Read an Excerpt

Chapter One

Hacking Culture

Fry Guy watched the computer screen as the cursor blinked. Beside him a small electronic box chattered through a call routine, the numbers clicking audibly as each of the eleven digits of the phone number was dialed. Then the box made a shrill, electronic whistle, which meant the call had gone through; Fry Guy's computer ... had just broken into one of the most secure computer systems in the United States, one which held the credit histories of millions of American citizens.

— Paul Mungo and Bryan Clough, Approaching Zero

This is the common perception of today's hacker—a wily computer criminal calling up a bank or credit card company and utilizing mysterious tools to penetrate simply and effortlessly the secure system networks that hold our most important secrets. However, any attempt to understand today's hackers or hacking that only examines the blinking cursors and whistling boxes of computing is destined to fail. The reason is simple: hacking has never been just a technical activity. Perhaps the most striking illustration of this is that William Gibson, who in his book Neuromancer coined the term "cyberspace" and who invented a world in which hackers feel at home, for nearly a decade refused to have an e-mail address. In fact, Neuromancer, the book that has been (rightly or wrongly) held accountable for birth of the "new breed" of hackers, is rumored to have been written on a manual typewriter. Hacking, as Gibson's work demonstrates, is more about the imagination, the creative uses oftechnology, and our ability to comment on culture than about any tool, computer, or mechanism. The hacker imagination, like the literature that it is akin to, is rooted in something much deeper than microchips, phone lines, and keyboards.

    The current image of the hacker blends high-tech wizardry and criminality. Seen as the source of many evils of high-tech computing, from computer espionage and breaking and entering to the creation of computer viruses, hackers have been portrayed as the dangerous other of the computer revolution. Portrayals in the media have done little to contradict that image, often reducing hackers to lonely, malicious criminals who delight in destroying sensitive computer data or causing nationwide system crashes.

    In both the media and the popular imagination, hackers are often framed as criminals. As Mungo and Clough describe them, hackers are members of an "underworld" who "prowl through computer systems looking for information, data, links to other webs and credit card numbers." Moreover, hackers, they argue, can be "vindictive," creating viruses, for instance, that "serve no useful purpose: they simply cripple computer systems and destroy data.... In a very short time it has become a major threat to the technology-dependent societies of the Western industrial world."

    At least part of the reason for this impression rests with the media sensations caused by a few select cases. Clifford Stoll, as documented in his book The Cuckoo's Egg, for example, did trace a European hacker through the University of California at Berkeley's computer systems, ultimately revealing an attempt at international espionage, and the cases of Kevin Mitnick and Kevin Lee Poulsen, two hackers who were both arrested, prosecuted, and sent to prison for their hacking, gained considerable attention in the media and in subsequent books published about their exploits. Most of these accounts are journalistic in style and content and are more concerned with describing the events that took place than with analyzing the broader context out of which hackers have emerged. While the image of the hacker as a "criminal" seems to have taken over in the popular imagination, the broader context of the computer "underground" and, most important, the historical context force us to question such an easy categorization of this complex and varied subculture.

Between Technology and the Technical:
Hacking as a Cultural Phenomenon

In the 1980s and 1990s, hackers were the subject of numerous films, TV shows, and news reports, most of which focused on the connection between hacking and criminality. As Joe Chidley describes them in an article for Maclean's Magazine, "Hackers are people who simply love playing with computers," but there is a "malicious subset of the hacker community, who intrude on computer networks to do damage, commit fraud, or steal data," and these hackers "now have an arsenal of technologies to help them in their quest for secrets."

    Within such a limited framework, which reduces hackers to criminals with their "arsenal of technologies," it makes little sense to speak of a "culture" of hacking. Hacking appears to be, like most crime, something that malicious people do for reasons that don't always seem to make sense. Why would a talented computer programmer choose to write a virus rather than write a program that might be more useful and, potentially, economically more rewarding? Why would hackers break into unknown systems when their talents could be employed in many other more productive ways? These questions make the hacker's goals and motivations difficult to decipher.

    Rather than attempting to understand the motivation behind hacking, the media and computer industry instead focus on the manner in which computers are hacked. At this level, hackers are easy to understand—they have a specialized set of tools, and they use those tools to commit crimes. This basic theme was central to the protest against the release of SATAN (Security Administrator Tool for Analyzing Networks), a network-analysis tool that tests systems for security flaws. The program, which was written to make system administrators aware of security flaws that were already well known and often exploited by hackers, was publicly released by its authors, Dan Farmer and Wieste Venema, in April 1995. The release was met with an outpouring of anxiety about the future of Net security and fear that the public availability of the tool would turn average computer users into criminals. As the Los Angeles Times remarked, "SATAN is like a gun, and this is like handing a gun to a 12-year-old." Other newspapers followed suit, similarly invoking metaphors of increasing firepower—"It's like randomly mailing automatic rifles to 5,000 addresses. I hope some crazy teen doesn't get a hold of one," wrote the Oakland Tribune, only to be outdone by the San Jose Mercury News's characterization: "It's like distributing high-powered rocket launchers throughout the world, free of charge, available at your local library or school, and inviting people to try them out by shooting at somebody." The computer industry was more sober in its analysis. "The real dangers of SATAN," as one advisory argued, "arise from its ease of use—an automated tool makes it very easy to probe around on the network."

    The basic objection to the release of SATAN was that it provided a tool that made system intrusion too easy, and making the program publicly available prompted outcries from those afraid that anyone with the tools could (and would) now invade systems. Omitted from most stories was the fact that SATAN had been available in a less powerful form as freeware (a freely distributed software package, accessible to anyone) on the Internet for years, along with several other programs that provided similar functions, not to mention a host of more powerful programs that were already widely available for the express purpose of unauthorized system entry. Additionally, SATAN only tested computer systems for well-known, previously discovered (and easily fixed) security holes.

    SATAN was nothing new, but the discussion of it was. This response illustrated how convinced the general public was that the threat of hacking rested in the tools. While the apocalyptic effects of SATAN's release failed to materialize (no significant increase in any system intrusion has been reported, nor has any been attributed to SATAN since its release), the anxieties that SATAN tapped into are still present. The response to SATAN was in actuality a response to something deeper. It was a reaction to a basic cultural anxiety about both the complexity of technology and the contemporary culture's reliance upon that technology. SATAN appears to give anyone who wants it the tools to disrupt the system that very few people understand yet that everyone has come to rely on in their daily lives.

    A cursory examination of both public and state responses reveals a paranoia regarding the hacker that one can easily attribute to a Luddite mentality, a generation gap, or a pure and simple technophobia that seems to pervade U.S. culture. While these aspects are a very real part of contemporary culture, such a simple set of answers covers over more than it reveals. Most of the responses to hackers and hacking have served to lower the level of public discussion by confusing hackers with the tools that they use and making hyperbolic equations between computer software and high-power munitions. Like any other social and cultural phenomenon, the reasons for the growth of hacking in the United States (and as an international phenomenon) are myriad, and the reactions to hacking often reflect a wide range of reactions, from hope and fear to humor and dismay.

    The responses to hacking—in the popular imagination and in the minds of agents of law enforcement and the criminal justice system, a response documented in court records, TV shows, movies, newspapers, books, and even Web pages—reveal more about contemporary culture than about hackers and hacking. However, much as was the case with SATAN, public reaction to hackers both tells us a great deal about the public that is reacting and, ironically, shields us from an understanding of the complexities and subtleties of the culture of the computer underground. By simply equating hackers with the tools they use, the media and popular representations of hackers have failed to understand or account for even the most basic motivations that pervade hacker culture.

    In trying to determine what hacking is and what hacker culture looks like, I make a distinction between technology, as a broad, relational, and cultural phenomenon, and the technical or scientific, the products of technology itself (for example, telephones, computers, and modems). In doing so, I am also separating hackers' culture and motivation, which are very much about technology, from the idea of tools or specific technical items, which are for the most part incidental to the idea of hacking. These two concepts, technology and the technical, are different in kind, and to understand what constitutes hacking, we need to be careful to examine these two ideas as separate entities. Technology should be considered a cultural phenomenon, and in that sense, it tells us primarily about human relationships and the manner in which those relationships are mediated. The technical, by contrast, is concerned only with the instrumental means by which those relationships occur. It makes sense to speak of the technology of the telephone allowing people to have long-distance relationships. It also makes sense to discuss the technical aspects of telephones in comparison to the postal system. Both the phone and the mail as technology mediate human relationships in the same way insofar as they allow us to communicate at great distances. Yet as technical phenomena they are completely distinct. To pose questions with respect to technology is to pose cultural and relational questions. To pose questions with respect to the technical is to pose instrumental questions. Put differently, to answer the question, What is hacking? properly, we cannot simply examine the manner in which hacking is done, the tools used, or the strategies that hackers deploy—the instrumental forces that constitute hacking. Instead we must look at the cultural and relational forces that define the context in which hacking takes place.

Hackers and Hacking

Not long ago, being called a hacker meant only that one belonged to a group of technology-obsessed college or graduate students who worked tirelessly on the dual diversions of finding interesting ways around problems (often in ways that resembled Rube Goldberg machines) and perpetuating clever, but harmless, pranks. This "class" of technophile is characterized by a kind of "moral code," as documented by Steven Levy in his 1984 book, Hackers. The code, as Levy describes it, was "a philosophy, an ethic, and a dream," and it was constituted by six basic theses:

1. Access to computers—and anything which might teach you something about the way the world works—should be unlimited and total. Always yield to the Hands-On Imperative!

2. All information should be free.

3. Mistrust Authority—Promote Decentralization.

4. Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position.

5. You can create art and beauty on a computer.

6. Computers can change your life for the better.

The hackers Levy refers to were the original champions of the information superhighway, and their ethic was utopian in nature. As Levy describes it: "To a hacker a closed door is an insult, and a locked door is an outrage. Just as information should be clearly and elegantly transported within the computer, and just as software should be freely disseminated, hackers believed people should be allowed access to files or tools which might promote the hacker quest to find out and improve the way the world works."

    The "old hacker" of the 1960s and 1970s is often characterized with no small amount of nostalgia and is frequently seen as a counterpoint to the emergence of the new breed of hacker, the "cyberpunk" or "cracker." The "old hackers," in this romanticized telling, were "a certain breed of programmers who launched the 'computer revolution,' but just can't seem to be found around anymore.... [A]ccording to these 'old-school' hackers, hacking meant a willingness to make technology accessible and open, a certain 'love affair' with the computer which meant they would 'rather code than sleep.' It meant a desire to create beauty with computers, to liberate information, to decentralize access to communication." In short, the old-school hacker was dedicated to removing the threat of high technology from the world by making that technology accessible, open, free, and "beautiful." To the 1960s hacker, hacking meant rendering technology benign, and hackers themselves not only were considered harmless but were framed as guardians of technology—scientists with an ethic that resembled Isaac Asimov's "Laws of Robotics": above all else, technology may never be used to harm human beings. Moreover, these hackers effected a strange anthropomorphism—information began to be personified, given a sense of Being usually reserved for life-forms. The old-school hacker was frequently motivated by the motto "Information wants to be free," a credo that attributed both a will and an awareness to the information itself. Interestingly, it is these two things, will and awareness, that seem to be most threatened by the evolution of technology. In an era when the public is concerned both with a loss of freedom to technology and with a fear of consistently finding themselves out of touch with the latest technological developments, there is a transference of our greatest fears about technology onto the idea of information. The hacker ethic remedies these concerns through the liberation of information. The logic is this: if technology cannot even confine information, how will it ever be able to confine us? Within the framework of this initial question we can begin to trace out the history of hacking as a history of technology.

A Genealogy of Secrecy

One of the primary issues that hackers and hacker culture negotiates is the concept of secrecy that has evolved significantly and rapidly since World War II. Indeed, hackers' relationships to technology can be understood as a cultural phenomenon and cultural response to the evolution of secrecy, particularly in relation to the broader political and social climate, the birth, growth, and institutionalization of the computer industry, and the increasing import of multinationalism in industry. The concept of secrecy seems to change from generation to generation. What secrecy means and particularly its value shift as social, political, and economic contexts change over time, but what has always remained stable within hacker culture is the need to negotiate the relationship between the technical aspects of the machines themselves and the cultural value of secrecy.

(Continues...)

---

Excerpted from HACKER CULTURE by Douglas Thomas. Copyright © 2002 by Regents of the University of Minnesota. Excerpted by permission. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.

---