Hacker Nation

By Any Other Name

It used to be that hacking had nothing to do with breaking the law or damaging systems. The first hackers, who emerged at MIT in the 1960s, were driven by a desire to master the intricacies of computing systems and to push technology beyond its known capabilities.

The hacker's ethic, an unwritten dictum governing the hacker world, says that a hacker should do no harm. Richard Thieme, a regular speaker at Def Con, says that a hacker should "pass through a network without a trace." But somehow that message has gotten lost in the noise of Web defacements and data thefts.

Hacker purists get riled when anyone confuses them with crackers--intruders who damage or steal data. But while some hackers are quick to claim the moral high ground, the line between hacker and cracker is often blurred. Most hackers, for instance, don't believe it's criminal to break into systems and rifle around. The law, of course, thinks otherwise.

"[J]ust because something is illegal doesn't mean it's wrong," says Veggie. "But ... once you go in and destroy data or damage the system, that's where ... you stop being a hacker and you become a criminal."

T12, a 20-year-old who admits to some questionable hacking conduct, says he wouldn't normally damage a site. But if a phone company were to illegally switch his long-distance carrier and start billing his calls at $10 a minute, he wouldn't hesitate to take action. "This is the kind of thing where I would feel free to just deface their site and make it as public as possible."

Diablo, a teenager with the Romanian hacking group Pentaguard, says that a hacker should "never abuse his powers." But, he adds, "If you penetrate a server and change the main page, nobody is hurt. The admin gets embarrassed, and that's all."

Pentaguard has defaced more than 100 Web sites--most of them government- and military-related--and Diablo says that he's careful: "I never delete [or] steal data [and] never crash the system."

This may be true, but Jon Shimabuku, manager of one site Pentaguard defaced (owned by the Hawaii state legislature), says that his office had to pay $4000 for several new large-capacity hard drives (since the police confiscated the hacked hard drives as evidence), and the site was down for a week until the drives arrived.

Signs of the Times

Hacking has definitely changed in the last 40 years. Talk to any hacker over 25, and he's likely to lament the passing of the good old days, when coding was an art form and learning how systems worked was an exercise in persistence. New hackers today are often younger and less skilled than their predecessors, and more likely to focus on showy exploits than the noble pursuit of knowledge, say older hackers.

Fosdick, a 26-year-old programmer who has been hacking since he was 11, calls the Internet generation of hackers "hollow bunnies"--like gigantic chocolate Easter bunnies "filled with nothing but air." Ten years ago, he says, hackers respected information and machines, and had to possess knowledge and skills to hack. Now novices use hacking programs without understanding them and are more likely to leave havoc in their wake.

Script kiddies receive the bulk of hacker disdain. These are the graffiti kids who download canned scripts (prewritten hacking programs) for denial-of-service attacks or paint-by-number Web defacements--the latter nearly always including shout-outs to the hacker's homies.

The risk here is that an unskilled hacker could release wanton mayhem in your systems. The hacker might download a buggy hacking tool to your network that goes awry, or execute a wrong command and inadvertently damage your machines.

But script kiddies tend to disappear after a year, says William Knowles of security training firm New Dimensions International. "This is the generation of instant gratification, and if they can't get the hang of Back Orifice [a more advanced hacking program], they get bored and move on."