Hackers Group
Joseph Fodor, Adam Berro, Catherine Nguyen
Luke Brunda, Lauren Lopez, Allison Weiner, Christopher Kwak
METHODS
There were two main methods we used when conducting our research on Irvine Underground, a local hacker community. To gain an insider’s view on the history of Irvine Underground, we attended a general meeting on May 14th, 2010. We discussed their beginnings as well as various questions about how the members view hacking. Our questions ranged from simple inquiries such as what it means to be a hacker, to slightly more complicated questions, such as how they determine the legality and ethics behind what they do. By attending the general meeting, we were able to conduct face-to-face interviews with one of the founding members of Irvine Underground, along with various other members. These face-to-face interviews were highly successful and provided insight on how the personal relationships between the members worked. Due to the interview and communal discussion approach we took there was potential that answers were not as well thought out or fully developed. Due to this factor, we obtained the email addresses of members. This allowed for written follow-up questions in which the members were able to delve more into specific issues. However, we have yet to get any responses from the members. This shows one of the weaknesses of our methods. In the future having a written questionnaire at the time of initial interview would be beneficial and necessary for sound research.
Along with the interviews of Irvine Underground members, gaining a broader understanding of the hacker community was necessary. To do so one member from our group posted a questionnaire on a prominent hacker website and forum, hackthissite.org. The written questionnaire allowed hackthissite members to provide well thought out and thorough responses. The members on this forum are global, although a large majority of them reside in the United States. By getting responses from a much more geographically diverse population, we were able to deduce whether or not the trends we discovered with Irvine Underground applied on a broader scale. As this paper mostly focuses on Irvine Underground, the interviews with members from hackthissite.org acted as a benchmark for comparisons, allowing us more insight on how hackers view themselves.
What is a “hacker”?
Culture is constantly contested. As with all communities, the hacker community disputes what it means to be a hacker. The broader hacker community is incredibly varied in terms of interests and ethics. We also found that much diversity exists even within a single hacker community, the Irvine Underground. Despite large variation between hackers in terms of ethics as well as hacking interests and activities, one concern that unites hackers is the notion of security. Hackers are not only concerned with computers and computer security, though; hacking transcends computers and even technology.
Barfly, a member of the Irvine Underground, explained his ideas of the “old world” and “new world” hackers. The old world view is the emic view, and states that hackers find a way to manipulate software or hardware to serve a purpose, other than its originally intended purpose. In this sense, “hacking” is a clever way of mechanical engineering. The “new world” (mis)conception of a hacker is the definition propagated by the mass media which depicts hackers as criminals who attempt to circumvent security for their own malicious gain. [1]
Truly malicious hackers are actually the minority. Although some hackers harm others by creating and distributing viruses, stealing identities, or credit card theft, most hackers are relatively harmless. Unlike the images of hackers perpetuated by mainstream media, hackers are simply anyone interested in deeply understanding a system, and being able to manipulate and exploit it to achieve some result. While this can certainly refer to computers and computer security, it is equally likely to apply to the non-computer world. For example, lock picking is a popular type of hack among the Irvine Underground. Because the IU is so focused on being a social group and teaching and learning resource, they are open to new types of hacking. During a past meeting, one member brought in a lock picking set and a lock and introduced lock picking to the group. An average person may think very little about locks, but a hacker who is interested in security and lock picking may want to gain a better understanding of the lock as a security measure and a useful skill. .
Another example of hacking that is unrelated to computers or technology is social engineering, the manipulation of people. It relies on the same premises of hacking, understanding a system thoroughly, and using that knowledge to manipulate it, or bypass security. In this case, a hacker knows how to manipulate someone, by gaining their trust, or by tricking them. For example, a social engineer demonstrated a hack at a Defcon convention by choosing a name at random and proceeded to acquire the caller’s credit card number just by talking on the phone to him.
When Barfly, a member of IU, asked another member of the group what a hacker was, he responded, “A hacker is a chameleon!” as he took off his coat. While we discussed what it meant to be a hacker, another member of the IU remarked, “You’re probably learning, it’s hard to define a hacker.” This is certainly true, but the main axes that divides hackers from one another is their personal ethics. This can include whether one is benign and curious, or aggressive and malicious, and their intentions with what and how they hack. How hackers chose to persue hacking categorizes them into a “hat” system.
Defining a Hacker
Hacker communities have developed a unique system of ethics and morality including the construction of their own categories. They utilize these categories in able to judge the actions of those within the community. These categories are known as “Black hat,” “Grey hat,” and “White hat.” Even within small communities, the definition and attributes of these groups are ambiguous and debatable [1]. Still, generally most will agree on a basic definition similar to the following:
Black hat hackers are those who are willing to cause harm or damage to others through “hacking” activities that generally violate the law. An example of this is malicious hackers attempting to steal credit card numbers or someone’s identity.
White hat hackers are those who are unwilling to cause harm or damage to others, or those who preform only legal activities. Often, exceptions are sometimes made for what is seen as a good cause. These examples pertain to those who have somehow upset online communities. Recently, several acts of animal cruelty have resulted in an ad-hoc act of revenge, or vigilante justice. Those who were responsible were hunted out of the anonymity that the internet frequently offers and were held accountable for their actions. The means of achieving “justice” were perceived as cruel in and of themselves by some, as vigilante justices often are.
Grey hat hackers are generally anything in between, and although definitions vary wildly, the consensus [1] is that many hacker communities (and conventions like DEFCON, a large annual hacker convention) are “filled with Grey hats”. Most hackers associate with the category of Grey hat, suggesting primarily that the unique and sometimes ambiguous scenarios created by electronic communication technologies are difficult to consistently judge on a moral scale.
Even the hat system of categorizing hackers is hotly contested within the hacking community. Within a thread labeled “Black, White, or Grey Hat?” on hackthissite.org forums, the members debate on whether it has become archaic or can still be applied today. Many of the members stated that they do not fall specifically in any category; although they may lean more towards one category than another, they often do not classify themselves in one hat. The system of hats looks at the hats within a moral compass that does not apply to everyone. Although the majority of people will see white hats as the good guys, and the black hats as the enemies, black hats themselves see the white hats as the enemies, therefore making themselves the good guys. In the context of the classic “good” and “evil” paradigm associated with the colors black and white, most hackers take a third stance - either failing or refusing to fit in to standard moral terms. The result is that hackers see themselves not as “good” or “evil,” but as “okay.” Hackers will also often dislike the system of hats because hacking in itself is a hobby, and there is no need for a ‘badge of honor’ such as a hat.
Inevitably, the categorical Black, Grey, and White hats are filled with debate and exceptions. In a group so difficult to define as hackers, it is only to be expected that beliefs, actions, and activism will be as difficult to explain as it is sometimes to justify. Hackers are a group that relish the opportunity to find loopholes and exploits in almost any system - and not necessarily just mechanical or electrical systems. While the Hacker Quarterly 2600 alludes to the 2600 Hertz tone that could be created with a Cap’n Crunch whistle to achieve free phone calls from pay phones, others focus on fields like social engineering, in which they attempt to breach human defenses and convictions - sometimes even including face-to-face lying.
Social engineering on communities like HackThisSite.org lead to comments that challenge typical preconceptions of morality:
“Ok i know social engineering is illegal but out of curiosity how do you do it?”
“The best advice I can give is to get comfortable lying. Lie to someone each day... You need to be a compulsive liar so it comes naturally when you need it.” [2]
Social engineering is defined on HackThisSite.org as “the art of manipulating people into performing actions or divulging confidential information,” and “typically applies to trickery for information gathering or computer system access.” It is seen as another branch of typical hacker attempts to breech security measures. In contrast to the complicated and sophisticated computer skills necessary to “crack” a password, it may be much easier to trick the user into revealing it.
The direct acknowledgement that social engineering may be illegal - whether correct or incorrect - lends to a perception that perhaps, morality and legality are not always exactly aligned. In this particular case, the user continued to state that it was “just out of curiosity” - echoing a commonly heard sentiment that hackers are interested in exploration of security systems. A common defense is that not everyone uses the “black hat” mentality of abusing knowledge for their own advantage.
The quest for knowledge may be another strong motivation in all aspects of the hacking community. The user who suggested “[lieing] to someone each day” was, surprisingly enough, a student currently studying criminal justice. This user - who was also a moderator on the forum [3], wielding administrative authority on the message board - recommended taking classes or reading books on body language and behavior. The emphasis on learning - particularly self-directed learning - is a strong and common thread that feeds and unites the hacker community.
History
Understanding the hacking community requires a history of hacking. One of the earliest documented forms of hacking came in play with the use of a toy whistle, a toy whistle found in boxes of Captain Crunch cereal. When blown, the whistle emits a sound at the pitch of 2600 hertz, the exact sound needed to control telephone lines and place free long distance calls. John Draper was the man who discovered this in the late 1960s, and he used this to his advantage. [7] He began to develop “blue boxes”, devices that would mimic other tones that phone companies used. It was not malicious intent that led John Draper to develop these blue boxes; rather, it was because “I’m learning about a system. The phone company is a System. A computer is a System, do you understand? If I do what I do, it is only to explore a system. Computers, systems, that's my bag. The phone company is nothing but a computer“ [7]. Draper only wished to expose the flaws that he had found in the phone company lines, and never aspired to receive financial gain from his blue boxes. Although the same cannot always be said for the rest of the community (collectively known as phone-phreaks), like hackers, the majority of them were involved in the ‘phreaking’ out of curiosity and the yearning for knowledge. The community understood that their actions were considered illegal, but it was the desire to learn more and improve the phone system that prompted them to push forward. Some phone-phreaks were arrested and put in jail for fraud. Yet like their modern day cousin, the computer hacker, they sometimes found jobs in the phone business, improving phone systems for the same companies that had them arrested in the first place. Draper himself was arrested for fraud, but ended up developing the first word processor for Apple II while still in jail. The parallels between these phone-phreaks and computer hackers are striking, and only demonstrate the wide spectrum that falls under the umbrella of hackers.
History and Legality, Cont.
While trying to further understand how hackers came to be, BigMomma, a member of IU, proceeded to tell us about her father using Ham Radio in the 50s.
According to Kristen Haring in her article “The ‘Freer Men’ of Ham Radio,” these amateurs “passed hours at a cluttered worktable in the basement, attic, or garage. There [they] used two-way radio equipment to contact other radio stations-- speaking into a microphone, typing at a keyboard, or tapping out Morse code on a telegraph key”[8]. While Haring discusses how ham radio reinforced the users’ masculinity, BigMomma argues that “hams” were the first hackers. In the 1950s, the term “hacker” was synonymous with “nerd” or “geek.” According to BigMomma, they were interested in finding ways to use hardware and software for an extra feature or purpose. In other words, hackers use already existing technologies in a different way than originally intended. [1] Hams would tweak the two-way radios and make contact with other hams, sometimes as far away as China. It was this “tinkering” that made the hams the first hackers.
Just as modern media is concerned with security and legal issues with hacking, so were neighbors with hams in the 60s. Hams would sometimes receive postcards from those they had contacted through the radios. Neighbors who noticed mail coming in from communist countries such as China or Eastern Europe suspected treason. They would also accuse neighboring hams of interfering with their electrical systems. These concerns do not seem too far off from the paranoia over the image of the malicious, identity stealing hacker of the 21st century.
Certainly, there are malicious hackers who aim to steal credit card and social security numbers, however BigMomma wished us to know that they are by far the minority. Most of the activities conducted by hackers are in a legal gray area. In order to further illustrate her point, BigMomma gave the example of a key logger. A key logger is a device the user can attach to a laptop or desktop to record every keystroke made on that computer. The IU had a competition in one of their monthly meetings and BigMomma won this device. She stated that she loves it because she can use it for security purposes. She can know if anyone besides herself or her husband uses her computer and exactly what they used it for. However, the device can be used maliciously. A hacker can also attach it to another computer, without the owners permission or knowledge and use it to steal identity information. A key logger is a hacking device that occupies a legal gray area, it is not illegal within itself, but a hacker can use it for illegal purposes.
Another legal issue present in the hacking subculture is the bounds of free speech. BigMomma discussed a scandal at the 2008 Defconin which three MIT students published an 87 page paper titled “Anatomy of a Subway Hack”. The paper described how they duplicated Boston subway cards and rode for free. Before they could give their presentation, they received orders from a Massachusetts judge ordering them to stop all presentations and circulation of the paper. They were also ordered to take a link to the paper off of their website. The Massachusetts Transit Authority argued that the students endangered subway riders. The MIT students adhered to the orders, but responded that their right to free speech had been infringed upon. In an article titled “A Cyberspace Independence Declaration,” author John Barlow argues against censorship over the internet. He articulates that no governmental agency had jurisdiction over the internet because it is not an actual place. He says, “Your legal concepts of property, expression, identity, movement, and context do not apply to us. They are based on matter, There is no matter here” [10]. Under this declaration, the MIT students should have been allowed to publish whatever they pleased. They had no intention of selling the handmade subway tickets and even expressed in their paper that they did not condone stealing a subway ride. Like most hackers, they simply wanted to know if it could be done. [9]
Stereotypes of the hacking community
The media has put out the image that hackers try malicious attacks on websites, and exploit security loopholes to gain access to sensitive information. Yet as stated above, this only represents a small minority of the hacking population. However, though the advent of internet, and in that sense, a more easily accessible global network, the prevalence of online media has only propagated the negative viewpoint of hacking. The word ‘hack’ has even become a bit of a joke for members of Facebook, especially those of the college age. Leaving your Facebook page open and logged in leaves you as prey for friends that decide to sabotage your Facebook page by changing your birthday, or posting up a status about being ‘hacked’. Given the description of hacking that we discussed with Irvine Underground, the Facebook sabotage can be stretched into a mild form of hacking.
Irvine Underground: A look into a hacker community
Irvine Underground is a hacker community that started around June or July of 2002 with four starting members. One of the founding members, Barfly, gave us a tour of his tight-knit community. He said that the Irvine Underground was created primarily in order to share knowledge about computers as a reaction to other hacker and computer groups. Barfly and the other founding members couldn’t find a group that really catered to its members. He gave us his first experience in a hacker group as an example, calling them the typical stereotype of computer nerds. That group had six members, with four quietly using the computers and two arguing over whether one programming language was better than another. He began to feel as though there were no good hacking communities until he met the founding member of the Nevada Underground, which began in 1997, at the 2600 Meeting (a hacker quarterly). Both shared a frustration with competitive hacking groups that focused more on each individual’s ego and one-upping each other rather than collaborative information sharing and friendship.
The two decided to call their group the Irvine Underground, named after the Nevada Underground. They based the group on “commonality, friendship, and knowledge.” In keeping with the aim of the group, subsequent members had diverse reasons for joining IU. BigMomma, a woman in her fifties explained that other groups and conventions made her feel uncomfortable because as a female, she would have many young men, roughly the age of her children hitting on her. Another member, PunkKid, explained that his interests in hacking and computers developed after he dropped out of high school because he didn’t like the “system.” He went to college at the age of sixteen and worked at the college where he worked on computers and safety walls. He explained that he did not like “structure and standardization,” and deviating from that norm constituted his sense of hacking. As with the telegraph operators, the hackers of IU looked for a community where they could meet with like-minded individuals to maintain friendships. Standage explained that the telegraph operators would talk to each other during their downtimes, and by doing so, form friendships and romantic attachments to the point that, “within a few months of the electric telegraph being opened to the public, it was used for something that even the most farsighted of telegraph advocates never dared to imagine: to conduct an online wedding [11]. The wedding was conducted over telegraph wires between two telegraph operators with hundreds of fellow telegraph operators attending virtually via standing at telegraph stations, listening in. [11] It isn’t too far of a stretch to claim that some telegraph operators went to work for the community, rather than the pay, and Barfly feels the same, saying, “if the whole group becomes a pottery group I couldn’t care less,” showing that he is committed to the community rather than the hobby.
Irvine Underground was formed in order to fill a need in the Orange County area, but also to give people a sense of community, like BigMomma and PunkKid. Barfly also wanted Irvine Underground to be a place where the members could share knowledge and learn from each other. So the group regularly has seminars presented by members or guest speakers to introduce new material to the group. Some presentations even involve the use of a projector and powerpoint slides! However, they took a break from the seminars for a year and a half to focus on the community and getting to know each other, but Barfly is eager to get back to the seminars. They all want to learn from each other and many have even joined this group in order to share their own knowledge and to learn from other people.
However, this group is by no means homogenous; each member has his or her own preferences and interests. Some of the various interests we found were creating viruses, coding languages, webpages, lockpicking, robots, cryptology, etc. Many in the group exclaimed that they gained a lot of new knowledge since joining this community. We were also informed that each person had his or her own level of skill, with some people knowing little to nothing about hacking or computers while others were incredibly skilled. Many of these lesser-skilled people have friends in the community and are always welcome while the older or more skilled members are always delighted to show or explain some aspect of hacking or computers. Barfly explained that lock picking was never in the community until someone introduced them to the skill, and now most of the members know how to pick locks. This is a fairly good example of the community being a good resource for each member. Although the group is always active, many people do not show up to many of the meetings. Barfly explains that the community will always be kept alive by new members and, most importantly of all, the core members. The draw to the community is so strong that one core member who lives in Nevada always makes it to a meeting every month! Although they also have a forum, the Irvine Underground makes a point to meet at least once a month at public establishments, such as IHOP. It seems as if the community is and will continue to run strong
Conclusion
Hacking is a complex topic ridden with misunderstanding and stereotypes. To truly understand both the activity itself and the community involved, one must delve into an emic perspective. The history of hacking goes back much farther than our common misnomers of the topic. Understanding hacking’s history allows us to gain a deeper perspective into what people gain from it. People utilized tricks and manipulated information to provide easier or better ways of doing things. Rarely were the intentions malicious, though they often allowed for some gain. More than anything the act of hacking provided a fun and intriguing puzzle. Hackers themselves debate about how to define their existence as well as their purpose. There is a struggle to maintain an ethical code between the White Hats and the Black Hats. This struggle, in itself, has lead to the definition of what most hackers settle into, Gray Hat hacking. As different hacking communities are allowed to grow, our understanding and means of defining them can as well. This allows us to employ etic perspectives to our views on the hacking community. Through the anthropological research of these communities we are able to deepener our propensity to understand hackers and incorporate them as an important part of greater society.
Works Cited
[1] Irvine Underground meeting. May 14, 2010.
[2] http://www.snopes.com/photos/military/throwpuppy.asp
[3] Stuart Reeves, Barry Brown, and Eric Laurier, Experts at Play: Understanding Skilled Expertise. Games and Culture 4(3):205–27, 2009.
[4] http://www.reddit.com/r/funny/comments/8c9e3/you_wouldnt_download_a_car/
[5] http://www.hackthissite.org/forums/viewforum.php?f=116
[6] http://www.hackthissite.org/forums/viewtopic.php?f=116&t=4928
[7] Rosenbaum, Ron “Secrets of the Little Blue Box” http://www.cs.ucsb.edu/~vigna/courses/cs279/HW1/rosenbaum71_bluebox.pdf
[8] Kristen Haring, The “Freer Men” of Ham Radio: How a Technical Hobby Provided Social and Spatial Distance. Technology and Culture 44(4):734–61, 2003.
[9] Youtube (MIT Students Subway Hack): http://www.youtube.com/watch?v=GxGkFb19eSQ
[10] John Perry Barlow, A Declaration of the Independence of Cyberspace, 1996
[11] Standage, Tom The Victorian Internet
[12] http://www.hackthissite.org/forums/viewtopic.php?f=37&t=5047
No comments:
Post a Comment