Страницы: - 1
numbers over the telephone until one of them worked.
Simple programs to do this were widely available in the
underground; a computer running all night was likely to
come up with a dozen or so useful hits. This could be
repeated week after week until one had a large library of
Nowadays, the computerized dialling of hundreds of
numbers can be detected within hours and swiftly traced.
If a stolen code is repeatedly abused, this too can be
detected within a few hours. But for years in the 1980s,
publication of stolen codes was a kind of elementary
etiquette for fledgling hackers. The simplest way to
establish your bona-fides as a raider was to steal a code
through repeated random dialling and offer it to the
"community" for use. Codes could be both stolen, and
used, simply and easily from the safety of one's own
bedroom, with very little fear of detection or punishment.
Before computers and their phone-line modems
entered American homes in gigantic numbers, phone
phreaks had their own special telecommunications
hardware gadget, the famous "blue box." This fraud
device (now rendered increasingly useless by the digital
evolution of the phone system) could trick switching
systems into granting free access to long-distance lines.
did this by mimicking the system's own signal, a tone of
Steven Jobs and Steve Wozniak, the founders of
Apple Computer, Inc., once dabbled in selling blue-boxes
in college dorms in California. For many, in the early days
of phreaking, blue-boxing was scarcely perceived as
"theft," but rather as a fun (if sneaky) way to use excess
phone capacity harmlessly. After all, the long-distance
lines were *just sitting there*.... Whom did it hurt,
If you're not *damaging* the system, and you're not
*using up any tangible resource,* and if nobody *finds
out* what you did, then what real harm have you done?
What exactly *have* you "stolen," anyway? If a tree falls
in the forest and nobody hears it, how much is the noise
worth? Even now this remains a rather dicey question.
Blue-boxing was no joke to the phone companies,
however. Indeed, when *ъamparts* magazine, a radical
publication in California, printed the wiring schematics
necessary to create a mute box in June 1972, the
magazine was seized by police and Pacific Bell phone-
company officials. The mute box, a blue-box variant,
allowed its user to receive long-distance calls free of
charge to the caller. This device was closely described in
*ъamparts* article wryly titled "ъegulating the Phone
Company In Your Home." Publication of this article was
held to be in violation of Californian State Penal Code
section 502.7, which outlaws ownership of wire-fraud
devices and the selling of "plans or instructions for any
instrument, apparatus, or device intended to avoid
telephone toll charges."
Issues of *ъamparts* were recalled or seized on the
newsstands, and the resultant loss of income helped put
the magazine out of business. This was an ominous
precedent for free-expression issues, but the telco's
crushing of a radical-fringe magazine passed without
serious challenge at the time. Even in the freewheeling
California 1970s, it was widely felt that there was
something sacrosanct about what the phone company
knew; that the telco had a legal and moral right to protect
itself by shutting off the flow of such illicit information.
Most telco information was so "specialized" that it would
scarcely be understood by any honest member of the
public. If not published, it would not be missed. To
such material did not seem part of the legitimate role of a
In 1990 there would be a similar telco-inspired attack
on the electronic phreak/hacking "magazine" *Phrack.*
The *Phrack* legal case became a central issue in the
Hacker Crackdown, and gave rise to great controversy.
*Phrack* would also be shut down, for a time, at least, but
this time both the telcos and their law-enforcement allies
would pay a much larger price for their actions. The
*Phrack* case will be examined in detail, later.
Phone-phreaking as a social practice is still very
much alive at this moment. Today, phone-phreaking is
thriving much more vigorously than the better-known and
worse-feared practice of "computer hacking." New forms
of phreaking are spreading rapidly, following new
vulnerabilities in sophisticated phone services.
Cellular phones are especially vulnerable; their chips
can be re-programmed to present a false caller ID and
avoid billing. Doing so also avoids police tapping, making
cellular-phone abuse a favorite among drug-dealers.
"Call-sell operations" using pirate cellular phones can, and
have, been run right out of the backs of cars, which move
from "cell" to "cell" in the local phone system, retailing
stolen long-distance service, like some kind of demented
electronic version of the neighborhood ice-cream truck.
Private branch-exchange phone systems in large
corporations can be penetrated; phreaks dial-up a local
company, enter its internal phone-system, hack it, then
use the company's own PBX system to dial back out over
the public network, causing the company to be stuck with
the resulting long-distance bill. This technique is known
as "diverting." "Diverting" can be very costly, especially
because phreaks tend to travel in packs and never stop
talking. Perhaps the worst by-product of this "PBX fraud"
is that victim companies and telcos have sued one another
over the financial responsibility for the stolen calls, thus
enriching not only shabby phreaks but well-paid lawyers.
"Voice-mail systems" can also be abused; phreaks
can seize their own sections of these sophisticated
electronic answering machines, and use them for trading
codes or knowledge of illegal techniques. Voice-mail
abuse does not hurt the company directly, but finding
supposedly empty slots in your company's answering
machine all crammed with phreaks eagerly chattering
and hey-duding one another in impenetrable jargon can
cause sensations of almost mystical repulsion and dread.
Worse yet, phreaks have sometimes been known to
react truculently to attempts to "clean up" the voice-mail
system. ъather than humbly acquiescing to being thrown
out of their playground, they may very well call up the
company officials at work (or at home) and loudly demand
free voice-mail addresses of their very own. Such bullying
is taken very seriously by spooked victims.
Acts of phreak revenge against straight people are
rare, but voice-mail systems are especially tempting and
vulnerable, and an infestation of angry phreaks in one's
voice-mail system is no joke. They can erase legitimate
messages; or spy on private messages; or harass users with
recorded taunts and obscenities. They've even been
known to seize control of voice-mail security, and lock out
legitimate users, or even shut down the system entirely.
Cellular phone-calls, cordless phones, and ship-to-
shore telephony can all be monitored by various forms of
radio; this kind of "passive monitoring" is spreading
explosively today. Technically eavesdropping on other
people's cordless and cellular phone-calls is the fastest-
growing area in phreaking today. This practice strongly
appeals to the lust for power and conveys gratifying
sensations of technical superiority over the eavesdropping
victim. Monitoring is rife with all manner of tempting evil
mischief. Simple prurient snooping is by far the most
common activity. But credit-card numbers unwarily
spoken over the phone can be recorded, stolen and used.
And tapping people's phone-calls (whether through active
telephone taps or passive radio monitors) does lend itself
conveniently to activities like blackmail, industrial
espionage, and political dirty tricks.
It should be repeated that telecommunications
fraud, the theft of phone service, causes vastly greater
monetary losses than the practice of entering into
computers by stealth. Hackers are mostly young
suburban American white males, and exist in their
hundreds -- but "phreaks" come from both sexes and from
many nationalities, ages and ethnic backgrounds, and are
flourishing in the thousands.
The term "hacker" has had an unfortunate history.
This book, *The Hacker Crackdown,* has little to say about
"hacking" in its finer, original sense. The term can
the free-wheeling intellectual exploration of the highest
and deepest potential of computer systems. Hacking can
describe the determination to make access to computers
and information as free and open as possible. Hacking
can involve the heartfelt conviction that beauty can be
found in computers, that the fine aesthetic in a perfect
program can liberate the mind and spirit. This is
"hacking" as it was defined in Steven Levy's much-praised
history of the pioneer computer milieu, *Hackers,*
published in 1984.
Hackers of all kinds are absolutely soaked through
with heroic anti-bureaucratic sentiment. Hackers long for
recognition as a praiseworthy cultural archetype, the
postmodern electronic equivalent of the cowboy and
mountain man. Whether they deserve such a reputation
is something for history to decide. But many hackers --
including those outlaw hackers who are computer
intruders, and whose activities are defined as criminal --
actually attempt to *live up to* this techno-cowboy
reputation. And given that electronics and
telecommunications are still largely unexplored
territories, there is simply *no telling* what hackers might
For some people, this freedom is the very breath of
oxygen, the inventive spontaneity that makes life worth
living and that flings open doors to marvellous possibility
and individual empowerment. But for many people -- and
increasingly so -- the hacker is an ominous figure, a smart-
aleck sociopath ready to burst out of his basement
wilderness and savage other people's lives for his own
Any form of power without responsibility, without
direct and formal checks and balances, is frightening to
people -- and reasonably so. It should be frankly admitted
that hackers *are* frightening, and that the basis of this
fear is not irrational.
Fear of hackers goes well beyond the fear of merely
Subversion and manipulation of the phone system is
an act with disturbing political overtones. In America,
computers and telephones are potent symbols of
organized authority and the technocratic business elite.
But there is an element in American culture that has
always strongly rebelled against these symbols; rebelled
against all large industrial computers and all phone
companies. A certain anarchical tinge deep in the
American soul delights in causing confusion and pain to
all bureaucracies, including technological ones.
There is sometimes malice and vandalism in this
attitude, but it is a deep and cherished part of the
American national character. The outlaw, the rebel, the
rugged individual, the pioneer, the sturdy Jeffersonian
yeoman, the private citizen resisting interference in his
pursuit of happiness -- these are figures that all
Americans recognize, and that many will strongly applaud
Many scrupulously law-abiding citizens today do
cutting-edge work with electronics -- work that has already
had tremendous social influence and will have much
more in years to come. In all truth, these talented,
hardworking, law-abiding, mature, adult people are far
more disturbing to the peace and order of the current
status quo than any scofflaw group of romantic teenage
punk kids. These law-abiding hackers have the power,
ability, and willingness to influence other people's lives
quite unpredictably. They have means, motive, and
opportunity to meddle drastically with the American social
order. When corralled into governments, universities, or
large multinational companies, and forced to follow
rulebooks and wear suits and ties, they at least have some
conventional halters on their freedom of action. But when
loosed alone, or in small groups, and fired by imagination
and the entrepreneurial spirit, they can move mountains -
- causing landslides that will likely crash directly into
office and living room.
These people, as a class, instinctively recognize that
public, politicized attack on hackers will eventually spread
to them -- that the term "hacker," once demonized, might
be used to knock their hands off the levers of power and
choke them out of existence. There are hackers today who
fiercely and publicly resist any besmirching of the noble
title of hacker. Naturally and understandably, they
deeply resent the attack on their values implicit in using
the word "hacker" as a synonym for computer-criminal.
This book, sadly but in my opinion unavoidably,
rather adds to the degradation of the term. It concerns
itself mostly with "hacking" in its commonest latter-day
definition, i.e., intruding into computer systems by stealth
and without permission.
The term "hacking" is used routinely today by
almost all law enforcement officials with any professional
interest in computer fraud and abuse. American police
describe almost any crime committed with, by, through, or
against a computer as hacking.
Most importantly, "hacker" is what computer-
intruders choose to call *themselves.* Nobody who
"hacks" into systems willingly describes himself (rarely,
herself) as a "computer intruder," "computer trespasser,"
"cracker," "wormer," "darkside hacker" or "high tech street
gangster." Several other demeaning terms have been
invented in the hope that the press and public will leave
the original sense of the word alone. But few people
actually use these terms. (I exempt the term "cyberpunk,"
which a few hackers and law enforcement people actually
do use. The term "cyberpunk" is drawn from literary
criticism and has some odd and unlikely resonances, but,
like hacker, cyberpunk too has become a criminal
In any case, breaking into computer systems was
hardly alien to the original hacker tradition. The first
tottering systems of the 1960s required fairly extensive
internal surgery merely to function day-by-day. Their
users "invaded" the deepest, most arcane recesses of their
operating software almost as a matter of routine.
"Computer security" in these early, primitive systems was
at best an afterthought. What security there was, was
entirely physical, for it was assumed that anyone allowed
near this expensive, arcane hardware would be a fully
qualified professional expert.
In a campus environment, though, this meant that
grad students, teaching assistants, undergraduates, and
eventually, all manner of dropouts and hangers-on ended
up accessing and often running the works.
Universities, even modern universities, are not in the
business of maintaining security over information. On the
contrary, universities, as institutions, pre-date the
"information economy" by many centuries and are not-
for-profit cultural entities, whose reason for existence
(purportedly) is to discover truth, codify it through
techniques of scholarship, and then teach it. Universities
are meant to *pass the torch of civilization,* not just
download data into student skulls, and the values of the
academic community are strongly at odds with those of all
would-be information empires. Teachers at all levels,
from kindergarten up, have proven to be shameless and
persistent software and data pirates. Universities do not
merely "leak information" but vigorously broadcast free
This clash of values has been fraught with
controversy. Many hackers of the 1960s remember their
professional apprenticeship as a long guerilla war against
the uptight mainframe-computer "information
priesthood." These computer-hungry youngsters had to
struggle hard for access to computing power, and many of
them were not above certain, er, shortcuts. But, over the
years, this practice freed computing from the sterile
reserve of lab-coated technocrats and was largely
responsible for the explosive growth of computing in
general society -- especially *personal* computing.
Access to technical power acted like catnip on
certain of these youngsters. Most of the basic techniques
of computer intrusion: password cracking, trapdoors,
backdoors, trojan horses -- were invented in college
environments in the 1960s, in the early days of network
computing. Some off-the-cuff experience at computer
intrusion was to be in the informal resume of most
"hackers" and many future industry giants. Outside of the
tiny cult of computer enthusiasts, few people thought
much about the implications of "breaking into"
computers. This sort of activity had not yet been
publicized, much less criminalized.
In the 1960s, definitions of "property" and "privacy"
had not yet been extended to cyberspace. Computers
were not yet indispensable to society. There were no vast
databanks of vulnerable, proprietary information stored in
computers, which might be accessed, copied without
permission, erased, altered, or sabotaged. The stakes
were low in the early days -- but they grew every year,
exponentially, as computers themselves grew.
By the 1990s, commercial and political pressures had
become overwhelming, and they broke the social
boundaries of the hacking subculture. Hacking had
become too important to be left to the hackers. Society
was now forced to tackle the intangible nature of
cyberspace-as-property, cyberspace as privately-owned
unreal-estate. In the new, severe, responsible, high-
stakes context of the "Information Society" of the 1990s,
"hacking" was called into question.
What did it mean to break into a computer without
permission and use its computational power, or look
around inside its files without hurting anything? What
were computer-intruding hackers, anyway -- how should
society, and the law, best define their actions? Were
they just *browsers,* harmless intellectual explorers?
Were they *voyeurs,* snoops, invaders of privacy? Should
they be sternly treated as potential *agents of espionage,*
or perhaps as *industrial spies?* Or were they best
defined as *trespassers,* a very common teenage
misdemeanor? Was hacking *theft of service?* (After
all, intruders were getting someone else's computer to
carry out their orders, without permission and without
paying). Was hacking *fraud?* Maybe it was best
described as *impersonation.* The commonest mode of
computer intrusion was (and is) to swipe or snoop
somebody else's password, and then enter the computer
in the guise of another person -- who is commonly stuck
with the blame and the bills.
Perhaps a medical metaphor was better -- hackers
should be defined as "sick," as *computer addicts* unable
to control their irresponsible, compulsive behavior.
But these weighty assessments meant little to the
people who were actually being judged. From inside the
underground world of hacking itself, all these perceptions
seem quaint, wrongheaded, stupid, or meaningless. The
most important self-perception of underground hackers --
from the 1960s, right through to the present day -- is that
they are an *elite.* The day-to-day struggle in the
underground is not over sociological definitions -- who
cares? -- but for power, knowledge, and s