Looking at Hacking From Both Sides
September 29th, 1999

In last week's column I mentioned a web site that had been vandalized by someone who hacked into the system (broke into the system using programming techniques). Let me offer some definitions here for those who may not understand: Hacking is actually simply a slang word for programming, or "hacking code." A good "hack" is a clever piece of software coding that other people admire. At some point along the line, people who were breaking into other people's computers started using the term "hacking" to apply to their own practices. For this reason, many people mean different things when they use the term "hacker" or "hacking." Even within "hacker" community, there are people who get defensive when someone is labeled a "hacker." For the purposes of this column, I am using the word "hacker" to refer to anyone who breaks into someone else's compuer system.

Hacking is a strange phenomenon to me. Not the concept of people doing destructive things; that has been going on since time began. What confuses me about hacking is the way people take pride in it and consider it their absolute right. I have never seen a web site, though I suppose they may too be out there, devoted to the subject of stealing; i.e., "Twelve Ways to Successfully Rob a Bank." However, there are a number of web sites wherein people brag about their hacking successes, tell others how to do it, and applaud each other’s accomplishments. There exists a whole subculture devoted to the subject. Scholars describe a subculture as a system of meanings that give significance to shared behaviors that must be interpreted from the perspective of those engaged in them. By this definition one could categorize the Masons or the Knights of Columbus as a subculture so it does not follow that all subcultures are always bad. What is it about the World Wide Web that fosters an environment in which normal societal behaviors are ignored and individual liberties take precedence? I suppose that could be the subject of someone’s doctoral dissertation. However, the simple answer to me seems to be that people can do whatever they want in a anonymous manner, frequently without consequences. Shy people can flirt, lonely people can communicate with others, people can shop for porn who would never be seen walking into a physical store to make such a purchase. You can call people names, pretend to be someone you are not, commit scams or break into someone else’s computer.

From my perspective it seems that hackers fall into two categories. The first is composed of those who have a basic distrust of government and bureaucracies and feel some kind of obligation to keep up with what "they" are doing. The second is composed of those who wish to prove, if only to themselves, that they possess the vast amount of knowledge and technical skills on many different systems, hardware, software, and languages to bypass a maze of protective barriers and enter a system to which they have no right to enter. According to my research, many of the hackers in this second group consider it de rigueur to enter a system and leave it unchanged so that their "visit" goes undetected. People in this second group actually spend vast amounts of time learning systems. They will attend seminars and lectures on the systems; investigate the company, organization, or government entity, and utilize sophisticated tools such as random number generators to help them achieve their goals. They love to solve puzzles and see breaking into someone else’s system a challenge. Many, if not most, of them are not even malicious, but they will defend to the death their absolute right to hack if they want to. Incidentally, many of the web sites that defend hacking also claim loud and long that there is a difference between what they do and what those they choose to call "crackers" do. They actually encourage each other to contact people who use the term hacker in what they consider to be a negative context to enlighten the writer to the difference between hackers and crackers. Well, I’ve got news for them. A rose, is a rose, is a rose. No matter what you call it. Breaking into someone else's computer, even if you do no damage whatsoever, is still immoral and illegal. Those that do it, no matter what they choose to call themselves, are still invading the property and violating the rights of someone else.

However.... there is always a however isn’t there? New technology almost always brings new problems with it. Not that anyone in the good old USA ever over reacts or anything, but there is the case of Phiber Optik (a pseudonym of course). Mr. Optik broke into AT&T's UNIX system, downloaded the tech. specs for their Emergency-911 phone switches, and then proceeded to spread them around freely. When AT&T found out about it, they got the secret service involved, and made his life miserable for the next two years. All of his computer stuff was confiscated, he had to hire lawyers, go to court, and live with a possible stint in jail hanging over his head. Then, someone brought something into court that changed it all -- a copy of the plans that they BOUGHT from AT&T for $35. Yes... the stuff was legally available for $35 directly from AT&T. So the charges were turned into a misdemeanor and that was that. One also has to ask if Mr. Optik just had the bad luck to do the wrong thing, at the wrong time and in the wrong place. Sort of like trying to rob a restaurant full of off-duty police officers.

All of us have read about people who get stung by the “system.” In the old days, I once typed a dissertation for a man at the University of Texas. He was an older student with a family and he had reached the last possible semester to submit his dissertation or loose all his credits. We worked in a setting that required federal security clearances. Since this man did his research as part of his job, the document had to be cleared by some chowder head in Washington. This was long before computers. I typed the document on an electric typewriter and it had page after page of math and equations. In other words, it took a long time to produce. Well Mr. chowder head decided that the word Transit, when used in reference to a satellite, was a classified word. It had to be replaced with Navy Navigational Satellite. Dud. Can we say retype the whole thing. I worked all day, into the evenings, and on the week ends to completely redo the whole document. He submitted it on the last possible day to the University, The next day Time Magazine had a picture of the same satellite on the cover with the word Transit Satellite in huge letters. You either laugh or cry. OK, so this doesn’t have anything to do with someone breaking the law, but it does support the fact that sometimes we have a witch hunt mentality when faced with new things, even something as problematic as hacking.

The question really is, can this affect me? I am sitting at home on my one little computer, hooked up to the internet via a modem. Can someone hack into my computer and find out how many months I have left to pay on my car, or who I send e-mail to, or anything else I have on there? I posed this question to Dave Hamilton, Business Manager of The Mac Observer, and author of Ask Dave. He shared with me the story of Mr. Optik. and offered the following comments:

Every day about 2 or 3 people try to get into my network, whoch is controlled by a Linux computer, and includes both Mac and PCs on the network, here at home. None have succeeded so far (as far as I can tell, anyway), but they try. The trick is this -- any access you allow to yourself from the outside world (for your own purposes) CAN be exploited by someone else. If you need a password to get in, then that's all they need, too. If you want to be safe, don't share your files, don't leave any open holes. But typically the folks that probe me every day here are just looking around... not being malicious, just seeing if they can find something to log into and pass some time digging... that's it.

But, there are some products out there that can act as a firewall on your Mac. (Nancy’s note: A firewall is something that limits access. Our system at work has a firewall so even though I can read my home e-mail at work, I can not access my work e-mail at home. The firewall keeps me out.) Of course, if your Mac is the only computer connected to the internet, then a firewall is somewhat useless -- a firewall is essentially just a fancy router. But if your Mac is routing your household, then it can be of some use, providing the sensitive data is NOT on the Mac that's connected directly to the cable modem. Anyway, the software is: vicomsoft's softrouter.

I also asked Dave if he thought that hacking should be considered a federal crime as some have demanded. Dave responded:

No... the crime should be based on breaking and entering laws, and theft laws. If someone breaks into your computer, then it's breaking and entering. If they steal something off your computer, it's theft. If they delete something from your computer, it's damage/negligence.

In other words, Dave makes the point that existing laws already exist to cover this type of crime. I guess what I have to conclude after all of this is that nothing is ever completely black or white, but the gray is everywhere and it is up to me to use common sense to protect myself and my privacy.

If you have any tips, suggestions, or other comments about this, or any other Mac topics, send them to me so that I can share them with other readers.