Article on Hackers

*this article is not for republication until January 1, 1999*
*a special edition of Islands in the Clickstream*

Don Quixote Goes Digital appeared last month with editorial modifications
under a different title in Salon Magazine (www.salonmagazine.com). By
agreement with the publisher, it is not to be published by other venues
until sixty days after the publication date.

Much of the email generated by the publication of the article turned on
the real meaning of the word "hacker." In the Denver Post and the
edited/published article, Blosser was called a hacker. Yet many hackers do
not consider what he did as a hack. The edges are blurred further by the
common use of the word "hacker" to mean what real hackers call "crackers,"
or criminals who use hacking skills in ways that are not congruent with
the broader intentions of real hacking - exploration, the pursuit of
knowledge, building the Big Picture, solving the puzzle, serendipitous
discovery, impish playfulness, and the sheer exhilaration of exercising
power with intelligence, grace and some finesse.

And the murkiness is murked up even more by the fractal-like replication
of hacking generations every decade or so. Each hacking generation is true
to the values of real hacking, but the forms of their exploration are
determined by the structures of our technologies. The near-thirty
generation quoted in the article is not the first generation of hackers to
move into positions of power and authority but they are the first to have
"grown up digital." So the essential question is, as technology changes
and redefines the "space" in which we hack, what forms will real hacking
take?

But that question is for another time. Here is the article with some of
the ambiguity of the original restored.


Don Quixote Goes Digital

Processing power is dirt cheap and Feds are crawling all over the Net. So
why did Aaron Blosser use the network at US West to solve a 17th century
math problem?

By Richard Thieme


"Why?" repeats Aaron Blosser. "Why not?"

The question hangs in the air like the grin of the Cheshire cat, a koan
posed by a 28-year-old programmer sitting in his apartment in Denver,
Colorado. Aaron Blosser has a lot more room to stretch out in his place
these days, now that the FBI took away his Pentium II (Blosser called it
Big Boy), his 486 (Little Boy), and a pile of his CDs. It's all gone,
perhaps forever. And so is his job as a computer consultant.

Blosser lost big because he went on a careless quest for a mathematical
grail - the next Mersenne prime. Ever since Marin Mersenne identified a
unique class of prime numbers in the 17th century, digit-searchers have
been on the prowl for the next Big One. Their search reached the Internet
a few years ago, with the release of Mersenne-hunting software that anyone
can download. Blosser, a systems consultant working for US West, installed
it on the company's customer service network in September. He should have
known how to configure the software to run in the background, but instead
he misconfigured the machines so that they checked for network activity
every two seconds instead of every twenty minutes - flooding the system
with packets in the process.

"We noticed a degradation of service at once," says a spokesman for US
West. "We respect the pursuit of knowledge, but our workers tend to get
irate if the network is not available for work." Thus, while the
investigation of the case continues, US West is urging the FBI to
prosecute Blosser as quickly as possible.

The Denver Post called him a hacker, but that handle is part of the
problem. What Aaron did IS what hackers did do, once upon a time. But it's
not what many older hackers do now. For them, the Golden Age of Hacking,
which began in the sixties when mainframes at MIT became the Big Toy of a
new generation, is over.

Like most hackers, Blosser wasn't trying to be BAD. He was trying to
advance knowledge, solve a puzzle, find out how things work. From Leonardo
da Vinci to Dark Tangent, White Hat hackers are driven by a passion for
knowledge, not a desire to foul things up. When Blosser loaded the
Mersenne program onto the network at U S West, he wasn't trying to bring
down the network. And he certainly wasn't trying to hide. (His name and
email address were all over the software.) But his so-called "hack" was
unnecessary. Kids did this kind of thing when games were cracked using
Apple IIs, then sent to friends via slow, acoustic-coupled modems at 300
bauds. Laws against unauthorized computer intrusion were all but
nonexistent then. The challenges of playing the game and cracking the game
were identical. Today, hackers play the game of life with real money on
the table and the credible threat of prison sentences hanging over their
heads.

Taking over a Baby Bell's network in the pursuit of pure Knowledge may
sound romantic, but more experienced hackers say it no longer makes much
practical sense.

"The media tends to portray all security breaches as 'hacks,' but hacking
is not just about security," says security professional Yobie Benjamin.
"It's about the whole domain of computer science - moving from node to
node to see how things look. It's about harnessing the power of
distributed computing." Benjamin laughs. "Blosser needs what Weld Pond
calls a midnight basketball league to keep him off the streets."

That is indeed what Weld Pond and the rest of the gang at Boston's L0pht
Heavy Industries call their enterprise - a midnight basketball game for
hackers. Still animated by a passion for Solving the Puzzle and Seeing the
Big Picture, the L0pht crew carries those hacker ideals forward by
uncovering security holes in Windows NT or Novell products - without
actually trespassing on anyone's system.

That's easier than ever to do these days, thanks to the open-door network
of Windows, UNIX and Sun machines available at upt.org - the computer
playpen descended from the BBS where some of hacking's best and the
brightest honed their skills before graduating into corporate and
intelligence ranks. "A lot of the old reasons to break in just aren't
there any more," says security consultant Tom Jackiewicz, who helped
administer the upt.org BBS. "Nobody can say they can't afford a UNIX box
when all you have to do is throw some free LINUX onto a PC. You want to
hack a Sun system? Break into ours - if you can."

Jackiewicz said it's more fun to secure a network against hackers than
hack. Much more complex. You have to explore every single interaction
among all the components, check out "all the weird shit that can happen.

"A guy called the other day to say he'd gotten root in our system," Tom
laughed.  "In fact, he was trapped in one of the five subsystems we
created to look like the system." That's where hacking is at now, working
at that level of detail, that level of complexity.

Likewise, if it was empty processor cycles that Blosser wanted, he didn't
need to siphon off US West's resources. When the number-crunchers at
Distributed.net decided to show that the US government's security claims
about 56-bit DES cryptography were a sham, they simply created a software
client that anyone could download. After 4000 teams contributed computing
power to break the code, DES fell in 212 days. The next challenge, DES
II-1, cracked in 40. As David McNett of distributed.net puts it, "I
question Blosser's judgement, not his motives."

Hacking's "white hat" ideal lives on, but suitable targets for Robin
Hood-style adventures have become increasingly hard to find. In 1997, a
hacker and phreaker named Se7en went on a rampage against
cyber-pedophiles, targeting their hangouts for network subversion. Nobody
knows for sure how many web sites or IRC lairs Se7en and his cohorts took
down, but nobody lifted a finger to curtail their vigilante attacks. And
when Peter Shipley at dis.org uncovered gaping flaws in the Oakland,
California fire department dispatch system during a massive war-dialing
project, authorities overlooked his campaign - in no small part because
Shipley volunteered to fix the holes instead of bringing chaos to the
streets of Oakland.

With all that in mind, Blosser's network-clogging "hack" was a throwback
to the early 1990s, a ghost of hacking past, a Don Quixote apparition of a
bygone age when the anarchist rhetoric of John Perry Barlow actually
seemed to make sense. Cyberspace felt free then, even if it existed by
permission of the military-industrial-educational complex that spawned it.
Quixote became crazed after immersing himself in books. That was the
paradigm-breaking technology then, 150 years after the invention of the
printing press. Blosser's "hack" illuminates the splendid mythologies of a
Golden Age of Hacking that have spread in the digital era on the Net.

Today, the laws have tightened, surveillance technologies are ubiquitous,
big money is at stake, and the borderless economy is learning to regulate
itself. Yet when asked why he loaded that software onto the network at US
West, a kid who is nearly 30 laughs and says, "Why not?"

Why not? Because it no longer pays to sustain the illusion. The hackers
who played in that club house are all going downtown, making good money
while trying to keep their values intact.

Perspective, as Alan Kay said, is worth fifty points of IQ. Maybe we all
looked just plain dumb as we lowered the lance and charged the turning
blades of the wired world. Blosser's naive quest for the prime may be
charming, but experienced hackers understand why it no longer pays to have
that kind of innocence.




**********************************************************************
            
Islands in the Clickstream is a weekly column written by
Richard Thieme exploring social and cultural dimensions 
of computer technology. Comments are welcome.

Feel free to pass along columns for personal use, retaining this
signature file. If interested in (1) publishing columns
online or in print, (2) giving a free subscription as a gift, or 
(3) distributing Islands to employees or over a network, 
email for details.  

To subscribe to Islands in the Clickstream, send email to
rthieme@thiemeworks.com with the words "subscribe islands" in the
body of the message. To unsubscribe, email with "unsubscribe
islands" in the body of the message.

Richard Thieme is a professional speaker, consultant, and writer
focused on the impact of computer technology on individuals and
organizations.

Islands in the Clickstream (c) Richard Thieme, 1998. All rights
reserved.

ThiemeWorks on the Web:         http://www.thiemeworks.com

ThiemeWorks  P. O. Box 17737  Milwaukee WI 53217-0737  414.351.2321
*********************************************************************