home *** CD-ROM | disk | FTP | other *** search
Text File | 1996-11-23 | 142.8 KB | 2,611 lines |
-
-
-
-
- NORTHERN ILLINOIS UNIVERSITY
-
-
-
-
- THE SOCIAL ORGANIZATION OF THE COMPUTER UNDERGROUND
-
-
-
-
- A THESIS SUBMITTED TO THE GRADUATE SCHOOL
- IN PARTIAL FULFILLMENT OF THE REQUIREMENTS
- FOR THE DEGREE
- MASTER OF ARTS
-
-
-
-
- DEPARTMENT OF SOCIOLOGY
-
-
-
- BY
- GORDON R. MEYER
- %CompuServe: 72307,1502%
- %GEnie: GRMEYER%
-
- DEKALB, ILLINOIS
- AUGUST 1989
- ^
-
-
- ABSTRACT
-
-
-
- Name: Gordon R. Meyer Department: Sociology
-
-
-
-
- Title: The Social Organization of the Computer Underground
-
-
-
-
- Major: Criminology Degree: M.A.
-
-
-
-
-
- Approved by: Date:
-
- __________________________ ________________________
- Thesis Director
-
-
- NORTHERN ILLINOIS UNIVERSITY
- ^
-
-
-
-
- ABSTRACT
-
- This paper examines the social organization of the
- "computer underground" (CU). The CU is composed of
- actors in three roles, "computer hackers," "phone
- phreaks," and "software pirates." These roles have
- frequently been ignored or confused in media and other
- accounts of CU activity. By utilizing a data set culled
- from CU channels of communication this paper provides
- an ethnographic account of computer underground
- organization. It is concluded that despite the
- widespread social network of the computer underground,
- it is organized primarily on the level of colleagues,
- with only small groups approaching peer relationships.
-
- ^
-
-
-
-
-
-
-
-
-
-
-
-
- Certification: In accordance with departmental and
- Graduate School policies, this thesis
- is accepted in partial fulfillment
- of degree requirements.
-
- _____________________________________
- Thesis Director
- _____________________________________
- Date
-
- ^
-
-
-
-
- ACKNOWLEDGMENTS
-
- FOR CRITIQUE, ADVICE, AND COMMENTS:
- DR. JAMES L. MASSEY
- DR. JIM THOMAS
- DR. DAVID F. LUCKENBILL
-
- FOR SUPPORT AND ENCOURAGEMENT:
- GALE GREINKE
-
- SPECIAL THANKS TO:
- D.C., T.M., T.K., K.L., D.P.,
- M.H., AND G.Z.
-
- THIS WORK IS DEDICATED TO:
- GEORGE HAYDUKE
- AND
- BARRY FREED
-
-
-
- ^
-
-
-
-
-
-
-
- TABLE OF CONTENTS
- Introduction . . . . . . . . . . . . . . . . . . . 1
- Methodology . . . . . . . . . . . . . . . . . . . 6
- What is the Computer Underground? . . . . . . . . 11
- Topography of the Computer Underground . . . . . . 20
- Hacking . . . . . . . . . . . . . . . . . 20
- Phreaking . . . . . . . . . . . . . . . . . . 21
- Pirating . . . . . . . . . . . . . . . . . 24
- Social Organization and Deviant Associations . . . 28
- Mutual Association . . . . . . . . . . . . . . . . 31
- The Structure of the Computer Underground . . . . 33
- Bulletin Board Systems . . . . . . . . . . 33
- Towards a BBS Culture . . . . . . . . . 37
- Bridges, Loops, and Voice Mail Boxes . . . 53
- Summary . . . . . . . . . . . . . . . . . . 57
- Mutual Participation . . . . . . . . . . . . . . . 59
- Pirate Groups . . . . . . . . . . . . . . . 63
- Phreak/hack groups . . . . . . . . . . . . 64
- Summary . . . . . . . . . . . . . . . . . . 67
- Conclusion . . . . . . . . . . . . . . . . . . . . 69
- REFERENCES . . . . . . . . . . . . . . . . . . . . 75
- APPENDIX A. COMPUTER UNDERGROUND PSEUDONYMS . . . 76
- APPENDIX B.
- NEW USER QUESTIONNAIRE FROM A PHREAK/HACK BBS . 77
- ^
-
-
-
-
- Introduction
- The proliferation of home computers has been
- accompanied by a corresponding social problem involving
- the activities of so-called "computer hackers."
- "Hackers" are computer aficionados who "break in" to
- corporate and government computer systems using their
- home computer and a telephone modem. The prevalence of
- the problem has been dramatized by the media and
- enforcement agents, and evidenced by the rise of
- specialized private security firms to confront the
- "hackers." But despite this flurry of attention,
- little research has examined the social world of the
- "computer hacker." Our current knowledge in this regard
- derives from hackers who have been caught, from
- enforcement agents, and from computer security
- specialists. The everyday world and activities of the
- "computer hacker" remain largely unknown.
- This study examines the way actors in the
- "computer underground" (CU) organize to perform their
- acts. The computer underground, as it is called by
- those who participate in it, is composed of actors
- adhering to one of three roles: "hackers," "phreakers,"
- or "pirates." To further understanding this growing
- "social problem," this project will isolate and clarify
- ^
-
- 8
- these roles, and examine how each contributes to the
- culture as a whole. By doing so the sociological
- question of how the "underground" is organized will be
- answered, rather than the technical question of how CU
- participants perform their acts.
- Best and Luckenbill (1982) describe three basic
- approaches to the study of "deviant" groups. The first
- approach is from a social psychological level, where
- analysis focuses on the needs, motives, and individual
- characteristics of the actors involved. Secondly,
- deviant groups can be studied at a socio-structural
- level. Here the emphasis is on the distribution and
- consequences of deviance within the society as a whole.
- The third approach, the one adopted by this work, forms
- a middle ground between the former two by addressing
- the social organization of deviant groups. Focusing
- upon neither the individual nor societal structures
- entirely, social organization refers to the network of
- social relations between individuals involved in a
- common activity (pp. 13-14). Assessing the degree and
- manner in which the underground is organized provides
- the opportunity to also examine the culture, roles, and
- channels of communication used by the computer
- underground. The focus here is on the day to day
- experience of persons whose activities have been
- ^
-
- 9
- criminalized over the past several years.
- Hackers, and the "danger" that they present in our
- computer dependent society, have often received
- attention from the legal community and the media. Since
- 1980, every state and the federal government has
- criminalized "theft by browsing" of computerized
- information (Hollinger and Lanza-Kaduce, 1988, pp.101-
- 102). In the media, hackers have been portrayed as
- maladjusted losers, forming "high-tech street gangs"
- (Chicago Tribune, 1989) that are dangerous to society.
- My research will show that the computer underground
- consists of a more sophisticated level of social
- organization than has been generally recognized. The
- very fact that CU participants are to some extent
- "networked" has implications for social control
- policies that may have been implemented based on an in-
- complete understanding of the activity. This project
- not only offers sociological insight into the organ-
- ization of deviant associations, but may be helpful to
- policy makers as well.
- I begin with a discussion of the definitional
- problems that inhibit the sociological analysis of the
- computer underground. The emergence of the computer
- underground is a recent phenomenon, and the lack of
- empirical research on the topic has created an area
- ^
-
- 10
- where few "standard" definitions and categories exist.
- This work will show that terms such as "hacker,"
- "phreaker," and "pirate" have different meanings for
- those who have written about the computer underground
- and those who participate in it. This work bridges
- these inconsistencies by providing definitions that
- focus on the intentions and goals of the participants,
- rather than the legality or morality of their actions.
- Following the definition of CU activities is a
- discussion of the structure of the underground.
- Utilizing a typology for understanding the social
- organization of deviant associations, developed by Best
- and Luckenbill (1982), the organization of the
- computer underground is examined in depth.
- The analysis begins by examining the structure of
- mutual association. This provides insight into how CU
- activity is organized, the ways in which information is
- obtained and disseminated, and explores the subcultural
- facets of the computer underground. More importantly,
- it clearly illustrates that the computer underground is
- primarily a social network of individuals that perform
- their acts separately, yet support each other by
- sharing information and other resources.
- After describing mutual association within the
- underground community, evidence of mutual participation
- ^
-
- 11
- is presented. Although the CU is a social network, the
- ties developed at the social level encourage the
- formation of small "work groups." At this level, some
- members of the CU work in cooperation to perform their
- acts. The organization and purposes of these groups are
- examined, as well as their relationship to the CU as a
- whole. However, because only limited numbers of
- individuals join these short-lived associations, it is
- concluded that the CU is organized as colleagues. Those
- who do join "work groups" display the characteristics
- of peers, but most CU activity takes place at a fairly
- low level of sophistication.
- ^
-
- 12
-
-
- Methodology
- Adopting an ethnographic approach, data have been
- gathered by participating in, monitoring, and cata-
- loging channels of communication used by active members
- of the computer underground. These channels, which will
- be examined in detail later, include electronic
- bulletin board systems (BBS), voice mail boxes,
- bridges, loops, e-mail, and telephone conversations.
- These sources provide a window through which to observe
- interactions, language, and cultural meanings without
- intruding upon the situation or violating the privacy
- of the participants. Because these communication
- centers are the "back stage" area of the computer
- underground, they provided insight into organizational
- (and other) issues that CU participants face, and the
- methods they use to resolve them.
- As with any ethnographic research, steps have been
- taken to protect the identity of informants. The
- culture of the computer underground aids the researcher
- in this task since phreakers, hackers, and pirates
- regularly adopt pseudonyms to mask their identity.
- However to further ensure confidentiality, all of the
- pseudonyms cited in this research have been changed by
- the author. Additionally, any information that is
- ^
-
- 13
- potentially incriminating has been removed or altered.
- The data set used for this study consists
- primarily of messages, or "logs," which are the primary
- form of communication between users. These logs were
- "captured" (recorded using the computer to save the
- messages) from several hundred computer bulletin
- boards1 located across the United States. The bulk of
- the data were gathered over a seventeen month period
- (12/87 to 4/89) and will reflect the characteristics of
- the computer underground during that time span.
- However, some data, provided to the researcher by
- cooperative subjects, dates as far back as 1984.
- The logged data were supplemented by referring to
- several CU "publications." The members of the computer
- underground produce and distribute several technical
- and tutorial newsletters and "journals." Since these
- "publications" are not widely available outside of CU
- circles I have given a brief description of each below.
- Legion of Doom/Hackers Technical Journal. This
- ____________________
- 1 Computer Bulletin Boards (BBS) are personal
- computers that have been equipped with a telephone
- modem and special software. Users can connect with a
- BBS by dialing, with their own computer and modem, the
- phone number to which the BBS is connected. After
- "logging in" by supplying a valid user name and pass-
- word, the user can leave messages to other users of the
- system. These messages are not private and anyone
- calling the BBS can freely read and respond to them.
- ^
-
- 14
- publication is written and distributed by a group known
- as "The Legion of Doom/Legion of Hackers" (LoD/H). It
- is available in electronic format (a computer text
- file) and contains highly technical information on
- computer operating systems. As of this writing, three
- issues have been published.
- PHRACK Inc.: Phrack Inc is a newsletter that
- contains various articles, written by different
- authors, and "published" under one banner. Phrack
- Inc's first issue was released in 1985, making it the
- oldest of the electronically distributed underground
- publications. CU participants are invited to submit
- articles to the editors, who release a new issue when a
- sufficient number (about nine) of acceptable pieces
- have been gathered. Phrack also features a lengthy
- "World News" with stories about hackers who have been
- apprehended and interviews with various members of the
- underground. As of this writing twenty-seven issues of
- Phrack, have been published.
- Phreakers/Hackers Underground Network (P/Hun):
- Like Phrack, P/Hun collects articles from various
- authors and releases them as one issue. Three issues
- have been published to date.
- Activist Times, Incorporated (ATI): Unlike the
- other electronically distributed publications, ATI does
- ^
-
- 15
- not limit itself to strictly computer/telephone news.
- Articles normally include commentary on world and
- government events, and other "general interest" topics.
- ATI issues are generally small and consist of articles
- written by a core group of four to seven people.
- Unlike the publications discussed thus far, ATI is
- available in printed "hard copy" form by sending
- postage reimbursement to the editor. ATI is currently
- on their 38th issue.
- 2600 Magazine: Published in a traditional
- (printed) magazine format, 2600 (named for the
- frequency tone used to make free long distance phone
- calls) is arguably an "underground" publication as it
- is available on some newsstands and at some libraries.
- Begun in 1987 as a monthly magazine, it is now
- published quarterly. Subscription rates are $25.00 a
- year with a complete back-issue selection available.
- The magazine specializes in publishing technical
- information on telephone switching systems, satellite
- descrambling codes, and news about the computer
- underground.
- TAP/YIPL: First established in 1972 as YIPL (Youth
- International Party Line), this publication soon
- changed its name to TAP (Technical Assistance Party).
- Co-founded by Abbie Hoffman, it is generally recognized
- ^
-
- 16
- as the grandfather of computer underground
- publications. Publication of the 2-4 page newsletter
- has been very sporadic over the years, and currently
- two different versions of TAP, each published in
- different areas of the country, are in circulation.
- Utilizing a data set that consists of current
- message logs, old messages logs, and various CU
- publications yields a reasonably rich collection from
- which to draw the analysis. Examination of the older
- logs and publications shows that while the actors have
- changed over the years, cultural norms and
- characteristics have remained consistent over time.
- ^
-
- 17
-
-
- What is the Computer Underground?
- Defining the "computer underground" can be
- difficult. The sociologist soon finds that there are
- several competing definitions of computer underground
- activity. Those who have written on the subject, the
- media, criminologists, computer programmers, social
- control agents, and CU participants themselves, have
- adopted definitions consistent with their own social
- positions and perspectives. Not surprisingly, these
- definitions rarely correspond. Therefore, before
- discussing the organization of the computer
- underground, it is necessary to discuss and compare the
- various definitions. This will illustrate the range of
- beliefs about CU activity, and provide a springboard
- for the discussion of types of roles and activities
- found in the underground.
- We begin with a discussion of the media image of
- computer hackers. The media's concept of "hackers" is
- important because the criminalization of the activity
- has largely occurred as the result of media drama-
- tization of the "problem" (Hollinger and Lanza-Kaduce,
- 1988). In fact, it was a collection of newspaper and
- film clips that was presented to the United States
- Congress during legislative debates as evidence of the
- ^
-
- 18
- computer hacking problem (Hollinger and Lanza-Kaduce,
- 1988, p.107). Unfortunately, the media assessment of
- the computer underground displays a naive understanding
- of CU activity.
- The media generally makes little distinction
- between different types of CU activity. Most any
- computer-related crime activity can be attributed to
- "hackers." Everything from embezzlement to computer
- viruses have, at one time or another, been attributed
- to them. Additionally, hackers are often described as
- being sociopathic or malicious, creating a media image
- of the computer underground that may exaggerate their
- propensity for doing damage.
- The labeling of hackers as being "evil" is well
- illustrated by two recent media examples. The first is
- from Eddie Schwartz, a WGN-Radio talk show host. Here
- Schwartz is addressing "Anna," a self-identified hacker
- that has phoned into the show:
- You know what Anna, you know what disturbs
- me? You don't sound like a stupid person but
- you represent a . . . a . . . a . . . lack of
- morality that disturbs me greatly. You really
- do. I think you represent a certain way of
- thinking that is morally bankrupt. And I'm
- not trying to offend you, but I . . . I'm
- offended by you! (WGN Radio, 1988)
- Just two months later, NBC-TV's "Hour Magazine"
- featured a segment on "computer crime." In this
- example, Jay Bloombecker, director of the National
- ^
-
- 19
- Center for Computer Crime Data, discusses the "hacker
- problem" with the host of the show, Gary Collins.
- Collins: . . . are they %hackers% malicious
- in intent, or are they simply out to prove,
- ah, a certain machismo amongst their peers?
- Bloombecker: I think so. I've talked about
- "modem macho" as one explanation for what's
- being done. And a lot of the cases seem to
- involve %proving% %sic% that he . . . can do
- something really spiffy with computers. But,
- some of the cases are so evil, like causing
- so many computers to break, they can't look
- at that as just trying to prove that you're
- better than other people.
- GC: So that's just some of it, some kind of
- "bet" against the computer industry, or
- against the company.
- JB: No, I think it's more than just
- rottenness. And like someone who uses
- graffiti doesn't care too much whose building
- it is, they just want to be destructive.
- GC: You're talking about a sociopath in
- control of a computer!
- JB: Ah, lots of computers, because there's
- thousands, or tens of thousands %of hackers%
- (NBC-TV, 1988).
-
- The media image of computer hackers, and thus all
- members of the computer underground, is burdened with
- value-laden assumptions about their psychological
- makeup, and focuses almost entirely upon the morality
- of their actions. Additionally, since media stories
- are taken from the accounts of police blotters,
- security personnel, and hackers who have been caught,
- each of whom have different perspectives and
- ^
-
- 20
- definitions of their own, the media definition, if not
- inherently biased, is at best inconsistent.
- Criminologists, by way of contrast, have done
- little to define the computer underground from a
- sociological perspective. Those criminological
- definitions that do exist are less judgmental than the
- media image, but no more precise. Labels of
- "electronic trespassers" (Parker, 1983), and
- "electronic vandals" (Bequai, 1987) have both been
- applied to hackers. Both terms, while acknowledging
- that "hacking" is deviant, shy away from labeling it as
- "criminal" or sociopathic behavior. Yet despite this
- seemingly non-judgmental approach to the computer
- underground, both Parker and Bequai have testified
- before Congress, on behalf of the computer security in-
- dustry, on the "danger" of computer hackers.
- Unfortunately, their "expert" testimony was largely
- based on information culled from newspaper stories, the
- objectiveness of which has been seriously questioned
- (Hollinger and Lanza-Kaduce 1988 p.105).
- Computer security specialists, on the other hand,
- are often quick to identify CU participants as part of
- the criminal element. Correspondingly, some reject the
- notion that there are different roles and motivations
- among computer underground participants and thereby
- ^
-
- 21
- refuse to define just what it is that a "hacker" or
- "phreaker" does. John Maxfield, a "hacker expert,"
- suggests that differentiating between "hackers" and
- "phone phreaks" is a moot point, preferring instead
- that they all just be called "criminals" (WGN-Radio.
- Sept 28, 1988).
- The reluctance or inability to differentiate
- between roles and activities in the computer
- underground, as exhibited in the media and computer
- security firms, creates an ambiguous definition of
- "hacker" that possesses two extremes: the modern-day
- bank robber at one end, the trespassing teenager at the
- other. Thus, most any criminal or mischievous act that
- involves computers can be attributed to "hackers,"2
- regardless of the nature of the crime.
- Further compounding the inconsistent use of
- "hacker" is the evolution of meaning that the word has
- undergone. "Hacker" was first applied to computer
- related activities when it was used by programmers in
- the late 1950's. At that time it referred to the
- pioneering researchers, such as those at M.I.T., who
- ____________________
- 2 During the WGN-Radio show on computer crime one
- caller, who was experiencing a malfunctioning phone
- that would "chirp" occasionally while hung up, believed
- that "computer hackers" were responsible for the
- problem. The panel assured her that it was unrelated
- to CU activity.
- ^
-
- 22
- were constantly adjusting and experimenting with the
- new technology (Levy, 1984. p.7). A "hacker" in this
- context refers to an unorthodox, yet talented,
- professional programmer. This use of the term still
- exits today, though it is largely limited to
- professional computing circles.
- Another definition of "hacker" refers to one who
- obtains unauthorized, if not illegal, access to
- computer systems and networks. This definition was
- popularized by the movie War Games and, generally
- speaking, is the one used by the media.3 It is also the
- definition favored by the computer underground.
- Both the members of the computer underground and
- computer programmers claim ownership of "hacker," and
- each defend the "proper" use of term. The computer
- professionals maintain that using "hackers" (or
- "hacking") to refer to any illegal or illicit activity
- is a corruption of the "true" meaning of the word. Bob
- Bickford, a professional programmer who has organized
- several programmer conferences, explains:
- ____________________
- 3 This is not always true of course. The AP
- Stylebook has yet to specify how "hacker" should be
- used. A recent Associated Press story featured a
- computer professional explaining that a "real hacker"
- would never do anything illegal. Yet just a few weeks
- later Associated Press distributed stories proclaiming
- that West German "hackers" had broken into US Defense
- Department computer systems.
- ^
-
- 23
- At the most recent conference %called
- "Hackers 4.0"% we had 200 of the most
- brilliant computer professionals in the world
- together for one weekend; this crowd included
- several PhD's, several presidents of
- companies (including large companies, such as
- Pixar), and various artists, writers,
- engineers, and programmers. These people all
- consider themselves Hackers: all derive great
- joy from their work, from finding ways around
- problems and limits, from creating rather
- than destroying. It would be a great
- disservice to these people, and the thousands
- of professionals like them, to let some
- pathetic teenaged criminals destroy the one
- word which captures their style of
- interaction with the universe: Hackers
- (Bickford, 1988).
- Participants in the computer underground also
- object to the "misuse" of the term. Their objection
- centers around the indiscriminate use of the word to
- refer to computer related crime in general and not,
- specifically, the activities of the computer
- underground:
- Whenever the slightest little thing happens
- involving computer security, or the breach
- thereof, the media goes fucking bat shit and
- points all their fingers at us 'nasty
- hackers.' They're so damned ignorant it's
- sick (EN, message log, 1988).
- . . . whenever the media happens upon
- anything that involves malicious computer use
- it's the "HACKERS." The word is a catch
- phrase it makes mom drop the dishes and watch
- the TV. They use the word because not only
- they don't really know the meaning but they
- have lack of a word to describe the
- perpetrator. That's why hacker has such a
- bad name, its always associated with evil
- things and such (PA, message log, 1988).
- I never seen a phreaker called a phreaker
- ^
-
- 24
- when caught and he's printed in the
- newspaper. You always see them "Hacker caught
- in telephone fraud." "Hacker defrauds old
- man with phone calling card." What someone
- should do is tell the fucken (sic) media to
- get it straight (TP2, message log, 1988).
-
- Obviously the CU and computer professional
- definitions of "hacker" refer to different social
- groups. As Best and Luckenbill (1982, p. 39) observe:
- "Every social group modifies the basic language to fit
- its own circumstance, creating new words or using
- ordinary words in special ways." Which definition, if
- either, will come into widespread use remains to be
- seen. However, since computer break-ins are likely to
- receive more media attention than clever feats of
- programming, the CU definition is likely to dominate
- simply by being used more often.4 But as long as the
- two definitions do exist there will be confusion unless
- writers and researchers adequately specify the group
- under discussion. For this reason, I suggest that
- sociologists, and criminologists in particular, adopt
- the "underground" definition for consistency and
- ____________________
- 4 Another factor may be the adoption of a close
- proximity to the underground definition being included
- in the 1986 edition of Webster's New World dictionary:
- hack.er n. 1. a person who hacks 2. an unskilled
- golfer, tennis player, etc. 3. a talented amateur user
- of computers, specif. one who attempts to gain
- unauthorized access to files.
- ^
-
- 25
- accuracy when speaking of the actions of CU
- participants.
- While it is recognized that computer hacking is a
- relatively new phenomenon, the indiscriminant use of
- the term to refer to many different forms of unorthodox
- computer use has been counterproductive to
- understanding the extent of the activity. To avoid this
- a "computer hacker" should be defined as an individual,
- associated with the computer underground, who
- specializes in obtaining unauthorized access to
- computer systems. A "phone phreak" in an individual,
- associated with the computer underground, who
- specializes in obtaining unauthorized information about
- the phone system. A "software pirate" is an
- individual, associated with the computer underground,
- who distributes or collects copyrighted computer
- software. These definitions have been derived from the
- data, instead of relying upon those who defend the
- "integrity" of the original meanings, or those who are
- unfamiliar with the culture.
- ^
-
- 26
-
-
- Topography of the Computer Underground
- Having defined the three main roles in the
- computer underground, it is necessary to examine each
- activity separately in order to provide a general
- typology of the computer underground. In doing so, the
- ways in which each contributes to the culture as a
- whole will be illustrated, and the divisions between
- them that affect the overall organization will be
- developed. Analysis of these roles and divisions is
- crucial to understanding identity, access, and mobility
- within the culture.
-
- Hacking
- In the vernacular of the computer underground,
- "hacking" refers to gaining access and exploring
- computer systems and networks. "Hacking" encompasses
- both the act and the methods used to obtain valid user
- accounts on computer systems.
- "Hacking" also refers to the activity that
- occurs once access to another computer has been
- obtained. Since the system is being used without
- authorization, the hacker does not, generally speaking,
- have access to the usual operating manuals and other
- resources that are available to legitimate users.
- ^
-
- 27
- Therefore, the hacker must experiment with commands and
- explore various files in order to understand and
- effectively use the system. The goal here is to
- explore and experiment with the system that has been
- entered. By examining files and, perhaps, by a little
- clever programming, the hacker may be able to obtain
- protected information or more powerful access
- privileges.5
-
- Phreaking
- Another role in the computer underground is that
- of the "phone phreak." Phone phreaking, usually called
- just "phreaking," was widely publicized when the
- exploits of John "Cap'n Crunch" Draper, the "father of
- phreaking," were publicized in a 1971 Esquire magazine
- article.
- The term "phreaking" encompasses several different
- means of circumventing the billing mechanisms of
- telephone companies. By using these methods, long-
- ____________________
- 5 Contrary to the image sometimes perpetuated by
- computer security consultants, the data indicate that
- hackers refrain from deliberately destroying data or
- otherwise damaging the system. Doing so would conflict
- with their instrumental goal of blending in with the
- average user so as not to attract undue attention to
- their presence and cause the account to be deleted.
- After spending what may be a substantial amount of time
- obtaining a high access account, the hacker places a
- high priority on not being discovered using it.
- ^
-
- 28
- distance phone calls can be placed without cost. In
- many cases the methods also prevent, or at least
- inhibit, the possibility of calls being traced to their
- source thereby helping the phreaker to avoid being
- caught.
- Early phreaking methods involved electro-
- mechanical devices that generated key tones, or altered
- line voltages in certain ways as to trick the
- mechanical switches of the phone company into
- connecting calls without charging. However the advent
- of computerized telephone-switching systems largely
- made these devices obsolete. In order to continue
- their practice the phreaks have had to learn hacking
- skills:6
- Phreaking and hacking have just recently
- merged, because now, the telephone companies
- are using computers to operate their network.
- So, in order to learn more about these
- computers in relation to the network, phreaks
- have learned hacking skills, and can now
- program, and get around inside the machines
- (AF, message log, 1988).
- For most members of the computer underground,
- phreaking is simply a tool that allows them to call
- long distance without amassing enormous phone bills.
- ____________________
- 6 Because the two activities are so closely
- related, with phreakers learning hacking skills and
- hackers breaking into "telco" computers, reference is
- usually made to phreak/hacking or "p/hackers." This
- paper follows this convention.
- ^
-
- 29
- Those who have a deeper and more technically oriented
- interest in the "telco" (telephone company) are known
- as phreakers. They, like the hackers discussed earlier,
- desire to master and explore a system that few
- outsiders really understand:
- The phone system is the most interesting,
- fascinating thing that I know of. There is so
- much to know. Even phreaks have their own
- areas of knowledge. There is so much to know
- that one phreak could know something fairly
- important and the next phreak not. The next
- phreak might know ten things that the first
- phreak doesn't though. It all depends upon
- where and how they get their info. I myself
- %sic% would like to work for the telco, doing
- something interesting, like programming a
- switch. Something that isn't slave labor
- bullshit. Something that you enjoy, but have
- to take risks in order to participate unless
- you are lucky enough to work for the telco.
- To have access to telco things, manuals, etc
- would be great (DP, message log, 1988).
- Phreaking involves having the dedication to
- commit yourself to learning as much about the
- phone system/network as possible. Since most
- of this information is not made public,
- phreaks have to resort to legally
- questionable means to obtain the knowledge
- they want (TP2, message log, 1988).
-
- Most members of the underground do not approach
- the telephone system with such passion. Many hackers
- are interested in the phone system solely to the extent
- that they can exploit its weaknesses and pursue other
- goals. In this case, phreaking becomes a means and not
- a pursuit unto itself. Another individual, one who
- ^
-
- 30
- identifies himself as a hacker, explains:
- I know very little about phones . . . I just
- hack. See, I can't exactly call these numbers
- direct. A lot of people are in the same
- boat. In my case, phreaking is a tool, an
- often used one, but nonetheless a tool (TU,
- message log, 1988).
-
- In the world of the computer underground, the
- ability to "phreak a call" is taken for granted. The
- invention of the telephone credit card has opened the
- door to wide-scale phreaking. With these cards, no
- special knowledge or equipment is required to phreak a
- call, only valid credit card numbers, known as "codez,"
- are needed to call any location in the world. This
- easy access to free long-distance service is
- instrumental for maintaining contact with CU
- participants scattered across the nation.
-
- Pirating
- The third major role in the computer underground
- is that of the software pirate. Software piracy refers
- to the unauthorized copying and distribution of copy-
- righted software. This activity centers around
- computer bulletin board systems that specialize in
- "warez."7 There pirates can contribute and share
- ____________________
- 7 "Warez" is a common underground term that refers
- to pirated software.
- ^
-
- 31
- copies of commercial software. Having access to these
- systems (usually obtained by contributing a copyrighted
- program via a telephone modem) allows the pirate to
- copy, or "download," between two to six programs that
- others have contributed.
- Software piracy is a growing concern among
- software publishing companies. Some contend that the
- illegal copying of software programs costs the industry
- billions of dollars in lost revenues. Pirates challenge
- this, and claim that in many ways pirating is a hobby,
- much like collecting stamps or baseball cards, and
- their participation actually induces them to spend more
- on software than they would otherwise, even to the
- point of buying software they don't truly need:
- There's a certain sense of, ahh, satisfaction
- in having the latest program, or being the
- first to upload a program on the "want list."
- I just like to play around with them, see
- what they can do. If I like something, I'll
- buy it, or try out several programs like it,
- then buy one. In fact, if I wasn't pirating,
- I wouldn't buy any warez, because some of
- these I buy I do for uploading or just for
- the fun of it. So I figure the software
- companies are making money off me, and this
- is pretty much the same for all the really
- elite boards, the ones that have the best and
- most programs. . . . I just bought a $117.
- program, an accounting program, and I have
- absolutely no use for it. It's for small
- businesses. I thought maybe it would auto-
- write checks, but it's really a bit too high
- powered for me. I thought it would be fun to
- trade to some other boards, but I learned a
- lot from just looking at it (JX, field notes,
- 1989).
- ^
-
- 32
-
- Pirates and phreak/hackers do not necessarily
- support the activities of each other, and there is
- distrust and misunderstanding between the two groups.
- At least part of this distrust lies in the
- phreak/hacker perception that piracy is an unskilled
- activity.8 While p/hackers probably don't disapprove
- of piracy as an activity, they nevertheless tend to
- avoid pirate bulletin board systems --partly because
- there is little pertinent phreak/hack information
- contained on them, and partly because of the belief
- that pirates indiscriminately abuse the telephone
- network in pursuit of the latest computer game. One
- hacker illustrates this belief by theorizing that
- pirates are responsible for a large part of telephone
- credit card fraud.
- The media claims that it is solely hackers
- who are responsible for losses pertaining to
- large telecommunication companies and long
- distance services. This is not the case. We
- are %hackers% but a small portion of these
- losses. The rest are caused by pirates and
- thieves who sell these codes to people on the
- street (AF, message log, 1988).
- Other hackers complained that uploading large
- ____________________
- 8 A possible exception to this are those pirates
- that have the programming skills needed to remove copy
- protection from software. By removing the program code
- that inhibits duplicate copies from being made these
- individuals, known as "crackers," contribute greatly to
- the easy distribution of "warez."
- ^
-
- 33
- programs frequently takes several hours to complete,
- and it is pirate calls, not the ones placed by "tele-
- communications enthusiasts" (a popular euphemism for
- phreakers and hackers) that cost the telephone industry
- large sums of money. However, the data do not support
- the assertation that all pirates phreak their calls.
- Phreaking is considered "very tacky" among elite
- pirates, and system operators (Sysops) of pirate
- bulletin boards discourage phreaked calls because it
- draws attention to the system when the call is
- discovered by the telephone company.
- Regardless of whether it is the lack of phreak/
- hack skills, the reputation for abusing the network, or
- some other reason, there is indeed a certain amount of
- division between the world of phreakers and hackers and
- that of pirates. The two communities co-exist and share
- resources and methods, but function separately.
-
- ^
-
- 34
-
-
- Social Organization and Deviant Associations
- Having outlined and defined the activities of the
- computer underground, the question of social
- organization can be addressed. Joel Best and David
- Luckenbill (1982) have developed a typology for
- identifying the social organization of deviant
- associations. Essentially they state that deviant
- organizations, regardless of their actual type of
- deviance, will vary in the complexity of their division
- of labor, coordination among organization roles, and
- the purposiveness with which they attempt to achieve
- their goals. Those organizations which display high
- levels in each of these categories are more
- sophisticated than those with lower levels.
- Deviants relations with one another can be
- arrayed along the dimension of organizational
- sophistication. Beginning with the least
- sophisticated form, %we% discuss five forms
- of the social organization of deviants:
- loners, colleagues, peers, mobs, and formal
- organizations. These organization forms are
- defined in terms of four variables: whether
- the deviants associate with one another;
- whether they participate in deviance
- together; whether their deviance requires an
- elaborate division of labor; and whether
- their organization's activities extend over
- time and space (Best and Luckenbill, 1982,
- p.24).
- These four variables, also known as mutual association,
- mutual participation, elaborate division of labor, and
- ^
-
- 35
- extended organization, are indicators of the social
- organization of deviant groups. The following, taken
- from Best and Luckenbill, illustrates:
- FORM OF MUTUAL MUTUAL DIVISION EXTENDED
- ORGAN- ASSOCIA- PARTICIPA- OF ORGAN-
- IZATION TION TION LABOR IZATION
- -----------------------------------------------------
- Loners no no no no
- Colleagues yes no no no
- Peers yes yes no no
- Mobs yes yes yes no
- Formal
- Organizations yes yes yes yes
- _____________________________________________________
- (1982, p.25)
-
- Loners do not associate with other deviants,
- participate in shared deviance, have a
- division of labor, or maintain their deviance
- over extended time and space. Colleagues
- differ from loners because they associate
- with fellow deviants. Peers not only
- associate with one another, but also
- participate in deviance together. In mobs,
- this shared participation requires an
- elaborate division of labor. Finally, formal
- organizations involve mutual association,
- mutual participation, an elaborate division
- of labor, and deviant activities extended
- over time and space (Best and Luckenbill,
- 1982, pp.24-25).
- The five forms of organizations are presented as
- ideal types, and "organizational sophistication" should
- be regarded as forming a continuum with groups located
- at various points along the range (Best and Luckenbill,
- 1982, p.25). With these two caveats in mind, we begin
- to examine the computer underground in terms of each of
- ^
-
- 36
- the four organizational variables. The first level,
- mutual association, is addressed in the following
- section.
-
- ^
-
- 37
-
-
- Mutual Association
- Mutual association is an indicator of
- organizational sophistication in deviant associations.
- Its presence in the computer underground indicates that
- on a social organization level phreak/hackers act as
- "colleagues." Best and Luckenbill discuss the
- advantages of mutual association for unconventional
- groups:
- The more sophisticated the form of
- organization, the more likely the deviants
- can help one another with their problems.
- Deviants help one another in many ways: by
- teaching each other deviant skills and a
- deviant ideology; by working together to
- carry out complicated tasks; by giving each
- other sociable contacts and moral support; by
- supplying one another with deviant equipment;
- by protecting each other from the
- authorities; and so forth. Just as %others%
- rely on one another in the course of everyday
- life, deviants find it easier to cope with
- practical problems when they have the help of
- deviant associates (1982,pp.27-28).
-
- Hackers, phreakers, and pirates face practical
- problems. For example, in order to pursue their
- activities they require equipment9 and knowledge. The
- ____________________
- 9 The basic equipment consists of a modem, phone
- line, and a computer -- all items that are available
- through legitimate channels. It is the way the
- equipment is used, and the associated knowledge that is
- required, that distinguishes hackers from other
- computer users.
- ^
-
- 38
- problem of acquiring the latter must be solved and,
- additionally, they must devise ways to prevent
- discovery , apprehension and sanctioning by social
- control agents.10
- One method of solving these problems is to turn to
- other CU members for help and support. Various means
- of communication have been established that allow
- individuals to interact regardless of their location.
- As might be expected, the communication channels used
- by the CU reflect their interest and ability in high-
- technology, but the technical aspects of these methods
- should not overshadow the mutual association that they
- support. This section examines the structure of
- mutual association within the computer underground.
-
-
-
-
-
-
-
- ____________________
-
- 10 Telephone company security personnel, local law
- enforcement, FBI, and Secret Service agents have all
- been involved in apprehending hackers.
- ^
-
- 39
-
-
- The Structure of the Computer Underground
- Both computer underground communities, the
- p/hackers and the pirates, depend on communications
- technology to provide meeting places for social and
- "occupational" exchanges. However, phreakers, hackers,
- and pirates are widely dispersed across the country
- and, in many cases, the globe. In order for the
- communication to be organized and available to
- participants in many time zones and "working" under
- different schedules, centralized points of information
- distribution are required. Several existing
- technologies --computer bulletin boards, voice mail
- boxes, "chat" lines, and telephone bridges/loops --
- have been adopted by the CU for use as communication
- points. Each of these technologies will be addressed in
- turn, giving cultural insight into CU activities, and
- illustrating mutual association among CU participants.
-
- Bulletin Board Systems
- Communication in the computer underground takes
- place largely at night, and primarily through Bulletin
- Board Systems (BBS). By calling these systems and
- "logging on" with an account and password individuals
- can leave messages to each other, download files and
- ^
-
- 40
- programs, and, depending on the number of phone lines
- into the system, type messages to other users that may
- be logged on at the same time.
- Computer Bulletin Board Systems, or "boards," are
- quite common in this computerized age. Nearly every
- medium-sized city or town has at least one. But not all
- BBS are part of the computer underground culture. In
- fact, many systems prohibit users from discussing CU
- related activity. However, since all bulletin boards
- systems essentially function alike it is only the
- content, users, and CU culture that distinguish an
- "underground" from a "legitimate" bulletin board.
- Computer Underground BBS are generally owned and
- operated by a single person (known as the "system
- operator" or "sysop"). Typically setup in a spare
- bedroom, the costs of running the system are paid by
- the sysop, though some boards solicit donations from
- users. The sysop maintains the board and allocates
- accounts to people who call the system.
- It is difficult to assess the number of
- underground bulletin boards in operation at any one
- time. BBS in general are transitory in nature, and CU
- boards are no exception to this. Since they are
- operated by private individuals, they are often set up
- and closed down at the whim of the operator. A week
- ^
-
- 41
- that sees two new boards come online may also see
- another close down. A "lifetime" of anywhere from 1
- month to 1-1/2 years is common for pirate and
- phreak/hack boards.11 One BBS, claimed to be the
- "busiest phreak/hack board in the country" at the
- time,12 operated for less than one year and was
- suddenly closed when the operator was laid off work.
- Further compounding the difficulty of estimating
- the number of CU boards is their "underground" status.
- CU systems do not typically publicize their existence.
- However, once access to one has been achieved, it is
- easy to learn of other systems by asking users for the
- phone numbers. Additionally, most BBS maintain lists
- of other boards that users can download or read. So it
- is possible, despite the difficulties, to get a feel
- for the number of CU boards in operation. Pirate
- boards are the most common of "underground" BBS. While
- there is no national "directory" of pirate boards,
- there are several listings of numbers for specific
- ____________________
- 11 While some non-CU BBS' have been operating
- since 1981, the longest operating phreak/hack board has
- only been in operation since 1984.
-
- 12 At it's peak this p/h board was receiving 1000
- calls a month and supported a community of 167 users
- (TP BBS, message log, 1989).
- ^
-
- 42
- computer brands.13 One list of Apple pirate boards has
- 700 entries. Another, for IBM boards, lists just over
- 500. While there is no way of determining if these
- lists are comprehensive, they provide a minimum
- estimate. Pirate boards for systems other than IBM or
- Apple seem to exhibit similar numbers. David Small, a
- software developer that has taken an aggressive stance
- in closing down pirate boards, estimates that there are
- two thousand in existence at any one time (1988).
- Based on the boards discovered in the course of this
- research, and working from an assumption that each of
- the four major brands of microcomputers have equal
- numbers of pirate boards, two thousand is a reasonable
- estimate.
- The phreak/hack BBS community is not divided by
- differing brands of micro-computers. The applicability
- of phreak/hack information to a wide range of systems
- does not require the specialization that pirate boards
- exhibit. This makes it easier to estimate the number
- of systems in this category.
- John Maxfield, a computer security consultant, has
- asserted that there are "thousands" of phreak/hack
- ____________________
- 13 Pirate boards are normally "system specific" in
- that they only support one brand or model of
- microcomputer.
- ^
-
- 43
- boards in existence (WGN-Radio, November 1988). The
- data, however, do not confirm this. A list of
- phreak/hack boards compiled by asking active p/hackers
- and downloading BBS lists from known phreak/hack
- boards, indicates that there are probably no more than
- one hundred. Experienced phreak/hackers say that the
- quality of these boards varies greatly, and of those
- that are in operation today only a few (less than ten)
- attract the active and knowledgeable user.
- Right after "War Games" came out there must
- have been hundreds of hacker bulletin boards
- spring up. But 99% of those were lame. Just a
- bunch of dumb kids that saw the movie and
- spent all there %sic% time asking "anyone got
- any k00l numberz?" instead of actually
- hacking on anything. But for a while there
- was %sic% maybe ten systems worth calling . .
- . where you could actually learn something
- and talk to people who knew what was going
- Nowadays %sic% there are maybe three that I
- consider good . . . and about four or five
- others that are okay. The problem is that
- anybody can set up a board with a k-rad name
- and call it a hacker board and the media/feds
- will consider it one if it gets busted. But
- it never really was worth a shit from the
- beginning.(TP2, field notes, 1989)
-
- Towards a BBS Culture. Defining and identifying
- CU boards can be problematic. The lack of an ideal
- type undoubtedly contributes to the varying estimates
- of the number of CU bulletin board systems. While
- developing such a typology is not the intent of this
- work, it is appropriate to examine the activities and
- ^
-
- 44
- characteristics exhibited by BBS supporting the pirate
- and phreak/hack communities. While much of the culture
- of pirate and phreak/hack worlds overlap, there are
- some differences in terms of how the BBS medium is used
- to serve their interests. We begin with a short
- discussion of the differences between the two
- communities, then discuss cultural characteristics
- common to all CU BBS systems.
- All BBS feature a "files area" where programs and
- text files are available for downloading by users.
- Initially these programs/files are supplied by the
- system operator, but as the board grows they are
- contributed (called "uploading") by callers. The
- content and size of the files area differs according to
- whether the board supports the pirate or phreak/hack
- community.
- The files area on a pirate board consists
- primarily of programs and program documentation.
- Normally these programs are for only one brand of
- micro-computer (usually the same as the system is being
- run on). Text files on general or non-computer topics
- are uncommon. A "files area" menu from a pirate BBS
- illustrates the emphasis on software:
- %1% Documentation %2% Telecommunications
- %3% Misc Applications %4% Word Processing
- %5% Graphics %6% Utilities
- %7% Games 1 %8% Games 2
- ^
-
- 45
- %9% XXX Rated %10% Elite_1
- %11% Elite_2 %12% Super_Elite
- (IN BBS, message log, 1988)
- The "files area" on a phreak/hack BBS is
- noticeably smaller than it is on pirate systems. It
- consists primarily of instructional files (known as "g-
- files" for "general files") and copies of phreak/hack
- newsletters and journals. Pirated commercial software
- is very rare; any programs that are available are
- usually non-copyrighted specialized programs used to
- automate the more mundane aspects of phreaking or
- hacking. It is not uncommon to find them in forms
- usable by different brands of computers. A "files
- area" list from a phreak/hack BBS is listed here
- (edited for size):
- Misc Stuff
- -------------
- BRR2 .TXT: Bell Research Report Volume II
- BRR1 .TXT: Bell Research Report Volume I
- CONFIDE .ARC: Confide v1.0 DES
- EnCryption/DeCryption
- CNA .TXT: A bunch of CNA numbers
- CLIPS .ARC: newsclippings/articles on hackers
- and busts
- ESS1 .TXT: FILE DESCRIBING THE ESS1 CHIP
- TELEPHON.TXT: NY Times Article on hackers/phreaks
- HP-3000 .TXT: This tells a little info about hp
- VIRUS .TXT: Digest of PC anti-viral programs.
- Hack/Phreak Programs
- -----------------------
- THIEF .ARC: Code Thief for IBM!
- PC-LOK11.ARC: IBM Hard Disk Lock Utility- fairly
- good.
- PHONELIS.COM: Do a PHONE DIR command on VAX from
- DCL.
- XMO .FOR: VAX Xmodem Package in FORTRAN
- ^
-
- 46
- PASSWORD.ARC: IBM Password on bootup. Not too
- bad.
- Archived Gfiles
- ----------------------
- PHRACK15.ARC: Phrack #15
- PHRACK10.ARC: Phrack #10
- PHRACK20.ARC: Phrack #20
- ATI1_6.ARC : ATI issues one thru six
- PHRACK5.ARC : Phrack #5
- PHRACK25.ARC: Phrack #25
- PHUN1.ARC : P/Hun first issue
- TCSJ.ARC : Telecom Security Journal
- ATI31.ARC : Activist Times Inc number 31
- LODTECH3.ARC: LoD Tech Journal three
- (TPP BBS, message log, 1988)
- The difference in files area size is consistent
- with the activities of pirates and phreak/hackers. The
- main commodity of exchange between pirates is, as
- discussed earlier, copyrighted software thus accounting
- for the heavy use of that area of the board that
- permits exchange of programs. The phreak/hackers, on
- the other hand, primarily exchange information about
- outside systems and techniques. Their interests are
- better served by the "message bases" of BBS.
- The "message bases" (areas where callers leave
- messages to other users) are heavily used on
- phreak/hack systems. The messages are not specific to
- one brand of micro-computer due to the fact that not
- all users own the same equipment. Rather than focus on
- the equipment owned by the phreak/hacker, the messages
- deal with their "targets." Everything from
- phreak/hacking techniques to CU gossip is discussed. On
- ^
-
- 47
- some boards all the messages, regardless of topic, are
- strung together in one area. But on others there are
- separate areas dealing with specific networks and
- mainframe computers:
- Message Boards available:
- 1 : General
- 2 : Telecommunications
- 3 : Electronics
- 4 : Packet Switched Nets
- 5 : VAX/DEC
- 6 : Unix
- 7 : Primos
- 8 : HP-x000
- 9 : Engineering
- 10 : Programming & Theory
- 11 : Phrack Inc.
- 12 : Sociological Inquiries
- 13 : Security Personnel & Discussion
- 14 : Upper Deck
- 15 : Instructors
- (TPP BBS, message log, 1988)
-
- The pirate community, on the other hand, makes
- little use of the "message bases." Most users prefer to
- spend their time (which may be limited by the system
- operator on a per day or per call basis) uploading
- and/or downloading files rather than leaving messages
- for others. Those messages that do exist are usually
- specific to the pirating enterprise such as help with
- programs on the board, requests for specific programs
- ("want lists"), and notices about other pirate bulletin
- boards that users may want to call. Occasional
- discussion of phreaking may occur, but the emphasis is
- ^
-
- 48
- on techniques used to make free calls, not technical
- network discussions as often occurs on phreak/hack
- systems. A list of message areas from a large pirate
- BBS illustrates the emphasis on the pirating
- enterprise. A message area for general discussions has
- been created, but those areas devoted to pirating
- display more use:
- Area %1% General Discussion 15 messages
- Area %2% Pirating Only!! 75 messages
- Area %3% Warez Wants 31 messages
- Area %4% **private messages** 10 messages
- (TL BBS, message log, 1988)
-
- In addition to the differences between files and
- message use on pirate and phreak/hack boards, they
- differ in degree of community cohesiveness. Every BBS
- has a group of "users" --the people who have accounts
- on the system. The group of users that call a specific
- BBS can be considered to be a "community" of loosely
- associated individuals by virtue of their "membership"
- in the BBS.
- Additionally, the system itself, serving either
- pirates or phreak/hackers, exists within a loose
- network of other bulletin boards that serve these same
- interests. It is within this larger community where
- pirate and phreak/hack boards seem to differ.
- Due to the brand-specific nature of pirate boards,
- there is not a strong network between pirate BBS that
- ^
-
- 49
- operate on other systems. This is understandable as a
- pirate that owned an Apple computer would have little
- use for the programs found on an IBM board. However,
- this creates separate communities of active pirates,
- each loosely associated with other users of their
- computer type, but with little or no contact with
- pirate communities on other systems.
- There is, however, a degree of cohesiveness among
- pirate boards that support the same micro-computers.
- While the users may be different on systems, the data
- shows that some pirate boards are "networked" with each
- other via special software that allows messages and
- files to be automatically shared between different
- boards. Thus a message posted on a west coast pirate
- board will be automatically copied on an east coast BBS
- later that night. In a like manner, software programs
- can be sent between "networked" boards. The extent of
- this network is unknown.
- The pirate BBS community also exhibits
- cohesiveness in the form of "co-sysops." As discussed
- earlier, sysops are the system operators and usually
- owners of BBS. On some pirate boards, "co-sysop"
- distinction is given to an operator of another board,
- often located in another state. This forms a loose
- network of "sister boards" where the sysop of one has
- ^
-
- 50
- co-sysop privileges on the other. However, this
- cooperative effort appears to be limited mainly to the
- system operators as comparing user lists from sister
- boards shows little overlap between the regular
- callers. How co-sysop positions are utilized is
- unknown, and it is suspected that they are largely
- honorary. But nonetheless it is indicative of mutual
- association between a small number of boards.
- The phreak/hack board community does not exhibit
- the same brand-specific division as the pirate
- community. Unlike the divided community of pirates,
- phreak/hackers appear to maintain contacts throughout
- the country. Obtaining and comparing user lists from
- several phreak/hack BBS reveals largely the same group
- of people using several different boards across the
- country.14 While phreak/hack boards have yet to adopt
- the "networking" software used by pirate boards, an
- active group of phreak/hackers is known to use the
- sophisticated university mainframe computer network,
- called Bitnet, to exchange phreak/hack newsletters and
- gossip.
- Despite the operational differences between pirate
- ____________________
- 14 In fact, users lists from phreak/hack BBSs
- located in Europe and Australia show that many U.S.
- p/hackers utilize these systems as well.
- ^
-
- 51
- and phreak/hack boards, their cultures are remarkably
- similar. Any discussion of the computer underground
- must include both communities. Additionally, a
- formulation of the culture of CU BBS must address the
- means in which access to the board, and thus deviant
- associates, is obtained.
- For a caller to successfully enter the CU BBS
- community, he must display an awareness of CU culture
- and technical skill in the CU enterprise. If the caller
- fails to exhibit cultural knowledge, then access to the
- board is unlikely to be granted. The ways in which
- this cultural knowledge is obtained and displayed
- illustrates the social nature of the CU and further
- displays some of the subcultural norms of behavior.
- On most "licit" (non-underground) boards,
- obtaining permission to use the system is accomplished
- by logging on and providing a name and home phone
- number to the system operator (sysop). Sysop's
- normally do not check the validity of the information,
- and once a caller has provided it he or she is granted
- full access to the system. There is normally one level
- of access for all users, with only the sysop having
- more "powerful" access.
- Obtaining access to underground bulletin boards is
- more complicated and requires more steps to complete.
- ^
-
- 52
- In an attempt to prevent law enforcement agents
- ("feds") from obtaining accounts on systems where
- pirates or p/hackers are vulnerable, if not to actual
- arrest, then at least to exposing their latest act-
- ivities and methods, sysop's of illicit boards attempt
- to limit access to the system.
- One method of doing this is to restrict
- publicizing the existence of the board. Computer
- underground BBS are not normally included in BBS
- listings found in computer books and magazines, and
- there is a norm, particularly strong on p/hack systems,
- that the boards are not to be mentioned on non-CU
- systems. There are, however, some "entry-level" CU BBS
- that are fairly well known. These systems are known as
- "anarchist" boards.
- "Anarchist" boards, while exhibiting many of the
- same characteristics as pirate and phreak/hack boards,
- are really a cross between the two and serve primarily
- as social outlets for both pirates and phreak/hackers.
- The message areas on "anarchist" boards are quite
- active, "chatty" messages are not discouraged. Indeed
- there are normally several different message areas
- devoted to a wide range of topics including everything
- from "skipping school" to "punk rock." The files area
- contains both warez (but normally only the newest
- ^
-
- 53
- games, and specific to the computer system that the
- board runs on) and phreak/hack text files. Neither
- collection is as extensive as it would be on pirate-
- only or p/hack-only systems.
- The data suggest that one function of "anarchist"
- boards is to introduce newcomers to the culture of the
- computer underground. By acting as "feeder boards,"
- they can provide preliminary socialization and
- instruction for CU behavior and techniques.
- Additionally, "anarchist" boards frequently provide
- areas where phone numbers to pirate and p/hack systems
- can be traded, thus providing systems where more in-
- depth information, and other contacts, can be found. A
- phreak/hacker describes how an "anarchist" board was
- instrumental in introducing him to the computer
- underground:
- I've been phreaking and hacking for about
- four years now. I discovered phreaking on my
- own at this place I used to work. We had
- this small LD %long distance% provider that
- used codez so I started hacking them out and
- calling places myself . . . but I didn't know
- no other phreaks at that time. Then I
- started using the codez to call boards from
- home on my computer. Somebody gave me the
- number to Jack Black's Whore House %an
- "anarchy board"% and I started learning about
- hacking and shit from the people and philes
- they had there. Then one day this guy, King
- Hammer, sent me some e-mail %a private
- message% and told me to call his system.
- That's where I really learned my way around
- the nets and shit. You could ask questions
- and people would help you out and stuff. If I
- ^
-
- 54
- hadn't found out some of the tricks that I
- did I probably would have got busted by now.
- (TP2, field notes, 1989)
- Once an individual has obtained the telephone
- number to a CU BBS, through whatever channels, callers
- follow essentially the same procedure as they do on
- licit systems . . . that of calling and logging on.
- However, since "underground" boards are not truly
- underground (that is, totally secret) first-time
- callers are not given access to the board itself. When
- a user is unable to provide an already valid
- username/password, the system will automatically begin
- its registration procedure. First, the caller is
- asked to enter a "username" (the name used by the
- system to distinguish between callers) and "phone
- number." These first system requests, normally seen
- only as "Enter Your Name and Phone Number," serve as
- partial screens to keep out non-underground callers
- that may have happened across the board. The way that
- a user responds to these questions indicates if they
- have cultural knowledge of the CU. The norm is to
- enter a pseudonym and a fake phone number.15 If a
- ____________________
- 15 A functional reason for this norm is that
- usernames and telephone numbers are stored on the
- computer as part of the BBS system files. Should the
- BBS ever be seized in legal proceedings, this list of
- names and numbers (and on some systems addresses . . .
- which are also normally false) could be used to
- identify the users of the system.
- ^
-
- 55
- caller enters his or her real name (or at least a name
- that does not appear to be a pseudonym) the system
- operator will be put on guard that the caller may not
- be aware of the type of board that he has called, for
- the pseudonym is the most visible of CU cultural
- traits.
- All members of the underground adopt "handles" to
- protect their identity. The pseudonyms become second
- identities and are used to log onto bulletin boards,
- and as "signatures" on messages and instructional text
- files.16 They are not unlike those adopted by
- citizens-band radio users, and reflect both the humor
- and technical orientation of computer underground
- participants. A review of handles used by phreakers,
- hackers, and pirates finds that they fall into three
- broad categories: figures from literature, films, and
- entertainment (often science fiction); names that play
- upon computers and related technologies; and
- nouns/descriptive names. (See Appendix A for fictional
- examples of each.)
- After providing a user name and entering a
- ____________________
-
- 16 The data suggest that, on the whole,
- individuals retain their handles over time.
- ^
-
- 56
- password to be used for future calls, the caller is
- asked several more questions designed to screen users
- and determine initial access privileges. Unlike licit
- boards, underground BBS may have several different
- levels of access with only the most trusted users being
- able to read messages and get files in "elite" or "high
- access" areas that are unknown and unavailable to other
- callers. In many cases, pirate boards are able to
- operate "above ground" and appear to be open-public
- access systems unless callers have the proper
- privileges to access the areas where the "good stuff"
- is located. The answers given to access questionnaires
- determine whether a caller will receive access to some,
- all, or none of the higher levels.
- These questionnaires frequently ask for "personal
- references" and a list of other boards the caller has
- "high access" on. The question is vague, and random
- callers are unlikely to answer it correctly. However,
- if the caller lists pseudonyms of other CU members that
- are known and trustworthy to the sysop, as well as some
- other boards that are known to have "good users" and
- "good security" access will usually be granted.17 If
- all the answers are relevant and indicative of CU
- ____________________
- 17 The data suggest that personal references are
- only checked if something seems unusual or suspicious.
- ^
-
- 57
- knowledge, then initial access is normally granted.
- Other methods of controlling access include
- presenting a "quiz" to determine if the technical
- knowledge of the user is up to par with the expertise
- expected on the boards.18 Some systems, instead of a
- quiz, ask the user to write a short statement (100
- words or less) about why they want access, where they
- got the phone number to the system, and what they can
- provide to other users. Some pirate boards come right
- out and ask the user to supply a list of the good
- "warez" that they can upload and what they are looking
- to download. If the caller fails to list recent
- copyrighted programs then it is evident that they are
- unaware of the nature of the BBS:
- I had this one dude call up and he told me in
- his message that he was looking for some
- "good games." So instead of giving him
- access I just left him some e-mail %a private
- message%. I asked what kind of games he was
- looking for. Next time he called he wrote
- back and said "a public domain Asteroids
- game." I couldn't believe it. Not only is
- Asteroids so damn old it's lame, but this guy
- is looking for pd %public domain% shit. No
- way was he going to get access. He didn't
- even know what this board is. I left him a
- message telling him that I didn't have one.
- He never called back after that (CH, sysop of
- a pirate BBS, field notes, 1988).
- ____________________
- 18 One such quiz, from a p/h board, can be found
- in Appendix B.
- ^
-
- 58
- Ironically, the pseudo-elaborate security methods
- of underground boards, while they may be effective in
- keeping off random non-CU callers, are not effective in
- screening out "feds." Data and media accounts show that
- boards are regularly infiltrated by telephone security
- personnel and software companies. Also, the adoption of
- handles to protect identities is defeated by the
- consistent use of the same handle over time. But in
- order to obtain and maintain status and prestige in the
- CU one must keep the same pseudonym in order to
- (literally) "make a name for oneself." The fact that CU
- communication is not face-to-face requires a consistent
- means of identifying oneself to others. The handle
- fulfills this purpose but at the same time becomes as
- attached to a single individual as a real name would.
- The access rituals of the computer underground, which
- are contingent on being a "known" pirate or
- phreak/hacker, make changing handles unproductive.
- The life blood and center of the computer under-
- ground is the bulletin board network. Acting as both
- the main trade center of performance related tools and
- innovations and as a means of socialization, the
- underground could not exist without the BBS network.
- They serve to "recruit" and educate newcomers and
- provide a way to traffic in information and software.
- ^
-
- 59
- The pirating enterprise in particular is very dependent
- upon the BBS as they are the very means by which
- "warez" are traded. For the phreak/hacker community,
- BBS provide a means of trading the resources of system
- numbers and passwords, as well as instructional texts
- on techniques. The access process serves as evidence
- of mutual association amongst phreakers, hackers, and
- pirates as cultural knowledge is needed as well as
- personal references (evidence of acceptance and access
- to others).
- The CU bulletin board systems are unique in that
- they provide a way to exchange information with a large
- number of others. The other methods of CU commun-
- ication are based on conversations rather than written
- texts and thus are much less permanent. These methods,
- discussed next, are telephone bridges/loops, voice mail
- boxes, and computer "chat" systems.
-
- Bridges, Loops, and Voice Mail Boxes
- Of the additional means of communication used by
- the CU, telephone "bridges" and "loops" are most
- common. Unlike BBS, which require data links provided
- by a computer and modem, bridges and loops are "old
- fashioned" voice connections. Since they can not
- accommodate the transfer of programs or files they are
- used primarily by phreakers and hackers, and most often
- ^
-
- 60
- as a social/recreational outlet.
- A "bridge" is a technical name for what is
- commonly known as a "chat line" or "conference system."
- They are familiar to the public as the pay-
- per-minute group conversation systems advertised on
- late night television. Many bridge systems are owned
- by large corporations who maintain them for business
- use during the day. While the numbers to these systems
- is not public knowledge, many of them have been
- discovered by phreaks who then utilize the systems
- during the night.
- In addition to these pre-existing conference
- systems, phreakers have become skilled at arranging
- for a temporary, private bridge to be created via
- AT&T's conference calling facilities. This allows for
- conversations to be held among a self-selected group of
- phreak/hackers:19
- Bridges can be %sic% extremely useful means
- of distributing information as long as the
- %phone% number is not known, and you don't
- have a bunch of children online testing out
- ____________________
- 19 The data indicates that these private
- conference calls aren't "scheduled" in any real sense.
- One p/hacker will initiate the conference and call
- others at home to add them to the conference. As more
- people join they suggest others to add. The initiator
- can temporarily jump out of the conference, call the
- new person and solicit their attendance. If they don't
- want to join or aren't home, the initiator simply
- returns to the conference without adding them in.
- ^
-
- 61
- their DTMF.20 The last great discussion I
- participated with over a bridge occurred
- about 2 months ago on an AT&T Quorum where
- all we did was engineer 3/way %calls% and
- restrict ourselves to purely technical infor-
- mation. We could have convinced the Quorum
- operators that we were AT&T technicians had
- the need occurred. Don't let the kids ruin
- all the fun and convenience of bridges.
- Lameness is one thing, practicality is
- another (DC, message log, 1988).
-
- In addition to setting up "private" bridges,
- p/hackers can utilize "loop lines" in a further attempt
- to limit the number of eavesdroppers on their
- conversations. Unlike bridges, which connect a
- virtually unlimited number of callers at once, "loops"
- are limited to just two people at a time.
- "Loop lines" are actually telephone company test
- lines installed for internal use.21 A loop consists of
- two separate telephone numbers that connect only to
- each other. Each end has a separate phone number, and
- when each person calls one end, they are connected to
- each other automatically. This allows for individuals
- ____________________
- 20 "Dual Tone Multi Frequency" or in laymen terms,
- the touch tone sounds used to dial phone numbers.
-
- 21 These test lines are discovered by phreaks and
- hackers by programming their home computer to dial
- numbers at random and "listen" for the distinctive tone
- that an answering loop makes, by asking sympathetic
- telephone company employees, or through information
- contained on internal company computers.
- ^
-
- 62
- to hold private conversations without divulging their
- location or identity by exchanging telephone numbers.
- Finally, voice mail boxes ("VMB") are another
- means of communicating with individual actors. There
- are several commercial voice mail box systems located
- throughout the country. They function similar to a
- telephone answering machine in that callers can call
- in, listen to a recorded message, and then leave a
- message for the box owner. Many of these systems are
- accessible via toll-free telephone numbers. The
- security of some VMB systems is notoriously poor. Many
- phreaks have expertise in "creating" boxes for
- themselves that are unknown (until discovered) by the
- owner of the system. However, these boxes are usually
- short lived since discovery by the system operator, and
- closure of the box, is only a matter of time. But as
- long as the box is functioning, it can serve as a means
- of communicating with others. VMB numbers are
- frequently posted on bulletin boards with invitations
- to "call if you have any good stuff." They are often
- used by pirates to exchange messages about new releases
- of software, and by phreak/hackers to trade account and
- access numbers. Additionally, some of the underground
- newsletters and journals obtain boxes so users can call
- in news of arrests and other gossip.
- ^
-
- 63
- Like bulletin boards, VMBs are systems that allow
- information to be disseminated to a large number of
- associates, and unlike the live telephone conversations
- of bridges and loops, they are available at any time of
- the day. Additionally, VMB's don't require use of a
- computer and modem, only a touch tone phone is needed
- to call the box. Their usefulness is limited somewhat
- because they play only one "outgoing" message at a
- time, and their transitory nature limits their
- reliability.
-
- Summary
- Phreakers, hackers and pirates do not act as
- loners. They have adopted existing methods of
- communication, consistent with their skills in high
- technology, to form a social network that allows for
- the exchange of information, the socialization of new
- members, socializing with others, and in the case of
- pirates, performing the "deviant" act itself via these
- means.
- These communication points create and foster
- groups of loosely associated individuals, with specific
- interests, coming together to exchange information
- and/or software. It is impossible to be a part of the
- social network of the computer underground and be a
- loner. Based upon the Best and Luckenbill measure,
- ^
-
- 64
- actors in the computer underground, by displaying
- mutual association, organize as colleagues.
- The social network of the computer underground
- provides the opportunity for colleagues to form
- cooperative working relationships with others, thus
- moving the CU towards a more sophisticated form of
- social organization. These "hacker groups" are
- addressed in the next section.
- ^
-
- 65
-
-
- Mutual Participation
- In the previous chapter the ways in which the
- structure of the computer underground fosters mutual
- association were discussed. Their social outlets and
- means for informational exchange bring the CU community
- together as deviant colleagues. Their relationships
- fit quite well into the Best and Luckenbill (1982)
- typology of collegial associations:
- The relationship between deviant colleagues
- involves limited contact. Like loners,
- colleagues perform their deviant acts alone.
- But unlike loners colleagues associate with
- one another when they are not engaged in
- deviance . . . In effect, there is a division
- between two settings; onstage where
- individual performs alone; and backstage,
- where colleagues meet (cf Goffman). In their
- backstage meetings, colleagues discuss
- matters of common interest, including
- techniques for performing effectively, common
- problems and how to deal with them, and ways
- of coping with the outside world (1982 p.37).
- However, despite the advantages of collegial
- association, ties between CU participants are weak.
- Loyalty between individuals seems rare, as the CU is
- replete with tales of phreak/hackers who, when
- apprehended, expose identities or "trade secrets" in
- order to avoid prosecution. These weak collegial ties
- may be fostered by the anonymity of CU communication
- methods, and the fact that all CU actors are, to some
- ^
-
- 66
- extent, in competition with each other. There are only
- so many systems with weak security and once such a
- system is found, sharing it with others will virtually
- ensure that the hole will be sealed when the increased
- activity is noticed. Thus while p/hackers will share
- general knowledge with each other, specific information
- is not disseminated publicly.
- As Best and Luckenbill have observed, in order to
- remain in a collegial relationship individuals must be
- able to successfully carry out operations alone (1982
- p.45). In order to sustain a career in p/hacking one
- must pursue and collect information independent of what
- is shared on the communication channels. Despite the
- association with other phreakers and hackers, the
- actual performance of the phreak/hacking act is a
- solitary activity.22
- That is not to say, however, that p/hackers never
- share specific information with others. As discussed
- earlier, p/hack bulletin board systems frequently have
- differentiated levels of access where only highly
- regarded individuals are able to leave and read
- messages. These areas are frequently used to keep
- ____________________
- 22 This does not hold true for pirates. By
- definition they must trade programs with other
- individuals.
- ^
-
- 67
- information from "unskilled" users at the lower levels.
- There are strong social norms that some information
- should not be shared too widely, as it may be either
- "abused" or fall into the hands of enforcement agents.
- For example, when one p/hacker announced that he was
- going to release a tutorial on how to infiltrate a new
- telephone company computer, he received the following
- messages in reply:
- Not smart, DT. %That computer% is a system
- which can be quite powerful if used to its
- potential. I don't think that information on
- programming the switches should be released
- to anyone. Do you realize how destructive
- %that computer% could really be if used by
- someone who is irresponsible and intends on
- destroying things? Don't even think about
- releasing that file. If you do release that
- file, it will disappear and will no longer
- remain in circulation. Believe me. Not many
- have the right to know about %that computer%,
- or any other delicate telco computers for
- that matter. Why do you think the fucking New
- York Times published that big article on
- hackers screwing around with telco machines?
- Not only will you get into a lot of trouble
- by releasing that file on %computer%, you
- will be making telcos more aware of what is
- actually happening, and soon no one will be
- able to learn about their systems. Just think
- twice (EP, message log, 1988).
- Why would you want normal people to have such
- knowledge? Any why would you post about it?
- If you have knowledge that's fine but DON'T
- spread that knowledge among others that may
- abuse it. It's not impressive! I don't know
- why anyone would want to disperse that
- knowledge. Please don't release any "in
- depth" files on such systems of great power.
- Keep that to yourself it will just mess it up
- for others (UU, message log, 1988).
- ^
-
- 68
-
- The desire to share information with selected
- colleagues often leads to the formation of cooperative
- "working groups." These partnerships are easily formed,
- as the structure of mutual association in the CU
- creates a means where "talent" can be judged on the
- basis of past interactions, longevity in the field, and
- mutual interests. When allegiances are formed, the CU
- actors begin "mutual participating" in their acts, thus
- becoming "peers" in terms of social organization.
- Mutual participation, as defined in the Best and
- Luckenbill typology, is exhibited by actors sharing in
- the same deviant act, in the physical presence of one
- another (1982 p.45). However, the measurement was
- "grounded" in studies of traditional deviant
- associations (eg: street gangs, prostitutes, etc.)
- where "real-time" interaction is common. The technology
- used by the CU negates this requirement as actors can
- be located in different parts of the country.
- Additionally, "hacking" on a system, by a group of
- peers, does not require simultaneous participation by
- all members. However Best and Luckenbill's typology is
- an ideal type, and the activities of peers in the
- computer underground do not fall outside of the spirit
- or intention of their concept of mutual participation.
- Their description of deviant peer associations is
- ^
-
- 69
- presented here:
- Deviant peers are distinguished from
- colleagues by their shared participation in
- deviance. While colleagues carry out their
- deviant operations alone, peers commit
- deviant acts in one another's presence.
- Peers cooperate in carrying out deviant
- operations, but they have a minimal division
- of labor, with each individual making roughly
- comparable contribution. Peer relationships
- also tend to be egalitarian and informal;
- some peers may be acknowledged leaders or
- admired for their skill, but there is no set
- division of authority. Like colleagues,
- peers share subcultural knowledge, but peer
- groups typically provide their members with
- more support. In addition to cooperating in
- deviant operations, peers may recruit and
- socialize newcomers and supply one another
- with deviant equipment and social support.
- Thus, the bonds between peers are stronger
- than those linking colleagues (1982, p.45).
- Peer associations in the CU are largely limited to
- small groups23 working on a specified goal. Both
- pirates and p/hackers organize themselves in this
- regard, though their characteristics differ. We begin
- with a discussion of mutual participation among
- pirates.
-
- Pirate Groups
- Pirate groups are composed of less than ten
- ____________________
- 23 In terms of the ideal type for deviant peers
- any two individuals working in cooperation exhibit
- mutual participation. The discussion here addresses
- groups that consist of three or more people that
- identify themselves as a sort of "club." Short-lived
- interaction between two people is not considered a
- "group" in the CU culture.
- ^
-
- 70
- members. Their primary purpose is to obtain the latest
- software, remove any copy-protection from it, and then
- distribute it to the pirate community. Often the
- "warez" that they distribute will be adorned with the
- group name, so subsequent users will be aware of the
- source of the software. Many pirate groups have "home"
- BBS systems that act as key distribution points, and as
- places where outsiders can communicate with members of
- the association. This researcher was unable to obtain
- data about the internal organization of pirate groups,
- but it appears that they are leaderless, with
- individual members working alone but giving credit to
- the group as a whole.
-
- Phreak/hack groups
- The existence of phreak/hacker groups is well
- documented in the data, and has been heavily reported
- in the media. Two hacker groups in particular, The
- 414's (named for the Wisconsin area code in which they
- lived), and The Inner Circle, received a large amount
- of press after being apprehended for various computer
- break-ins. However, the "threat" that such groups
- represent has probably been overstated as the data
- indicate that "hacker gangs" vary greatly in
- organization and dedication to the CU enterprise.
- Many hacker groups are short-lived associations of
- ^
-
- 71
- convenience, much like the "no girls allowed!" clubs
- formed by young boys. They often consist of four to
- nine beginning phreak/hackers who will assist each
- other in obtaining telephone credit-card numbers. By
- pooling their resources, a large number of illicit
- "codez" can be obtained and shared with others.
- Distribution of the account numbers is not limited to
- the group, they are often shared with the community at
- large, "courtesy of Codez Kidz Ltd." Groups of this
- type are looked at with disdain by "elite"
- phreak/hackers and are often criticized as being more
- interested in self-promotion then they are with
- actually phreaking or hacking.
- Some hacker groups are very proficient and
- dedicated to their craft, however. These groups are
- characterized by smaller memberships, less visibility
- to non-members, and commitment to the CU enterprise.
- They are loosely organized, yet some have managed to
- exist six or more years despite members dropping out or
- being arrested. These "elite" groups are selective
- about membership, and cite trust and talent as the two
- leading requirements for joining:
- The group exists mainly for information
- trading. If you trust everyone else in the
- group, it is very profitable to pool
- information on systems . . . also it is nice
- to know someone that you can call if you need
- help on operating system X and to have people
- ^
-
- 72
- feel free to call you if they need help on
- operating system Y (AN, message log, 1988).
- Trust is a very important part of a group. I
- think that's blatantly obvious. You have to
- be able to trust the other members of the
- group with the information you are providing
- in order to be productive, and have a secure
- situation (UU, message log, 1988).
- . . . all groups serve the same purpose: to
- make their members feel better about
- themselves (like, wow, I'm in a group) and to
- trade things, whether it's wares, codes, or
- whatever. But the thing is that being in a
- group is like saying "I trust you, so like,
- what can we do together?" (NN, message log,
- 1988)
- Indeed, hacker groups are formed primarily for the
- purpose of information exchange. To this end, groups
- attempt to recruit members with a wide variety of
- "specializations" in order to have a better support
- network to turn to:
- %Our group% has always been very selective
- about members (took me six years to get in).
- The only reason the group exists is to bring
- together a diverse group of talents. There is
- very little overlap in %the group% these
- days. Everyone has one thing that they are
- the best in the country at, and are
- conversant with just about any other form of
- hacking. As an example, I got into a Primos
- computer this morning around 9 am. Once I got
- in, I know enough about Primos to get around,
- but that's it. So I call %PS% in New York,
- give him the info, and when I get home
- tonight, he has gotten in and decrypted the
- entire username/password file and uploaded it
- to me. But two weeks ago he got into a VAX.
- He got the account to me, I called it up and
- set up three backdoors into the system that
- we can get in if the account is detected or
- deleted. Simple matter of communism. From
- each according to his ability . . . etc. Also
- ^
-
- 73
- it helps that everyone in the group is
- experienced enough that they don't fuck up
- accounts you spend all day getting (TM, field
- notes, 1989).
- Consistent with the Best and Luckenbill ideal
- type, hacker groups do not exhibit a set division of
- authority or labor. Most groups are leaderless, and
- every member is free to pursue their own interests,
- involving other members of the group only when desired:
- We just got our group together. We've got a
- guy that does VMB's and a Sprinter %obtains
- "codez" from U.S. Sprint% and a couple of
- hackers. Everybody's free to pursue whatever
- system they want but if they want or need
- some help they can call on any of the other
- members if they want to. Like if one guy is
- scanning and finds a VAX he might call and
- give me the dialup. Then I might have to
- call our Sprinter to get some codez so I can
- start hacking on it. Once I get through I'll
- give the account to the other members. But
- if I found it myself I wouldn't have to give
- it out but I probably would anyway 'cuz
- keeping it would be bullshit (DC, field
- notes, 1988).
- There isn't a leader really. The guy who
- starts the group sort of acts like a contact
- point but everyone else has everyones' phone
- number and you can call whoever you want to
- anytime. Usually when you're putting a group
- together you just get everyone you want and
- you all decide on a name. (DC, field notes,
- 1988).
-
- Summary
- By virtue of the extensive social network found in
- the CU, some participants form work groups. The
- sophistication of these groups varies, but in all cases
- ^
-
- 74
- it is evident that the groups exist to support what are
- primarily individually performed activities. The
- groups exhibit many of the ideal-type characteristics
- of peer associations, and it is clear that in some
- cases the computer underground is socially organized as
- peers.
-
- ^
-
- 75
-
-
- Conclusion
- Phreakers, hackers, and pirates do not act as
- loners. Loners do not associate with others, and are
- on their own in coping with the practical problems
- presented by their activities (Best and Luckenbill
- 1982, p.28). From the data presented here, it is
- evident that the computer underground has established
- an extensive social network for the exchange of
- resources and mutual support. The characteristics of
- the CU varies according to the goals of the
- participants, but the presence of mutual association is
- consistent. Contact between individuals is limited,
- with the acts of phreaking or hacking being committed
- alone. Computer underground participants do associate
- with one another in order to discuss matters of common
- interest, such as performance techniques, news, and
- problem solving. To facilitate this informational
- exchange, they have established a technologically
- sophisticated network that utilizes computer bulletin
- boards, voice mail boxes, telephone bridges, and
- telephone loops.
- The collegial organization of the computer
- underground is further evidenced by the establishment
- of a CU culture. The subcultural adaptation of
- ^
-
- 76
- language, expectations of normative conduct, and status
- stratification based on mastery of cultural knowledge
- and skill, all indicate that the computer underground
- is, at the very least, a social organization of
- colleagues (see Best and Luckenbill, 1982, p.37).
- The very structure that permits mutual association
- among CU participants also encourages some to form
- working relationships, thus acting as peers by mutually
- participating in CU activities. Peers organized in this
- manner share in their deviance, organizing informally
- with little division of labor or set division of
- authority (Best and Luckenbill, 1982, p.45). These
- peer associations provide support to members, and can
- provide socialization and recruitment functions for
- newcomers. The establishment of work groups, through
- mutual participation, indicates that though the
- computer underground is largely organized as a network
- of colleagues, it is also, to some degree, a social
- organization of peers.
- Best and Luckenbill (1982) describe two additional
- forms of deviant associations that are more
- organizationally sophisticated than peers: "mobs" and
- "formal organizations." The computer underground,
- however, does not display the requisite characteristics
- of these organizational types. The primary
- ^
-
- 77
- characteristic of "mobs" is an elaborate division of
- labor (Best and Luckenbill, 1982, p.25). While some CU
- groups do exhibit a rudimentary division of labor based
- on individual members' specialization, it is not by any
- means "elaborate." Any division of labor that does
- exist is voluntary and arises on the basis of
- specialized knowledge, not a specialized organizational
- role.
- In much the same manner the lack of a designated
- leader or leadership hierarchy prevents CU groups from
- being categorized as "formal organizations" in the Best
- and Luckenbill typology. Deviant organizations at this
- level are quite sophisticated and there is no empirical
- evidence that the computer underground is organized in
- this manner.
- This study of the computer underground has been a
- test of the Best and Luckenbill typology of the social
- organization of deviants. As a test of their
- organizational indicators, the CU has shown that the
- categories are well constructed, with the possible
- exception of limiting "mutual participation" to acts
- carried out in the presence of others. However, if we
- modify this to include non-simultaneous, but
- cooperative, acts as found in phreak/hacker groups, the
- category is otherwise robust. The flexibility of the
- ^
-
- 78
- typology, which explicitly recognizes that not all
- deviant associations will display all of the character-
- istics (Best and Luckenbill, 1982, p.25), is a strength
- that allowed it to be easily used in terms of the
- computer underground.
- By addressing the CU from a social organizational
- viewpoint we have seen that despite the high technology
- trappings of their craft, pirates, phreakers, and
- hackers display organizational characteristics found in
- other groups that have been criminalized. This may
- suggest that the development of sophisticated tools to
- commit "crime" does not necessarily affect the ways in
- which individuals organize their activities.
- The implications of peer and collegial
- organization for the members of the computer
- underground are vast. The level of sophistication has
- a direct relationship to the types of resources on
- which individuals can draw (Best and Luckenbill, 1982,
- p.54). Because CU members are mutually associated,
- they are able to turn to colleagues for advice and
- support with various problems. However, at the
- collegial level they are left to enact the solutions
- independently. Whether or not they are successful in
- doing so will determine if they choose to remain active
- in the computer underground. The data show that
- ^
-
- 79
- involvement in the CU is short in duration, unless
- success in early phreak/hack attempts is obtained. As
- long as the CU remains organized as a collection of
- colleagues, this trend will continue. Additionally, as
- the computer and telephone industries become more
- sophisticated in preventing the unauthorized use of
- their facilities, new phreak/hackers are unlikely to
- succeed in their initial attempts at the act, thus
- dropping away from the activity and never becoming
- acculturated to the point where peer relationships can
- be developed.
- At the peer level, a dimension of sophistication
- that some members of the CU do display, the knowledge
- and resources to solve problems and obtain resources is
- greater. However, even at this level the ties between
- peers remain weak at best. Although their cooperative
- ties allow for more sophisticated operations, and
- somewhat reduce the CU's vulnerability to social
- control agents (Best and Luckenbill, 1982, p.53), it
- still does not completely eliminate the need for
- individual success in order to sustain a CU career. As
- long as the CU remains at the current level of
- organizational sophistication, with weak ties and
- somewhat limited means of support and resource
- attainment, it will continue to be a transitory and
- ^
-
- 80
- limited "criminal" enterprise.
- This realization should be considered by policy
- makers who desire to further criminalize computer
- underground activities. Given the current organization
- of the CU, the future social costs of their actions are
- not likely to expand beyond the current level. There
- is no evidence to support assertions that the CU is
- expanding, and the insight provided here shows that it
- is not likely to do so on a large scale.
- For sociologists, the computer underground is a
- field rich for insight into several areas of concern.
- Future research into the career path of CU members, and
- the relationships between individuals, could prove
- helpful to those interested in applying theories of
- differential association and career deviance.
- Additionally, the computer underground provides a
- unique opportunity to study the process of
- criminalization, and its effect on those who are
- engaged in the behavior.
-
-
-
- ^
-
-
-
- REFERENCES
- Best, Joel and David F. Luckenbill. 1982. Organizing
- Deviance. Englewood Cliff, New Jersey: Prentice-Hall.
- Bequai, August. 1987. Technocrimes. Lexington,
- Mass.:Lexington Books.
- Bickford, Robert. 1988. Personal communication to
- Gordon Meyer.
- Chicago Tribune. 1989. "Computer hacker, 18, gets
- prison for fraud." Feb. 15:2,1.
- Field Notes. Interviews with phreakers, hackers, and
- pirates. Conducted from 7/88 to 4/89 (confidential
- material in authors files).
- Hollinger, Richard C. and Lonn Lanza-Kaduce. 1988. "The
- Process of Criminalization: The Case of Computer Crime
- Laws." Criminology 26:101-126.
- Levy, Steven. 1984. Hackers: Heroes of the Computer
- Revolution. New York: Dell Publishing.
- Message Logs from a variety of computer underground
- bulletin board systems, (confidential material), 1988-
- 1989.
- NBC-TV. 1988. Hour Magazine. November 23, 1988.
- Parker, Donn B. 1983. Fighting Computer Crime. New
- York: Charles Scribner's Sons.
- Rosenbaum, Ron. 1971. "Secrets of the Little Blue Box."
- Esquire October, pp. 116-125.
- Small, David. 1988. Personal communication to Gordon
- Meyer.
- WGN-Radio. 1988. Ed Schwartz Show. September 27, 1988.
-
- ^
-
- 82
-
-
-
- APPENDIX A
- COMPUTER UNDERGROUND PSEUDONYMS
- _________________________________________________________
- |Literature, films,|Computers & |Nouns, titles & |
- |and Entertainment |related technology |Descriptive names|
- ---------------------------------------------------------
- | Pink Floyd | Mrs. Teletype | The Professor |
- | Hatchet Molly | Baudy Bastard | Perfect Asshole |
- | Jedi Knight | Doctor Phreak | The Messiah |
- | King Richard | Lord FAX | Right Wing Fool |
- | Captain Hoga | CNA Office | Bed Bug |
- | Al Crowley | Sir Mac | Sleepy Head |
- | Doc Holiday | Busy Signal | Mean Underwear |
- | Mr. Big Dog | Silicon Student | Cockroach |
- | Robin Williams | Fiber Cables | Primo Bomber |
- | Big Bird | Phone Crasher | The Prisoner |
- | Cross-eyed Mary | Doc Cryptic | Night Lighting |
- | Capt. America | Apple Maniac | No Regrets |
- | Uncle Sam | Fuzzy Sector | Grounded Zero |
- | Thumpr | Cntrl. Alt. Del. | Spit Wad |
- | Little John | Byte Ripper | Shadow Dove |
- ----------------------------------------------------------
-
- ^
-
- 83
-
-
- APPENDIX B
- NEW USER QUESTIONNAIRE FROM A PHREAK/HACK BBS
-
- Welcome to Analog Electronics Datum System.
- Please take this time to fill out a one-time
- questionnaire that will allow us to determine your
- level of access on Analog Electronics Datum System.
- If any question is too difficult for you to
- answer, just answer with your best guess or a simple "I
- don't know."
- We basically have two different divisions or types
- of users on this system:
- (1) Apple (%%,Mac), and IBM software traders
- (2) Telecommunication hobbyists - any/all
- computers (networks, mainframes,
- engineering)
- Your answers will help us decide which category
- you belong to and what access you should get on our
- system.
- * What type of computer & modem are you using to call
- this system?
- * Where did you get the phone number to Analog
- Electronics Datum System?
- * We'll need your first name and real phone # where you
- can be reached for validation purposes only, this
- information is kept in a password encoded file, on
- another computer (critical for higher validation):
- First for the FILE TRANSFER AREA ACCESS questions:
- (1) How many bits are in a nibble? (Assume 6502 micro
- processor)
- (2) Define WORM, RAM, ROM, VDT, CRT, BPS? (Pick any 3)
- (3) What does 2400 baud mean in terms of bit transfer
- speed?
- ^
-
- 84
- (4) What is PT,MT,AE,BIN2,Ymodem Batch,BLU? (Pick any
- 4)
- (5) How many Megahertz does a standard Apple %%+ run
- at? (rounding OK)
-
- Now for the TeleCommunication Questions:
- (1) Describe the Voice Transmission Use of a Loop:
- (2) If I gave you my phone #, how would you find my
- name and address?!
- (3) Can you name any networking software operating
- systems or protocols?
- (4) What is the highest frequency a twisted two wire
- pair can transmit at?
- (5) We believe Phones and Computers Belong Together,
- what do you BELIEVE?
-
- Ok, thanks for that info.
-
- A MESSAGE FROM AL CAPONE (LOCAL) AND THE TRADER (LD)
- SYSTEM VALIDATORS
- -----------------------------------------------------
-
- Welcome to ALDS! As a new user you have made
- a change for the better in choosing this system as
- one of your places of telecommunication exchange. In
- my opinion, this is one, if not the best, system
- in telecommunications today as most of the good boards
- such as Shadowspawn, Metal Shop Private, etc. do not
- exist anymore. Quality users exist on this system that
- have established a reputation for themselves so
- questions you ask will be answered thoroughly and
- precisely. We are a sponsor board of the LOD/H
- Technical Journal, and accounts have been
- established representing Phrack, Inc. and 2600
- Magazine. (For our software trading people, we also
- have an excellent file transfer area . . . consistent
- with the rest of the nation . . . )
- Due to the high quality of our system, we will
- ^
-
- 85
- need some additional information about you.
- Maintenance of a high quality system requires high
- quality users, so the first step in this process is
- keeping the low quality users off of the system . . .
- so please cooperate with us . . . this is for your
- benefit as well as ours. The information you give us
- will be cross referenced with other systems for
- accuracy, and if you leave false information, you may
- suffer low access or deletion.
- All phone number information is stored outside of
- the housing of this system inside of an encrypted,
- password locked file for your security. So if you have
- left an invalid phone #, please leave one where you can
- be reached, or someone's name and number (if possible)
- that will vouch for you. Keep in mind this validation
- can take up to 1 week to complete due to the high
- volume of new callers to our system.
- Note: Limited system access will be granted within 24
- Hrs if all of your info seems correct.
-
- Thanks in advance . . . Bugsy Malone
- The Swapper
- SYSOP/SYSTEM VALIDATORS
-
- % Bugsy Malone needs the following info: %
- (1) Your references (sysops, other users on this
- system, other BBS).
- (2) Your interests in having access to our system.
- (3) How do you feel you can contribute to our system?
- (4) How many years of telecommunication experience do
- you have?
- (5) Do you have any special talents in programming, or
- operating systems?
- If yes, then name the language(s) or operating
- system(s).
-
- Enter message now, answering these questions:
-
- %after entering the message the BBS hangs up and the
- caller will call back in 24 hours to see if access has
- been granted.%
- ^
-
- !