FREE ESSAY ON COMPUTER UNDERGROUND

COMPUTER UNDERGROUND

The Computer Underground. The beginning of the electronic communication revolution that
started with the public use of telephones to the emergence of home computers has been
accompanied by corresponding social problems involving the activities of so-called
computer hackers, or better referred to as the computer underground (CU). The CU is
composed of computer aficionados who stay on the fringes of legality. The CU is composed
of relatively intelligent people, in contrast to the media's description of the ultra
intelligent and sophisticated teenage hacker. The majority have in common the belief that
information should be free and that they have a right to know. They often have some
amount of dislike for the government and the industries who try to control and
commercialize information of any sort. This paper attempts to expose what the CU truly is
and dispel some of the myths propagated by the media and other organizations. This paper
also tries to show the processes and reasons behind the criminalization of the CU and how
the CU is viewed by different organizations, as well as some of the processes by which it
came into being. What the CU is has been addressed by the media, criminologists, secuity
firms, and the CU themselves, they all have a different understanding or levels of
comprehention, this paper attempts to show the differences between the views as well as
attempt to correct misunderstandings that may have been propagated by misinformed
sources. The differences between the parties of the CU such as, hackers, crackers,
phreaks, pirates, and virus writers have rarely been recognized and some deny that there
are differences thus this paper attempts to give a somewhat clearer view and define
exactly what each party is and does as well as how they relate to one another. Every
individual in the CU has a different level of sophistication when it comes to computers,
from the height of the advanced virus writer and network hacker to the pirate who can be
at the same level as a novice computer user. The prevalence of the problem has been
dramatized by the media and enforcement agents, and evidenced by the rise of specialized
private security firms to confront the hackers. The average person's knowledge about the
CU has been derived mostly from the media. The media gets their information from former
CU individuals who have been caught, from law enforcement agents, and from computer
security specialists. The computer underground, as it is called by those who participate
in it, is composed of people adhering to one or several roles: hacker, phreaker, pirate,
cracker, and computer virus developer. Terms such as these have different meanings for
those who have written about the computer underground, such as the media, and those who
participate in it. The media's concept of the Computer Underground is the main cause of
the criminalization of the activity and has largely occurred as the result of media
dramatization of the problem (Hollinger and Lanza-Kaduce, 1988). In fact, it was a
collection of newspaper and film clips that was presented to the United States Congress
during legislative debates as evidence of the computer hacking problem (Hollinger and
Lanza-Kaduce, 1988, p.107). Unfortunately, the media assessment of the computer
underground displays a naive understanding of CU activity. The media generally makes
little distinction between different types of CU activity. Most any computer- related
crime activity can be attributed to hackers. Everything from embezzlement to computer
viruses have, at one time or another, been attributed to them. Additionally, hackers are
often described as being sociopathic or malicious, creating a media image of the computer
underground that may exaggerate their ability for doing damage. The labeling of the CU
and especially hackers as being evil is well illustrated by these media examples. The
first is from Eddie Schwartz, a WGN-Radio talk show host. Here Schwartz is addressing
Anna, a self-identified hacker that has phoned into the show: You know what Anna, you
know what disturbs me? You don't sound like a stupid person but you represent a . . . a .
. . a . . . lack of morality that disturbs me greatly. You really do. I think you
represent a certain way of thinking that is morally bankrupt. And I'm not trying to
offend you, but I . . .I'm offended by you! (WGN Radio, 1988) Another example is from
NBC-TV's Hour Magazine featured a segment on computer crime. In this example, Jay
Bloombecker, director of the National Center for Computer Crime Data, discusses the
hacker problem with the host of the show, Gary Collins. Collins: . . . are they (hackers)
malicious in intent, or are they simply out to prove, ah, a certain machismo amongst
their peers? Bloombecker: I think so. I've talked about modem macho as one explanation
for what's being done. And a lot of the cases seem to involve proving that he . . . can
do something really spiffy with computers. But, some of the cases are so evil, like
causing so many computers to break, they can't look at that as just trying to prove that
you're better than other people. GC: So that's just some of it, some kind of bet against
the computer industry, or against the company. JB: No, I think it's more than just
rottenness. And like someone who uses graffiti doesn't care too much whose building it
is, they just want to be destructive. GC: You're talking about a sociopath in control of
a computer! JB: Ah, lots of computers, because there's thousands, or tens of thousands of
hackers. (NBC-TV, 1988) The media's obsession with the computer underground, that is
generally labeled as hacking, focuses almost entirely upon the morality of their actions.
Since media stories are taken from the accounts of the police, security personnel, and
members of the computer underground who have been caught, each of whom have different
perspectives and 20 definitions of their own, the media's definition, if not inherently
biased, is at best inconsistent. Criminologists, are less judgmental than the media, but
no more precise. Labels of electronic trespassers(Parker, 1983), and electronic vandals
(Bequai, 1987) have both been applied to the CU's hacking element specifically. Both
terms, while acknowledging that hacking is deviant, shy away from labeling it as criminal
or sociopathic behavior. Yet despite this seemingly non-judgmental approach to the
computer underground, both Parker and Bequai have testified before Congress, on behalf of
the computer security industry, on the danger of computer hackers. Unfortunately, their
expert testimony was largely based on information culled from newspaper stories, the
objectiveness of which has been seriously questioned (Hollinger and Lanza-Kaduce 1988
p.105). Computer security specialists, on the other hand, are often quick to identify the
CU as criminals. Similarly, some reject the notion that there are different roles and
motivations among the computer underground participants and thereby refuse to define just
what it is that a hacker or phreaker does. John Maxfield, a hacker expert, suggests that
differentiating between hackers and phone phreaks is a moot point, preferring instead
that they all just be called criminals. The reluctance or inability to differentiate
between roles and activities in the computer underground, as exhibited in the media and
computer security firms, creates an ambiguous definition of hacker that possesses two
extremes: the modern-day bank robber at one end, the trespassing teenager at the other.
Thus, most any criminal or mischievous act that involves computers can be attributed to
hackers, regardless of the nature of the crime. Participants in the computer underground
also object the overuse and misuse of the word hacking. Their objection centers around
the indiscriminate use of the word to refer to computer related crime in general and not,
specifically, the activities of the computer underground: Whenever the slightest little
thing happens involving computer security, or the breach thereof, the media goes
*censored*ing bat*censored* and points all their fingers at us 'nasty hackers.' They're
so damned ignorant it's sick (EN, message log, 1988). . . . whenever the media happens
upon anything that involves malicious computer use it's the HACKERS. The word is a catch
phrase it makes mom drop the dishes and watch the TV. They use the word because not only
they don't really know the meaning but they have lack of a word to describe the
perpetrator. That's why hacker has such a bad name, its always associated with evil
things and such (PA, message log, 1988). I never seen a phreaker called a phreaker when
caught and he's printed in the newspaper. You always see them Hacker caught in telephone
fraud. Hacker defrauds old man with phone calling card. What someone should do is tell
the *censored*en media to get it straight (TP2, message log, 1988). The difference
between the different elements of the computer underground has been generally obscured by
the media. Terms such as Cracker, Phreaker, Pirate, or Virus writer have been generally
replaced with the all encompassing word HACKER. Each element is associated with the
computer underground and some are bigger players than others but none of them can qualify
individually as the total sum of all the elements. There are major differences between
the elements of the CU that is rarely understood by someone on the outside. The use of
the word hacker, which is now generally accepted to be part of the CU, has gone through
drastic changes in definition. Hacker was first applied to computer related activities
when it was used by programmers in the late 1950's. At that time it referred to the
pioneering researchers, such as those at M.I.T., who were constantly adjusting and
experimenting with the new technology (Levy, 1984. p.7). A hacker in this context refers
to an unorthodox, yet talented, professional programmer. This use of the term still exits
today, though it is largely limited to professional computing circles. The computer
professionals maintain that using hackers (or hacking) to refer to any illegal or illicit
activity is a corruption of the true meaning of the word. Bob Bickford, a professional
programmer who has organized several programmer conferences, explains: At a conference
called Hackers 4.0 we had 200 of the most brilliant computer professionals in the world
together for one weekend; this crowd included several PhD's, several presidents of
companies (including large companies, such as Pixar), and various artists, writers,
engineers, and programmers. These people all consider themselves Hackers: all derive
great joy from their work, from finding ways around problems and limits, from creating
rather than destroying. It would be a great disservice to these people, and the thousands
of professionals like them, to let some pathetic teenaged criminals destroy the one word
which captures their style of interaction with the universe. (Bickford, 1988). The more
widely accepted definition of hacker refers to one who obtains unauthorized, if not
illegal, access to computer systems and networks. This definition was popularized by the
movie War Games and, generally speaking, is the one used by the media. It is also the
definition favored by the computer underground. Both the members of the computer
underground and professional computer programmers claim ownership of hacker, and each
defend the proper use of term. However, since computer break-ins are likely to receive
more media attention than clever feats of programming, the CU definition is likely to
dominate simply by being used more often. A computer hacker could be defined as an
individual, associated with the computer underground, who specializes in obtaining
unauthorize access to computer systems. Hacking refers to gaining access and exploring
computer systems and networks. Hacking encompasses both the act and the methods used to
obtain valid user accounts on computer systems. Hacking also refers to the activity that
occurs once access to another computer has been obtained. Since the system is being used
without authorization, the hacker does not, generally speaking, have access to the usual
operating manuals and other resources that are available to legitimate users. Therefore,
the hacker must experiment with commands and explore various files in order to understand
and effectively use the system. The goal here is to explore and experiment with the
system that has been entered. By examining files and, perhaps, by a little clever
programming, the hacker may be able to obtain protected information or more powerful
access privileges. Once a hacker has managed to gain access to a computer system he will
generally try make sure that his activities are hidden so that he can keep access on the
system. This is the difference between hacker and cracker. Unlike the hacker a cracker is
only really interested in cracking the machine/system and once the feat is accomplished
he is generally disinterested and leaves, he could be called the tourist of the hacking
element. (Bill Landreth, Outside the Inner Circle) Another role in the computer
underground is that of the phone phreak. Phone phreaking, usually called just phreaking,
was widely publicized when the exploits of John Cap'n Crunch Draper, the father of
phreaking, were publicized in a 1971 Esquire magazine article. The term phreaking
encompasses several different means of getting around the billing mechanisms of telephone
companies. By using these methods, long distance phone calls can be placed without cost.
In ma y cases the methods also prevent, or at least inhibit, the possibility of calls
being traced to their source thereby helping the phreaker to avoid being caught. Early
phreaking methods involved electro-mechanical devices that generated key tones, or
altered line voltages in certain ways as to trick the mechanical switches of the phone
company into connecting calls without charging. This method of phreaking is generally
called (color) boxing, where the type of box is referred to by a color such as blue
boxing. However the advent of computerized telephone-switching systems largely made these
devices obsolete. In order to continue their practice the phreaks have had to learn
hacking skills. Phreaking and hacking have just recently merged, because now, the
telephone companies are using computers to operate their network. So, in order to learn
more about these computers in relation to the network, phreaks have learned hacking
skills, and can now program, and get around inside the machines (AF, message log, 1988).
For most members of the computer underground, phreaking is simply a tool that allows them
to call long distance without amassing enormous phone bills. Because the two activities
are so closely related, with phreakers learning hacking skills and hackers breaking into
telco computers, reference is usually made to phreak/hacking or p/hackers. Those who have
a deeper and more technically oriented interest in the telco (telephone company) are
known as phreakers. They, like the hackers discussed earlier, desire to master and
explore a system that few outsiders really understand: The phone system is the most
interesting, fascinating thing that I know of. There is so much to know. Even phreaks
have their own areas of knowledge. There is so much to know that one phreak could know
something fairly important and the next phreak not. The next phreak might know ten things
that the first phreak doesn't though. It all depends upon where and how they get their
info. I myself would like to work for the telco, doing something interesting, like
programming a switch. Something that isn't slave labor bull*censored*. Something that you
enjoy, but have to take risks in order to participate unless you are lucky enough to work
for the telco. To have access to telco things, manuals, etc would be great (DP, message
log, 1988). Phreaking involves having the dedication to commit yourself to learning as
much about the phone system/network as possible. Since most of this information is not
made public, phreaks have to resort to legally questionable means to obtain the knowledge
they want (TP2, message log, 1988). Most members of the underground do not approach the
telephone system with such passion. Many hackers are interested in the phone system
solely to the extent that they can exploit its weaknesses and pursue other goals. In this
case, phreaking becomes a means and not a pursuit unto itself. Another individual, one
who identifies himself as a hacker, explains: I know very little about phones . . . I
just hack. See, I can't exactly call these numbers direct. A lot of people are in the
same boat. In my case, phreaking is a tool, an often used one, but nonetheless a tool
(TU, message log, 1988). In the world of the computer underground, the ability to phreak
a call is taken for granted. The phone companies allowance the use of the credit cards
for billing has opened the door to wide-scale phreaking. With credit cards, no special
knowledge or equipment is required to phreak a call, only valid credit card numbers,
known as codez, are needed to call any location in the world. This method of phreaking is
generally called carding, it is generally looked on as the lowest form of phreaking as
almost no technical skill is necessary. Another role in the computer underground is that
of the software pirate. Software piracy refers to the unauthorized copying and
distribution of copyrighted software. This activity centers around computer bulletin
board systems, and parts of the internet that specialize in warez. Pirates and
phreak/hackers/crackers do not necessarily support the activities of each other, and
there is distrust and misunderstanding between the two groups. At least part of this
distrust lies in the phreak/hacker perception that piracy is an unskilled activity. A
possible exception to this are those pirates that have the programming skills needed to
remove copy protection from software. By removing the program code that inhibits
duplicate copies from being made these individuals, which also go by the name crackers,
contribute greatly to the easy distribution of warez. While p/hackers generally don't
disapprove of piracy as an activity, especially cracking pirates, they nevertheless tend
to avoid pirate bulletin boards and internet sites partly because there is little
pertinent phreak/hack information contained on them, and partly because of the belief
that pirates indiscriminately abuse the telephone network in pursuit of the latest
computer game. One hacker illustrates this belief by theorizing that pirates are
responsible for a large part of credit card fraud. The media claims that it is solely
hackers who are responsible or losses pertaining to large telecommunication companies and
long distance services. This is not the case. We are (hackers) but a small portion of
these losses. The rest are caused by pirates and thieves who sell these codes to people
on the street (AF, message log, 1988). Other hackers complain that uploading large
programs frequently takes several hours to complete, and it is pirate calls, not the ones
placed by tele-communications enthusiasts (a popular euphemism for phreakers and hackers)
that cost the telephone industry large sums of money. However, not all pirates phreak
their calls. Phreaking is considered very tacky among elite pirates, and system operators
(Sysops) of pirate bulletin boards discourage phreaked calls because it draws attention
to the system when the call is discovered by the telephone company. For the average
computer user the most feared of the computer underground is that of the computer virus
creator. Among the CU computer viruses are generally referred to as viri. Computer
viruses are in themselves a very specific type of program but to the novice or low
sophistication computer user, which the majority are, they are any program that can take
over, damage or otherwise infiltrate, a computer. Program that qualify as trojan horses,
logic bombs, or worms are often just called viruses. A virus is a self-replicating
program that is capable of carrying a destructive or otherwise annoying payload while a
trojan horse is a program that allows easy access to an already-penetrated system. It can
also be used to facilitate a penetration by being tagged to a legitimate program so that
when the host computer runs the program the trojan put itself in a position to allow the
designer easy access. Logic or time bombs are similar to the trojans except that they
wait for a specific circumstances or time to detonate a harmful payload. Logic bombs are
often incorporated into a virus, if it is of the destructive variety, as their
destructive payload. The worm is the most similar to a virus in that it also replicates,
but it is generally designed to infect idle workstations or terminals on a network. Worms
tend to exist in memory and are non- permanent, one must simply reboot to remove them,
while the virus resides on disk where they are permanent until eradicated. There are two
main types of virus writers, people who's main purpose is to create havoc for the
computer user doing everything possible to spread their viruses. Then there are the
people who aren't interested in spreading their viruses but rather creating them as a
mental exercise that involves figuring out better ways to evade detection or further
empower their programming skills. The latter will often be composed of software engineers
and highly skilled programmers while the primary tends to be a younger age group who are
relatively unskilled in comparison. An example of this is a teenage viri writer called
Little Loc who wanted to be the most dangerous virus writer in American, and attempted to
prove it by writing a virus that became wide spread and know as the Satan Bug. On the
other hand there are writers like Screaming Radish, who is Windows- application developer
from Australia, his purpose in virus development is not destructive but rather to gain a
better understanding of how anti- virus software works. He likes to reverse-engineer
anti-virus software taking them apart to study what signatures it scanned for and what
the software excludes from it's scrutiny. Viruses made with that level of sophistication
are becoming a type of digital currency in the computer underground where one can use
them to trade for other information. (Jan Smith, 1994) Mark A. Lugwig, the writer of
virus tutorials, had this to say: It is inevitable that these books will offend some
people. In fact, I hope they do. They need to. I am convinced that computer viruses are
not evil and that programmers have the right to create them, posses them and experiment
with them. That kind of a stand is going to offend a lot of people, no matter how it is
presented. Even a purely technical treatment of viruses which simply discussed how to
write them and provided some examples would be offensive. The mere thought of a million
well armed hackers out there is enough to drive some bureaucrats mad. These books go
beyond a technical treatment, though, to defend the idea that viruses can be useful,
interesting, and just plain fun. That is bound to prove even more offensive. Still, the
truth is the truth, and it needs to be spoken, even if it is offensive. Morals and ethics
cannot be determined by a majority vote, any more than they can be determined by the
barrel of a gun or loud mouth. Might does not make right. The mass media has tended to
sensationalize hacking, whilst soundly condemning it. But there other points of view: for
example, in many instances the breaching of systems can provide more effective security
in the future, so that other (presumably less well-intentioned) elements of the CU are
prevented from causing real harm. A good llustration of this was the penetration of
British Telecom's electronic mail system in 1984, by Steven Gold and Robert Schifreen,
which resulted in a rude message being left in none other than the Duke of Edinburgh's
account! This incident attracted enormous publicity and led directly to improved security
arrangements for the whole of the Prestel system. Gold and Schifeen were therefore
extremely indignant at being treated as criminals - and this illustrates the discrepancy
between what the law considers to be criminal behavior and how the CU often perceive
themselves. (The Australian, 1988) We might therefore ask ourselves whether, for the sake
of balance, a truly democratic society should possess a core of technically gifted but
recalcitrant people. Given that more and more information about individuals is now being
stored on computers, often without our knowledge or consent, is it not reassuring that
some citizens are able to penetrate these databases to find out what is going on? Thus it
could be argued that the CU represent one way in which we can help avoid the creation of
a more centralized, even totalitarian government. This is one scenario the CU openly
entertain. Indeed, we now know that at the time of the Chernobyl nuclear power station
disaster in the former Soviet Union, hackers from the Chaos Computer Club released more
information to the public about developments than did the West German government itself.
All of this information was gained by illegal break-ins carried out in government
computer installations. 
The Computer Underground.
The beginning of the electronic communication revolution that started
with the public use of telephones to the emergence of home computers has
been accompanied by corresponding social problems involving the activities
of so-called computer hackers, or better referred to as the computer
underground (CU). The CU is composed of computer aficionados who stay on
the fringes of legality. The CU is composed of relatively intelligent
people, in contrast to the media's description of the ultra intelligent and
sophisticated teenage hacker. The majority have in common the belief
that information should be free and that they have a right to know. They
often have some amount of dislike for the government and the industries
who try to control and commercialize information of any sort. This paper
attempts to expose what the CU truly is and dispel some of the myths
propagated by the media and other organizations. This paper also tries to
show the processes and reasons behind the criminalization of the CU and
how the CU is viewed by different organizations, as well as some of the
processes by which it came into being. What the CU is has been addressed
by the media, criminologists, secuity firms, and the CU themselves, they
all have a different understanding or levels of comprehention, this paper
attempts to show the differences between the views as well as attempt to
correct misunderstandings that may have been propagated by misinformed
sources. The differences between the parties of the CU such as,
hackers, crackers, phreaks, pirates, and virus writers have rarely
been recognized and some deny that there are differences thus this paper
attempts to give a somewhat clearer view and define exactly what each
party is and does as well as how they relate to one another.
Every individual in the CU has a different level of sophistication
when it comes to computers, from the height of the advanced virus writer
and network hacker to the pirate who can be at the same level as a novice
computer user. The prevalence of the problem has been dramatized by the
media and enforcement agents, and evidenced by the rise of specialized
private security firms to confront the hackers. The average person's
knowledge about the CU has been derived mostly from the media. The media
gets their information from former CU individuals who have been caught,
from law enforcement agents, and from computer security specialists. The
computer underground, as it is called by those who participate in it, is
composed of people adhering to one or several roles: hacker, phreaker,
pirate, cracker, and computer virus developer. Terms such as these
have different meanings for those who have written about the computer
underground, such as the media, and those who participate in it.
The media's concept of the Computer Underground is the main cause of
the criminalization of the activity and has largely occurred as the result
of media dramatization of the problem (Hollinger and Lanza-Kaduce, 1988).
In fact, it was a collection of newspaper and film clips that was
presented to the United States Congress during legislative debates as
evidence of the computer hacking problem (Hollinger and Lanza-Kaduce, 1988,
p.107). Unfortunately, the media assessment of the computer underground
displays a naive understanding of CU activity. The media generally makes
little distinction between different types of CU activity. Most any
computer- related crime activity can be attributed to hackers.
Everything from embezzlement to computer viruses have, at one time or
another, been attributed to them. Additionally, hackers are often
described as being sociopathic or malicious, creating a media image of the
computer underground that may exaggerate their ability for doing damage.
The labeling of the CU and especially hackers as being evil is well
illustrated by these media examples. The first is from Eddie Schwartz, a
WGN-Radio talk show host.
Here Schwartz is addressing Anna, a self-identified hacker that
has phoned into the show: You know what Anna, you know what disturbs me?
You don't sound like a stupid person but you represent a . . . a . . . a .
. . lack of morality that disturbs me greatly. You really do. I think you
represent a certain way of thinking that is morally bankrupt. And I'm not
trying to offend you, but I . . .I'm offended by you! (WGN Radio, 1988)
Another example is from NBC-TV's Hour Magazine featured a segment on
computer crime. In this example, Jay Bloombecker, director of the
National Center for Computer Crime Data, discusses the hacker problem
with the host of the show, Gary Collins.
Collins: . . . are they (hackers) malicious in intent, or are they
simply out to prove, ah, a certain machismo amongst their peers?
Bloombecker: I think so. I've talked about modem macho as one
explanation for what's being done. And a lot of the cases seem to involve
proving that he . . . can do something really spiffy with computers. But,
some of the cases are so evil, like causing so many computers to break,
they can't look at that as just trying to prove that you're better than
other people. GC: So that's just some of it, some kind of bet against
the computer industry, or against the company. JB: No, I think it's more
than just rottenness. And like someone who uses graffiti doesn't care too
much whose building it is, they just want to be destructive.
GC: You're talking about a sociopath in control of a computer! JB:
Ah, lots of computers, because there's thousands, or tens of thousands of
hackers. (NBC-TV, 1988)
The media's obsession with the computer underground, that is generally
labeled as hacking, focuses almost entirely upon the morality of their
actions. Since media stories are taken from the accounts of the police,
security personnel, and members of the computer underground who have been
caught, each of whom have different perspectives and 20 definitions of
their own, the media's definition, if not inherently biased, is at best
inconsistent.
Criminologists, are less judgmental than the media, but no more
precise. Labels of electronic trespassers(Parker, 1983), and electronic
vandals (Bequai, 1987) have both been applied to the CU's hacking element
specifically. Both terms, while acknowledging that hacking is deviant,
shy away from labeling it as criminal or sociopathic behavior. Yet
despite this seemingly non-judgmental approach to the computer underground,
both Parker and Bequai have testified before Congress, on behalf of the
computer security industry, on the danger of computer hackers.
Unfortunately, their expert testimony was largely based on information
culled from newspaper stories, the objectiveness of which has been
seriously questioned (Hollinger and Lanza-Kaduce 1988 p.105).
Computer security specialists, on the other hand, are often quick to
identify the CU as criminals. Similarly, some reject the notion that there
are different roles and motivations among the computer underground
participants and thereby refuse to define just what it is that a hacker
or phreaker does. John Maxfield, a hacker expert, suggests that
differentiating between hackers and phone phreaks is a moot point,
preferring instead that they all just be called criminals. The
reluctance or inability to differentiate between roles and activities in
the computer underground, as exhibited in the media and computer security
firms, creates an ambiguous definition of hacker that possesses two
extremes: the modern-day bank robber at one end, the trespassing teenager
at the other. Thus, most any criminal or mischievous act that involves
computers can be attributed to hackers, regardless of the nature of the
crime.
Participants in the computer underground also object the overuse and
misuse of the word hacking. Their objection centers around the
indiscriminate use of the word to refer to computer related crime in
general and not, specifically, the activities of the computer underground:
Whenever the slightest little thing happens involving computer security,
or the breach thereof, the media goes *censored*ing bat*censored* and points all
their fingers at us 'nasty hackers.' They're so damned ignorant it's sick
(EN, message log, 1988). . . . whenever the media happens upon anything
that involves malicious computer use it's the HACKERS. The word is a
catch phrase it makes mom drop the dishes and watch the TV. They use the
word because not only they don't really know the meaning but they have
lack of a word to describe the perpetrator. That's why hacker has such a
bad name, its always associated with evil things and such (PA, message
log, 1988). I never seen a phreaker called a phreaker when caught and he's
printed in the newspaper. You always see them Hacker caught in telephone
fraud. Hacker defrauds old man with phone calling card. What someone
should do is tell the *censored*en media to get it straight (TP2, message log,
1988).
The difference between the different elements of the computer
underground has been generally obscured by the media. Terms such as
Cracker, Phreaker, Pirate, or Virus writer have been generally replaced
with the all encompassing word HACKER. Each element is associated with
the computer underground and some are bigger players than others but none
of them can qualify individually as the total sum of all the elements.
There are major differences between the elements of the CU that is rarely
understood by someone on the outside.
The use of the word hacker, which is now generally accepted to be
part of the CU, has gone through drastic changes in definition. Hacker
was first applied to computer related activities when it was used by
programmers in the late 1950's. At that time it referred to the pioneering
researchers, such as those at M.I.T., who were constantly adjusting and
experimenting with the new technology (Levy, 1984. p.7). A hacker in
this context refers to an unorthodox, yet talented, professional
programmer. This use of the term still exits today, though it is largely
limited to professional computing circles. The computer professionals
maintain that using hackers (or hacking) to refer to any illegal or
illicit activity is a corruption of the true meaning of the word. Bob
Bickford, a professional programmer who has organized several programmer
conferences, explains:
At a conference called Hackers 4.0 we had 200 of the most brilliant
computer professionals in the world together for one weekend; this crowd
included several PhD's, several presidents of companies (including large
companies, such as Pixar), and various artists, writers, engineers, and
programmers. These people all consider themselves Hackers: all derive
great joy from their work, from finding ways around problems and limits,
from creating rather than destroying. It would be a great disservice to
these people, and the thousands of professionals like them, to let some
pathetic teenaged criminals destroy the one word which captures their
style of interaction with the universe. (Bickford, 1988).
The more widely accepted definition of hacker refers to one who obtains
unauthorized, if not illegal, access to computer systems and networks.
This definition was popularized by the movie War Games and, generally
speaking, is the one used by the media. It is also the definition favored
by the computer underground. Both the members of the computer underground
and professional computer programmers claim ownership of hacker, and
each defend the proper use of term. However, since computer break-ins
are likely to receive more media attention than clever feats of
programming, the CU definition is likely to dominate simply by being used
more often.
A computer hacker could be defined as an individual, associated
with the computer underground, who specializes in obtaining unauthorize 
access to computer systems. Hacking refers to gaining access and
exploring computer systems and networks. Hacking encompasses both the
act and the methods used to obtain valid user accounts on computer systems.
Hacking also refers to the activity that occurs once access to another
computer has been obtained. Since the system is being used without
authorization, the hacker does not, generally speaking, have access to the
usual operating manuals and other resources that are available to
legitimate users. Therefore, the hacker must experiment with commands and
explore various files in order to understand and effectively use the
system. The goal here is to explore and experiment with the system that
has been entered. By examining files and, perhaps, by a little clever
programming, the hacker may be able to obtain protected information or
more powerful access privileges. Once a hacker has managed to gain access
to a computer system he will generally try make sure that his activities
are hidden so that he can keep access on the system. This is the
difference between hacker and cracker. Unlike the hacker a cracker is only
really interested in cracking the machine/system and once the feat is
accomplished he is generally disinterested and leaves, he could be called
the tourist of the hacking element. (Bill Landreth, Outside the Inner
Circle)
Another role in the computer underground is that of the phone
phreak. Phone phreaking, usually called just phreaking, was widely
publicized when the exploits of John Cap'n Crunch Draper, the father of
phreaking, were publicized in a 1971 Esquire magazine article. The term
phreaking encompasses several different means of getting around the
billing mechanisms of telephone companies. By using these methods, long
distance phone calls can be placed without cost. In ma y cases the methods
also prevent, or at least inhibit, the possibility of calls being traced
to their source thereby helping the phreaker to avoid being caught. Early
phreaking methods involved electro-mechanical devices that generated key
tones, or altered line voltages in certain ways as to trick the mechanical
switches of the phone company into connecting calls without charging. This
method of phreaking is generally called (color) boxing, where the type
of box is referred to by a color such as blue boxing. However the advent
of computerized telephone-switching systems largely made these devices
obsolete. In order to continue their practice the phreaks have had to
learn hacking skills. Phreaking and hacking have just recently merged,
because now, the telephone companies are using computers to operate their
network. So, in order to learn more about these computers in relation to
the network, phreaks have learned hacking skills, and can now program,
and get around inside the machines (AF, message log, 1988).
For most members of the computer underground, phreaking is simply a
tool that allows them to call long distance without amassing enormous
phone bills. Because the two activities are so closely related, with
phreakers learning hacking skills and hackers breaking into telco
computers, reference is usually made to phreak/hacking or p/hackers.
Those who have a deeper and more technically oriented interest in the
telco (telephone company) are known as phreakers. They, like the hackers
discussed earlier, desire to master and explore a system that few
outsiders really understand: The phone system is the most interesting,
fascinating thing that I know of. There is so much to know. Even phreaks
have their own areas of knowledge. There is so much to know that one
phreak could know something fairly important and the next phreak not. The
next phreak might know ten things that the first phreak doesn't though. It
all depends upon where and how they get their info. I myself would like to
work for the telco, doing something interesting, like programming a switch.
Something that isn't slave labor bull*censored*. Something that you enjoy, but
have to take risks in order to participate unless you are lucky enough to
work for the telco. To have access to telco things, manuals, etc would be
great (DP, message log, 1988).
Phreaking involves having the dedication to commit yourself to
learning as much about the phone system/network as possible. Since most of
this information is not made public, phreaks have to resort to legally
questionable means to obtain the knowledge they want (TP2, message log,
1988). Most members of the underground do not approach the telephone
system with such passion. Many hackers are interested in the phone system
solely to the extent that they can exploit its weaknesses and pursue
other goals. In this case, phreaking becomes a means and not a pursuit
unto itself. Another individual, one who identifies himself as a hacker,
explains: I know very little about phones . . . I just hack. See, I can't
exactly call these numbers direct. A lot of people are in the same boat.
In my case, phreaking is a tool, an often used one, but nonetheless a tool
(TU, message log, 1988).
In the world of the computer underground, the ability to phreak a
call is taken for granted. The phone companies allowance the use of the
credit cards for billing has opened the door to wide-scale phreaking. With
credit cards, no special knowledge or equipment is required to phreak a
call, only valid credit card numbers, known as codez, are needed to call
any location in the world. This method of phreaking is generally called
carding, it is generally looked on as the lowest form of phreaking as
almost no technical skill is necessary. Another role in the computer
underground is that of the software pirate. Software piracy refers to the
unauthorized copying and distribution of copyrighted software. This
activity centers around computer bulletin board systems, and parts of the
internet that specialize in warez. Pirates and phreak/hackers/crackers
do not necessarily support the activities of each other, and there is
distrust and misunderstanding between the two groups. At least part of
this distrust lies in the phreak/hacker perception that piracy is an
unskilled activity. A possible exception to this are those pirates that
have the programming skills needed to remove copy protection from software.
By removing the program code that inhibits duplicate copies from being
made these individuals, which also go by the name crackers, contribute
greatly to the easy distribution of warez. While p/hackers generally
don't disapprove of piracy as an activity, especially cracking pirates,
they nevertheless tend to avoid pirate bulletin boards and internet sites
partly because there is little pertinent phreak/hack information contained
on them, and partly because of the belief that pirates indiscriminately
abuse the telephone network in pursuit of the latest computer game. One
hacker illustrates this belief by theorizing that pirates are responsible
for a large part of credit card fraud. The media claims that it is solely
hackers who are responsible or losses pertaining to large
telecommunication companies and long distance services. This is not the
case. We are (hackers) but a small portion of these losses. The rest are
caused by pirates and thieves who sell these codes to people on the street
(AF, message log, 1988). Other hackers complain that uploading large
programs frequently takes several hours to complete, and it is pirate
calls, not the ones placed by tele-communications enthusiasts (a popular
euphemism for phreakers and hackers) that cost the telephone industry
large sums of money. However, not all pirates phreak their calls.
Phreaking is considered very tacky among elite pirates, and system
operators (Sysops) of pirate bulletin boards discourage phreaked calls
because it draws attention to the system when the call is discovered by
the telephone company.
For the average computer user the most feared of the computer
underground is that of the computer virus creator. Among the CU computer
viruses are generally referred to as viri. Computer viruses are in
themselves a very specific type of program but to the novice or low
sophistication computer user, which the majority are, they are any program
that can take over, damage or otherwise infiltrate, a computer. Program
that qualify as trojan horses, logic bombs, or worms are often just
called viruses. A virus is a self-replicating program that is capable of
carrying a destructive or otherwise annoying payload while a trojan
horse is a program that allows easy access to an already-penetrated
system. It can also be used to facilitate a penetration by being tagged to
a legitimate program so that when the host computer runs the program the
trojan put itself in a position to allow the designer easy access. Logic
or time bombs are similar to the trojans except that they wait for a
specific circumstances or time to detonate a harmful payload. Logic bombs
are often incorporated into a virus, if it is of the destructive variety,
as their destructive payload. The worm is the most similar to a virus in
that it also replicates, but it is generally designed to infect idle
workstations or terminals on a network. Worms tend to exist in memory and
are non- permanent, one must simply reboot to remove them, while the virus
resides on disk where they are permanent until eradicated.
There are two main types of virus writers, people who's main purpose
is to create havoc for the computer user doing everything possible to
spread their viruses. Then there are the people who aren't interested in
spreading their viruses but rather creating them as a mental exercise that
involves figuring out better ways to evade detection or further empower
their programming skills. The latter will often be composed of software
engineers and highly skilled programmers while the primary tends to be a
younger age group who are relatively unskilled in comparison. An example
of this is a teenage viri writer called Little Loc who wanted to be the
most dangerous virus writer in American, and attempted to prove it by
writing a virus that became wide spread and know as the Satan Bug. On the
other hand there are writers like Screaming Radish, who is Windows-
application developer from Australia, his purpose in virus development is
not destructive but rather to gain a better understanding of how anti-
virus software works. He likes to reverse-engineer anti-virus software
taking them apart to study what signatures it scanned for and what the
software excludes from it's scrutiny. Viruses made with that level of
sophistication are becoming a type of digital currency in the computer
underground where one can use them to trade for other information. (Jan
Smith, 1994) Mark A. Lugwig, the writer of virus tutorials, had this to
say: It is inevitable that these books will offend some people. In fact,
I hope they do. They need to. I am convinced that computer viruses are not
evil and that programmers have the right to create them, posses them and
experiment with them. That kind of a stand is going to offend a lot of
people, no matter how it is presented. Even a purely technical treatment
of viruses which simply discussed how to write them and provided some
examples would be offensive. The mere thought of a million well armed
hackers out there is enough to drive some bureaucrats mad. These books go
beyond a technical treatment, though, to defend the idea that viruses can
be useful, interesting, and just plain fun. That is bound to prove even
more offensive. Still, the truth is the truth, and it needs to be spoken,
even if it is offensive. Morals and ethics cannot be determined by a
majority vote, any more than they can be determined by the barrel of a gun
or loud mouth. Might does not make right.
The mass media has tended to sensationalize hacking, whilst soundly
condemning it. But there other points of view: for example, in many
instances the breaching of systems can provide more effective security in
the future, so that other (presumably less well-intentioned) elements of
the CU are prevented from causing real harm. A good llustration of this
was the penetration of British Telecom's electronic mail system in 1984,
by Steven Gold and Robert Schifreen, which resulted in a rude message
being left in none other than the Duke of Edinburgh's account! This
incident attracted enormous publicity and led directly to improved
security arrangements for the whole of the Prestel system. Gold and
Schifeen were therefore extremely indignant at being treated as criminals
- and this illustrates the discrepancy between what the law considers to
be criminal behavior and how the CU often perceive themselves. (The
Australian, 1988)
We might therefore ask ourselves whether, for the sake of balance, a
truly democratic society should possess a core of technically gifted but
recalcitrant people. Given that more and more information about
individuals is now being stored on computers, often without our knowledge
or consent, is it not reassuring that some citizens are able to penetrate
these databases to find out what is going on? Thus it could be argued
that the CU represent one way in which we can help avoid the creation of a
more centralized, even totalitarian government. This is one scenario the
CU openly entertain. Indeed, we now know that at the time of the Chernobyl
nuclear power station disaster in the former Soviet Union, hackers from
the Chaos Computer Club released more information to the public about
developments than did the West German government itself. All of this
information was gained by illegal break-ins carried out in government
computer installations.
Bibliography
The Australian, 1988, January 26, Hackers found guilty after cracking
Duke's codes. April 29, Lords clear British Hackers.
Best, Joel and David F. Luckenbill. 1982. Organizing Deviance. Englewood Cliff, New
Jersey: Prentice-Hall. 
Bequai, August. 1987. Technocrimes. Lexington, Mass.:Lexington Books. 
Bickford, Robert. 1988. Personal communication to Gordon Meyer. 
Chicago Tribune. 1989. Computer hacker, 18, gets prison for fraud. Feb. 15:2,1. 
Compuserve Magazine, 1994, Viruses: Gone or just forgotten? 
Forester, Tom and Morrison, Perry, 1990, Computer Ethics, Cautionary Tales and Ethical
Dilemmas in Computing. 
Hollinger, Richard C. and Lonn Lanza-Kaduce. 1988. The Process of Criminalization: The
Case of Computer Crime Laws. Criminology 26:101-126. 
Levy, Steven. 1984. Hackers: Heroes of the Computer Revolution. New York: Dell
Publishing.
Message Logs from a variety of computer underground bulletin board systems, 1988-1989.
NBC-TV. 1988. Hour Magazine. November 2, 1988. 
Bill Landreth, 1985, Outside the Inner Circle. Microsoft publishing 
Parker, Donn B. 1983. Fighting Computer Crime. New York: Charles Scribner's Sons. 
Rosenbaum, Ron. 1971. Secrets of the Little Blue Box . Esquire October, pp. 116-125.
Small, David. 1988. Personal communication to Gordon Meyer. 
WGN-Radio. 1988. Ed Schwartz Show. September 27, 1988.