In
1983, Mark Abene was just a beanie-wearing mall rat with too much spare time.
He didn't own a computer, so one day he wandered into a Radio Shack and tapped
a few commands on a Texas Instruments TI-994A, then experimented with BASIC
programming on an Apple II and a Commodore VIC-20. Around Christmas of that
year, he bought a Radio Shack TRS-80 for $150; it had 4K of memory and a
cassette recorder for saving BASIC programs. By 1984 – in an almost
providential move with echoes of Orwellian symmetry – he had bought a
300-baud modem and registered for the CompuServe online service.
Back
then, the phone company controlled every phone line in his home, so Abene had
to buy an adapter that let him plug his computer into a wall. He found a
thriving BBS (bulletin board system) community called Legion of Doom, exchanged
phone card call numbers, and grabbed private logins to university mainframes.
He enjoyed the sense of power using his minimalist PC to control a powerful Digital
Equipment Corporation system in downtown New York.
By
the mid-80s, his parents had finally upgraded to a touch tone phone, so Abene
learned how to program circuits to mimic telephone signals along trunk lines and
re-directed traffic between switchboards. In 1991, after the AT&T telephone
system crash left 60,000 customers without a phone line for nine hours, the FBI
burst into Abene's bedroom, guns drawn, and confiscated his computer gear. Today,
his phone hacking – or "phreaking" – is an infamous
milestone. Abene (aka Phiber Optik) demonstrated how vulnerable a massive
telephone system could be from a pimple-faced intruder using Radio Shack gear. At
a prepubescent 19, Abene became the first hacker to serve time in a federal
prison; he's now a prominent figure in the below-the-radar history of hackerdom.
Living
the Anti-Demigod Lifestyle
So,
why do they do it? What motivates a suburban teen to hack into a university
computer and chat with 40-something garbage collectors and airplane pilots, and
later compromise bank systems and steal credit card numbers? How could a
California radio station contestant win a Porsche to prove his hacking skills, and
then decide to reveal the identities of undercover FBI operatives, create a
worldwide virtual escort service, and work as an editor at Wired Magazine? Or,
what drives a shaggy-bearded college drop-out to experiment with phone hoaxes, help
invent a PC in his neighbor's garage, and wind up as an extremely wealthy Silicon
Valley executive who runs multiple high-profile corporations?
Hackers
certainly come in all shapes and sizes. Some are ingenious criminals who reveal
the weaknesses of corporate giants. Others upload erotic images to government
Web sites just to prove they can. A few actually work for security agencies and
define hacking as a worthwhile, productive endeavor. Phreakers break into phone
systems illegally to make free phone calls, crackers decode encrypted computer
systems with alarming ease, spammers use zombie computers to send marketing
e-mails to millions of unsuspecting dupes, phishers con you with look-alike
bank sites to steal your account information.
Yet,
every hacker seems to have one underlying urge: to test the rules and exist on
the fringes of society, to show that no system is impenetrable or invulnerable.
Hackers are iconic figures with complex personalities, prone to mixing-and-matching
computer hardware, who invent new computer contrivances. They live close to the
rim of computer legitimacy – or just beyond its feeble reach.
Fun
with phone phreaking
In
the 1960s, a computer was a Pontiac-sized phenomenon encased in a glass-walled shrine
or housed within a wax-floored laboratory. Only keycard-wielding geeks could even
speak their names: the Honeywell 1800, the Internal Business Machines
1401, the Computer Data Corporation 6600. The term "computer
scientist" implied Princeton degrees and a government pedigree. In the US,
the concept of owning a home computer was akin to building a spacecraft in your
backyard: it might be possible, but it was laughably implausible.
Yes,
only accredited professionals could program these powerful computers to
track university enrollments, analyze medical anomalies, or monitor traffic conditions.
They all had starch white shirts and oily comb-overs, the precursors to a Bill
Gates nerd. Everyone else – the computer illiterate in the general
populace – could only enjoy the benefits of their computational prowess.
For
John Draper, this elitism stuck in his craw. A Vietnam veteran honorably
discharged by the Air Force in 1968, Draper had learned how to build an FM
transmitter in his spare time and loved to tinker with electronics. One day, a
blind phreaker named Dennie called him unexpectedly to talk about free
conference calls over the telephone network. He later explained how a toy
whistle from a Cap'n Crunch cereal box could emit a 2600Hz tone and trigger
free long distance calls. The whistle – which came in six colors – was
about 3 inches long and has cereal character moldings on both sides. Today,
it's a collector's item. The 2600Hz tone – now almost meaningless in an
age of fiber optics -- is a kind of phone phreaking identifier; it's even the
name of a well-known hacker rag.
Yet,
for Draper, it was the key to unlock a goldmine. He decided to advance the idea
with the "blue box," which emits the same frequency at the push of a
button. He spread the word about his invention at the People's Computer Club in
Menlo Park, California. In a twist of fate, Draper invited Steve Wozniak,
co-founder of Apple Computer, to a potluck supper at the club. The two enjoyed
a prankster rapport; Wozniak later used the blue box with his pal Steve Jobs to
make untraceable prank phone calls, including one to the Pope. (Maybe it was a
way for Wozniak to confess his sins to the highest authority he knew.)
Interestingly,
Jobs was more of a marketing genius than a technical whiz and never developed
the same lifelong phone phreaking obsession as Wozniak. Today, Jobs heads Apple
Computer, Pixar Animation, and may end up in an executive role at Disney. Still,
both Jobs and Bill Gates were part of a hacking culture. Gates snuck into
University of Washington computer labs and wrote zany low-res game programs;
Jobs was a bearded college drop-out. It's an interesting paradigm to consider
that both Gates and Jobs started companies in response to the Big Blue
monoliths of the day; they were both sneaker-wearing bumpkins.
Back
then, phreaking had a potent allure: it meant unraveling a mystery, and sharing
the results with friends. It was not about nefarious phone exploitation, but
understanding complexity. Draper, for example, would revel in routing calls
through multiple countries just to talk to his neighbor. Yet, he also took steps
beyond simple phone hoaxes and switchboard routing. He admits that publishing techniques
to place free toll calls is illegal in most states. In 1972, he was arrested on
toll fraud charges and spent four months in prison. Today, the blue box still
works on foreign phone lines and for some toll calls, but Draper says phone
companies have become increasingly adept at spotting illegal usage.
Draper
is a craggy-haired California hippy, but to the phone phreaking masses, he is a
hacker god. To an extent, the concept of beating the telephone conglomerates,
scanning for security flaws, and exploiting a hack as far as possible all
originate with Draper. He's promoted the mystique with a hacker portal
(www.webcrunchers.com) that documents his early days. Yet, he's now working as
a security analyst and runs a security site (www.crunchtv.net) that seems to
disavow the hacker mantras. Draper says that hacking was once a teenage pastime,
but now it’s a tool of the worst Jihad terrorists.
Crackers
in paradise?
After
Draper, there was a time shift in computing. Phone phreakers were still blowing
whistles into phone receivers, but a new, more insidious delinquent emerged:
the cracker. In the late 80s early 90s, the home PC became more prevalent and
even connected – in a minimalist sense – to the Internet, but large
corporations were still as monopolistic as ever. In response, new hacker clubs
started popping up, such as Germany's Chaos Computer Club – formed by Wau
Holland as a kind of Orwellian think tank – and Masters of Deception
– a New York hackers club fronted by Mark Abene. To thwart the epidemic,
the US government passed the Computer Crime and Abuse Act of 1988.
That
same year, Robert Morris started working on his graduate degree at Cornell
University. His father was the chief scientist at the National Computer
Security Center, a high-profile figure who undoubtedly talked about security
threats over meatloaf and potatoes with his son. Partly to demonstrate his
hacking prowess to classmates, and partly to show how an MIT security system
was vulnerable to attack, Morris wrote a software program (99 lines of code)
that exploited a bug in a Unix e-mail program. The program, later called a
worm, was supposed to only infect the MIT systems, but spread rapidly over a 12
hour period. Some universities responded by shutting down computers altogether.
Others, such as U of C Berkeley and Purdue, fought back with virus blocking programs.
Meanwhile,
Morris was surprised at how quickly his worm spread. He helped a friend send
out an anonymous message with instructions for system administrators to stop
the plague, but by then the virus had seriously propagated. Each university
spent thousands to fix infected computers; the US government fined Morris for
$10,050 and sentenced him to probation and community service. Interestingly,
Morris makes no mention of the incident at his Web site (http://pdos.csail.mit.edu/~rtm),
yet the source code for the worm is still in wide circulation; hackers still
use the worm as a starting point for new viruses. For example, when the FBI
raided Legion of Doom member Erik Bloodaxe's home they found the source code
for the Morris worm on his computer.
Kevin
Mitnick is another bright figure on the hacker landscape, although stardom was
never his goal. In 1976, while other Americans were celebrating the Bicentennial,
Mitnick was sweeping the floors at a Radio Shack so he could use their computers
at night. By the late 90s, he developed a passion for unraveling computer
source code to see how an operating system worked or how a cell phone connected
to a network. A gregarious personality, he once called Motorola and talked them
into sharing their source code for free. Mitnick later broke into the computer
systems at Nokia, Sun Microsystems, Fujitsu, and Motorola. For him and many
other crackers, the goal was a proof-of-concept; as a reckless teen, he wanted
to show off his hacking skills, not cause incessant damage.
Government
officials, unfortunately, did not see his actions the same way. He was the
first hacker to earn an "FBI Most Wanted" distinction, and a judge
once called him a hacker addict. The New York Times broke a story about Mitnick
that ultimately led to his arrest in 1995 and a five year prison term.
Curiously, Mitnick still denies causing any serious damage, although he does
admit that sneaking onto private networks is probably illegal. His infamy is
really a result of a widespread misunderstanding about the case. The FBI
assumed he could crack anything, and they feared he could launch nuclear bombs
or shut down the Internet. After his prison sentence, the FBI did not allow him
to own or use any electronic devices. During an episode of Alias, he played the
part of a computer whiz, but the producers only gave him access to a dummy
computer.
Mitnick
has influenced an entire generation of hackers. His stealth tactics, use of
less traceable IRC (Internet Relay Chat), and treatises on how hackers use
"social engineering" to obtain information have caused a stir in the
security field. Mitnick himself works as a security consultant, ironically
enough, spending about 25% of his time breaking into "secure" network
systems to show the company how their network is vulnerable – for a primo
consulting fee.
Perhaps
because of the Mitnick case, or due to popular consensus and misunderstanding
about the hacker culture, the US government and foreign countries quickly
established Internet crime divisions. Operation Sundevil, begun in 1990 and
intended to combat telephone abuse and credit card fraud, is the most notorious
example. On May 9, 1990, the task force raided the homes of several known
hackers and confiscated their equipment. The fear was twofold: there was an
uncertainty about who was hacking and why, along with a misunderstanding about
their illicit behavior. Today, the term "hacking" is negative, but
many security experts do not classify the act or function of attempting a
break-in as illegal, but only the resulting crimes.
Abene,
Draper, Morris, Mitnick – they all helped promote a hacker mentality that
has permeated through American culture. For example, in April of 2003, the
Modonna.com home page was hacked with derogatory messages and a marriage
proposal to a television show reporter named Morgan Webb. Throughout the 90s, a
hacker "think tank" called Lopht Heavy Industries met in Boston to
discuss security flaws, and reported to Congress in 1998 that they could shut
down the entire Internet in 30 minutes. (This is only partially true, as the
worldwide Internet consists of disparate zones; a hacker could conceivably shut
down individual Internet zones but not all of them at the same time.)
Other
hackers clubs include Foonet and Cult of the Dead Cow (apparently, hackers have
a literally sense as well). In recent years, Microsoft – and even Bill
Gates himself – have been favorite targets. New terms such as
"denial-of-service" and "phishing" (where a hackers cons
you into thinking you are visiting a real bank site) have become more common
than phreaking. Because wireless hotspots – a network that lets you
connect anywhere from a laptop -- are so common, hackers are now using programs
that can de-encrypt the 802.11 signal and wreak havoc on corporate networks
without leaving a trace.
Where
will it end? No one knows – there is still a fear in the US and in
countries like the Netherlands and the UK that a single hacker could
conceivably steal government secrets with just a few mouse clicks or distribute
a virus that cripples corporations for days or months. Movies such as Sneakers,
Hackers, and The Matrix deify hackers as elusive masterminds. In reality,
hackers are simple aloof computer geeks with too much imagination and spare time.
They are constantly looking for the next encryption standard so they can break
the code and prove their worth. Their one goal: prove that greesy-haired geeks
rule the world.
By
John Brandon
Sidebar:
Other Prominent Hackers
Ian
Murphy (aka Captain Zap) was one of the first phone phreakers; he's the first
hacker to be charged with a crime. In the mid-60s, he developed a device that
would allow him to listen to phone conversations -- mostly girls in the
neighborhood. In 1981, he broke into the AT&T phone system and changed
internal clocks so that customers would get midnight discounts in midday.
Kevin
Poulsen (aka Dark Dante) learned lock-picking as a teenager and rigged the
phone lines for a KIIS-FM Los Angeles radio station contest so he would win a Porsche
944 S2. He helped a friend resurrect outdated yellow pages ads for an escort
service, rerouting calls. In April of 1991, he was arrested on charges of fraud
and money laundering, mostly thanks to an episode of Unsolved Mysteries.
Tsutomu
Shimomura is the famous anti-hacker who helped track down Kevin Mitnick, mostly
by eavesdropping on his online IRC chats and to get revenge. On Christmas Day,
1995, a hacker stole his personal files and distributed them over the WELL, an
online community for expert users. It was Mitnick. A research scientist at the
San Diego Supercomputer Center, Shimomura tracked Mitnick by using a trace
dialing technique and locating telephone loop signals.
Jon
Johansen (aka DVD Jon) is most famous for DeCSS, a program that de-encrypts a
DVD so you can save it on your computer. Today, thousands of average
non-hackers exchange DVD files through peer-to-peer networks in part because of
DeCSS, which violates the Digital Millennium Copyright Act of 1988. Authorities
have arrested him twice but has never convicted; his latest target: Apple
Computer and the iTunes Music Store.
Jeanson
Ancheta used 26,975 computers to send 400 million spam messages, just over one
per American, mostly about embarrassing medical treatments. His 17-count
indictment accuses him of running a "botnet army" and selling
technology to other spammers who wanted to avoid criminal detection.
Sidebar:
Spam cons, phishing scams, and you
Another
form of hacking involves unsolicited e-mail (or "spam"). In this
scenario, a hacker obtains a list of e-mail messages, often illegally, figures
out how to send them in mass deployments, and then reads the responses into a
database. When just a few people respond and purchase a prescription drug, for
example, the spam artist has succeeded. More importantly, hackers are usually
the ones who figure out how to get around spam filters on common mail programs,
such as Microsoft Outlook, Earthlink.com and Yahoo! Mail. They just spell
Viagra wrong, or include extra text characters that fool the mail engines.
Main
Sources
http://www.exhibitresearch.com/kevin/nyc/abene/
http://barbalet-net.barbalet.com/crunch/
http://www.webcrunchers.com/crunch/story.html
http://www.g4tv.com/screensavers/features/32372/How_Capn_Crunch_Became_a_Phone_Phreaker.html
http://www.reference.com/browse/wiki/John_Draper
http://www.webcrunchers.com/crunch/FAQ.html
http://www.swiss.ai.mit.edu/6805/articles/morris-worm.html
http://www.chriswaltrip.com/sterling/crack3a.html
http://www.thesmokinggun.com/archive/madonnasplash1.html
http://www.techweb.com/wire/story/TWB19980524S0001
http://www.wired.com/wired/archive/4.02/catching.html
Other
sources:
http://www.atariarchives.org/deli/the_merry_pranksters_of_microcomputing.php
http://www.netstumbler.org/archive/index.php/t-4781.html
http://www.sptimes.com/Hackers/history.hacking.html
http://www.pbs.org/wgbh/pages/frontline/shows/hackers/whoare/notable.html
http://divxstation.com/comm/thread.asp?i=14&t=11956&r=25
http://www.thocp.net/reference/hacking/hacking.htm
http://www.findarticles.com/p/articles/mi_m0EIN/is_2000_Sept_18/ai_65276536
http://www.attrition.org/errata/charlatan/murphy/
http://www.landfield.com/isn/mail-archive/1998/Mar/0102.html
http://tlc.discovery.com/convergence/hackers/bio/bio_14.html
http://www.woz.org/
http://www.levenez.com/unix/
http://www.barbalet.net/crunch/
http://www.robson.org/gary/writing/phreaking.html
http://www.hackerland.de/hackertales/crunch-eng.htm
http://www.answers.com/John%20Draper
http://www.antionline.com/