the stupidity of computers since they began to achieve grandmaster status in chess tournaments, and to manifest many other impressive forms of apparent cleverness.
Nevertheless, computers STILL are profoundly brittle and stupid; they are simply vastly more subtle in their stupidity and brittleness. The computers of the 1990s are much more reliable in their components than earlier computer systems, but they are also called upon to do far more complex things, under far more challenging conditions.
On a basic mathematical level, every single line of a software program offers a chance for some possible screwup. Software does not sit still when it works; it "runs," it interacts with itself and with its own inputs and outputs. By analogy, it stretches like putty into millions of possible shapes and conditions, so many shapes that they can never all be successfully tested, not even in the lifespan of the universe. Sometimes the putty snaps.
The stuff we call "software" is not like anything that human society is used to thinking about. Software is something like a machine, and something like mathematics, and something like language, and something like thought, and art, and information.... But software is not in fact any of those other things. The protean quality of software is one of the great sources of its fascination. It also makes software very powerful, very subtle, very unpredictable, and very risky.
Some software is bad and buggy. Some is "robust," even "bulletproof." The best software is that which has been tested by thousands of users under thousands of different conditions, over years. It is then known as "stable." This does NOT mean that the software is now flawless, free of bugs. It generally means that there are plenty of bugs in it, but the bugs are well-identified and fairly well understood.
There is simply no way to assure that software is free of flaws. Though software is mathematical in nature, it cannot by "proven" like a mathematical theorem; software is more like language, with inherent ambiguities, with different definitions, different assumptions, different levels of meaning that can conflict.
Human beings can manage, more or less, with human language because we can catch the gist of it.
Computers, despite years of effort in "artificial intelligence," have proven spectacularly bad in "catching the gist" of anything at all. The tiniest bit of semantic grit may still bring the mightiest computer tumbling down. One of the most hazardous things you can do to a computer program is try to improve it—to try to make it safer. Software "patches" represent new, untried un-"stable" software, which is by definition riskier.
The modern telephone system has come to depend, utterly and irretrievably, upon software. And the System Crash of January 15, 1990, was caused by an IMPROVEMENT in software. Or rather, an ATTEMPTED improvement.
As it happened, the problem itself—the problem per se—took this form. A piece of telco software had been written in C language, a standard language of the telco field. Within the C software was a long "do ... while" construct. The "do ... while" construct contained a "switch" statement. The "switch" statement contained an "if" clause. The "if" clause contained a "break." The "break" was SUPPOSED to "break" the "if clause." Instead, the "break" broke the "switch" statement.
That was the problem, the actual reason why people picking up phones on January 15, 1990, could not talk to one another.
Or at least, that was the subtle, abstract, cyberspatial seed of the problem. This is how the problem manifested itself from the realm of programming into the realm of real life.
The System 7 software for AT&T's 4ESS switching station, the "Generic 44E14 Central Office Switch Software," had been extensively tested, and was considered very stable. By the end of 1989, eighty of AT&T's switching systems nationwide had been programmed with the new software. Cautiously, thirty-four stations were left to run the slower, less-capable System 6, because AT&T suspected there might be shakedown problems with the new and unprecedently sophisticated System 7 network.
The stations with System 7 were programmed to switch over to a backup net in case of any problems. In mid-December 1989, however, a new high-velocity, high-security software patch was distributed to each of the 4ESS switches that would enable them to switch over even more quickly, making the System 7 network that much more secure.
Unfortunately, every one of these 4ESS switches was now in possession of a small but deadly flaw.
In order to maintain the network, switches must monitor the condition of other switches—whether they are up and running, whether they have temporarily shut down, whether they are overloaded and in need of assistance, and so forth. The new software helped control this bookkeeping function by monitoring the status calls from other switches.
It only takes four to six seconds for a troubled 4ESS switch to rid itself of all its calls, drop everything temporarily, and re-boot its software from scratch. Starting over from scratch will generally rid the switch of any software problems that may have developed in the course of running the system. Bugs that arise will be simply wiped out by this process. It is a clever idea. This process of automatically re-booting from scratch is known as the "normal fault recovery routine." Since AT&T's software is in fact exceptionally stable, systems rarely have to go into "fault recovery" in the first place; but AT&T has always boasted of its "real world" reliability, and this tactic is a belt-and-suspenders routine.
The 4ESS switch used its new software to monitor its fellow switches as they recovered from faults. As other switches came back on line after recovery, they would send their "OK" signals to the switch. The switch would make a little note to that effect in its "status map," recognizing that the fellow switch was back and ready to go, and should be sent some calls and put back to regular work.
Unfortunately, while it was busy bookkeeping with the status map, the tiny flaw in the brand-new software came into play. The flaw caused the 4ESS switch to interact, subtly but drastically, with incoming telephone calls from human users. If—and only if—two incoming phone-calls happened to hit the switch within a hundredth of a second, then a small patch of data would be garbled by the flaw.
But the switch had been programmed to monitor itself constantly for any possible damage to its data. When the switch perceived that its data had been somehow garbled, then it too would go down, for swift repairs to its software. It would signal its fellow switches not to send any more work. It would go into the fault-recovery mode for four to six seconds. And then the switch would be fine again, and would send out its "OK, ready for work" signal.
However, the "OK, ready for work" signal was the VERY THING THAT HAD CAUSED THE SWITCH TO GO DOWN IN THE FIRST PLACE. And ALL the System 7 switches had the same flaw in their status-map software. As soon as they stopped to make the bookkeeping note that their fellow switch was "OK," then they too would become vulnerable to the slight chance that two phone-calls would hit them within a hundredth of a second.
At approximately 2:25 P.M. EST on Monday, January 15, one of AT&T's 4ESS toll switching systems in New York City had an actual, legitimate, minor problem. It went into fault recovery routines, announced "I'm going down," then announced, "I'm back, I'm OK." And this cheery message then blasted throughout the network to many of its fellow 4ESS switches.
Many of the switches, at first, completely escaped trouble. These lucky switches were not hit by the coincidence of two phone calls within a hundredth of a second. Their software did not fail—at first. But three switches—in Atlanta, St. Louis, and Detroit—were unlucky, and were caught with their hands full. And they went down. And they came back up, almost immediately. And they too began to broadcast the lethal message that they, too, were "OK" again, activating the lurking software bug in yet other switches.
As more and more switches did have that bit of bad luck and collapsed, the call-traffic became more and more densely packed in the remaining switches, which were groaning to keep up with the load. And of course, as the calls became more densely packed, the switches were MUCH MORE LIKELY to be hit twice within a hundredth of a second.
It only took four seconds for a switch to get well. There was no PHYSICAL damage of any kind to the switches, after all. Physically, they were working perfectly. This situation was "only" a software problem.
But the 4ESS switches were leaping up and down every four to six seconds, in a virulent spreading wave all over America, in utter, manic, mechanical stupidity. They kept KNOCKING one another down with their contagious "OK" messages.
It took about ten minutes for the chain reaction to cripple the network. Even then, switches would periodically luck-out and manage to resume their normal work. Many calls—millions of them—were managing to get through. But millions weren't.
The switching stations that used System 6 were not directly affected. Thanks to these old-fashioned switches, AT&T's national system avoided complete collapse. This fact also made it clear to engineers that System 7 was at fault.
Bell Labs engineers, working feverishly in New Jersey, Illinois, and Ohio, first tried their entire repertoire of standard network remedies on the malfunctioning System 7. None of the remedies worked, of course, because nothing like this had ever happened to any phone system before.
By cutting out the backup safety network entirely, they were able to reduce the frenzy of "OK" messages by about half. The system then began to recover, as the chain reaction slowed. By 11:30 P.M. on Monday January 15, sweating engineers on the midnight shift breathed a sigh of relief as the last switch cleared-up.
By Tuesday they were pulling all the brand-new 4ESS software and replacing it with an earlier version of System 7.
If these had been human operators, rather than computers at work, someone would simply have eventually stopped screaming. It would have been OBVIOUS that the situation was not "OK," and common sense would have kicked in. Humans possess common sense—at least to some extent. Computers simply don't.
On the other hand, computers can handle hundreds of calls per second. Humans simply can't. If every single human being in America worked for the phone company, we couldn't match the performance of digital switches: direct-dialling, three-way calling, speed-calling, call-waiting, Caller ID, all the rest of the cornucopia of digital bounty. Replacing computers with operators is simply not an option any more.
And yet we still, anachronistically, expect humans to be running our phone system. It is hard for us to understand that we have sacrificed huge amounts of initiative and control to senseless yet powerful machines. When the phones fail, we want somebody to be responsible. We want somebody to blame.
When the Crash of January 15 happened, the American populace was simply not prepared to understand that enormous landslides in cyberspace, like the Crash itself, can happen, and can be nobody's fault in particular. It was easier to believe, maybe even in some odd way more reassuring to believe, that some evil person, or evil group, had done this to us. "Hackers" had done it. With a virus. A trojan horse. A software bomb. A dirty plot of some kind. People believed this, responsible people. In 1990, they were looking hard for evidence to confirm their heartfelt suspicions.
And they would look in a lot of places.
Come 1991, however, the outlines of an apparent new reality would begin to emerge from the fog.
On July 1 and 2, 1991, computer-software collapses in telephone switching stations disrupted service in Washington DC, Pittsburgh, Los Angeles and San Francisco. Once again, seemingly minor maintenance problems had crippled the digital System 7. About twelve million people were affected in the Crash of July 1, 1991.
Said the New York Times Service: "Telephone company executives and federal regulators said they were not ruling out the possibility of sabotage by computer hackers, but most seemed to think the problems stemmed from some unknown defect in the software running the networks."
And sure enough, within the week, a red-faced software company, DSC Communications Corporation of Plano, Texas, owned up to "glitches" in the "signal transfer point" software that DSC had designed for Bell Atlantic and Pacific Bell. The immediate cause of the July 1 Crash was a single mistyped character: one tiny typographical flaw in one single line of the software. One mistyped letter, in one single line, had deprived the nation's capital of phone service. It was not particularly surprising that this tiny flaw had escaped attention: a typical System 7 station requires TEN MILLION lines of code.
On Tuesday, September 17, 1991, came the most spectacular outage yet. This case had nothing to do with software failures—at least, not directly. Instead, a group of AT&T's switching stations in New York City had simply run out of electrical power and shut down cold. Their back-up batteries had failed. Automatic warning systems were supposed to warn of the loss of battery power, but those automatic systems had failed as well.
This time, Kennedy, La Guardia, and Newark airports all had their voice and data communications cut. This horrifying event was particularly ironic, as attacks on airport computers by hackers had long been a standard nightmare scenario, much trumpeted by computer-security experts who feared the computer underground. There had even been a Hollywood thriller about sinister hackers ruining airport computers—DIE HARD II.
Now AT&T itself had crippled airports with computer malfunctions—not just one airport, but three at once, some of the busiest in the world.
Air traffic came to a standstill throughout the Greater New York area, causing more than 500 flights to be cancelled, in a spreading wave all over America and even into Europe. Another 500 or so flights were delayed, affecting, all in all, about 85,000 passengers. (One of these passengers was the chairman of the Federal Communications Commission.)
Stranded passengers in New York and New Jersey were further infuriated to discover that they could not even manage to make a long distance phone call, to explain their delay to loved ones or business associates. Thanks to the crash, about four and a half million domestic calls, and half a million international calls, failed to get through.
The September 17 NYC Crash, unlike the previous ones, involved not a whisper of "hacker" misdeeds. On the contrary, by 1991, AT&T itself was suffering much of the vilification that had formerly been directed at hackers. Congressmen were grumbling. So were state and federal regulators. And so was the press.
For their part, ancient rival MCI took out snide full-page newspaper ads in New York, offering their own long-distance services for the "next time that AT&T goes down."
"You wouldn't find a classy company like AT&T using such advertising," protested AT&T Chairman Robert Allen, unconvincingly. Once again, out came the full-page AT&T apologies in newspapers, apologies for "an inexcusable culmination of both human and mechanical failure." (This time, however, AT&T offered no discount on later calls. Unkind critics suggested that AT&T were worried about setting any precedent for refunding the financial losses caused by telephone crashes.)
Industry journals asked publicly if AT&T was "asleep at the switch." The telephone network, America's purported marvel of high-tech reliability, had gone down three times in 18 months. Fortune magazine listed the Crash of September 17 among the "Biggest Business Goofs of 1991," cruelly parodying AT&T's ad campaign in an article entitled "AT&T Wants You Back (Safely On the Ground, God Willing)."
Why had those New York switching systems simply run out of power? Because no human being had attended to the alarm system. Why did the alarm systems blare automatically, without any human being noticing? Because the three telco technicians who SHOULD have been listening were absent from their stations in the power-room, on another floor of the building—attending a training class. A training class about the alarm systems for the power room!
"Crashing the System" was no longer "unprecedented" by late 1991. On the contrary, it no longer even seemed an oddity. By 1991, it was clear that all the policemen in the world could no longer "protect" the phone system from crashes. By far the worst crashes the system had ever had, had been inflicted, by the system, upon ITSELF. And this time nobody was making cocksure statements that this was an anomaly, something that would never happen again. By 1991 the System's defenders had met their nebulous Enemy, and the Enemy was—the System.
The date was May 9, 1990. The Pope was touring Mexico City. Hustlers from the Medellin Cartel were trying to buy black-market Stinger missiles in Florida. On the comics page, Doonesbury character Andy was dying of AIDS. And then ... a highly unusual item whose novelty and calculated rhetoric won it headscratching attention in newspapers all over America.
The US Attorney's office in Phoenix, Arizona, had issued a press release announcing a nationwide law enforcement crackdown against "illegal computer hacking activities." The sweep was officially known as "Operation Sundevil."
Eight paragraphs in the press release gave the bare facts: twenty-seven search warrants carried out on May 8, with three arrests, and a hundred and fifty agents on the prowl in "twelve" cities across America. (Different counts in local press reports yielded "thirteen," "fourteen," and "sixteen" cities.) Officials estimated that criminal losses of revenue to telephone companies "may run into millions of dollars." Credit for the Sundevil investigations was taken by the US Secret Service, Assistant US Attorney Tim Holtzen of Phoenix, and the Assistant Attorney General of Arizona, Gail Thackeray.
The prepared remarks of Garry M. Jenkins, appearing in a U.S. Department of Justice press release, were of particular interest. Mr. Jenkins was the Assistant Director of the US Secret Service, and the highest-ranking federal official to take any direct public role in the hacker crackdown of 1990.
"Today, the Secret Service is sending a clear message to those computer hackers who have decided to violate the laws of this nation in the mistaken belief that they can successfully avoid detection by hiding behind the relative anonymity of their computer terminals. ( ... ) "Underground groups have been formed for the purpose of exchanging information relevant to their criminal activities. These groups often communicate with each other through message systems between computers called 'bulletin boards.' "Our experience shows that many computer hacker suspects are no longer misguided teenagers, mischievously playing games with their computers in their bedrooms. Some are now high tech computer operators using computers to engage in unlawful conduct."
Who were these "underground groups" and "high-tech operators?" Where had they come from? What did they want? Who WERE they? Were they "mischievous?" Were they dangerous? How had "misguided teenagers" managed to alarm the United States Secret Service? And just how widespread was this sort of thing?
Of all the major players in the Hacker Crackdown: the phone companies, law enforcement, the civil libertarians, and the "hackers" themselves—the "hackers" are by far the most mysterious, by far the hardest to understand, by far the WEIRDEST.
Not only are "hackers" novel in their activities, but they come in a variety of odd subcultures, with a variety of languages, motives and values.
The earliest proto-hackers were probably those unsung mischievous telegraph boys who were summarily fired by the Bell Company in 1878.
Legitimate "hackers," those computer enthusiasts who are independent-minded but law-abiding, generally trace their spiritual ancestry to elite technical universities, especially M.I.T. and Stanford, in the 1960s.
But the genuine roots of the modern hacker UNDERGROUND can probably be traced most successfully to a now much-obscured hippie anarchist movement known as the Yippies. The Yippies, who took their name from the largely fictional "Youth International Party," carried out a loud and lively policy of surrealistic subversion and outrageous political mischief. Their basic tenets were flagrant sexual promiscuity, open and copious drug use, the political overthrow of any powermonger over thirty years of age, and an immediate end to the war in Vietnam, by any means necessary, including the psychic levitation of the Pentagon.
The two most visible Yippies were Abbie Hoffman and Jerry Rubin. Rubin eventually became a Wall Street broker. Hoffman, ardently sought by federal authorities, went into hiding for seven years, in Mexico, France, and the United States. While on the lam, Hoffman continued to write and publish, with help from sympathizers in the American anarcho-leftist underground. Mostly, Hoffman survived through false ID and odd jobs. Eventually he underwent facial plastic surgery and adopted an entirely new identity as one "Barry Freed." After surrendering himself to authorities in 1980, Hoffman spent a year in prison on a cocaine conviction.
Hoffman's worldview grew much darker as the glory days of the 1960s faded. In 1989, he purportedly committed suicide, under odd and, to some, rather suspicious circumstances.
Abbie Hoffman is said to have caused the Federal Bureau of Investigation to amass the single largest investigation file ever opened on an individual American citizen. (If this is true, it is still questionable whether the FBI regarded Abbie Hoffman a serious public threat—quite possibly, his file was enormous simply because Hoffman left colorful legendry wherever he went). He was a gifted publicist, who regarded electronic media as both playground and weapon. He actively enjoyed manipulating network TV and other gullible, image-hungry media, with various weird lies, mindboggling rumors, impersonation scams, and other sinister distortions, all absolutely guaranteed to upset cops, Presidential candidates, and federal judges. Hoffman's most famous work was a book self-reflexively known as STEAL THIS BOOK, which publicized a number of methods by which young, penniless hippie agitators might live off the fat of a system supported by humorless drones. STEAL THIS BOOK, whose title urged readers to damage the very means of distribution which had put it into their hands, might be described as a spiritual ancestor of a computer virus.
Hoffman, like many a later conspirator, made extensive use of pay-phones for his agitation work—in his case, generally through the use of cheap brass washers as coin-slugs.
During the Vietnam War, there was a federal surtax imposed on telephone service; Hoffman and his cohorts could, and did, argue that in systematically stealing phone service they were engaging in civil disobedience: virtuously denying tax funds to an illegal and immoral war.
But this thin veil of decency was soon dropped entirely. Ripping-off the System found its own justification in deep alienation and a basic outlaw contempt for conventional bourgeois values. Ingenious, vaguely politicized varieties of rip-off, which might be described as "anarchy by convenience," became very popular in Yippie circles, and because rip-off was so useful, it was to survive the Yippie movement itself.
In the early 1970s, it required fairly limited expertise and ingenuity to cheat payphones, to divert "free" electricity and gas service, or to rob vending machines and parking meters for handy pocket change. It also required a conspiracy to spread this knowledge, and the gall and nerve actually to commit petty theft, but the Yippies had these qualifications in plenty. In June 1971, Abbie Hoffman and a telephone enthusiast sarcastically known as "Al Bell" began publishing a newsletter called Youth International Party Line. This newsletter was dedicated to collating and spreading Yippie rip-off techniques, especially of phones, to the joy of the freewheeling underground and the insensate rage of all straight people. As a political tactic, phone-service theft ensured that Yippie advocates would always have ready access to the long-distance telephone as a medium, despite the Yippies' chronic lack of organization, discipline, money, or even a steady home address.
PARTY LINE was run out of Greenwich Village for a couple of years, then "Al Bell" more or less defected from the faltering ranks of Yippiedom, changing the newsletter's name to TAP or Technical Assistance Program. After the Vietnam War ended, the steam began leaking rapidly out of American radical dissent. But by this time, "Bell" and his dozen or so core contributors had the bit between their teeth, and had begun to derive tremendous gut-level satisfaction from the sensation of pure TECHNICAL POWER.
TAP articles, once highly politicized, became pitilessly jargonized and technical, in homage or parody to the Bell System's own technical documents, which TAP studied closely, gutted, and reproduced without permission. The TAP elite revelled in gloating possession of the specialized knowledge necessary to beat the system.
"Al Bell" dropped out of the game by the late 70s, and "Tom Edison" took over; TAP readers (some 1400 of them, all told) now began to show more interest in telex switches and the growing phenomenon of computer systems.
In 1983, "Tom Edison" had his computer stolen and his house set on fire by an arsonist. This was an eventually mortal blow to TAP (though the legendary name was to be resurrected in 1990 by a young Kentuckian computer-outlaw named "Predat0r.")
#
Ever since telephones began to make money, there have been people willing to rob and defraud phone companies. The legions of petty phone thieves vastly outnumber those "phone phreaks" who "explore the system" for the sake of the intellectual challenge. The New York metropolitan area (long in the vanguard of American crime) claims over 150,000 physical attacks on pay telephones every year! Studied carefully, a modern payphone reveals itself as a little fortress, carefully designed and redesigned over generations, to resist coin-slugs, zaps of electricity, chunks of coin-shaped ice, prybars, magnets, lockpicks, blasting caps. Public pay-phones must survive in a world of unfriendly, greedy people, and a modern payphone is as exquisitely evolved as a cactus.
Because the phone network pre-dates the computer network, the scofflaws known as "phone phreaks" pre-date the scofflaws known as "computer hackers." In practice, today, the line between "phreaking" and "hacking" is very blurred, just as the distinction between telephones and computers has blurred. The phone system has been digitized, and computers have learned to "talk" over phone-lines. What's worse—and this was the point of the Mr. Jenkins of the Secret Service—some hackers have learned to steal, and some thieves have learned to hack.
Despite the blurring, one can still draw a few useful behavioral distinctions between "phreaks" and "hackers." Hackers are intensely interested in the "system" per se, and enjoy relating to machines. "Phreaks" are more social, manipulating the system in a rough-and-ready fashion in order to get through to other human beings, fast, cheap and under the table.
Phone phreaks love nothing so much as "bridges," illegal conference calls of ten or twelve chatting conspirators, seaboard to seaboard, lasting for many hours—and running, of course, on somebody else's tab, preferably a large corporation's.
As phone-phreak conferences wear on, people drop out (or simply leave the phone off the hook, while they sashay off to work or school or babysitting), and new people are phoned up and invited to join in, from some other continent, if possible. Technical trivia, boasts, brags, lies, head-trip deceptions, weird rumors, and cruel gossip are all freely exchanged.
The lowest rung of phone-phreaking is the theft of telephone access codes. Charging a phone call to somebody else's stolen number is, of course, a pig-easy way of stealing phone service, requiring practically no technical expertise. This practice has been very widespread, especially among lonely people without much money who are far from home. Code theft has flourished especially in college dorms, military bases, and, notoriously, among roadies for rock bands. Of late, code theft has spread very rapidly among Third Worlders in the US, who pile up enormous unpaid long-distance bills to the Caribbean, South America, and Pakistan.
The simplest way to steal phone-codes is simply to look over a victim's shoulder as he punches-in his own code-number on a public payphone. This technique is known as "shoulder-surfing," and is especially common in airports, bus terminals, and train stations. The code is then sold by the thief for a few dollars. The buyer abusing the code has no computer expertise, but calls his Mom in New York, Kingston or Caracas and runs up a huge bill with impunity. The losses from this primitive phreaking activity are far, far greater than the monetary losses caused by computer-intruding hackers.
In the mid-to-late 1980s, until the introduction of sterner telco security measures, COMPUTERIZED code theft worked like a charm, and was virtually omnipresent throughout the digital underground, among phreaks and hackers alike. This was accomplished through programming one's computer to try random code numbers over the telephone until one of them worked. Simple programs to do this were widely available in the underground; a computer running all night was likely to come up with a dozen or so useful hits. This could be repeated week after week until one had a large library of stolen codes.
Nowadays, the computerized dialling of hundreds of numbers can be detected within hours and swiftly traced. If a stolen code is repeatedly abused, this too can be detected within a few hours. But for years in the 1980s, the publication of stolen codes was a kind of elementary etiquette for fledgling hackers. The simplest way to establish your bona-fides as a raider was to steal a code through repeated random dialling and offer it to the "community" for use. Codes could be both stolen, and used, simply and easily from the safety of one's own bedroom, with very little fear of detection or punishment.
Before computers and their phone-line modems entered American homes in gigantic numbers, phone phreaks had their own special telecommunications hardware gadget, the famous "blue box." This fraud device (now rendered increasingly useless by the digital evolution of the phone system) could trick switching systems into granting free access to long-distance lines. It did this by mimicking the system's own signal, a tone of 2600 hertz.
Steven Jobs and Steve Wozniak, the founders of Apple Computer, Inc., once dabbled in selling blue-boxes in college dorms in California. For many, in the early days of phreaking, blue-boxing was scarcely perceived as "theft," but rather as a fun (if sneaky) way to use excess phone capacity harmlessly. After all, the long-distance lines were JUST SITTING THERE.... Whom did it hurt, really? If you're not DAMAGING the system, and you're not USING UP ANY TANGIBLE RESOURCE, and if nobody FINDS OUT what you did, then what real harm have you done? What exactly HAVE you "stolen," anyway? If a tree falls in the forest and nobody hears it, how much is the noise worth? Even now this remains a rather dicey question.
Blue-boxing was no joke to the phone companies, however. Indeed, when Ramparts magazine, a radical publication in California, printed the wiring schematics necessary to create a mute box in June 1972, the magazine was seized by police and Pacific Bell phone-company officials. The mute box, a blue-box variant, allowed its user to receive long-distance calls free of charge to the caller. This device was closely described in a Ramparts article wryly titled "Regulating the Phone Company In Your Home." Publication of this article was held to be in violation of Californian State Penal Code section 502.7, which outlaws ownership of wire-fraud devices and the selling of "plans or instructions for any instrument, apparatus, or device intended to avoid telephone toll charges."
Issues of Ramparts were recalled or seized on the newsstands, and the resultant loss of income helped put the magazine out of business. This was an ominous precedent for free-expression issues, but the telco's crushing of a radical-fringe magazine passed without serious challenge at the time. Even in the freewheeling California 1970s, it was widely felt that there was something sacrosanct about what the phone company knew; that the telco had a legal and moral right to protect itself by shutting off the flow of such illicit information. Most telco information was so "specialized" that it would scarcely be understood by any honest member of the public. If not published, it would not be missed. To print such material did not seem part of the legitimate role of a free press.
In 1990 there would be a similar telco-inspired attack on the electronic phreak/hacking "magazine" Phrack. The Phrack legal case became a central issue in the Hacker Crackdown, and gave rise to great controversy. Phrack would also be shut down, for a time, at least, but this time both the telcos and their law-enforcement allies would pay a much larger price for their actions. The Phrack case will be examined in detail, later.
Phone-phreaking as a social practice is still very much alive at this moment. Today, phone-phreaking is thriving much more vigorously than the better-known and worse-feared practice of "computer hacking." New forms of phreaking are spreading rapidly, following new vulnerabilities in sophisticated phone services.
Cellular phones are especially vulnerable; their chips can be re-programmed to present a false caller ID and avoid billing. Doing so also avoids police tapping, making cellular-phone abuse a favorite among drug-dealers. "Call-sell operations" using pirate cellular phones can, and have, been run right out of the backs of cars, which move from "cell" to "cell" in the local phone system, retailing stolen long-distance service, like some kind of demented electronic version of the neighborhood ice-cream truck.
Private branch-exchange phone systems in large corporations can be penetrated; phreaks dial-up a local company, enter its internal phone-system, hack it, then use the company's own PBX system to dial back out over the public network, causing the company to be stuck with the resulting long-distance bill. This technique is known as "diverting." "Diverting" can be very costly, especially because phreaks tend to travel in packs and never stop talking. Perhaps the worst by-product of this "PBX fraud" is that victim companies and telcos have sued one another over the financial responsibility for the stolen calls, thus enriching not only shabby phreaks but well-paid lawyers.
"Voice-mail systems" can also be abused; phreaks can seize their own sections of these sophisticated electronic answering machines, and use them for trading codes or knowledge of illegal techniques. Voice-mail abuse does not hurt the company directly, but finding supposedly empty slots in your company's answering machine all crammed with phreaks eagerly chattering and hey-duding one another in impenetrable jargon can cause sensations of almost mystical repulsion and dread.
Worse yet, phreaks have sometimes been known to react truculently to attempts to "clean up" the voice-mail system. Rather than humbly acquiescing to being thrown out of their playground, they may very well call up the company officials at work (or at home) and loudly demand free voice-mail addresses of their very own. Such bullying is taken very seriously by spooked victims.
Acts of phreak revenge against straight people are rare, but voice-mail systems are especially tempting and vulnerable, and an infestation of angry phreaks in one's voice-mail system is no joke. They can erase legitimate messages; or spy on private messages; or harass users with recorded taunts and obscenities. They've even been known to seize control of voice-mail security, and lock out legitimate users, or even shut down the system entirely.
Cellular phone-calls, cordless phones, and ship-to-shore telephony can all be monitored by various forms of radio; this kind of "passive monitoring" is spreading explosively today. Technically eavesdropping on other people's cordless and cellular phone-calls is the fastest-growing area in phreaking today. This practice strongly appeals to the lust for power and conveys gratifying sensations of technical superiority over the eavesdropping victim. Monitoring is rife with all manner of tempting evil mischief. Simple prurient snooping is by far the most common activity. But credit-card numbers unwarily spoken over the phone can be recorded, stolen and used. And tapping people's phone-calls (whether through active telephone taps or passive radio monitors) does lend itself conveniently to activities like blackmail, industrial espionage, and political dirty tricks.
It should be repeated that telecommunications fraud, the theft of phone service, causes vastly greater monetary losses than the practice of entering into computers by stealth. Hackers are mostly young suburban American white males, and exist in their hundreds—but "phreaks" come from both sexes and from many nationalities, ages and ethnic backgrounds, and are flourishing in the thousands.
#
The term "hacker" has had an unfortunate history. This book, The Hacker Crackdown, has little to say about "hacking" in its finer, original sense. The term can signify the free-wheeling intellectual exploration of the highest and deepest potential of computer systems. Hacking can describe the determination to make access to computers and information as free and open as possible. Hacking can involve the heartfelt conviction that beauty can be found in computers, that the fine aesthetic in a perfect program can liberate the mind and spirit. This is "hacking" as it was defined in Steven Levy's much-praised history of the pioneer computer milieu, Hackers, published in 1984.
Hackers of all kinds are absolutely soaked through with heroic anti-bureaucratic sentiment. Hackers long for recognition as a praiseworthy cultural archetype, the postmodern electronic equivalent of the cowboy and mountain man. Whether they deserve such a reputation is something for history to decide. But many hackers—including those outlaw hackers who are computer intruders, and whose activities are defined as criminal—actually attempt to LIVE UP TO this techno-cowboy reputation. And given that electronics and telecommunications are still largely unexplored territories, there is simply NO TELLING what hackers might uncover.
For some people, this freedom is the very breath of oxygen, the inventive spontaneity that makes life worth living and that flings open doors to marvellous possibility and individual empowerment. But for many people —and increasingly so—the hacker is an ominous figure, a smart-aleck sociopath ready to burst out of his basement wilderness and savage other people's lives for his own anarchical convenience.
Any form of power without responsibility, without direct and formal checks and balances, is frightening to people—and reasonably so. It should be frankly admitted that hackers ARE frightening, and that the basis of this fear is not irrational.
Fear of hackers goes well beyond the fear of merely criminal activity.
Subversion and manipulation of the phone system is an act with disturbing political overtones. In America, computers and telephones are potent symbols of organized authority and the technocratic business elite.
But there is an element in American culture that has always strongly rebelled against these symbols; rebelled against all large industrial computers and all phone companies. A certain anarchical tinge deep in the American soul delights in causing confusion and pain to all bureaucracies, including technological ones.
There is sometimes malice and vandalism in this attitude, but it is a deep and cherished part of the American national character. The outlaw, the rebel, the rugged individual, the pioneer, the sturdy Jeffersonian yeoman, the private citizen resisting interference in his pursuit of happiness—these are figures that all Americans recognize, and that many will strongly applaud and defend.
Many scrupulously law-abiding citizens today do cutting-edge work with electronics—work that has already had tremendous social influence and will have much more in years to come. In all truth, these talented, hardworking, law-abiding, mature, adult people are far more disturbing to the peace and order of the current status quo than any scofflaw group of romantic teenage punk kids. These law-abiding hackers have the power, ability, and willingness to influence other people's lives quite unpredictably. They have means, motive, and opportunity to meddle drastically with the American social order. When corralled into governments, universities, or large multinational companies, and forced to follow rulebooks and wear suits and ties, they at least have some conventional halters on their freedom of action. But when loosed alone, or in small groups, and fired by imagination and the entrepreneurial spirit, they can move mountains—causing landslides that will likely crash directly into your office and living room.
These people, as a class, instinctively recognize that a public, politicized attack on hackers will eventually spread to them—that the term "hacker," once demonized, might be used to knock their hands off the levers of power and choke them out of existence. There are hackers today who fiercely and publicly resist any besmirching of the noble title of hacker. Naturally and understandably, they deeply resent the attack on their values implicit in using the word "hacker" as a synonym for computer-criminal.
This book, sadly but in my opinion unavoidably, rather adds to the degradation of the term. It concerns itself mostly with "hacking" in its commonest latter-day definition, i.e., intruding into computer systems by stealth and without permission. The term "hacking" is used routinely today by almost all law enforcement officials with any professional interest in computer fraud and abuse. American police describe almost any crime committed with, by, through, or against a computer as hacking.
Most importantly, "hacker" is what computer-intruders choose to call THEMSELVES. Nobody who "hacks" into systems willingly describes himself (rarely, herself) as a "computer intruder," "computer trespasser," "cracker," "wormer," "darkside hacker" or "high tech street gangster." Several other demeaning terms have been invented in the hope that the press and public will leave the original sense of the word alone. But few people actually use these terms. (I exempt the term "cyberpunk," which a few hackers and law enforcement people actually do use. The term "cyberpunk" is drawn from literary criticism and has some odd and unlikely resonances, but, like hacker, cyberpunk too has become a criminal pejorative today.)
In any case, breaking into computer systems was hardly alien to the original hacker tradition. The first tottering systems of the 1960s required fairly extensive internal surgery merely to function day-by-day. Their users "invaded" the deepest, most arcane recesses of their operating software almost as a matter of routine. "Computer security" in these early, primitive systems was at best an afterthought. What security there was, was entirely physical, for it was assumed that anyone allowed near this expensive, arcane hardware would be a fully qualified professional expert.
In a campus environment, though, this meant that grad students, teaching assistants, undergraduates, and eventually, all manner of dropouts and hangers-on ended up accessing and often running the works.
Universities, even modern universities, are not in the business of maintaining security over information. On the contrary, universities, as institutions, pre-date the "information economy" by many centuries and are not-for-profit cultural entities, whose reason for existence (purportedly) is to discover truth, codify it through techniques of scholarship, and then teach it. Universities are meant to PASS THE TORCH OF CIVILIZATION, not just download data into student skulls, and the values of the academic community are strongly at odds with those of all would-be information empires. Teachers at all levels, from kindergarten up, have proven to be shameless and persistent software and data pirates. Universities do not merely "leak information" but vigorously broadcast free thought.
This clash of values has been fraught with controversy. Many hackers of the 1960s remember their professional apprenticeship as a long guerilla war against the uptight mainframe-computer "information priesthood." These computer-hungry youngsters had to struggle hard for access to computing power, and many of them were not above certain, er, shortcuts. But, over the years, this practice freed computing from the sterile reserve of lab-coated technocrats and was largely responsible for the explosive growth of computing in general society—especially PERSONAL computing.
Access to technical power acted like catnip on certain of these youngsters. Most of the basic techniques of computer intrusion: password cracking, trapdoors, backdoors, trojan horses—were invented in college environments in the 1960s, in the early days of network computing. Some off-the-cuff experience at computer intrusion was to be in the informal resume of most "hackers" and many future industry giants. Outside of the tiny cult of computer enthusiasts, few people thought much about the implications of "breaking into" computers. This sort of activity had not yet been publicized, much less criminalized.
In the 1960s, definitions of "property" and "privacy" had not yet been extended to cyberspace. Computers were not yet indispensable to society. There were no vast databanks of vulnerable, proprietary information stored in computers, which might be accessed, copied without permission, erased, altered, or sabotaged. The stakes were low in the early days—but they grew every year, exponentially, as computers themselves grew.
By the 1990s, commercial and political pressures had become overwhelming, and they broke the social boundaries of the hacking subculture. Hacking had become too important to be left to the hackers. Society was now forced to tackle the intangible nature of cyberspace-as-property, cyberspace as privately-owned unreal-estate. In the new, severe, responsible, high-stakes context of the "Information Society" of the 1990s, "hacking" was called into question.
What did it mean to break into a computer without permission and use its computational power, or look around inside its files without hurting anything? What were computer-intruding hackers, anyway—how should society, and the law, best define their actions? Were they just BROWSERS, harmless intellectual explorers? Were they VOYEURS, snoops, invaders of privacy? Should they be sternly treated as potential AGENTS OF ESPIONAGE, or perhaps as INDUSTRIAL SPIES? Or were they best defined as TRESPASSERS, a very common teenage misdemeanor? Was hacking THEFT OF SERVICE? (After all, intruders were getting someone else's computer to carry out their orders, without permission and without paying). Was hacking FRAUD? Maybe it was best described as IMPERSONATION. The commonest mode of computer intrusion was (and is) to swipe or snoop somebody else's password, and then enter the computer in the guise of another person—who is commonly stuck with the blame and the bills.
Perhaps a medical metaphor was better—hackers should be defined as "sick," as COMPUTER ADDICTS unable to control their irresponsible, compulsive behavior.
But these weighty assessments meant little to the people who were actually being judged. From inside the underground world of hacking itself, all these perceptions seem quaint, wrongheaded, stupid, or meaningless. The most important self-perception of underground hackers—from the 1960s, right through to the present day—is that they are an ELITE. The day-to-day struggle in the underground is not over sociological definitions—who cares?—but for power, knowledge, and status among one's peers.
When you are a hacker, it is your own inner conviction of your elite status that enables you to break, or let us say "transcend," the rules. It is not that ALL rules go by the board. The rules habitually broken by hackers are UNIMPORTANT rules—the rules of dopey greedhead telco bureaucrats and pig-ignorant government pests.
Hackers have their OWN rules, which separate behavior which is cool and elite, from behavior which is rodentlike, stupid and losing. These "rules," however, are mostly unwritten and enforced by peer pressure and tribal feeling. Like all rules that depend on the unspoken conviction that everybody else is a good old boy, these rules are ripe for abuse. The mechanisms of hacker peer-pressure, "teletrials" and ostracism, are rarely used and rarely work. Back-stabbing slander, threats, and electronic harassment are also freely employed in down-and-dirty intrahacker feuds, but this rarely forces a rival out of the scene entirely. The only real solution for the problem of an utterly losing, treacherous and rodentlike hacker is to TURN HIM IN TO THE POLICE. Unlike the Mafia or Medellin Cartel, the hacker elite cannot simply execute the bigmouths, creeps and troublemakers among their ranks, so they turn one another in with astonishing frequency.
There is no tradition of silence or OMERTA in the hacker underworld. Hackers can be shy, even reclusive, but when they do talk, hackers tend to brag, boast and strut. Almost everything hackers do is INVISIBLE; if they don't brag, boast, and strut about it, then NOBODY WILL EVER KNOW. If you don't have something to brag, boast, and strut about, then nobody in the underground will recognize you and favor you with vital cooperation and respect.
The way to win a solid reputation in the underground is by telling other hackers things that could only have been learned by exceptional cunning and stealth. Forbidden knowledge, therefore, is the basic currency of the digital underground, like seashells among Trobriand Islanders. Hackers hoard this knowledge, and dwell upon it obsessively, and refine it, and bargain with it, and talk and talk about it.