Hackers were not always portrayed as computer criminals. During the “Golden Age,” before personal computers and the development of a computer industry, when there were minimal proprietary interests in computer software, hacking was relatively non problematic. The word hack was first used at the Massachusetts Institute of Technology to refer to a feat “imbued with innovation, style, and technical virtuosity. ” As early as 1958, computers were influencing young minds. Students would stay up all night to get time on the big university mainframes.
These people were fascinated with computers and spent hours writing programs to see what could be accomplished. Golden Age hackers were interested in the “pure hack,” not the monetary value of their work. During the mid- 1980s, computer technology became available on a mass scale and movies such as War Games romanticized hacking. Many young adults realized that computers were empowering tools. As awareness of similarities between hackers emerged, hacking developed its own ethical guidelines. Hacker ethics are based on the bedrock of freedom of information.
As Gareth Branwyn said, “As every reality hacker knows: ‘Information wants to be free’ and “plagiarism saves time. ‘” The lifeblood of the hacker ethic is freedom of information. Steven Levy outlined the hacker ethic as follows: 1. Access to computers — and anything that might teach you something about the way the world works — should be unlimited and total. Always yield to the hands-on imperative! 2. All information should be free 3. Mistrust authority — promote decentralization. 4. Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position
5. You can create art and beauty on a computer (Dan Diaper, page 56-57) These criteria put hackers in opposition to mainstream economics. As Anne Wells Branscomb noted, scientists and computer hackers “are frustrated to discover that their electronic playgrounds have been invaded by avaricious and enterprising entrepreneurs who prefer dollars to the joy of the ‘great hack’ or the reward of the Nobel Prize. ” (Rebecca Green, page 273) The belief in freedom of information makes certain behaviors conceivable that are defined as theft in the mainstream legal discourse.
As Emmanuel Goldstein, editor and publisher of 2600, a hacker journal, stated, “If I want to access a credit tracking company like TRW and access my credit file, is that an invasion of TRW’s privacy? What about my privacy-all that information they’ve gathered on me? ” (Bakewell, Eric J. page 481) Hackers prioritize freedom of information and are suspicious of centralized control. Private ownership of information is considered illegitimate. Hackers question why a few corporations can own information about others and control information that might be helpful to the public at large.
This view puts hackers on a collision course with the more powerful conglomerate of technology owners and the government itself. Hackers’ willingness and ability to go anywhere does not sit well with corporate America. Generally speaking, hackers tend to emphasize the positive aspects of their subculture, whereas the mainstream media emphasizes the negative. It is important to look at the characteristics of hackers because mainstream media consciously and consistently wrests control of the hacker public image out of hacker hands.
Hackers construct the image of a creative innovator who takes on the institutions controlling information in order to engage in a knowledge-expanding and creative process. Hackers tend to hack for the thrill of seeing if it can be done. Hackers enjoy seeing how far they can push themselves and the computer. Hacker is defined as “a person whose devotion to something, in this case computers, is near total and who has a deep-seated desire to do what’s impossible to do.
The great thing about hackers is that quite often they achieve what is considered impossible, because they refuse to accept limits. Hackers are labeled misfits, but tend to embrace their difference as setting them apart from others. They tend to be avid readers with good intellectual abilities. Hackers are predominately male and white, but consider they gender-and colorblind due to the textual relationships they hold (in which personal attributes mean less). It is agreed that hackers dress informally, relate better to computers than to people, and can absorb large amounts of information.
Hackers perceive themselves to be mostly harmless, highly intelligent people. They view their hacking as a game and the Internet as a playground. Sociologists Gordon Meyer and Jim Thomson put an academic spin on hacker culture. They wrote: Our data reveal the computer underground as an invisible community with a complex and interconnected lifestyle, an inchoate antiauthoritarian political consciousness, and dependent on norms of reciprocity, sophisticated socialization, rituals, networks of information sharing, and an explicit value system.
We interpret the CU (computer underground) culture as a challenge to and a parody of conventional culture, as a playful attempt to reject the seriousness of technocracy, and an ironic substitution of rational technological control of the present for an anarchic and playful future. (Rothke, Ben. Page 101) A great deal has been made of the dark side of the computer. Many articles equivocate hacking with computer crime, glossing over the minor detail that most computer-related crimes are committed by employees (or former employees).
Hackers are singled out, whereas disgruntled employees are ignored or, occasionally, called hackers. Beginning with Operation Sundevil, mainstream media has contributed to the removal of normalcy from the hacker image. The way hackers are characterized by the media is important because it helps define the improper hacker and the normal U. S. citizen. As officials offer their opinions on hacker behavior, and these opinions are sifted through the media to our ears, images of normalcy and deviance are produced.
A variety of articles written in the late 1980s and early 1990s outlined the abnormality of hackers. Hackers are socially awkward nerds who do not fit in. They are more comfortable with computers than with people. The hacker-as-nerd narrative, which remains strong in the late 1990s, helped provide insight into the hacker psychology. These articles are about labeling and name calling. James Aho, who has done work on northwest hate groups, noted, naming, or labeling is a crucial step in creating an enemy.
Most early attempts at labeling hackers included calling them names such as: “yuppie vandals,” nerds, nosy showoffs lacking any sense of shame, and hoods from broken homes with psychological problems. These articles are supplemented by longer pieces on specific hackers such as Kevin Poulsen or Kevin Mitnick. Additionally, Operation Sundevil highlighted the name-calling process by providing a clear starting point for identifying hackers as a serious threat. Labeling hackers as victimizers also helps create the enemy. The term victim is used repeatedly in articles dealing with hacking, viruses, and computer piracy.
In the victim-victimizer narrative, companies are afraid to disclose their victim status for fear of embarrassment, loss of confidence in their company, and fear that making their vulnerability public will only increase the chances of invasion — all images that help align the hacker with a rapist. One programmer, tired of hackers entering his system, made the victim status of his company explicit: We seem to be totally defenseless against these people. We have repeatedly rebuilt system after system and finally management has told the system support group to ignore the problem.
As a good network citizen, we want to make sure someone at network security knows that we are being raped in broad daylight. These people freely walk into our systems and are taking restricted, confidential and proprietary information. Treating hacking as rape helps establish what “a good network citizen” should not do as well as offer a strong negative label for anyone interested in hacking. Additionally, it is a powerful label to attach to the computer hacker that helps people understand the hacker as enemy. Establishing abnormality is a first step in demonizing the hacker.
Popular magazines running stories on hackers and hacker-related issues reveal the extent to which the hacker is depicted as threatening. An effort is made to link hacking to crime, to taint this crime with the most dangerous elements possible, and to show ill will toward those who would embrace the ideology of hacker. Initial hacker threats were vague. Computer security dangers were becoming a greater issue, but were still considered a future problem. The possible futures that hackers would bring included terrorist attacks, computer viruses as dangerous as chemical or nuclear weapons, and more general hacker-induced deaths.
All these possible scenarios are part of a labeling process that helped define the deviance of the hacker. As Aho stated, “The point is that defamatory language rarely, if ever, simply describes things; it also rhetorically ‘accomplishes’ them. And what it accomplishes is an enemy, ready for violation. ” (Peter Piazza page 34) Although many articles about hackers may seem ineffectual at best, they initiate a naming process crucial to constructing an enemy who can then be fought. These initial forays into naming an enemy were not greatly successful because the potential threat of the hacker had not been fully realized.
A few individuals, like Gail Thackery who had been involved in Operation Sundevil, foresaw the threat and warned that for every hacker caught, many others remained freely engaged in potentially dangerous activities. Additionally, there were some who linked hackers and theft of information to organized crime in an attempt to escalate the threat. Identifying additional steps in creating enemies are also instructive. Naming is typically followed by validation of the threat. Validation can take the form of public trials, hearings, or other ceremonies.
A second method for validating labels is through a process described as mythmaking. Mythmaking “refers to the biographical or historical accounts of defamed persons showing why it is inevitable, necessary, and predictable that they act as they do — namely, as evil ones. ” A recent case made headlines because a 19-year-old hacker “was deemed so cunning that he was released under house arrest Thursday with orders not to even talk about computers. ” Federal authorities said “he’s capable of controlling virtually any computer.
” (Linda Kinczkowsi, page 234) This mythologizing helps shape the hacker into an enemy worth fighting. Additionally, such rhetoric helps provide the image of an evil wizard manipulating the computer in almost magical ways. The mythologizing effect, or explaining why it is inevitable that the hacker acts as he or she does, is further supported by the assertion that hackers are addicted to hacking. One hacker in England was acquitted because he convincingly argued he was a hacking junkie who “couldn’t help himself. ” Understanding hacking as addictive behavior helps categorize hackers as pathological.
David Campbell made this apparent: “What animates the careers of social problems like drug consumption or drunk driving are moral concerns about what constitutes ‘normal’ behavior in contradistinction to ‘pathological’ behavior. In other words, the interpretation of some problems as social dangers subject to intense concern and punitive sanctions is integral to the inscription of the ethical boundaries of identity. ” (Chris Davis, page 89-90) It is obvious from the manner in which hackers are portrayed that their behavior is not normal.
If one can validate the hacker as an addict, a pathological person, and someone capable of activities bordering on mythical then the substance of the enemy will be more clearly understood. Hackers make good scapegoats because their actions are difficult to understand, have overtones of adventure and action, and make for good publicity. Good scapegoats do not necessarily make for good indictments, however. Craig Neidorf’s case was thrown out when it was discovered that the stolen Bell South document worth an estimated $79,449 was publicly available for $13.
The well-publicized Morris case, which prosecutors wanted to use to send a clear message to hackers, had little impact. Most publicized cases have not had a noticeable impact on hacking, or have failed to bring in significant convictions. Additionally, because many hackers are adolescents or first-time offenders (like Morris), convictions are not as severe as some prosecutors would like. The highly publicized manhunt resulting in the capture of hacker Kevin Mitnick will probably be anticlimactic. In April 1996, Mitnick plead guilty to one federal charge and to violating his probation.
The authorities are struggling to contain the crimes, or at least to slow their rapid growth. One recent article warned that small companies are the perfect place for a new hacker to try out his or her skills. If a site proves easy to hack, it could be labeled a penetration test site and become a training ground for hackers. Additionally, if a website is well secured, it is bound to attract hacker attention. It is generally understood that no place is safe from hackers. If they wish to, they will crack any system. Computer extortion by hackers has also been documented. A hacker will send e-mail asking for money, or the account will be bombed.
A bombing means thousands of messages will be sent to clog the address and make it unusable. In 1996, the General Accounting Office (GAO) reported there had been an enormous number of attempted break-ins to Pentagon computers. The GAO report directly links the threat of hackers to national security and argues that the potential for catastrophic damage is great. The potential for electronic warfare has become a newsworthy possibility. All these efforts help support another criterion for the creation of an enemy that of sedimentation, when legends come to have lives of their own.
It does not matter that most economic loss can be attributed to disgruntled or dishonest employees, or that our national security has not been significantly affected, the potential threat posed by hackers is enough to warrant even tougher legislation and penalties. What might be possible, now that the hacker identity is fully established, is enough to warrant tougher sanctions. One computer on the Internet is broken into every 20 seconds. Kehoe and Stephens also claimed that hackers are raising to the challenge of even more sophisticated security systems.
Although some companies are challenging hackers to break their codes, other hackers are going to prison for such behavior. In 1996, a hacker brought the King County Library system to a standstill, which sparked new claims that the hackers caught were just the tip of the iceberg. Computer fraud and telecommunications crime is on the rise. It is estimated that U. S. losses from hackers is between $150 billion and $300 billion a year. This is assumed to be a low assessment because many companies do not report computer theft. Hackers also can victimize corporations by engaging in other types of deviant behavior.
But hackers don’t have to steal anything to inflict damage and financial loss on corporate victims. In a nefarious practice known as ‘pinging,’ hackers can render an Internet IP address virtually inoperative by bombarding it with thousands of mail messages or postings, using automatic remailer tools. In response to the potential rise in hacker-related crimes, the FBI has opened new offices to deal with computer crime. The hacker is both a foreign and domestic threat. There is mounting evidence that encryption and security technology can be broken, illustrating the threat of hackers, both domestic and foreign, which can break encryption.
In 1996, a French hacker proved it was possible to find the key to Netscape. There are numerous foreign hacker incidents that help cement the danger of the hacker. There is the case of the German hacker, Kim Schmitz, who sold access codes from the U. S. phone system. There was a British hacker arrested for infiltrating the U. S. defense department, NASA, and other computers. An Israeli hacker was arrested for infiltrating the Pentagon and taking classified information about the Patriot missile and other secrets during the Gulf War. There have been crackdowns on hackers in the Netherlands and Mexico through legal reform and raids.
An assault on a jet propulsion lab (JPL) in 1988 was thought to have been conducted by a West German group called the Chaos Computer Club. The JPL case is an excellent example of creating an international danger from only a few threads of evidence. The infiltration of the JPL was actually accomplished by Kevin Mitnick and Lenny DiCicca. Australian hackers arrested for breaking into U. S. and Australian computer systems raise troubling questions about the vulnerability of technology to intruders operating beyond American borders and laws.
Finally, a recent foreign hacker to threaten U. S. computers is 21-year old Argentinean, Julio Cesar Ardita, who gained access to the Pentagon, NASA, and Navy computers and retrieved information about nuclear installations and defense programs. This case is important because of the government response to the hacker. Ardita’s case is the first in which the government obtained a court order to tap private electronic communications. Such monitoring could become the wave of the future as the government as the good guy takes action to control the evil hacker both abroad and at home.
The threat posed by hackers translates into fear of crime. Fear of computer crime is on the rise. As Flanagan and McMenamin said, “serious computer crime is beginning to reach epidemic proportions. How the government deals with this crime is important. There is now a climate in which victims must be protected and victimizers attacked, resulting in the final criteria for Aho’s enemy construction paradigm — ritual, when the ‘good guys’ respond ‘appropriately’ to the threat. ” (Dan Diaper, page 122) In the United States this means additional arrests and more attention paid to hackerrelated acts.
Hackers within the United States are linked to espionage to clarify the threat as external and other. All the security people left over from the Cold War are turning into “information brokers” and are using the Internet to advertise their abilities to attain confidential information. In late 1993 or early 1994, a service called ‘BlackNet,’ which publicly advertised the brokering of illegal information, was posted on an Internet Usenet group and then widely disseminated. BlackNet turned out to be a hacker’s hoax, but it nonetheless indicates the seriousness of the problem.
Although their example turned out to be a practical joke, it did not deter the authors from inferring that information brokerage is a serious threat to be watched. As the United States relies more heavily on technology for everything from high-tech weapons to security systems, the real threat hackers pose becomes greater. From automobiles to airlines to toaster ovens, our interaction with objects is increasingly mediated by computer technology. This technology is anything but perfect. Indeed, most computer scientists and security agents will point out that computers are inherently insecure, unreliable, and unpredictable.
Despite the vulnerability caused by over reliance on computer technology, we continue to entrust vital aspects of our economic and political systems to technological care. As people become more familiar with the Internet and more dependent on computer technology, it is easier to use the hacker as a threatening figure. The media, law, and government offer different perspectives on the hacker, but when taken as a whole, a sinister character emerges — an enemy.
Bibliography
• Dan Diaper Book Title: The Handbook of Task Analysis for Human-Computer Interaction. Publisher: Lawrence Erlbaum Associates.Place of Publication: Mahwah, NJ. Publication Year: 2004. • Rebecca Green. Article Title: Computer Crimes. Journal Title: American Criminal Law Review. Volume: 39. Issue: 2. Publication Year: 2002. Page Number: 273+. • Bakewell, Eric J. Article Title: Computer Crimes. Journal Title: American Criminal Law Review. Volume: 38. Issue: 3. Publication Year: 2001. Page Number: 481. • Rothke, Ben. Article Title: Web Hacking: Attacks and Defense & Hacking Exposed Web Applications Web Application Security Secrets and Solutions. Magazine Title: Security Management. Volume: 47. Issue: 1. Publication Date: January 2003. Page Number: 107.
• Peter Piazza Article Title: Giving Hackers the Green Light. Magazine Title: Security Management. Volume: 47. Issue: 11. Publication Date: November 2003. Page Number: 34+. • Hacker. Wikipedia. http://en. wikipedia. org/wiki/Hacker_(computer_security) 2007 • Hacking. Ethics in Computing. http://ethics. csc. ncsu. edu/abuse/hacking/ (2007) • Eric Steven Raymond. How To Become A Hacker http://www. catb. org/~esr/faqs/hacker-howto. html (2001) • Chris Davis. Hacking Exposed Computer Forensics. Publisher: McGraw-Hill Osborne Media; 1 edition (November 22, 2004) • Linda Kinczkowsi Article Title: Hack Attacks Revealed: A Complete Refe