It's harder to identify the bad guys online

March 28, 2000

When Simple Nomad was younger, one of his favorite pastimes was worming his way into phone companies' computer systems. That was more than 10 years ago, before words like "Internet" and "hacker" were key words in the cultural lexicon - and before it was against the law.

"I liked to take things apart and see how they worked. In that way, I'm considered 'old school,' " he says.

Getting around a computer system's security and exploring its technological nuance is part of the thrill of the pseudonymous world of the hacker underground, a relatively young cyberspace culture where computer programmers like Simple Nomad are driven to demonstrate their own technological skills.

For many, the term "hacker" conjures up images of a precocious troublemaker smirking as he toys with the technologically challenged. Indeed, sometimes what the hacker underground sees as exploring, companies call trespassing.

But hackers see a difference between their love of exploration and computer showmanship and recent attempts to shut down Web sites and steal credit card information. They see themselves as pioneers, ones who are helping computer culture and science evolve - as opposed to the thieving (and amateur) tactics of those they derisively call "crackers."

But as the Internet evolves into a giant superstore, the lines between black and white are blurring further. The hacking underground has a libertarian ethos that places a high value on the free flow of information. As a result, hackers often post techniques that can be used to crack system security. They argue that unauthorized hacks into systems are the only way allow security techniques - as well as technology - to fully evolve.

"I'll be the first to admit there are a lot of gray areas," says Simple Nomad, who runs Nomad Mobile Research Centre, a Web site that provides information on the security flaws in computer systems. "I've written tools that I know can be used for people to test their system, but I also know someone can turn around and use the same tools to break into a system."

In the mid 1990s, as many in the Internet industry began clamoring for ways to protect against these "attacks," Congress passed legislation that made hacking a crime. Last week, Max Vision, the hacking alias of Max Ray Butler, was held on $100,000 bail after being indicted for breaking into government systems such as NASA and the Department of Defense.

The hacker community, however, bristles at being lumped with acts like last month's "denial of service" attacks against Internet behemoths like Yahoo! and eBay, attacks that lacked the technological sophistication they value. Many have tried to distinguish hackers from "black hats" or "crackers," who crack into systems to steal credit card information or do some kind of damage.

"A lot of the underground isn't looking at this as a major hack, or even as [a genuine] act of hacking," says Space Rogue, editor of Hacker News Network and a computer scientist for security consortium @stake.com.

A. Anonymous, a former "black hat" hacker who wrote the best-selling book "Maximum Security," was one of the first to give detailed information on how to crack a system's security. "All these other security books, not one of them taught you how to break into anything," he says. "But because there are standard things you must do to secure your system, you first need to know how the attacks work."

Some of the roots of hacking come out of the "phone phreaking" of the 1970s.

According to the Hackers' Hall of Fame, the hacker Cap'n Crunch became a legend when he figured out how to reproduce the tone that authorizes long-distance service with a toy whistle from a cereal box. Later, many people - mostly kids - manipulated pay-phone wires with a paper clip to get "free" long-distance. As networks connected by phone wires began to evolve, so did the various ways to furtively plug into them.

As young hackers explored the source code of systems, they began to think of ways to do it better. The result was a highly competitive community where, like playground basketball, a hacking "star" performs exploits that could become legendary.

"When something is posted, immediately that motivates some people to want to do something better," says A. Anonymous. "As a result, ideas are being exposed to an evolution at an extremely rapid pace."

Though Simple Nomad says he no longer breaks into systems, he notes his Web site is listed as criminal on most Web-blocking software. "Which is unfortunate," he says, "because 9 out of 10 e-mails I get is from a system administrator saying 'Thank you, I used the stuff on your site to take care of my system.' "

More and more, Internet security companies are using the techniques of the hacker underground to make systems more secure. And many of the old phone phreakers and black-hat crackers are being hired. "You stick with it long enough," says A. Anonymous, "and you shed the purple hair and put on a suit and tie."

(c) Copyright 2000. The Christian Science Publishing Society