------------------------------

From: [email protected](Mark Hittinger)
Subject: Hacking and Hackers: The Rise, Stagnation, and Renaissance
Date: Wed, 3 Apr 91 00:00:29 -0500

********************************************************************
***  CuD #3.20: File 5 of 7: Hacking and Hackers                 ***
********************************************************************

        Hacking and Hackers: The Rise, Stagnation, and Renaissance.

                    Copyright(C) 1991 By Mark Hittinger
              ([email protected], #60 on Blitzkrieg)

        This document may be freely reproduced so long as credit to
                         the author is maintained.

       It doesn't take a rocket scientist to figure out that the publicity
afforded to hacking has risen to peak levels within the last year.  As
one would expect, the political attention being paid to the subject of
hackers has also risen to peak levels.  We are hearing more about
hackers each day. The newspapers have articles about alleged computer
crime and phone fraud almost weekly.  The legal system is issuing
indictments, the secret service is running around with wildcard search
warrants, and captured naive hackers are turning on each other.  Some
well known computer people have formed a  lobby called the "Electronic
Frontier Foundation".  Fox TV has news people on the scene during a
bust of an alleged "hacker" who was invading their own doofus system!
Non-computer "lay" people have been asking me a lot of questions.

       So who am I?  I'm just another computer bum.  I got into computers in
the early seventies during high school.  I've witnessed computing's
rise as something social outcasts did to something everybody wanted to
be a part of.  Babes looked at us with disgust as we grabbed our data
on 110 baud teletypes and paper tape.  Rolls of paper tape and access
to timeshared basic was so great that we didn't even think that it
could get better.  Well guess what?  Computers and our social position
kept getting better.  It got so good that pretty soon everybody wanted
to ask us questions.

       These days we are like doctors at a cocktail party, we are always
getting hit on for free computer consulting!  Even from the babes!
You've come a long way baby!  Later I got into the professional side,
that is, systems programming, systems management, and software
development.  I've worked with GE, Xerox, IBM,  Digital, CDC, HP,
Prime, anything I could get my hands on.  I dearly loved the DEC-10,
learned to live with VAX/VMS, and now grit my teeth when I work with
Unix/MS-DOS.  My hobby became my career, and they paid me money for
it. My chosen hacking name is "bugs bunny" and you can find me on some
bulletin boards as user "bugs".  Bugs was always creating virtual
rabbit holes out of thin air and dodging in and out of them.  True
hackers love to find and fix software "bugs".  Yea!!  I'm 34 now and a
dad.

       Being involved in computers for a long time gives me a better
perspective than most.  Over the years there would sometimes be a major
media coverage of some computer crime event.  As a local computer
"heavy", there were always questions coming my way about what these
things were all about.  Lately, the questions are more frequent and
more sophisticated.  All these big highly publicized busts are opening
a lot of issues.  I didn't have answers to some of these questions so
I sat down and did some thinking.  Writing this article is an
outgrowth of that.  I am not a writer so grant me some journalistic
slack.

       Back in the early seventies hacking was quite free.  Most of the
important stuff was running on batch mainframes that had no connection
to the outside world.  The systems that we played with were not really
considered critical by anyone.  We were allowed to play to our hearts
content, and nobody really worried about it at all.  This period is
what I like to think of as the "rise of hacking".  You can read about
some of it in the first section of Levy's book, "HACKERS".  I love
that  section and read it when current events depress me.  In those
days the definition of hacker was clear and clean.  It was fun, it was
hi-tech, it was a blast, and it was not a threat.  There were no big
busts, very few people understood computing, and the public had no
interest in it.

       We hacked for the sheer love of it.  How can I describe the depth of
interest that we had?  We were not concerned with our image or our
"identity".  We wrote games, wrote neat hacks, and learned the
strengths or weaknesses of each system.  We were able to obtain access
to a broad range of systems.  Consider teenage boys comparing and
contrasting the systems designed by older engineers!  We eventually
reached a point where we decided how a system should be set up.  At
this point we began to make an annoyance of ourselves.  In all
instances the various administrations considered us minor annoyances.
They had much more pressing problems!

       New users began to show up in the labs.  They reluctantly wanted to
get something done that absolutely had to be done on the computer.  In
many cases they had no idea how to start, and were left to their own
devices. Centralized data processing management (MIS) didn't want to
deal with them. Often, they saw us playing around, joking, laughing,
carefree, and not at all intimidated by the computer.  They, on the
other hand, were quite intimidated.  We helped these people get
started, showed them were the  documentation was, and explained
various error conditions to them.  We quickly developed reputations as
knowing how to get something to work.

       One of the people I helped made a remark to me that has stuck with me
for a long time.  He said, "I am trained as a civil engineer, so I
don't have a feel for this.  But you, you are pure bred.  You've
gotten into this fresh and taught yourself from the ground up.  You
haven't been trained into any set doctrine."  Phar out man!  This is
an important point.  There were no rules, guidelines, or doctrines.
We made our own up as our experiences dictated.

       As time wore on, the new user pool began to grow more rapidly.   The
computers began to creak and groan under the work loads that were
being placed upon them.  During the day time, we came to the computer
area to find it packed.  We could no longer access the computers
during the day.  After all, we were just playing!  That was OK with
us.  Soon we were there at night and on weekends.  We obtained the
off-hour non-prime time access, but this put us further away from the
mainstream.  These new guys liked the timeshared computers much more
than their mainframe batch machines.  They started to move their darn
*important* crud from the mainframe machines to "our" timesharing
computers.  Pretty soon the administrations started to think about
what it meant to have payroll or grades on the same computers that had
"star-trek version 8", "adventure", or "DECWAR version 2.2".  They
were concerned about security on the timesharing systems, but due to
their budget constraints, most of the centralized MIS shops still had
to give priority to their batch mainframes.  We continued to play, but
we cursed at the slow systems when the important stuff was running.  I
got off "tuning" systems to make them run faster or more efficiently.
Interactive response time became the holy grail.

       The "rise of hacking" was beginning to run out of steam.  The
timesharing systems had been expanded as much as technology and
budgets would allow.  We had learned the various systems internals
inside and out.  We now knew much more about the systems than the
"official" maintainers did, and these maintainers perceived us as a
threat to their positions. The computers were still overloaded.  The
nasty politics of access and resources began to rear their head.  A
convenient scapegoat was to eliminate access to games.  Eliminate the
people that were just playing. Examine all computing activity and bill
for it.  This didn't solve any of the problems (we all knew payroll
and grades wouldn't fit in!) but it did raise the issue of the hackers
to the surface.  All of a sudden we became defined as a problem!  We
were soon getting shut out of various systems.  New kids began to show
up and pretend to be hackers.  They would do anything to show off, and
created large problems for "us".

       At this point the "stagnation" period was beginning.  These were hard
days for us.  Many of my friends quit what they were doing.  Many of
us got real jobs on the computers we played with as a dodge.
Centralized MIS departments began to be placed between the rock and
hard place of limited budgets and unlimited customers.  The new kids,
the overloaded systems, the security concerns for the important
applications, and the political situation all resulted in the
stagnation of hacking.

       "Hacker" took on a bad connotation.  I saw all kind of debates  over
what "hacker" meant.  Some claimed it was a compliment, and should
only be awarded to those bit twiddlers that were truly awesome.  Many
claimed that hackers were the scum of the earth and should be totally
decimated!  What could you do but stay out of the way and let things
take their course?  I realize now that it was in the MIS departments'
*VESTED INTEREST* to define the term "hacker".  Centralized MIS did
not have the courage to fight for larger budgets.  Upper level
administrators who just approved the budget would freak out when they
saw kids playing games on the computers in the library.  MIS had to
define this as bad, had to say they would put a stop to it.  MIS had
to look like they were managing the computer resources responsibly.
Any unusual or politically unacceptable computer event that couldn't
be covered up was caused by "hackers". It was a dodge for MIS!  I am
not saying that some questionable stuff didn't go down, I am just
saying that it was logical to call anything "bad" by some sort of
easily accepted label - "hackers".

       Of course, when the unusual computing event took place your budding
journalists were johnny on the spot.  You don't climb that journalist
ladder by writing about boring stories.  Wild computer stories about
hacking  captured the public interest.  I suppose the public liked to
hear that  somebody could "beat" the system somehow.  Journalists
picked up on this and wrote stories that even I found hard to believe.
The new kids, even when not asked, would blab all day long about the
great things that they were doing. And don't you know, they would blab
all day long about great hacks they heard that you pulled!  Stories
get wilder with each re-telling.  I realize now that it was in the
journalists' *VESTED INTEREST* to define the term "hacker". The public
loves robin hood, the journalists went out and found lots of
pseudo-robin hoods.

       More and more stories began to hit the public.  We heard stories of
military computers getting penetrated.  We heard stories of big
financial rip-offs.  We heard cute stories about guys who paid
themselves the round-off of millions of computer generated checks.  We
heard stories of kids moving space satellites! We heard stories of old
ladies getting their phone bills in a heavy parcel box! As an old
timer, I found a lot of these stories far fetched.  It was all
national inquirer type stuff to me.  The public loved it, the
bureaucrats used it, and the politicians began to see an opportunity!

       The end of the "stagnation" period coincides the arrival of the
politicians.  Was it in the *VESTED INTEREST* of the politicians to
define the term "hacker"?  You bet!  Here was a safe and easy issue!
Who would stand up and say they were FOR hackers?  What is more
politically esthetic than to be able to define a bad guy and then say
you are opposed to it?  More resources began to flow into law
enforcement activities.  When actual busts were made, the legal system
had problems coming up with charges. The legal system has never really
felt comfortable with the punishment side of hacking, however, they
LOVE the chase.  We didn't have guns, we were not very dangerous, but
it is *neat* to tap lines and grab headlines!

       What a dangerous time this was.  It was like a feedback loop, getting
worse every week.  When centralized MIS was unable to cover up a
hacking event, they exaggerated it instead.  Shoddy design or poor
software workmanship was never an issue.  Normally "skeptical"
journalists did not ask for proof, and thrilled at the claims of
multi-million dollar damages.  Agents loved to be seen on TV (vote for
me when I run!) wheeling out junior's Christmas present from last
year, to be used as "evidence".  The politicians were able to pass new
laws without constitutional considerations.  New kids, when caught,
would rabidly turn on each other in their desperation to escape.
Worried older hackers learned to shut up and not give their side for
fear of the feeding frenzy.  Hackers were socked with an identity
crisis and an image problem.  Hackers debated the meaning of hacker
versus the meaning of cracker.  We all considered the fundamental
question, "What is a true hacker?".  Cool administrators tried to walk
the fine line of satisfying upper level security concerns without
squelching creativity and curiosity.

       So what is this "renaissance" business?  Am I expecting to see major
hacker attacks on important systems?  No way, and by the way, if you
thought that, you would be using a definition created by someone with
a vested interest in it.  When did we start to realize that hacker was
defined by somebody else and not us?  I don't know, but it has only
been lately.  Was it when people started to ask us about these
multi-million dollar damage claims?  I really think this is an
important point in time. We saw BellSouth claim an electronically
published duplicate of an electronic document was worth nearly
$100,000 dollars!

       We later saw reports that you could have called a 1-800 number and
purchased the same document for under twenty bucks.  Regular
non-computer people began to express suspicion about the corporate
claims. They expressed suspicion about the government's position.  And
generally, began to question the information the media gave them.
Just last month an article appear in the Wall Street Journal about
some hackers breaking in to electronic voice mail boxes (fancy
answering machines).  They quoted some secret service agent as saying
the damages could run to the tens of millions of dollars.  Somebody
asked me how in the world could screwing around with peoples answering
machines cause over 10 million dollars in damages?  I responded, "I
don't know dude!  Do you believe what you read?"

       And when did the secret service get into this business?  People say
to me, "I thought the secret service was supposed to protect the
president.  How come the secret service is busting kids when the FBI
should be doing the busting?" What can I do but shrug?  Maybe all the
Abu-Nidals are gone and the president is safe.  Maybe the FBI is all
tied up  with some new AB-SCAM or the S&L thing.  Maybe the FBI is
damn tired of hackers and hacking!

       In any event, the secret service showed it's heavy hand with the big
series of busts that was widely publicized recently.  They even came
up with *NEAT* code names for it.  "Operation SUNDEVIL",  WOW!  I
shoulda joined the secret service!!!  Were they serious or was this
their own version of dungeons and dragons?  In a very significant way,
they blew it. A lot of those old nasty constitutional issues surfaced.

       They really should define clearly what they are looking for when they
get a search warrant.  They shouldn't just show up, clean the place
out, haul it back  to some warehouse, and let it sit for months while
they figure out if they got  anything.  This event freaked a lot of
lay people out.  The creation of the Electronic Frontier Foundation is
a direct result of the blatantly illegal search and seizure by the
secret service.  People are worried about what appears to be a police
state mentality, and generally feel that the state has gone to far.  I
think the average American has a gut level feel for how far the state
should go, and the SS clearly went past that point. To be fair, there
aren't any good guidelines to go by in a technical  electronic world,
so the secret service dudes had to decide what to do on their own.  It
just turned out to be a significant mistake.

       I saw Clifford Stoll, the author of the popular book "Cuckoos Egg"
testify on national C-SPAN TV before congress.  His book is a very
good read, and entertaining as well.  A lot of lay people have read
the book, and perceive the chaos within the legal system.  Stoll's
book reveals that many systems are not properly designed or
maintained.  He reveals that many well known "holes" in computer
security go unfixed due to the negligence of the owners.  This book
generated two pervasive questions.  One, why were  there so many
different law enforcement agencies that could claim jurisdiction?  Lay
people found it amazing that there were so many and that they could
not coordinate their efforts.  Two, why were organizations that
publicly claimed to be worried about hackers not updating their
computer security to fix stale old well known problems?  If indeed a
hacker were able to cause damage by exploiting such a well known
unfixed "hole", could the owner of the computer be somehow held
responsible for part of the damage? Should they?

       We all watched in amazement as the media reported the progress of
Robert Morris's "internet worm".  Does that sound neat or what?
Imagine all these lay people hearing about this and trying to judge if
it is a problem.  The media did not do a very good job of covering
this, and the computing profession stayed away from it publicly.  A
couple of guys wrote academic style papers on the worm, which says
something about how important it really was.  This is the first time
that I can remember anyone examining a hacking event in such fine
detail.  We started to hear about military interest in "worms" and
"viruses" that could be stuck into enemy computers. WOW!  The media
accepted the damage estimates that were obviously inflated.  Morris's
sentence got a lot of publicity, but his fine was very low compared to
the damage estimates.  People began to see the official damage
estimates as not being very credible.

       We are in the first stages of the hacking renaissance.  This period
will allow the hackers to assess themselves and to re-define the term
"hacker".  We know what it means, and it fits in with the cycle of
apprentice, journeyman, and master.  Its also got a little artist,
intuition, and humor mixed in.  Hackers have the chance to repudiate
the MISs', the journalists', and the politicians' definition!  Average
people are questioning the government's role in this and fundamental
rights.  Just exactly how far should the  government go to protect
companies and their data?  Exactly what are the responsibilities of a
company with sensitive, valuable data on their  computer systems?
There is a distinct feeling that private sector companies should be
doing more to protect themselves.  Hackers can give an important
viewpoint on these issues, and all of a sudden there are people
willing to listen.

       What are the implications of the renaissance?  There is a new public
awareness of the weakness in past and existing systems.  People are
concerned about the privacy of their electronic mail or records on the
popular services.  People are worried a little about hackers reading
their mail, but more profoundly worried about the services or the
government reading their stuff. I expect to see a very distinct public
interest in encrypted e-mail and electronic privacy.  One of my
personal projects is an easy to use e-mail encrypter that is
compatible with all the major e-mail networks.  I hope to have it
ready when the wave hits!

       Personal computers are so darn powerful now.  The centralized MIS
department is essentially dead.  Companies are moving away from the
big data center and just letting the various departments role their
own with PCs.  It is the wild west again!  The new users are on their
own again!  The guys who started the stagnation are going out of
business!  The only thing they can cling to is the centralized data
base of information that a bunch of PCs might need to access.  This
data will often be too expensive or out-of-date to justify, so even
that will die off.  Scratch one of the vested definers!  Without
centralized multi-million dollar computing there can't be any credible
claims for massive multi-million dollar damages.

       Everyone will have their own machine that they can walk around with.
It is a vision that has been around for awhile, but only recently have
the prices, technology, and power brought decent implementations
available.  Users can plug it into the e-mail network, and unplug it.
What is more safe than something you can pick up and lock up?   It is
yours, and it is in your care.  You are responsible for it.  Without
the massive damage claims, and with clear responsibility, there will
no longer be any interest from the journalists.  Everybody has a
computer, everybody knows how much the true costs of damage are.  It
will be very difficult for the journalists to sensationalize about
hackers.  Scratch the second tier of the vested definers!  Without
media coverage, the hackers and their exploits will fade away from the
headlines.

       Without public interest, the politicians will have to move on to
greener pastures.  In fact, instead of public fear of hackers, we now
are seeing a public fear of police state mentality and abuse of power.
No politician is going to want to get involved with that!  I expect to
see the politicians fade away from the "hacker" scene rapidly.
Scratch the third tier of the vested definers!  The FBI and the secret
service will be pressured to spend time on some other "hot" political
issue.

       So where the heck are we?  We are now entering the era of truly
affordable REAL systems.  What does REAL mean?  Ask a hacker dude!
These boxes are popping up all over the place. People are buying them,
buying software, and trying to get their work done. More often than
not, they run into problems, and eventually find out that they can ask
some computer heavy about them.  Its sort of come full circle, these
guys are like the new users of the old timesharing systems.  They had
an idea of what they wanted to do, but didn't know how to get there.
There wasn't a very clear source of guidance, and sometimes they had
to ask for help.  So it went!

       The hackers are needed again.  We can solve problems, get it done,
make it fun.  The general public has the vested interest in this!  The
public has a vested interest in electronic privacy, in secure personal
systems, and in secure e-mail. As everyone learns more, the glamour
and glitz of the mysterious hackers will fade.  Lay people are getting
a clearer idea of whats going on.  They are less willing to pay for
inferior products, and aren't keen about relying on centralized
organizations for support.  Many know that the four digit passcode
some company gave them doesn't cut the mustard.

       What should we hackers do during this renaissance?  First we have to
discard and destroy the definition of "hacker" that was foisted upon
us.  We need to come to grips with the fact that there were
individuals and groups with a self interest in creating a hysteria
and/or a bogeyman.  The witch hunts are over and poorly designed
systems are going to become extinct.  We have cheap personal portable
compatible powerful systems, but they do lack some security, and
definitely need to be more fun.  We have fast and cheap e-mail, and
this needs to be made more secure.  We have the concept of electronic
free speech, and electronic free press.  I think about what I was able
to do with the limited systems of yesterday, and feel very positive
about what we can accomplish with the powerful personal systems of
today.

       On the software side we do need to get our operating system house in
order.  The Unix version wars need to be stopped.  Bill Gates must
give us a DOS that will make an old operating system guy like me
smile, and soon! We need to stop creating and destroying languages
every three years and we need to avoid software fads (I won't mention
names due to personal safety concerns).  Ken Olsen must overcome and
give us the cheap, fast, and elegantly unconstrained hardware platform
we've waited for all our lives. What we have now is workable (terrific
in terms of history), but it is a moral imperative to get it right.
What we have now just doesn't have the "spark" (I am not doing a pun
on sun either!!!).  The hackers will know what I mean.

       If we are able to deal with the challenges of the hacking
renaissance, then history will be able to record the hackers as
pioneers and not as vandals.  This is the way I feel about it, and
frankly, I've been feeling pretty good lately.  The stagnation has
been a rough time for a lot of us.  The stock market guys always talk
about having a  contrarian view of the market.  When some company gets
in the news as a  really hot stock, it is usually time to sell it.
When you hear about how terrible some investment is, by some perverse
and wonderful force it is time to buy it.  So it may be for the
"hackers".  We are hearing how terrible "hackers" are and the millions
of dollars of vandalism that is being perpetrated.  At this historic
low are we in for a reversal in trend?  Will the stock in "hackers"
rise during this hacking renaissance? I think so, and I'm bullish on
the 90's also!  Party on d00des!

********************************************************************
                          >> END OF THIS FILE <<
***************************************************************************

You are viewing proxied material from infinitelyremote.com. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.