hackmorality.txt

  1. Directory
  2. History
  3. hackmorality.txt
 This article was originally submitted to a magazine named "Gray Areas"
 with the assurance that it would be published.  However, the article never
 did appear in the magazine, and was never paid for, so six years later, the
 author has given me the non-exclusive right to post it here.

HACKING MORALITY
Copyright (C) 1995 by Timothy Campbell
Internet: pinnacl@cam.org

Introduction

It was June 27, 1995 and I had just returned from the Shareware Industry
Conference in Arizona. My mailbox contained a complimentary copy of an unusual
counter-culture magazine named Gray Areas. I found it fascinating; I couldn't
sleep until I'd read it cover to cover. It brought back memories of bygone
days -- a time when I was a confident young hacker. I discovered that things
had changed considerably since my days of telephone and computer hijinks, but
in many ways they were exactly the same.

After I had finished reading the Spring 1995 issue, I flipped back to page 25
to reread a few sentences that had stuck in my mind. Netta Gilboa -- the
publisher of Gray Areas -- had put forth a challenge:

"... what actions hackers do that cross a line ... is a subject no one in the
community dares to address. I beg people to write on this for us and they
won't. It is almost entirely absent from the literature in the field."

Morality is, to most people, a rather dull subject. Moreover, articles about
morality have a tendency to become preachy and condemnatory. Finally, hackers
are an independent bunch, and prefer to make up their own minds about such
matters.

Nevertheless, I thought I'd ask Netta if she would accept a commentary from
someone who hasn't cracked into a system or messed with a phone since the 70's.
She looked over the outline I had prepared for this article, and gave me the
go-ahead.

Before I begin, let me assure you that I am not a Bible-thumper; in fact I am
an atheist. Although I had a strict fundamentalist upbringing, I tossed it all
when I was 18, and ever since I have had to face all the moral challenges in
life without the benefit of a rule book. I hope this makes my words more
accessible.

This article comprises four sections. In "Early Days", I talk about my
computer and phone escapades during the 70's. In this way, I hope to establish
my bona fides with the new generation of hackers. Perhaps, also, some of you
will be interested in hearing what hacking was like when our fastest connection
was at a mere 110 baud on a clattering old teletype.

In the second section, "Us and Them", I will talk about the character of the
hacker. What makes him tick? What inspires him? Why do some hackers go over
the line and cause harm? In the third section, "Specific Dilemmas", I will
make observations about certain aspects of hacking, and identify some of the
moral questions that face us in this field. The fourth section, "Conclusion"
will tie together some of the ideas touched upon earlier, and propose some
suggestions about a "Hacker Morality".

In fairness, I should warn you in advance that by the measure of a young
hacker, I am a bit of an old fogey. For example, last year I downloaded half a
dozen issues of "Phrack", but never got around to reading them. I glance at
"2600 Magazine" in the book store, but end up buying "Skeptical Inquirer"
instead. I'm not as wild as I used to be.

These days, I hack the business world. I have been earning a living at
shareware (freely distributed "Try Before You Buy" software) for the past ten
years, and I find it much more stimulating than my youthful forays into gray
areas. I'm reminded of a quote by Al Capone: "If I'd know that doing it
illegally would be this difficult, I'd have gone straight". For me, the
reverse is true: I find that doing things above-board is a lot harder, and
that makes it much more fulfilling.

Netta expressed some surprise that so little has been written about hacking and
morality. I think I can understand why, though. If I'm to recommend some kind
of behaviour, I will be putting myself at odds with some clever people who have
the means to make my life miserable. They may recognize themselves in what I
write, and wish to retaliate in some way. They might think that doing so would
put me in my place.

Actually, I already know my place. I know that there are some brilliant
hackers out there, who have skills I have never attained. If they turn their
anger against me, I won't enjoy the experience.

For such people, there's an intriguing alternative to letter-bombing me (or
whatever): write me a letter and convince me that I'm wrong (my email address
is pinnacl@cam.org). It might not be easy to get me to change my mind, but
hackers love a challenge. If you're up to it, I think you'll find it is much
more edifying than striking from a position of anonymity.

As an added benefit, an open discourse will encourage us to think about what
our actions mean. Are we rebels? Freedom fighters? Hoodlums? Perhaps we
can find out who we really are, and what our true value is.

Early Days

I discovered computers in 1972, at age 14. A friend told me that there was a
teletype connected to a computer in New England. Come lunchtime, I sprinted
for the computer room. It was a cramped, dark, humid cubicle dominated by a
big grey ASR-33 teletype. Somebody showed me how to log on. Like any newbie,
I started off stupidly enough, by typing "HELLO?"  This produced the word
"ERROR". I figured computers liked to compute, so I tried typing "2+2". ERROR.
I thought a moment, then typed "2+2=?"  Another error. I turned the machine
over to another student and went off to read the system manual.

I learned that we were connected to the Dartmouth Time Sharing System
(DTSS). You may recognize that as the system where the BASIC language was
created. It was, for its time, a massive system, running on a GE635 mainframe.
It supported numerous languages and dozens of concurrent users. I was
enthralled by the wonderful digital landscape before me, and before long I was
living two lives: my mundane "real" life, and my virtual life online.

The online experience expanded my world into new dimensions. We were so
enraptured by it that we would even type up stories on the teletype when the
mainframe was off the air -- just to hear that print thimble chattering against
the cheap, roll-fed paper. Eventually, we discovered that we could prepare
programs on punch tape, and it wasn't long before the filing cabinet was filled
with programs awaiting input during one of the 15 minute time-slots allotted to
each student.

There were several of us whose enthusiasm knew no bounds. We would stay for
long hours after school, programming in 15 minute blocks and talking to each
other so rapidly that nobody else could understand us. We learned to
multi-task during classes, both listening to the teacher and writing out
programs in longhand. We decided we were a band of brothers, so we gave our
gang the name "Programmer's Elite". We thought highly of ourselves, indeed!

One item on DTSS in particular caught my attention: a multi-player battleship
game named "SALVO42" (Salvo For Two). I dumped the source code, but I wasn't
sufficiently knowledgeable to understand how you could hook up two people.
Nevertheless, the idea stuck in my mind, and would come to the fore two years
later.

The end of the school year put an end to our fun, but none of us was surprised
to find that when we returned, each of us had a stack of programs laboriously
hand-written and desk-checked over the summer. (Remember: the first
micro-computer was still several years away.)

That year passed by quickly, while we spent every free minute in the cluttered
computer room. A new mark sense reader (which read cards encoded with pencil)
enabled us to write programs during class and read them in at the start of our
15-minute block. We wrote games and dabbled with John Horton Conway's cellular
automata ("Life") concepts -- much to the consternation of the teacher in
charge, who couldn't understand why we used so much paper.

JR Telecom

By the next year, most of the original gang had moved on. A new batch of
hackers had arrived, and we named our club "JR Telecom" (after the name of our
school). We were no longer on DTSS, but had been moved to a system that was
also located in Montreal; it was a Hewlett Packard 2000 mini. This was the
beginning of the war between the schools.

On DTSS, we were overwhelmed by its sheer scope. But on the HP2000, we quickly
became aware that two other high schools were also online. There was a shared
account, but the students were not permitted to use it. We discovered, though,
that it was possible to save a program there. This posed a bit of a problem:
once the program was there, it had to work perfectly, because we had no way to
delete it. A failed program would make us look bad, and naturally we wanted
our group to be the best.

Eventually, a member from our group discovered the password while "shoulder
surfing" (covertly watching) a teacher. This gave us a certain prestige, but a
competing school came up with the same solution and we had to share our
pedestal. That's when we decided to go for the big prize: A000.

A000 is the system operator's account on an HP2000. We knew we wanted it, but
it took us a few weeks to figure out how. Using our skill at writing programs
that worked right the first time, we set up an elaborate ruse.

One of our gang, whom we called "Phlash" (no connection with phreaking) went
down to the headquarters to use their teletype, which operated at the blinding
speed of 120 characters per second (1200 baud). He told one of the operators
that he was going to play a prank on the secretary, but needless to say, he had
something else up his sleeve.

After half an hour of playing around online, he called out, "Joanne, there's
something wrong with my account! Can you see if I've got all my space?"  He
fired up a program written by "Apple" (whom we named after the language APL,
not the Apple computer, which wasn't invented yet). The secretary obliging
signed on to A000 and typed a command, only to see a silly message along the
lines of "THAT IS A BAD COMMAND -- GO AWAY, JOANNE!"  Everybody laughed:
Joanne, the operator, Phlash ... and those of us back at the school, who
quickly printed out the file containing the master password.

We immediately obtained the passwords to all high-level accounts on the system,
and set up a procedure that would route all users through our own front-end
program. The next day, when the competing schools logged on, they were greeted
by the words "WELCOME TO JR TELECOM!"  For safety reasons, we deleted this part
of the code shortly thereafter.

I'd like to pause at this point to mention that we had to cook up these schemes
ourselves. For all we knew, nobody else was doing this kind of thing. We
certainly couldn't go out and rent the movie "War Games" -- that wasn't in the
theatres until nine years later. By that time most of us had already moved
away from cracking to other pursuits, although we did watch the movie together
and thoroughly enjoyed the memories it evoked.

The other schools weren't ready to admit defeat. One of them sent a spy named
Ron to do some "dumpster diving" (looking in garbage cans). He came away with
a list of passwords we'd thrown out. As a common-sense precaution, we had
carefully blacked out each password with a felt marker, but they discovered
that by mounting the sheet on an overhead projector, they could read most of
the text. Fortunately for us, they did not find any of the master account
passwords. I think we flushed those down the toilet. As for the rest of our
information, we kept this in our "Little Black Books", which were written in a
code that looked like a cross between Greek and Cunieform.

By the end of the year, Ron's team had advanced to more sophisticated
techniques. They had assembled a low-power radio transmitter which could be
hooked up to our phone line. It would send the sound of the modem to a
receiver, which was hooked up to a tape recorder. They could then play this
back through their own teletype and see what we'd been typing. As it happened,
though, something else happened before they could put this plan into action.

The company that ran the HP2000 (I'll call them UTD Inc.) knew that something
was going on, but they couldn't tell what it was. Apart from the "WELCOME TO
JR TELECOM" gimmick, we were extremely circumspect. For example, we had a
standing rule that we would never log directly from one of our accounts to one
of the high-level accounts; Phlash had hung around the UTD head office long
enough to know that there were logs of such activity. UTD suspected that our
school was responsible, but they couldn't prove it, so they faked a log showing
us logging back and forth between our accounts and the master accounts, which
got us banned from the computer room for a month.

Undetered, Apple and Scoot (another one of our gang) volunteered to teach the
younger students (who we referred to as "the grommets"). The teacher in charge
saw no harm in this. Although he wouldn't allow them to touch the terminal, he
did let them into the computer room. This let them set up a secret entry path.

Just before leaving each night, they would unlock a window in an adjoining
room. After all the school staff had gone home, they would open the window,
squeeze through a small hole near the ceiling, remove the ventilation grill
from the computer room door, and crawl inside. The telephone was locked in a
filing cabinet, but they had altered the locking mechanism so that the drawer
could be opened if it was pulled up at an angle.

After about a month, the teacher in charge figured we'd learned our lesson, and
let us use the computer again. We thanked him profusely, and continued
exploring our little online empire. When we weren't poking our noses where
they didn't belong, we wrote simulation programs. One day, the teacher came in
unexpectedly while we were on the master account. Apple brazenly announced,
"Hey, look at this, sir! We're simulating the master account!"  The teacher
wandered away when the rest of us started criticising Apple's "simulation" for
supposed inaccuracies.

UTD finally decided to change all the master passwords -- no small task, since
there were many high-level accounts and they all had to be changed
individually. As it happened, we were in the process of logging on to a master
account, and when we found ourselves locked out, we rapidly tried several other
accounts until we managed to log on. We then wrote down each new password as
it was changed.

Overconfidence was our undoing. Apple and Scoot were continuing to use the
computer after hours, thanks to their secret entry route. They made the
mistake of waiting a mere 10 minutes after the teacher had left. As it
happened, he forgot his briefcase. Returning to retrieve it, he heard typing
in the computer room. Apple and Scoot had, by this time, hidden in the
adjoining washroom (each perched atop a toilet), but the teacher found them
there. He kept repeating, over and over, "I don't believe it."

The next day, Apple and Scoot were hauled before the principal, who had no idea
what to do about this kind of thing. Apart from the illegal entry into the
school, they hadn't broken any laws. At the time, Canadian law simply had
nothing to say about cracking systems. In the end, they were told that the
incident would be kept on file until they graduated. They were, once again,
banned from the computer room. The next year (I had graduated, by then), they
went back to teaching "the grommets", but as far as I know, they kept their act
clean.

By 1974, all of the warring factions from the various high schools had
graduated. We decided to work together, and started up a group named "Montreal
Telecom". The Altair microcomputer had just become available, and we knew that
we had to have one! We put together a proposal whereby the Canadian government
would buy us the computer, and we would use it to teach "grommets" how to use
micros. This was, of course, a subterfuge; we wanted the machine for
ourselves.

As it happened, though, we were not able to get the project off the ground. It
seemed we were much better at manipulating computers than the government.

Phone Phiddling

In 1975, microcomputers were still too expensive for our meager budgets, so Ron
and I turned to what I will call "phone phiddling". That's a bit like phone
phreaking, but considerably less sophisticated. Ron certainly had the
electronics expertise to build a blue box, but we limited our long distance
games to "bleeping" (an archaic method that used 2600-hertz tones). Even I was
able to cobble together a bleeper, using a simple oscillator and a morse code
key.

Most of our experimenting involved scanning phone exchanges, by hand, using a
dial-pulse phone; auto-dial modems were not yet available. Coordinating our
experiments with stop watches, we discovered some interesting things, such as a
single number that could busy-out a block of 100 numbers. Intriguing, but not
very useful.

Eventually, we discovered "Loop Lines". A loop line is a pair of numbers that
allow two people to connect without knowing each others number. They are used
by the phone company for testing, but we had other plans.

Some university students were running a free phone conference as an experiment,
so Ron and I started publicizing the loop lines. We quickly discovered that
people didn't like to wait on the lines; they wanted a ready-made solution. So
we ended up waiting for hours at a time on the loops, getting people used to
the idea that they worked. Once one loop line was thus established, we'd
announce the "activation" of another one, and go back to waiting. If it wasn't
for a jury-rigged speakerphone (which let me read a book while I was waiting),
I would have ended up with flat ears.

Just before the free phone conference shut down for lack of funds, we had our
first contact with an actual phone phreak. An American woman by the name of
"Solitaire" started cutting in from time to time. She told us that one of the
loop lines was "unsupervised" (also known as "unsuped"), which meant that
people could call from anywhere in North America without being billed. Ron and
I hooked up some voltmeters to our phones and went off in search of other
unsuped loops. Since our phones were on ancient "Step by Step" switching
systems, this meant two things. First, we didn't have touch tone. Second, and
most important, we could detect an unsuped loop simply by noting that the
polarity did not reverse when another caller dialed in.

Once again, we got the ball rolling on these unsuped loops. Unfortunately,
word got out and before long, local callers were jamming them up. It seemed
like a tragic waste.

Ron and I turned our attention to building up a reputation amongst the locals.
This might sound pointless, but by this time the loops had evolved into quite
a social scene, complete with gossip, "in groups", get-togethers (which we
called GT's), and a two-page fanzine ("Telephone Journal").

Since we weren't particularly knowledgeable about phones, we decided that all
we had to do to fool the natives was to appear capable. We got a lot of
mileage out of a phone bridge (a primitive form of conference line, little more
than a pair of wires between two phones). I would chat with somebody on a loop
line for 10 minutes, then Ron (who was listening) would suddenly "cut in". We
had a few circuits for making convincing clunks and chirps. He and I would
talk arcanely about phones, and then he'd bid us farewell. The caller on the
other end of the loop line was usually impressed by this performance.

Most of our amazing technical talk was something we called "static" --
conversation that has two levels of meaning: one for the person listening in
and one for ourselves. This sounds more complicated than it is. Most people
evolve a shorthand for conversing with close friends, so that certain words and
inflections take on added meaning. We played this to the hilt and it enabled
each of us to cue the other as to what we wanted the ploy to accomplish.

Once people started gossiping about our astonishing skills, we went to phase
two, which we called "Admission of Denial". Somebody would ask something like,
"I've heard that you can listen in on phone calls. Is that true?"  We would
deny this so vehemently that the person was convinced that we were lying. This
proved far more convincing than saying, "Yes, we can". It also meant that we
didn't have to demonstrate anything!

Around this time, Ron and I were joined by Claude, a fellow I had met via the
CB radio. At the time, the local CB radio club conducted a secret game of
"Chasse Mobile" (French for "Car Hunt") every Sunday, in the wee hours of the
morning. One vehicle would hide somewhere in town, and based on his short
transmissions, the others had to locate him. This meant tearing around the
streets of Montreal at 3:00 AM, at two or three times the speed limit. I
managed to cram a complete CB radio setup onto my 400cc sport motorcycle, which
proved to be an effective arrangement.

Claude was peeved by the boasts of some CBers that they could find anything, so
he modified a toy walkie-talkie to operate on the club frequency, and changed
it over from battery power to house current. We decided to put it on top of a
high-rise condominium that towered above the local buildings, where its
continuous signal (a pathetic 100 milliwatts) would hinder CB communication
within a 3 mile radius. My job was to get us into the building. Claude's job
was to affix the device outside the safety fence. He wasn't phased by the
height; I've seen him shinny up a 25-foot antenna pole near the edge of a four
story building. Indeed, this is a fellow who rode through a 2 mile railway
tunnel clinging to the outside of the train -- just for fun.

He had a bit of trouble finding house current for the jammer, almost frying
himself on a 600-volt line at one point. But once it was installed, the radio
club was unable to find our little device -- probably because they expected
something lower and more powerful. After a few days, we took it off the air.

Claude's next project was "Telephone Journal - Tape Edition", a recorded
message, running on a loop line, which announced the latest loop news. He
managed to get his answering machine to monitor the polarity on the phone line
so that it would start up when somebody "clicked in" to the loop, and rewind
when they hung up. I have no idea if the phone company was aware of all the
socializing taking place on their test lines.

The loop lines were great fun for the first two years, but at one point a
student posted the numbers in her high school. This resulted in an explosion
of immature callers. We called this cataclysm "The Grommet Tide". The quality
of conversation rapidly diminished.

Worse still, we were starting to get a high percentage of "listeners". These
were young men who would sit silently on the line, waiting for you to get bored
and hang up; they wanted to talk to a female with naughty thoughts on her mind.
Some loops would hang up both sides if either caller hung up, but some of the
popular ones would let you stay on for as long as you wished. This led to
protracted battles of will, in which both parties would try to out-wait the
other. I heard of several cases where people doggedly held on to the line for
more than 24 hours.

To deal with this, Ron connected a high frequency oscillator to his phone. He'd
announce that he was about to disconnect the listener, then throw a switch
which would cause a distinct click, disconnect his mouthpiece, and connect the
oscillator. The high-pitched tone was filtered by the phone system, so the
other person would hear only a soft hissing sound. The only way I can describe
the effect is to say that it sounds like you're not connected to anything. He
had enormous success with this technique.

We were becoming quite distainful of the average caller, so we decided that a
prank was in order. A set of loops had been hooked together (reportedly by an
sympathetic phone company technician) to form at 10-person conference. The
result was pure bedlam, but the lines were very popular. This gave us an idea
for that number we'd found which busied out a block of 100 numbers.

In the middle of winter, Ron scaled the fence at an outdoor pool (which was
closed for the season), dropped a coin in the payphone, dialed the magic
number, and walked away. We then started a rumour of an amazing 100-person
conference that was so popular that it was "almost impossible" to get anything
other than a busy signal. The rumour propagated for few weeks, until the phone
company cut off the payphone.

Eventually, we accepted the fact that we couldn't stem the tide. On my final
call, I got a listener. I asked him, in my most reasonable tone, why he didn't
want to talk. He expostulated a short word questioning my sexual preference.
When I said, "Hey, I'm just here to talk!" he informed me that the loops lines
had been set up by the phone company so people could get dates.

I could see that ignorance was going to defeat technology. The loop lines
staggered along for another ten years before the phone company finally closed
down the last one.

Two events from the loop era stick in my mind which demonstrate the difference
between a hacker and a slacker.

The first case is my encounter with "The Original Phone Phreak from
Pikesville". This fellow was, I gather, the husband of Solitaire. He is the
most collosally arrogant person I have ever encountered, and I found him
utterly delightful. That might sound odd, but his evident ego was so huge that
I believe to this day that it was a put-on. I remember his words, "I like
showing people that I am superior, because it makes me feel good."  Solitaire,
who was listening in, would chime in, "It's true! He really is superior!"  I
only regret that my limited knowledge didn't allow me to understand his
explanations of phone technology. (The possibility that he was bluffing has
occured to me, but from what I remember of his technical discourses, I think he
really did know his stuff.)

In contrast, I remember chatting with a fellow named Donald when Ron "cut in",
using our phone bridge gimmick. Donald was begging us to teach him to do phone
tricks. Ron and I got to talking, quite seriously, about some bewildering
sounds we were hearing on the line at that moment. After about five minutes,
Donald interrupted with, "But how do you know all this stuff?"  It occured to
me that he didn't want to figure things out; he wanted the answers handed to
him. The process of inquiry and discovery had been unveiled right before his
eyes, but he just didn't understand that sometimes you have to work, and
theorize, and experiment, in order to obtain knowledge.

The Golden Age

In 1978, some Montreal schools set up student accounts on an HP2000 mini. To
protect the reputations of the administrators, I will refer to this system as
Quitchan. Ron and I were already familiar with the HP2000, thanks to our
experiences during high school. We wanted to get on, so Ron started building
his own modem (known as a "Pennywhistle"). He'd worry about the passwords
later.

Meanwhile, Claude (who was still in high school) told me that his school had
direct lines to the computer, and that he had figured out how to open the front
door without a key. On weekends, we engaged in an activity we referred to as
"Watergating". We let ourselves in, then headed for the main office. Claude
slipped the lock and plucked the computer room key from the secretary's desk.
The computer room was behind two doors, so once we were inside, we didn't have
to worry about being overheard, should somebody happen by. As it happened,
each time we broke in we triggered an alarm, but it never occured to anybody to
look in the computer room. In any case, we had already planned an escape route
out the window.

On the basis of my previous experience with Watergating, I suspected that we
would eventually get caught, so I suggested to him that we simply write short,
amusing programs for the benefit of other users on the system. If a program
couldn't be written during a three-hour visit, we had no assurance that we
would be able to finish it.

This rather meaningless exercise marked the founding of the "Sno'd In Sine
Programming Group", known later throughout the Montreal online scene as either
SISPG or by the less flattering moniker "The SysPigs".

As I'd predicted, Claude was called to the principal's office before long.
The HP2000 logs showed sessions taking place when the school was supposed to be
closed, and an alert system operator had reported this.

"Let me get this straight," said the principal, "we're trying to get students
not to skip classes, and you're breaking IN to school?"  Claude affirmed that
this was so. "But you didn't take or break anything?"  Claude said no. In
fact, we were always careful to clean up and lock all doors behind us. "But
why did you do this?" asked the befuddled principal.

"Because I want to LEARN," explained Claude.

The principal shook his head. "That's good, but I'm still going to have to
tell your parents."  As it turned out, Claude's parents thought the whole thing
was hilarious.

Since this avenue was now closed to us, Claude and I pooled our slim monetary
reserves. I bought a 300-baud non-auto-dialing modem (for about $600
Canadian), while Claude bought a Z80-based Exidy Sorceror microcomputer. For
$2000 he got a machine with about 32K of memory, a black-and-white RF modulator
hookup, a painfully unreliable cassette tape interface ... and an RS-232
connector so we could hook up the modem. It was the modem interface that made
us choose the Sorceror instead of the Apple-II.

Meanwhile, I purchased a TDD (Telephone Device for the Deaf), a simple
television-based terminal that supposedly could use either Baudot (popular with
deaf users) or ASCII. The "switch" to select ASCII mode was a RCA stereo jack
with the two leads soldered together. It simply didn't work when connected to
the HP2000 (it probably used 7E1, although I didn't know about such things at
the time), so I shipped it back. It got lost in the mail, and I was out
another $600.

Claude managed to get a simple terminal program working on the Sorceror,
though. He had to write in assembly language, which was rather difficult,
since the Exidy manual simply listed the Z80 opcodes, plus the helpful advice,
"Experiment around until you get a reasonable result"! The Sorceror's native
mode was BASIC, so Claude wrote a simple byte-zapper and coded directly in
hexadecimal. It was quite a sight to see him programming in raw hex, seldom
referring to the opcode list.

Meanwhile, Ron had built his own S100 computer from a kit, and was adding an
auto-dialler to his Pennywhistle modem. He also installed a "switch" to send a
BREAK signal: he did this by pressing together two wires that protruded from
the modem. We were aiming for results, not beauty.

Ron and I had done some simple hacking under the name "Advanced Methods
Project". (In Ron's words, "We don't do anything; we're just ... advanced!") I
suggested that we merge AMP into SISPG. It seemed silly for me to belong to
two hacking groups, both of which had only two members!

Suitably armed with two computers and two modems, we were ready for the assault
on the Quitchan system. We weren't the only ones, though. All around
Montreal, other hackers were trying to get into Quitchan. If you could break
your way in, you were "a technical guy" ("elite" in the parlance of today's
hackers).

Ron wrote a program, which he named Holmes, which would try every possible
password on an account. We concentrated on low-level accounts, because by this
time we were more interested in building an online community than in attaining
power over the system. (Montreal's first micro-based BBS was still four years
away.)

The Holmes program ran night and day. Unfortunately, Ron's autodialler (driven
by a parallel port, I believe) used a surplus relay that was extremely loud.
The only way he could sleep was to bury the relay in a large jar of pennies.
I don't know what his parents thought of a bundle of wires emerging from his
computer and disappearing into a container full of coins.

Holmes cracked, on average, two accounts per week. We needed a lot of accounts
because the low-level accounts had very little storage space. We did crack one
large account, but it looked like it belonged to the Quitchan staff, so we used
it for backing up our smaller accounts and avoided logging on. We called it
"The Vault".

Never again in my life have I been able to duplicate the spirit that moved the
hackers on Quitchan. It was a "golden age". Hackers created all kinds of
multi-player games and competed to see whose program could attract the most
usage. There was, however, a lack of effective communication, so in 1980 I
wrote a program named BRDCST ("Broadcast"), the first BBS in Montreal, although
since it ran on Quitchan, it wasn't open to the public.

The SISPG took on another member, named Ian. He wasn't a computer whiz, but we
liked him for his wit. He also regaled us with tales of an earlier (and
strictly legal) golden age on Quitchan. A little later, we were joined by
Jeff, a sharp coder who actually owned an IBM-PC -- with diskettes, yet! At
this time, I was still coding raw hex on my hand-built Southwest Technical
Products SWTPC-6809, storing programs on the digital tape drives attached to a
ten-year-old TI-733KSR thermal-paper terminal.

We also encountered many other hackers, whose names we would hear again and
again in the years to follow. We were at the dawning of a new era, and
Quitchan was the "alma mater" for Montreal hackers.

Inevitably, the competition was often less than cordial. The SISPG was the
most cohesive and productive group, and the other hackers didn't like that.
On top of this, I wrote a program, named ACCESS, which served as the central
point of the system (mainly to "keep score" of whose programs were being run,
and how many times). Despite the jovial atmosphere that pervaded Quitchan,
the battle lines were being drawn.

For our part, we were a bit miffed that despite the fact that our programs
ACCESS and BRDCST were "central", we did not run the most popular game, which
was a multi-terminal space war game named (reasonably enough) SPACE. By this
time I was working as a computer operator, and late at night I would sneak over
to one of the dial-out terminals and fire up a hunter program I had written.
It searched Quitchan for two weeks, looking for the master files that
controlled SPACE.

While this was happening, I was getting trounced in SPACE; my programming
skills are only average, and my gaming skills are worse. I watched in horror
as my beautiful Class-20 ship was attacked by a flotilla of Class-40 ships.
Before long, I was flying a Class-3 ship. Since even a beginner is awarded a
Class-5 ship, this was not acceptable to me.

Finally, my hunter program found the master SPACE files, but they were
encrypted. It took me another two days to crack the encryption, whereupon I
made some adjustments to my ship and returned to SPACE. Once again, the
flotilla of Class-40 ships saw an opportunity to beat up an SISPG ship. They
were closing in for the kill. Just before they got within firing range, I sent
them a short message: "Scan me".

They scattered like chaff in the wind. Apparently, they had indeed scanned me
and realized that the ship I was flying had a class rating represented by a one
followed by twenty five zeros. I let them get away, though. I had made my
point, and blowing them up wouldn't have been sporting.

This kind of activity seemed like fair game: hacker versus hacker, on a level
playing field. Nevertheless, we adopted what we called "The Triple-S-R Code".
This was inspired by the "Stainless Steel Rat" series of science fiction books.
We styled ourselves "Stainless Steel Software Rats" (SSSR), and our rules were
twofold: "Look but don't harm" and "Cover your tracks".

Although we continuing cracking Quitchan and infiltrating security on our
fellow hackers' accounts, we did not approve of vandals who destroyed data or
programs. We figured that if somebody had worked hard on something, we wanted
to see it. We didn't, however, want to destroy it.

A common reconnaisance technique was the "Cat Stealer". This was a simple
front-end to an otherwise useful program that would dump your file catalog into
a holding file. In this manner, hackers discovered what the others had. We
kept our more sensitive programs and data in "The Vault", and since we never
logged on there, they were safe.

The ACCESS Projects

By the summer of 1981, micro-based BBS programs were starting to appear in
Montreal. We would have ignored them, since Quitchan was more interesting, but
all school-related accounts on that system became unavailable when school
closed. In anticipation of its return, I spent several months designing my own
SPACE-style game. We hoped that the 1981/1982 season would be the best yet,
with the SISPG in firm control of Quitchan.

When the system did go back on the air in September, we were mortified to
learn that they had removed cross-account capabilities. This meant that
although we could still log on, we couldn't communicate. The golden age was
suddenly over.

It took a few months for this to sink in. We couldn't imagine life without
Quitchan, so we decided to start our own system, which we would name ACCESS
(after the central program I wrote for Quitchan). At that time, microcomputers
were not powerful enough to run a decent multi-user system, so we had to set up
shop on a minicomputer. That would take money, investors, and incorporation.
It was time to "go legit".

While we were laying the groundwork for ACCESS, Claude and Jeff did a bit of
system cracking on the side. They particularly enjoyed hacking HP3000
minicomputers because of a gaping security hole. Some sales whiz had gone to
many HP3000 sites in Montreal and given them a sample installation of a
security program. As it turns out, though, he never secured the account
properly. Worse, he always left a program (which we called "The God Program")
which would allow you to get maximum authority on the system. Claude once
logged off the system operator and refused to give him back his machine until
he agreed to a friendly chat.

Claude and Jeff also experimented with Datapac (an international X.25 network
similar to Tymenet). At that time, few security safeguards were in place, so
they were able to connect to computers all over Canada. Of course, once you
were connected, you still had to crack your way in, but by this time they were
rather good at guessing passwords. In Montreal, for example, there was a
Hewlett Packard technician who used the same account name and password on every
machine he serviced.

Claude's last cracking effort started normally enough. He cracked an HP3000
computer and took a quick look around. He was stunned by what he saw. He
promptly dropped the line and erased his disk. You see, he had broken into a
major government security institution, and he decided that he'd played the game
long enough. Now that we were going into business, we had to stay out of jail.

In 1982, we started on the long road to creating Canada's first coast-to-coast
consumer telecomputing service. Over the next three years, we lost our
youthful exuberance, officially disbanding the SISPG in 1985. I left my job of
ten years to work full time on the project. Two months later, I was back on
the street.

Somebody we trusted (I'll call him Mr. King) had quietly bought up controlling
interest in the company. One day he informed me I was no longer President, and
that was that. I had been so busy programming that I never saw it coming.

I'd been out-hacked. Somebody had "cracked" the stocks out from under me.

You might find it odd that I am using computer terminology to describe what
happened to me in the business world, but is it really that far a stretch?
Was Mr. King clever, or devious? Was I stupid, or too trusting? All this was
outside my familiar "tech" world; would I apply the same measure of morality by
which I'd lived online?

Apparently, I wasn't as smart as I thought I was. That particular illusion
died hard. But it was a good lesson -- one I was destined to learn. It was
inevitable.

Us and Them

It's not surprising that hackers see themselves as a special breed: most of
their friends and relatives can not understand what they are doing. When we
read news stories of a young hacker getting arrested for his activities, it
almost invariably comes out that his parents had no idea that he was doing
anything unusual.

The majority of hackers are satisfied to do a bit of programming, play a few
games, and surf the net. Most hackers exhibit an laudable morality by
accepting people on the basis of their minds, rather than skin color,
religion, gender, or physical characteristics. A hacker can't see the person
at the other end of a modem connection, so each person can be judged
equally. Moreover, since bulletin boards and newsgroups allow people to edit
their words before committing them to the ether, everybody has a chance to
present their best side. "Flame wars" (online arguments) do occasionally
erupt, but hackers generally disapprove of people who respond viscerally to
ideas, rather than thinking things through and submitting a well-reasoned
statement.

I found out how this "mind first" attitude can enhance my life when I entered
into email correspondance with a wonderful lady. After a few months of
increasingly tender letters, we decided to meet. Only then did I find out
that she was confined to a wheelchair, but by this time it didn't make any
difference to me. I must confess that if I hadn't had the chance to get to
know her mind, my first impression would have been influenced by her
disability. As it happened, though, we spent a wonderful year together.

Hackers are often portrayed as social misfits -- "geeks" or "nerds". Of
course, every group has its share of people who don't fit into the
mainstream, but in general I find that hackers are loyal, forgiving people.
They tend to establish enduring friendships with kindred spirits. My own
experience tells me that when I run into hacker friends I haven't met for a
long time, it's as if we can pick up our previous conversation where it left
off, several years earlier. There's a deep connection.

Another thing I've noticed about hackers is that they are so busy that they
can't seem to spare the time or energy required to hold a grudge. I remember
when I was talking to "The Original Phone Phreak from Pikesville" (mentioned
earlier), I was worried that I'd said something to offend him. I asked him
if he had any retribution in mind. He answered, "Once you hang up the phone,
you're no longer of any concern to me."  That was a rather brusque response,
but I was glad he had better things to do than hassle me.

The Breaker

Most hackers don't give much thought to moral matters. Most of the virtual
universe they inhabit is abstract, so moral questions -- a slippery issue at
the best of times -- become even more abstract. Moreover, the hacker world
spans different cultures, which highlights the provisional nature of morality.
(To quote a line from the play "Teahouse of the August Moon": "Pornography is
a question of geography".)  It's hard to know what's "right" and "wrong".

I would like to make a distinction between the regular hacker and one who
systematically and deliberately harms others physically, monetarily, or
emotionally. I call this latter breed a "breaker". He seems to be a hacker
without a conscience.

A breaker's credo appears to be "If I can trick you, I'm smarter than you".
There several flaws in that statement which lead me to believe a breaker is
more interested in self-aggrandizement than in testing his cleverness.

For one thing, many breaker ploys involve unsuspecting people. This is
hardly a fair measure of intelligence; it's akin to hiding around a corner
and shooting the first person who strolls by. Where's the sport in that?

Also, the term "smarter" (or "elite", or whatever award the breaker bestows
upon himself) is specific to his area of knowledge. It is hardly surprising
that an intelligent programmer can do computer tricks that would astonish a
brain surgeon. It is, of course, not only the breaker who exhibits this
narrowness of vision. Art snobs, gourmets and wine connaisseurs are also
tempted to look down upon people who don't understand their particular area of
expertise.

I suppose there's a bit of the breaker spirit in all hackers. We all find it
amusing to confound somebody with a gimmicked program or some kind of high-
tech joke. However, hackers generally check their conscience before
proceeding. That's not to say that all hackers will draw the line in the same
place, although most hackers will agree that it is not appropriate for us to
write a "trojan" program that wipes out somebody's hard disk.

So why do breakers do such things? The usual answer is, "It's an ego thing".
According to this argument, breaking is to hacking as rape is to sex: it's
about power, not creation.

I believe that is an incomplete explanation. To understand the breaker, we have
to consider the nature of computers, and why they appeal to certain people.

Computers are alluring because of the nature of our interaction with them. They
do what they are told and provide quick feedback. They are never sleepy, or
cranky, or awkward, the way people are. Within the digital space of the
computer, we can create our own little worlds, driven by strict logic, holding
no surprises. Pure lands of instant affirmation.

True, computers don't always do what we expect them to do, but there's always a
reason, and the problem can always be solved, provided we are technically
proficient and understand the limitations of the hardware.

Some people get hooked on video games and lose touch with reality. This can be
tragic, but if you consider it an addiction, it's hard to pass a moral
judgement.

Breakers are a different story, though: they reach out beyond their own machine
and inflict grief on others. But even as they reach out, they maintain that
sacred control which drew them to the computer in the first place. They
insulate themselves from retribution, hiding behind a keyboard, using an alias
for anonymity and safety.

You can sometimes peer into the mind of a breaker by inspecting the alias he
uses. Aliases usually make the person out to be leaner, meaner and larger than
life. (In one game I wrote, I proposed the alias "Dagger Lord, Savage Power
Master of Ultimate Evil Megadoom".)  In case you're wondering, I don't use
aliases any more, but when I was cracking systems, I used the name "Teesey"
(which are my initials "TC", spelled out). On the loop lines, I used the name
"Jonah".

Breakers like to portray themselves as revolutionaries, visionaries or some
kind of balancing force in the evolution of the digital age. This leads us to
wonder: are they acting altruistically, or are they simply enjoying their
ability to strike with impunity?

You may have in mind a particular person or a particular event which you think
crossed the line between hacking and breaking, but let's remember that
different people draw the line in different places. Let's consider various
hacking activities and try to see both sides of the issue.

Specific Dilemmas

Software Proliferation

I don't like the term "software piracy". The word "piracy" is one of those
words which is judge, jury and executioner. Another example is the word
"crippling", which some shareware distributors use to describe programs that
have some kind of limitation until they are paid for.

The software industry has generally put forth the idea that any kind of unpaid
software proliferation (which I'll refer to as "prolif" from now on) is immoral
-- case closed. The Software Publishers Association (SPA) runs full-page ads
with the slogan "Don't Copy That Floppy", along with threats of dire results
for those who do. This is a simplistic approach to a complex problem. In fact,
since it doesn't even acknowledge the existence of shareware and freeware (both
of which encourage copying), many large corporations have rules against using
them. These corporations are worried about possible legal problems.

To counter the tawdry image of shareware, certain shareware organizations --
especially the Association of Shareware Professional (ASP) -- have taken steps
to make shareware more palatable. They have advocated a position known by some
as the "Policy on No Crippling" and by others as "Virtual Freeware". In this
system, a fully functional copy of the program is given away, and it does not
protect itself against prolonged unregistered usage. This downplays the
provisional nature of the temporary evaluation license and fosters a feeling of
trust.

Alas, many shareware authors have found that users take advantage of this
trusting relationship and simply use the program for free. While this does mean
the program displaces a competitor, it also means that the author does not get
paid. Recent developments in the shareware scene suggest that we will be seeing
less Virtual Freeware in the future.

Underlying the prolif debate is the perception amongst many people in the
microcomputer world that software should be free. This position strikes many
people as perverse, but it has a long history, going back to the earliest days
of computing. Let's consider microcomputing in particular.

When the first micros came out, there was almost no software available.
Hobbyists wrote tools and applications and distributed source code freely.
Let's underline that point: micro software was free before it was commercial.

Eventually, though, some of the micro hardware companies commissioned
programmers to write robust applications. One of the first was a BASIC
interpreter, brought into the world by Bill Gates of MicroSoft fame.

The purists were scandalized. It seemed sinful to ask for money for software.
But what was the alternative? Some of the free software was very good, but most
of it was arcane, unreliable or both. Since the programmer was not getting paid
for his work, where was his incentive to do better? Only the real
artist-programmers produced work of lasting value, and even these worthy folks
tended to give up when their bank account ran dry.

One response to this dilemma was "User-Supported Software", which later became
known as "Shareware". The idea here was, "If you like it, send me some money to
encourage me to keep developing the program". Before the micro revolution, it
was almost impossible to earn a living this way. Somewhat later, as the number
of PC's increased rapidly, several authors (Bob Wallace, Bill Button and a few
others) did manage to turn a tidy profit.

However, as other authors tried to emulate their success, users became tired of
the constant requests for money. "User-support Software" had entered a crisis
phase. By 1993, there were several thousand shareware authors, but less than a
hundred were actually earning a living this way.

In the early days of micros, many programmers realized that they would have to
"go commercial" in order to survive. Unfortunately for them, the "software
should be free" mindset was firmly entrenched in the hobbyist community. Prolif
was so common that it put companies out of business.

This led to the "Copy Protection Wars". Commercial software companies
(particularly the game publishers) tried to invent schemes which would make
prolif impossible, but these were invariably cracked by "free software"
crusaders, hacker jocks, and people who just didn't feel like paying.
Additionally, copy protection made the programs awkward to install, use, and
back up. In the end, commercial companies largely gave up on copy protection
and worked on added value, such as support, manuals, newsletters and so on.

They also lowered their prices. Borland International stunned the world when it
introduced an excellent Pascal compiler for the IBM-PC for a mere $49.95. It
would cost a hacker more than that just to photocopy the manual. The program
was a massive success.

Commercial software strategies deal with the realities of the marketplace. But
what about the moral dimension? If we can get a program for free, should we pay
for it?

For many people, the instant answer is: "Piracy is stealing!"  End of
discussion. Unfortunately, their response does not lead to any understanding of
the issues of prolif, and it ignores history.

The underlying problem of prolif can be expressed by what I call "The Sheep
Analogy". The standard model of theft works like this: a man has a sheep, you
take it, and now you have a sheep and he has nothing. Clearly, that does not
apply to software. When you copy a program from somebody, you have the program,
and so does he. Who loses?

It can be argued that you both lose, because if the programmer is never paid,
you will never see any upgrades to the software. According to this argument,
you are not paying for the software, but encouraging good work.

This argument also has a counter-argument: "I'm just one guy."  Will the lack
of your single payment make or break the programmer? Probably not.

This brings us to what I call "The Voter Analogy". If you don't vote during an
election, it's highly unlikely it will make a difference. However, if you tell
people you didn't vote, you foster an atmosphere that is unhealthy for the
voting process.

Now you can skip voting and keep your mouth shut, but if you copy software, at
least one other person knows. Is one program all you need, though? Copy a dozen
programs and you're making quite a statement. You CAN make a difference, but
you might not like what you're accomplishing.

One of the problems with considering the moral aspects of prolif is that people
don't like to think of themselves as dishonest. A common rationalization we
hear is, "I'd buy it, but those crooks charge ten times what it's worth."  This
casts the proliferator in the guise of a modern-day Robin Hood -- taking from
the rich to give to the poor. This is a variation on the defense, "It's a big
company, so they won't miss my few piddling dollars".

I can think of only one situation where arguments like these make sense. If you
are sure that you would not -- under any circumstances -- pay to use the
program, then you're not depriving the programmer of his just reward. For
example, you might "borrow" a word processor because it looks nice, but you'd
be willing to use a lesser program that is free, but just as powerful. If the
commercial program wasn't available to you for nothing, you simply wouldn't use
it.

The obvious objection to this line of reasoning is that people can tell
themselves that they have an equivalent program to fall back upon, which is
free, when in fact this is not the case. Humans are wonderful rationalizers.
This is clearly a situation where one's conscience gets some serious exercise.

Some solutions to the issue of prolif are available, or are coming soon. Some
expensive software packages use a hardware key (known as a "dongle"), which
plugs into a serial or parallel port. It requires considerable technical skill
to circumvent this kind of protection. However, dongles add to the price of the
software package. They also convey a message of distrust that is hardly a
marketer's dream.

Some software companies have proposed that hardware companies install anti-
prolif circuitry in their machines. This is certainly more practical for the
end user than a stack of dongles to validate each of his programs. Once again,
though, it introduces price and compatibility issues. The price issue is
particularly troublesome, since users don't like to pay extra for something
that will prevent them from doing something. As a result of all this, there has
been little progress on this front.

Incidentally, some have claimed that anti-prolif circuitry would pay for itself
because it would allow software companies to lower prices. This presupposes
that software companies inflate their prices to offset prolif, much as stores
increase prices to offset shoplifting. However, this argument runs up against a
lack of convincing (i.e. unbiased) statistics to prove its case. Moreover, it
can be argued that proliferated copies displace software produced by the
competition. Early copies of Lotus 1-2-3 were heavily proliferated, and this
certainly contributed to its becoming the de facto standard spreadsheet for
many years.

Shareware presents some intriguing possibilities. In my case, I give registered
users an unlocking code to self-register any new versions I issue for the next
two years -- they download the new versions from my BBS, CompuServe or the
Internet. This is more like a service contract than a software sale, and the
user can see how his investment earns new benefits. Since the user is buying a
series of upgrades rather than a single product, he is not as likely to be
interested in a cracked copy of the program.

Of course, a cracker could always figure out the technology required to create
unlocking codes. A hacker in Norway distributed a program that could remove
registration reminder screens from popular shareware programs. Believe it or
not, he required anybody who used his program to pay for it!

Another idea, which was discussed in detail at the 1995 Shareware Industry
Convention in Arizona, is metered or rented software, paid for with electronic
cash. I am sure that these, too, can eventually be cracked -- I believe any
protection method is crackable -- but when fully functional software can be
downloaded direct from the author and run for only a few pennies a day, there
is less temptation to obtain a cracked copy from a person of unknown
reliability.

The July 1995 issue of Wired magazine discussed the idea of using software as a
vehicle for advertising. Initially, free or inexpensive (but simple) software
could advertise better (more expensive) software -- this is already being done
in shareware, and is known as the "Shareware/Professional Method". Software
could advertise services related to the product being used, or it could even
act like a billboard for snack food. One company actually obtained a patent for
using software for advertising, but after a protracted court battle, the patent
was finally cancelled, so you can count on seeing more advertising programs in
the future.

I am not sure if it will work. Several years ago I did an ad-based program and
it utterly failed to produce sales leads, even though the program was quite
successful in other incarnations. Still, if the adware idea does work, it will
mean that software can once again be free. All we have to do is put up with a
few commercials.

Whether or not software "piracy" is an immoral act, it is not going to go away.
It's heartening to see companies working hard to address reality rather than
wasting their time writing sermons.

The Wishy-Washy Problem

At this point, some readers will be exasperated with me for not making a clear
statement about the morality of software proliferation. Is it wrong, or is it
okay? Bad or good?

I will be a bit more emphatic about my views in the conclusion of this article,
but at the moment I should mention that it is very tempting for a writer to
reveal his biases even as he tries to give both sides of an issue.

Actually, some people insist upon it. I remember a conversation I had about ten
years ago with a sysop who was a crusader against software pirates. I explained
how I saw both sides of the argument, and he replied, "So you're in favour of
piracy, then?"  I said I was still thinking about it. "So you're against it?"

For the next 30 minutes, he tried to make me commit one way or the other. He
didn't introduce any new information; he just wanted me to take a position so
he could determine if I was friend or foe. As I see it, this kind of thinking
(which is the norm rather than the exception) dooms most discussions about
morality.

System Cracking

I've cracked my share of computer systems. I've logged in and looked around to
see how things are set up. Sometimes I've given myself special capabilities.
Sometimes I've left the system operator a message, telling him about his
security problems, then disappeared. I've never lost any sleep over the moral
dilemma.

Still, I have to ask myself: would I appreciate it if somebody secretly planted
a camera in my living room? Would it make it any better if he later told me how
he did it?

I would never consider peeping through somebody's window, but apparently I
didn't feel it was the same when I was peeping at somebody's data.

I'm reminded of a story I once heard, about a man who was staying at a hotel
in a small town in (I think) Austria. One night, he rang up the desk clerk and
complained that a man had been watching him through the window. The clerk asked
him to describe the man, then said, "Oh, that's Crazy Hans. Just ignore him."
Apparently, Crazy Hans was a mentally unbalanced individual, and the town
figured that as long as he didn't hurt anybody, they'd just let him live his
own weird life. I was touched by the decency reflected in that story.

Now, I'm not suggesting that it's crazy to snoop around inside somebody else's
computer, but it behooves us to remember that privacy means different things to
different people. I don't care if somebody pokes around inside my computer. I
don't even care if somebody sees my financial records. I do care, however, if
somebody alters or deletes my data.

Breakers will attack a system and damage it -- sometimes beyond recovery. I
don't understand why they do it.

Some breakers claim to have a political or sociological agenda. The Spring 1995
issue of Gray Areas contains an interesting interview with a self- proclaimed
Internet vigilante. He first expresses his ambition as follows:

"Our nemesis is big business, or any business that bothers us. A few
corporations are exempt because of the [skilled hackers] they employ, but that
is a select few."

So far, it sounds like an anti-establishment movement. Later on, though, he
makes the following statement:

"If you have annoying users on your system, you should seriously consider
getting rid of them before they annoy us. There are some people who just
shouldn't be on the net -- people whose sole purpose in life seems to be 
making me hurt them."

Thus, this anonymous person sits on an anonymous board of judgement, which
weighs each person's worthiness by their standards. What I see here is simple
lust for control. Here's another quote:

"We don't enjoy any publications or TV programs. The only think we 'enjoy' is
increasing power in any way we can."

I've heard this kind of talk many times before. Breakers don't merely want
access to power, they want to wield it. While a cracker is intrigued by the
intellectual challenge of breaking through security, and is perhaps titillated
by being where he shouldn't be, a breaker has an additional goal: control.

I believe that breakers can be encouraged to ease up on their activities if
they see why it is to their benefit to do so. I will cover this in more detail,
in the conclusion of this article.

Viruses

One thing that intrigues me about viruses is the mystique that has grown around
their creators. There is a pervasive myth that it is difficult to write a
virus. People may think, "If they were easy to write, there'd be more of them."
Actually, there is plenty of virus source code floating around, so any
reasonably intelligent programmer could make a virus and add a few twists. I
think the real reason there aren't more is because most people simply don't
want to write them.

Several years ago, I thought up a particularly nasty idea for a virus. It would
do something that no virus has ever done before (or since, to my knowledge),
and it could potentially cause billions of dollars worth of data destruction. I
smiled when I thought up the idea, then moved on to other pursuits. It never
occured to me to actually unleash the thing.

Still, I can see why somebody would want to do it. Everybody is starved for
affirmation. Look at how people behave when they notice a TV camera pointing in
their direction. If they happen to be at the scene of a big news story, they
might phone their friends: "Watch the six o'clock news! I think I'm on it!"

Imagine the glee of the author of the Michelangelo virus. His handiwork was
featured in the headlines for several weeks. Johnny Carson told jokes about it.
Of course, the virus writer never got to hear his name mentioned, but the sheer
volume of the coverage made up for that slight omission.

Virus authors also become a "parent": they send their little child out into the
world, and it grows and grows. They know that if they die tomorrow, something
of them will live on. If, in 3000 AD, some archaeologist restarts an ancient
IBM-XT, he might be greeted with a virus message. Immortality, in any form, is
a seductive goal.

Some virus writers, attracted only by the immortality or fame aspect, write
viruses that apparently do no harm. I say "apparently", because although benign
viruses don't destroy data, they do hurt people.

Several weeks ago, my friend Patrick called me up just before midnight. He
frantically told me that his computer had a virus, and he had a contract
deadline only two days away. As I talked him through some initial steps, to
ensure that his most important data was safe, he admitted that his hands were
shaking so badly he could hardly type.

I did some research on the virus. The literature said it was "harmless" and
merely replicated. Nevertheless, we couldn't take any chances. We had to treat
it like a ticking bomb.

Around 3:00 AM, Patrick dropped by to pick up a "clean" copy of DOS on a
write-protected diskette. Taking it from there, we were eventually able to put
his system back to normal. It was now six in the morning and time to get to
work on the project. Patrick was exhausted, but he was too shaken to sleep.

We later found out that Patrick had contracted the virus from a disk he had
received from a large international company. He discovered this when he
happened to mention the incident to somebody at that company, and found out
that they, too, were trying to get rid of the interloper.

When I think of that "benign" virus, I have to multiply Patrick's hellish night
by a thousand. Or maybe I should multiply it by a million. Who knows? The virus
may not cause any physical damage, but the total psychic damage it has caused
is incalculable.

Some virus writers put forth the counter-argument that these episodes teach
people to make backups. That is no doubt true; Patrick told me that in the
future he would be much more diligent in this regard. I have to wonder, though:
are virus writers really doing this for the good of mankind? Are virus writers
famous for their other good works?

I personally know only one virus writer. His virus appeared to be a "good
work", inasmuch as it proclaimed a message of world brotherhood. It also
advertised his business -- a risky move, but believably deniable.

When I'd heard that the programmer in question had written a virus, my first
reaction was, "I'm not surprised". He has always lived life on the very fringes
of what is acceptable; his credo appears to be, "Thou shalt not get caught". He
is exceptionally good at avoiding trouble, despite his many outlandish
escapades.

As it happened, his virus-of-brotherhood managed to get into some commercial
software, and millions of copies were shipped. He was an overnight sensation. I
can't help but wonder, though, if he ever helped a desperate friend eradicate a
virus. If so, has he ever thought about how he shocked millions of people?

I can't read his mind, but I'm guessing the answer is no. He is one of those
rare people who believe in themselves totally. On the face of it, this sounds
like a good thing, but I'm reminded of a comment by the Canadian comedian Brent
Butt: "With self-confidence, you can move a ton of earth with a spoon, and
never realize you're digging your own grave."  Self-confidence taken to the
extreme is recklessness.

I can understand that somebody might write a benign virus and fail to consider
the psychic damage it will cause. What I can't understand is how a breaker
writes a virus that destroys or alters data. With computers becoming ever more
pervasive, it won't be long before we hear of somebody dying because a
much-needed medical computer was knocked out by a virus.

Malicious viruses are not a prank but a crime against humanity. The author of
such a virus is harder to fathom than somebody who sprays a crowd with a
machine gun. In the latter case, there is a limit to how much damage can be
done, but there is no inherent limit on the damage that can be done by a
malicious virus.

At no time before in the history of humanity has anybody deliberately released
a device which is beyond recall and can carry on its impersonal destruction
indefinitely. That somebody could inflict such a thing upon the planet is
utterly beyond my comprehension.

Phiddling, Phreaking, and Fraud

Hacking is a form of magic: we delight in finding novel ways to exercise
control over a small piece of the world. Hackers of various types will play
with computers, model trains, radios and locks. They also find it interesting
to mess around with phones, and people.

When it comes to phone phreaking, I only have a bit of book knowledge. My phone
tricks were mostly smoke and mirrors. I can, however, appreciate how phone
phreaks enjoy the cat-and-mouse game between them and the phone company.

Accomplished phone phreaks have the ability to wreak untold havoc, but the ones
I know are more interested in the phone system itself. To them, it is the
ultimate puzzle.

If a phreak treats the system as a puzzle, how do we assess the harm, if any,
that they cause? One of their experiments might cut off a conversation (maybe
even an emergency call). But apart from such hypothetical scenarios, the main
cost seems to be a few pennies worth of electricity, and (if they are tying up
long-distance trunks) some lost earnings for the phone company.

From what I've heard, the phone companies don't deal harshly with phone phreaks
who are simply exploring. Of course, if the phreak persists after being caught,
they will naturally become more threatening. Additionally, if the phreak brings
grief to a third party, perhaps by using a company's DISA (dial-out) lines, the
phone company is obliged to take stronger action.

Some phreaks use their capabilities to line their pockets. Once they've
mastered the phone system, many opportunities present themselves. They can
intercept and sell confidential information. They can tap into a phone-based
network and learn how to insert themselves into a company database, obtaining
free merchandise or payments for non-existent goods. Most hackers find this
kind of activity impressive, but nevertheless unethical.

Some phreaks become breakers. They use their power to intimidate. Your
girlfriend dumped you? Bill her for a twenty-four hour call to the Weather
Information number in Hawaii. She'll know it was you, but she'll never prove
it. You win!

As I said earlier, hackers like to "hack people", not just machines. They even
have a word for people-hacking: "Social Engineering". (I believe this term was
invented by John Draper a.k.a. Captain Crunch.)

It's fun to bamboozle people. Sometimes (as in the case of a truly amusing
practical joke) it can be fun for everyone. But social engineering can easily
turn into breaking; all you need is a malfunctioning conscience.

Pickpockets and con artists are some of the most skilled social engineers. Law
enforcement officials note that when these people are caught, they are almost
invariably angry rather than sorry. The first thing they want to know is how
they messed up.

There's another social engineering enterprise that is growing into a multi-
billion dollar industry: psychics. It really isn't all that hard to pretend to
be psychic; the techniques are easily learned -- or hacked.

When I was 17, a local radio station asked for a psychic or astrologer to dial
in, to do readings for callers. Without preparation or previous experience, I
decided to try. The host of the radio show was obviously not taken in, but none
of the callers expressed any doubt in my abilities. Here is one of the
readings, to the best of my recollection:

  Tim:     Okay, what is your birth date? 
  Caller:  January 5, 1943 
  Tim:     Ummm, okay, this is going to be a bit difficult. 
           One of your main stars went nova last week. 
  Caller:  Is that bad? 
  Tim:     I'll see what I can do. Wait a sec ... oh, darn. The moon's 
           occulting Vega. 
  Caller:  Can you give me any advice, though? 
  Tim:     Okay, I've got something. You know your neighbour's dog? 
  Caller:  Uh, yes. 
  Host:    Excuse me, but does your neighbour actually have a dog? 
  Caller:  Well, there's one ... yes. 
  Host:    Okay. (Snickers)
  Tim:     So, your neighbour's dog... 
  Caller:  Yes? 
  Tim:     Be careful around him. That's all I'm gonna say.

What isn't clear in this transcript is the sound of trust in the woman's voice.
Listen to any psychic radio show and you'll get to know that sound.

Two years ago, I took a lady to a psychic reading and explained to her all the
techniques being used to extract useful hints from the victims ("cold
reading"). By the end of the session, she was spotting the tricks herself, and
was angered when she saw over a hundred people drop money into the collection
plate. The "psychic" runs several such sessions each week, and has been doing
so for at least ten years.

She makes a very good living from social engineering. She is a people-hacker
par excellence.

Conclusion

What is a hacker? There are plenty of definitions, including some insulting
generalizations from the mainstream press. Here is a definition that I like: a
hacker is someone who approaches a problem with a mind clear of any
preconceptions and is thus able to find the most direct path to the solution.

Hackers exhibit innovation and inventiveness. They never assume something is
impossible, just because others say so. Hackers free their minds from
artificial restraints and use lateral thinking to arrive at non-obvious
solutions.

Hackers unify with whatever they set their minds to. They join to the object of
their interest and speak through it and for it.

Hackers can hack machines and people. But what about morality? Can we "hack"
morality? Will such a nebulous concept yield to the skills of a hacker? I
believe so. When hackers find something interesting, they will pursue their
answers doggedly.

The key word is "interesting". Or, to use a common hacker word, "neat". When a
hacker says something is "neat", it means it engages him in a way that
non-hackers can not comprehend. Something "neat" reflects an underlying beauty,
and the hacker will toil tirelessly to uncover it.

In that sense, I think morality is "neat", because it touches on every aspect
of life, and life is the ultimate hack. So now what? Where do we begin?

Some hackers follow the adage of Aleister Crowley: "Do as thou wilt shall be
the whole of the law". Some people see this as advice to act without regard to
consequences, but soon discover that freedom to act means taking responsibility
for their actions. The principle of "Thou shalt not get caught" isn't very
comforting when your decisions cause you harm because you didn't foresee the
ramifications.

It is not my wish to say how you should behave. Your ultimate authority is you,
not me. I believe, though, that if you take your authority seriously, you will
"hack morality" and realize that you are what you do.

I think the difference between hackers and breakers is that breakers are
psychically isolated. They have drawn a circle around themselves. Inside that
circle is "me", and outside that circle is "them". Are they in a fortress, or a
prison?

Our lives pass through various phases. For example, most boys start out being
indifferent to girls, then they hate them, then want them, need them, and
finally marry them. These phases are familiar to us all.

Our relationships with other people also go through phases. A baby is utterly
dependent, then progresses to an exploratory phase. Later, the child makes
friends, and by the time he reaches puberty, he is beginning to define himself
in terms of a group outside his family. Later on, as he reaches young
adulthood, he may draw away to find himself. He asks, "Who am I?"  If he
emerges from this phase as a reasonably well-defined individual, he moves on to
the stage where he reaches out to discover his connection with the world at
large.

I think that breakers freeze their development at the "Who Am I?" phase. They
draw the circle, and in their escapades try to find out what they are. Time
passes and they fail to find themselves. Eventually, they become so accustomed
to being away from the world that they become a universe unto themselves.

This is an extreme example of one of the perennial problems associated with
hackers: isolation. Hackers can get so tied up with objects that they lose
sight of people. Even hackers who "hack people" are treating them like objects
-- problems to be solved -- so the situation is the same.

Morality can not develop within us if we see ourselves as being separate from
the world. Only if we see ourselves as participants -- rather than
tinkerer-observers -- can we find the external world "neat" enough.

Of course, the external world is, by definition, outside our control. Everybody
has an deep-seated wish to be entirely self-sufficient. We have movie and
television heros (e.g. The Prisoner, Clint Eastwood, The Fugitive) who are
complete unto themselves, but do such people really exist? I've never met one.
And even if people somewhat like that do exist, do they grow their own food?
Make their own clothes? We are all interconnected, and that makes us a
participant whether or not we like it.

Some people explain self-centered action as "Social Darwinism". They believe in
"survival of the fittest", and think that if they are clever or stealthy, they
earn the right to whatever they obtain. One problem with this idea is that
there are some things in life that can not be bought or stolen; they derive
from our relationships.

Our personal set of ethics represent our decisions as to how we participate. If
we decide it's okay to steal, then we steal. But we must remember that each
choice defines our relationship to the external world, and we are entirely
responsible for our decisions. If we choose to isolate ourselves in an "me and
them" condition, then we must live with that.

Can we live comfortably with that? Humans have an inherent need to relate to
other people. Physical isolation (such as solitary confinement) is almost
unendurable. Psychic isolation (the "me and them" condition) will also take its
toll.

Every time you cheat or harm somebody, you are drawing a line; you have
consigned that person to "them".

One solution, for hackers, is to associate with other hackers. Hackers have
formed what linguists call "speech communities", one of which can be identified
by such words as "warez", "kewl" and "lamer". Incidentally, when this mode of
speech started in the early 80's, we older hackers thought it was pretty silly,
but since the argot defines the community, it's pointless to criticize it.

In general, hackers are noted for their intellectual capacity rather than their
social skills. As such, hackers may not give their fellow hackers a well
rounded social experience.

Most hackers are not one-dimensional characters, though, so they can help each
other progress well beyond the "Who Am I?" phase and develop a code of ethics
that allows them to widen their circle. Keeping this in mind, in the early
1980's I started up the Permanent Weekly Get-Together (PW-GT). Every Friday,
hackers of all sorts would congregate at a downtown bar and get some actual
human contact, rather than meeting solely by modem. This became a Montreal
tradition, and the PW-GT lasted for at least six years.

I was well aware of my own tendency to isolate myself, both physically and
psychically. I can't say I've completely overcome this (which is exacerbated by
the fact that I work at home), but I'm working on it. Overcoming the physical
aspect is simply a matter of planning. Overcoming the psychic aspect, however,
takes us into moral questions. If our moral decisions allow us to integrate
with others, we can shatter many of the barriers of psychic isolation.

Seen this way, morality is a selfish decision. Or to put it another way,
morality is enlightened self-interest. I think carefully about my decisions,
because if I harm others, I harm myself. If I help others, I help myself.

So where does that lead us? Can we propose some general guidelines for hackers
to consider? I think the Hippocratic oath gives us a good starting point when
it says: first, do no harm. But that's a negative guideline in that it says
what not to do. So what can we do?

One alternative is to use your creativity to design something useful, or
something that will enrich the lives of others. There are plenty of promising
projects. Computer hackers can write demos or games. Doing it right will
involve a lot of effort, and positive feedback can elude you for a long time. I
wrote shareware for eight years before I was nominated for a national award.

In the final analysis, you are your ultimate authority. You make your moral
decisions, and you reap the rewards or pay the costs. Just remember that the
rewards and costs aren't only located in a piece of hardware or represented by
your bank balance. Your contentedness and fulfilment are at stake. The health
of your psyche is the ultimate measuring rod. Please choose carefully.

DOWNLOAD FILE
MD5
43771566e87392170d4d9146ab876e9d

AAAAH! MY EYES! Click here if you prefer a black and white color scheme.