The Computer Underground NORTHERN ILLINOIS UNIVERSITY THE SOCIAL ORGANIZATION OF THE COMPUTER UNDERGROUND A THESIS SUBMITTED TO THE GRADUATE SCHOOL IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE MASTER OF ARTS DEPARTMENT OF SOCIOLOGY BY GORDON R. MEYER %CompuServe: 72307,1502% %GEnie: GRMEYER% DEKALB, ILLINOIS AUGUST 1989 ABSTRACT Mame: Gordon R. Meyer Department: Sociology Title: The Social Organization of the Computer Underground Major: Criminology Degree: M.A. Aproved by: Date: Tesis Director NORTHERN ILLINOIS UNIVERSITY ABSTRACT This paper examines the social organization of the “computer underground” (CU). The CU is composed of actors in three roles, “computer hackers,” “phone phreaks,” and “software pirates.” These roles have frequently been ignored or confused in media and other accounts of CU activity. By utilizing a data set culled from CU channels of communication this paper provides an ethnographic account of computer underground organization.
It is concluded that despite the widespread social network of the computer underground, it is organized primarily on the level of colleagues, with only small groups approaching peer relationships. Certification: In accordance with departmental and Graduate School policies, this thesis is accepted in partial fulfillment of degree requirements. Thesis Director Date ACKNOWLEDGMENTS FOR CRITIQUE, ADVICE, AND COMMENTS: DR. JAMES L. MASSEY DR.
JIM THOMAS DR. DAVID F. LUCKENBILL FOR SUPPORT AND ENCOURAGEMENT: GALE GREINKE SPECIAL THANKS TO: D.C., T.M., T.K., K.L., D.P., M.H., AND G.Z. THIS WORK IS DEDICATED TO: GEORGE HAYDUKE AND BARRY FREED Introduction The proliferation of home computers has been accompanied by a corresponding social problem involving the activities of so-called “computer hackers.” “Hackers” are computer aficionados who “break in” to corporate and government computer systems using their home computer and a telephone modem. The prevalence of the problem has been dramatized by the media and enforcement agents, and evidenced by the rise of specialized private security firms to confront the “hackers.” But despite this flurry of attention, little research has examined the social world of the “computer hacker.” Our current knowledge in this regard derives from hackers who have been caught, from enforcement agents, and from computer security specialists.
The everyday world and activities of the “computer hacker” remain largely unknown. This study examines the way actors in the “computer underground” (CU) organize to perform their acts. The computer underground, as it is called by those who participate in it, is composed of actors adhering to one of three roles: “hackers,” “phreakers,” or “pirates.” To further understanding this growing “social problem,” this project will isolate and clarify these roles, and examine how each contributes to the culture as a whole. By doing so the sociological question of how the “underground” is organized will be answered, rather than the technical question of how CU participants perform their acts. Best and Luckenbill (1982) describe three basic approaches to the study of “deviant” groups.
The first approach is from a social psychological level, where analysis focuses on the needs, motives, and individual characteristics of the actors involved. Secondly, deviant groups can be studied at a socio-structural level. Here the emphasis is on the distribution and consequences of deviance within the society as a whole. The third approach, the one adopted by this work, forms a middle ground between the former two by addressing the social organization of deviant groups. Focusing upon neither the individual nor societal structures entirely, social organization refers to the network of social relations between individuals involved in a common activity (pp. 13-14). Assessing the degree and manner in which the underground is organized provides the opportunity to also examine the culture, roles, and channels of communication used by the computer underground.
The focus here is on the day to day experience of persons whose activities have been criminalized over the past several years. Hackers, and the “danger” that they present in our computer dependent society, have often received attention from the legal community and the media. Since 1980, every state and the federal government has criminalized “theft by browsing” of computerized information (Hollinger and Lanza-Kaduce, 1988, pp.101- 102). In the media, hackers have been portrayed as maladjusted losers, forming “high-tech street gangs” (Chicago Tribune, 1989) that are dangerous to society. My research will show that the computer underground consists of a more sophisticated level of social organization than has been generally recognized.
The very fact that CU participants are to some extent “networked” has implications for social control policies that may have been Implemented based on an in- complete understanding of the activity. This project not only offers sociological insight into the organ- ization of deviant associations, but may be helpful to policy makers as well. I begin with a discussion of the definitional problems that inhibit the sociological analysis of the computer underground. The emergence of the computer underground is a recent phenomenon, and the lack of empirical research on the topic has created an area where few “standard” definitions and categories exist. This work will show that terms such as “hacker,” “phreaker,” and “pirate” have different meanings for those who have written about the computer underground and those who participate in it. This work bridges these inconsistencies by providing definitions that focus on the intentions and goals of the participants, rather than the legality or morality of their actions.
Following the definition of CU activities is a discussion of the structure of the underground. Utilizing a typology for understanding the social organization of deviant associations, developed by Best and Luckenbill (1982), the organization of the computer underground is examined in depth. The analysis begins by examining the structure of mutual association. This provides insight into how CU activity is organized, the ways in which information is obtained and disseminated, and explores the subcultural facets of the computer underground. More importantly, it clearly illustrates that the computer underground is primarily a social network of individuals that perform their acts separately, yet support each other by sharing information and other resources. After describing mutual association within the underground community, evidence of mutual participation is presented.
Although the CU is a social network, the ties developed at the social level encourage the formation of small “work groups.” At this level, some members of the CU work in cooperation to perform their acts. The organization and purposes of these groups are examined, as well as their relationship to the CU as a whole. However, because only limited numbers of individuals join these short-lived associations, it is concluded that the CU is organized as colleagues. Those who do join “work groups” display the characteristics of peers, but most CU activity takes place at a fairly low level of sophistication. Methodology Adopting an ethnographic approach, data have been gathered by participating in, monitoring, and cata- loging channels of communication used by active members of the computer underground.
These channels, which will be examined in detail later, include electronic bulletin board systems (BBS), voice mail boxes, bridges, loops, e-mail, and telephone conversations. These sources provide a window through which to observe interactions, language, and cultural meanings without intruding upon the situation or violating the privacy of the participants. Because these communication centers are the “back stage” area of the computer underground, they provided insight into organizational (and other) issues that CU participants face, and the methods they use to resolve them. As with any ethnographic research, steps have been taken to protect the identity of informants. The culture of the computer underground aids the researcher in this task since phreakers, hackers, and pirates regularly adopt pseudonyms to mask their identity.
However to further ensure confidentiality, all of the pseudonyms cited in this research have been changed by the author. Additionally, any information that is potentially incriminating has been removed or altered. The data set used for this study consists primarily of messages, or “logs,” which are the primary form of communication between users. These logs were “captured” (recorded using the computer to save the messages) from several hundred computer bulletin boards1 located across the United States. The bulk of the data were gathered over a seventeen month period (12/87 to 4/89) and will reflect the characteristics of the computer underground during that time span. However, some data, provided to the researcher by cooperative subjects, dates as far back as 1984.
The logged data were supplemented by referring to several CU “publications.” The members of the computer underground produce and distribute several technical and tutorial newsletters and “journals.” Since these “publications” are not widely available outside of CU circles I have given a brief description of each below. Legion of Doom/Hackers Technical Journal. This 1 Computer Bulletin Boards (BBS) are personal computers that have been equipped with a telephone modem and special software. Users can connect with a BBS by dialing, with their own computer and modem, the phone number to which the BBS is connected. After “logging in” by supplying a valid user name and pass- word, the user can leave messages to other users of the system.
These messages are not private and anyone calling the BBS can freely read and respond to them. publication is written and distributed by a group known as “The Legion of Doom/Legion of Hackers” (LoD/H). It is available in electronic format (a computer text file) and contains highly technical information on computer operating systems. As of this writing, three issues have been published. PHRACK Inc.: Phrack Inc is a newsletter that contains various articles, written by different authors, and “published” under one banner.
Phrack Inc’s first issue was released in 1985, making it the oldest of the electronically distributed underground publications. CU participants are invited to submit articles to the editors, who release a new issue when a sufficient number (about nine) of acceptable pieces have been gathered. Phrack also features a lengthy “World News” with stories about hackers who have been apprehended and interviews with various members of the underground. As of this writing twenty-seven issues of Phrack, have been published. Phreakers/Hackers Underground Network (P/Hun): Like Phrack, P/Hun collects articles from various authors and releases them as one issue.
Three issues have been published to date. Activist Times, Incorporated (ATI): Unlike the other electronically distributed publications, ATI does not limit itself to strictly computer/telephone news. Articles normally include commentary on world and government events, and other “general interest” topics. ATI issues are generally small and consist of articles written by a core group of four to seven people. Unlike the publications discussed thus far, ATI is available in printed “hard copy” form by sending postage reimbursement to the editor.
ATI is currently on their 38th issue. 2600 Magazine: Published in a traditional (printed) magazine format, 2600 (named for the frequency tone used to make free long distance phone calls) is arguably an “underground” publication as it is available on some newsstands and at some libraries. Begun in 1987 as a monthly magazine, it is now published quarterly. Subscription rates are $25.00 a year with a complete back-issue selection available. The magazine specializes in publishing technical information on telephone switching systems, satellite descrambling codes, and news about the computer underground. TAP/YIPL: First established in 1972 as YIPL (Youth International Party Line), this publication soon changed its name to TAP (Technical Assistance Party).
Co-founded by Abbie Hoffman, it is generally recognized as the grandfather of computer underground publications. Publication of the 2-4 page newsletter has been very sporadic over the years, and currently two different versions of TAP, each published in different areas of the country, are in circulation. Utilizing a data set that consists of current message logs, old messages logs, and various CU publications yields a reasonably rich collection from which to draw the analysis. Examination of the older logs and publications shows that while the actors have changed over the years, cultural norms and characteristics have remained consistent over time. What is the Computer Underground? Defining the “computer underground” can be difficult. The sociologist soon finds that there are several competing definitions of computer underground activity. Those who have written on the subject, the media, criminologists, computer programmers, social control agents, and CU participants themselves, have adopted definitions consistent with their own social positions and perspectives. Not surprisingly, these definitions rarely correspond. Therefore, before discussing the organization of the computer underground, it is necessary to discuss and compare the various definitions.
This will illustrate the range of beliefs about CU activity, and provide a springboard for the discussion of types of roles and activities found in the underground. We begin with a discussion of the media image of computer hackers. The media’s concept of “hackers” is important because the criminalization of the activity has largely occurred as the result of media drama-tization of the “problem” (Hollinger and Lanza-Kaduce, 1988). In fact, it was a collection of newspaper and film clips that was presented to the United States Congress during legislative debates as evidence of the computer hacking problem (Hollinger and Lanza-Kaduce, 1988, p.107). Unfortunately, the media assessment of the computer underground displays a naive understanding of CU activity. The media generally makes little distinction between different types of CU activity.
Most any computer-related crime activity can be attributed to “hackers.” Everything from embezzlement to computer viruses have, at one time or another, been attributed to them. Additionally, hackers are often described as being sociopathic or malicious, creating a media image of the computer underground that may exaggerate their propensity for doing damage. The labeling of hackers as being “evil” is well illustrated by two recent media examples. The first is from Eddie Schwartz, a WGN-Radio talk show host. Here Schwartz is addressing “Anna,” a self-identified hacker that has phoned into the show: You know what Anna, you know what disturbs me? You don’t sound like a stupid person but you represent a .
. . a . . .
a . . . lack of morality that disturbs me greatly. You really do.
I think you represent a certain way of thinking that is morally bankrupt. And I’m not trying to offend you, but I . . . I’m offended by you! (WGN Radio, 1988) Just two months later, NBC-TV’s “Hour Magazine” featured a segment on “computer crime.” In this example, Jay Bloombecker, director of the National Center for Computer Crime Data, discusses the “hacker problem” with the host of the show, Gary Collins.
Collins: . . . are they %hackers% malicious in intent, or are they simply out to prove, ah, a certain machismo amongst their peers? Bloombecker: I think so. I’ve talked about “modem macho” as one explanation for what’s being done. And a lot of the cases seem to involve %proving% %sic% that he .
. . can do something really spiffy with computers. But, some of the cases are so evil, like causing so many computers to break, they can’t look at that as just trying to prove that you’re better than other people. GC: So that’s just some of it, some kind of “bet” against the computer industry, or against the company.
JB: No, I think it’s more than just rottenness. And like someone who uses graffiti doesn’t care too much whose building it is, they just want to be destructive. GC: You’re talking about a sociopath in control of a computer! JB: Ah, lots of computers, because there’s thousands, or tens of thousands %of hackers% (NBC-TV, 1988). The media image of computer hackers, and thus all Members of the computer underground, is burdened with value-laden assumptions about their psychological makeup, and focuses almost entirely upon the morality of their actions. Additionally, since media stories are taken from the accounts of police blotters, security personnel, and hackers who have been caught, each of whom have different perspectives and definitions of their own, the media definition, if not inherently biased, is at best inconsistent.
Criminologists, by way of contrast, have done little to define the computer underground from a sociological perspective. Those criminological definitions that do exist are less judgmental than the media image, but no more precise. Labels of “electronic trespassers” (Parker, 1983), and “electronic vandals” (Bequai, 1987) have both been applied to hackers. Both terms, while acknowledging that “hacking” is deviant, shy away from labeling it as “criminal” or sociopathic behavior. Yet despite this seemingly non-judgmental approach to the computer underground, both Parker and Bequai have testified before Congress, on behalf of the computer security in- dustry, on the “danger” of computer hackers.
Unfortunately, their “expert” testimony was largely based on information culled from newspaper stories, the objectiveness of which has been seriously questioned (Hollinger and Lanza-Kaduce 1988 p.105). Computer security specialists, on the other hand, are often quick to identify CU participants as part of the criminal element. Correspondingly, some reject the notion that there are different roles and motivations among computer underground participants and thereby refuse to define just what it is that a “hacker” or “phreaker” does. John Maxfield, a “hacker expert,” suggests that differentiating between “hackers” and “phone phreaks” is a moot point, preferring instead that they all just be called “criminals” (WGN-Radio. Sept 28, 1988).
The reluctance or inability to differentiate between roles and activities in the computer underground, as exhibited in the media and computer security firms, creates an ambiguous definition of “hacker” that possesses two extremes: the modern-day bank robber at one end, the trespassing teenager at the other. Thus, most any criminal or mischievous act that involves computers can be attributed to “hackers,”2 regardless of the nature of the crime. Further compounding the inconsistent use of “hacker” is the evolution of meaning that the word has undergone. “Hacker” was first applied to computer related activities when it was used by programmers in the late 1950’s. At that time it referred to the pioneering researchers, such as those at M.I.T., who 2 During the WGN-Radio show on computer crime one caller, who was experiencing a malfunctioning phone that would “chirp” occasionally while hung up, believed that “computer hackers” were responsible for the problem. The panel assured her that it was unrelated to CU activity.
were constantly adjusting and experimenting with the new technology (Levy, 1984. p.7). A “hacker” in this context refers to an unorthodox, yet talented, professional programmer. This use of the term still exits today, though it is largely limited to professional computing circles. Another definition of “hacker” refers to one who obtains unauthorized, if not illegal, access to computer systems and networks.
This definition was popularized by the movie War Games and, generally speaking, is the one used by the media.3 It is also the definition favored by the computer underground. Both the members of the computer underground and computer programmers claim ownership of “hacker,” and each defend the “proper” use of term. The computer professionals maintain that using “hackers” (or “hacking”) to refer to any illegal or illicit activity is a corruption of the “true” meaning of the word. Bob Bickford, a professional programmer who has organized several programmer conferences, explains: 3 This is not always true of course. The AP Stylebook has yet to specify how “hacker” should be used.
A recent Associated Press story featured a computer professional explaining that a “real hacker” would never do anything illegal. Yet just a few weeks later Associated Press distributed stories proclaiming that West German “hackers” had broken into US Defense Department computer systems. At the most recent conference %called “Hackers 4.0″% we had 200 of the most brilliant computer professionals in the world together for one weekend; this crowd included several PhD’s, several presidents of companies (including large companies, such as Pixar), and various artists, writers, engineers, and programmers. These people all consider themselves Hackers: all derive great joy from their work, from finding ways around problems and limits, from creating rather than destroying. It would be a great disservice to these people, and the thousands of professionals like them, to let some pathetic teenaged criminals destroy the one word which captures their style of interaction with the universe: Hackers (Bickford, 1988).
Participants in the computer underground also object to the “misuse” of the term. Their objection centers around the indiscriminate use of the word to refer to computer related crime in general and not, specifically, the activities of the computer underground: Whenever the slightest little thing happens involving computer security, or the breach thereof, the media goes fucking bat shit and points all their fingers at us ‘nasty hackers.’ They’re so damned ignorant it’s sick (EN, message log, 1988). . . .
whenever the media happens upon anything that involves malicious computer use it’s the “HACKERS.” The word is a catch phrase it makes mom drop the dishes and watch the TV. They use the word because not only they don’t really know the meaning but they have lack of a word to describe the perpetrator. That’s why hacker has such a bad name, its always associated with evil things and such (PA, message log, 1988). I never seen a phreaker called a phreaker when caught and he’s printed in the newspaper. You always see them “Hacker caught in telephone fraud.” “Hacker defrauds old man with phone calling card.” What someone should do is tell the fucken (sic) media to get it straight (TP2, message log, 1988). Obviously the CU and computer professional definitions of “hacker” refer to different social groups.
As Best and Luckenbill (1982, p. 39) observe: “Every social group modifies the basic language to fit its own circumstance, creating new words or using ordinary words in special ways.” Which definition, if either, will come into widespread use remains to be seen. However, since computer break-ins are likely to receive more media attention than clever feats of programming, the CU definition is likely to dominate simply by being used more often.4 But as long as the two definitions do exist there will be confusion unless writers and researchers adequately specify the group under discussion. For this reason, I suggest that sociologists, and criminologists in particular, adopt the “underground” definition for consistency and 4 Another factor may be the adoption of a close proximity to the underground definition being included in the 1986 edition of Webster’s New World dictionary: hack.er n. 1.
a person who hacks 2. an unskilled golfer, tennis player, etc. 3. a talented amateur user of computers, specif. one who attempts to gain unauthorized access to files.
accuracy when speaking of the actions of CU participants. While it is recognized that computer hacking is a relatively new phenomenon, the indiscriminant use of the term to refer to many different forms of unorthodox computer use has been counterproductive to understanding the extent of the activity. To avoid this a “computer hacker” should be defined as an individual, associated with the computer underground, who specializes in obtaining unauthorized access to computer systems. A “phone phreak” in an individual, associated with the computer underground, who specializes in obtaining unauthorized information about the phone system. A “software pirate” is an individual, associated with the computer underground, who distributes or collects copyrighted computer software.
These definitions have been derived from the data, instead of relying upon those who defend the “integrity” of the original meanings, or those who are unfamiliar with the culture. Topography of the Computer Underground Having defined the three main roles in the computer underground, it is necessary to examine each activity separately in order to provide a general typology of the computer underground. In doing so, the ways in which each contributes to the culture as a whole will be illustrated, and the divisions between them that affect the overall organization will be developed. Analysis of these roles and divisions is crucial to understanding identity, access, and mobility within the culture. Hacking In the vernacular of the computer underground, “hacking” refers to gaining access and exploring computer systems and networks. “Hacking” encompasses both the act and the methods used to obtain valid user accounts on computer systems.
“Hacking” also refers to the activity that occurs once access to another computer has been obtained. Since the system is being used without authorization, the hacker does not, generally speaking, have access to the usual operating manuals and other resources that are available to legitimate users. Therefore, the hacker must experiment with commands and explore various files in order to understand and effectively use the system. The goal here is to explore and experiment with the system that has been entered. By examining files and, perhaps, by a little clever programming, the hacker may be able to obtain protected information or more powerful access privileges.5 Phreaking Another role in the computer underground is that of the “phone phreak.” Phone phreaking, usually called just “phreaking,” was widely publicized when the exploits of John “Cap’n Crunch” Draper, the “father of phreaking,” were publicized in a 1971 Esquire magazine article.
The term “phreaking” encompasses several different means of circumventing the billing mechanisms of telephone companies. By using these methods, long- 5 Contrary to the image sometimes perpetuated by computer security consultants, the data indicate that hackers refrain from deliberately destroying data or otherwise damaging the system. Doing so would conflict with their instrumental goal of blending in with the average user so as not to attract undue attention to their presence and cause the account to be deleted. After spending what may be a substantial amount of time obtaining a high access account, the hacker places a high priority on not being discovered using it. distance phone calls can be placed without cost. In many cases the methods also prevent, or at least inhibit, the possibility of calls being traced to their source thereby helping the phreaker to avoid being caught. Early phreaking methods involved electro-mechanical devices that generated key tones, or altered line voltages in certain ways as to trick the mechanical switches of the phone company into connecting calls without charging.
However the advent of computerized telephone-switching systems largely made these devices obsolete. In order to continue their practice the phreaks have had to learn hacking skills:6 Phreaking and hacking have just recently merged, because now, the telephone companies are using computers to operate their network. So, in order to learn more about these computers in relation to the network, phreaks have learned hacking skills, and can now program, and get around inside the machines (AF, message log, 1988). For most members of the computer underground, phreaking is simply a tool that allows them to call long distance without amassing enormous phone bills. 6 Because the two activities are so closely related, with phreakers learning hacking skills and hackers breaking into “telco” computers, reference is usually made to phreak/hacking or “p/hackers.” This paper follows this convention.
Those who have a deeper and more technically oriented interest in the “telco” (telephone company) are known as phreakers. They, like the hackers discussed earlier, desire to master and explore a system that few outsiders really understand: The phone system is the most interesting, fascinating thing that I know of. There is so much to know. Even phreaks have their own areas of knowledge. There is so much to know that one phreak could know something fairly important and the next phreak not. The next phreak might know ten things that the first phreak doesn’t though.
It all depends upon where and how they get …