Hackers, The Misunderstood Oddity, Can Provide A Valuable Service To Society

The term "hacker" was originally devised to define individuals with revolutionary attributes, comprising of the belief that "information technology and human beings were symbiotic elements of a larger system" not plagued by the physical world’s cancerous borders which discriminated against race, creed, and colour. In effect, a hacker was a uniquely intellectual member of an exclusive utopian society, constrained only by his or her own imagination, with the honorable quest of pursuing perfection through exploration, under the strictest of ethics which clearly defined them as anything but criminal.

Unfortunately, over the last two decades, the true meaning of the term has all but vanished, leaving a shell to house almost any computer activity that diverts from standard norms. In today’s society, a hacker can be anything from a computer user "who enjoys learning the details of computer systems", "to someone who destroys everything they can get their terminals into". This change can be attributed to the technological explosion during the eighties that was unleashed upon the world, which in turn created radical social transitions and turmoil for most. As soon as one perplexingly difficult concept developed, another two replaced it. And so the cycle escalated, until finally most people gave up attempting to grasp concepts that were increasingly foreign.

It should be noted that during transitional periods like this, ‘witch hunts’ become all too common. In this particular case, the tendency was exacerbated so much by the general population’s fear and complete ignorance, that any number of the growing electronic activities that were perceived illegal, immoral, or simply misunderstood, gained the convenient label of ‘hacking’. In fact, it is now a common occurrence to see this same label being applied to teenagers who play malicious ‘denial of service’ pranks on their friends, as well as those unsavory individuals dealing in smut, pornography and drugs, simply because they posses computers. By combining such elements with the media’s methods of portraying everything as lethal, or exaggerating the ‘darkness’ of hacking through such titles such as "The day of the Technopath", society’s perceptions are so badly tainted that the ‘witch hunt’ mentality continues to engulf reality. Hackers are not criminals who seek financial gains through their activities, nor are they credit card number distributors. Their sole intention is to capture as much information and technology as possible so that they may better understand the world, and thus positively contribute to it. An activity that society normally encourages and rewards. In 1989 Hans Huebner, a hacker using the handle ‘Pengo’, wrote a letter to the Security Issues Bulletin stating his reason for hacking - "I was just interested in computers, not in the data that they kept on their disks". These individuals are a product of our society, simply working through unofficial channels. Like Kevin Mitnick, they wish to be part of the system, but find acceptance increasingly difficult due to their extraordinary methods.

During 1997, the American Computer Security Institute estimated that out of all the computer incidents involving businesses, 55% were due to human error, 20% to natural disasters, 10% by staff misconduct, 9% from disgruntled employees, 4% from viruses accidentally brought in by employees, and only 2% from external sources - external sources being labeled ‘hackers’. In 1998 the Victorian Police (Australian) released findings that the second highest source of breaches were due to hackers – unfortunately these figures were based on opinions rather than fact, and thus hold little credibility. Further more, this same study shows that during 1997 one third of the companies surveyed reported an attack. Of these, only 17% believed that the source of the attacks originated from hackers. This totals a whopping 5.6%, if you can believe that those surveyed could actually distinguish what a ‘hack’ was. When considering that many of the outsider attacks come from professional computer criminals - most of who are employees of competitors - true hackers as such are responsible for almost no damage at all.

As bizarre as it may seem, some companies find it commercial viable to pretend that they have been attacked, in order to generate free publicity. For instance, during 1997 the web site promoting Universal Picture’s "The Lost World" was vandalized. A rubber duck, signed "hackers", replaced their image of an animated dinosaur. It was later noted that the two images had identical properties, including the date of inception – proving this was nothing more than an obvious prevarication – though Universal Pictures diligently denied it.

Developing societies have much to gain from hackers – unfortunately, due to the cloud of ignorance, most are unable to perceive this. It is true that not all hackers are good Samaritans, some have been forced to turn to crime for financial gain, and this becomes their only motivating factor. But research indicates that these are all but few. Richard Stallman, founder of the Free Software Foundation, suggests that these few are by their own actions no longer ‘hackers’, but instead ‘crackers’ – a term describing code breakers. Hackers are about uncovering system vulnerabilities and creating new designs that would otherwise be undiscovered, or utilised by those who would cause real harm. Such individuals would include the likes of Doctor Popp3 and Whitely, who belong to special group which is appropriately labeled ‘Computer Psychopaths’ – not ‘hackers’.

It is the desire of hackers to be part of the system, as opposed to the esoteric outsiders, but continue to find it increasingly difficult to do so because of the ever mounting bad publicity they receive. In an effort to belong, associations like ‘Bugtraq’ and ‘EHAP’ have been developed. Through the medium of Bugtraq, hackers discuss faults within systems, design patches to solve insecurities, then contact the software producers with their findings – allowing them to play a somewhat dominant role in the development of Information and Technology. Unfortunately the Australian government is presently reviewing outlawing mailing lists like Bugtraq, by listing them as ‘Refused Classification’ because of their explicit nature of full fault disclosure. On the other hand, ‘EHAP’ has taken it upon themselves to safe guard society against the biggest developing criminal trend that the authorities have been slow to legislate against. As such, EHAP is the hacking communities vanguard against child pornography on the information highway – by combining their knowledge of computers, the law and ethics - they are able to uncover and terminate sites that constitute threats to humanity.

Prominent establishments like IBM, and Novell have understood the vast benefits of employing hackers in their development departments, and have quietly done so for many years. Michael Simpson, director of network services for Sun Microsystems agrees that hackers are an important resource in his company’s development. "I like the fact that we have a sort of freelance engineering team out there…. There’s no way that I could have staff sit around and pontificate about every possible way that someone could enter our environment – we appreciate what they do". IBM is another company that owes its market success with security stability to the scrutiny of several hackers they employ. They understand that no single security product is guaranteed as adequate protection. Likewise, Microsoft has also begun conversing with hacking communities to redevelop their otherwise backward compatible platforms, which have been riddled with insecurities.

Other security companies like Secom and Venture are beginning to recruit former underground hackers as their front line defense, and have found it extremely lucrative to contract these ‘Tiger Teams’ (A Korean concept) to conglomerates, banks and credit unions which are in need of added security. "This paradoxical notion of paying someone to hack a system is gaining currency", particularly when considering that most IT managers employed by organisations have limited knowledge surrounding their systems. Even those that have a broad understanding of system security, continue to find outsiders useful because they bring issues to light that may not have been thought of. Take for instance XYZ Pharmaceuticals. In an attempt to protect their valuable research from the outside world, they had removed all their computer connections to the Internet. Upon entering the company, the contracted hackers instantly discovered two security faults. The first was that employees had brought in their own unsecured modems to access the Internet. The second security fault discovered was even more alarming. These unsecured modems had been the means by which another company had accessed the network, and setup a porn site on their 2GB server that was meant to be lying dormant.

Information Systems Safeguards, a security-consulting firm has also used the services of hackers on several assignments, finding their work to be of an outstanding quality, with absolutely no violation to the trust they had shown. Unfortunately, many companies – not to mention governments bodies – fear utilising such resources simply because they believe the public’s confidence in their abilities would be greatly diminished. But this is extremely illogical when considering in recent test sponsored by the Department of Defense (United States), results noted that out of 8,932 computer system on trial, 7,860 proved to be penetrable. Even more bewildering is the fact that some industries – for instance NASA - have been attacked several times, yet ironically are reluctant to obtain assistance in fear of seeming fragile.

In the 1999 Computer Crime and Security Survey (Australia) it was shown that at least 20% of all those connecting to the Internet had no "written policy concerning computer security and the misuse of computer facilities…. Of those that did have a policy, 64% did not have a section dealing with network intrusions, 41% of the policies existing did not include sanctions or procedures for dealing with breaches, and 77% had no provisions for notifying appropriate law enforcement agencies". In total, 37% of these companies had taken no precautions to protect themselves or their information. It is more than likely that in times of crisis that groups such as these will opt to use ‘blame displacement’ tactics in order to deflect their responsibilities, and cover incidents directly responsible to their own negligence. In doing so, they continue to blacken the reputations of a group that offer their expertise willingly. In these cases, Federal Police Departments around the world (particularly Australia’s Computer Crime Division) have come to perceive that such companies literally deserve what they get, and for that reason refuse to place high priorities on these cases.

The gradual stigmatisation of hackers can possibly be attributed to a degradation like ritual, whereby more dominant groups like corporations and government bodies have progressively alienated them in order to promote their own professional interests. With this in mind, it is necessary to begin by clarify and distinguish the hacking community apart from mentally inept and criminally inclined. It is only then that society will be able to see the truth, and embrace the vast availability of benefits that would otherwise continue to dwindle within the shadows of secret societies. True hackers do not cause pain and suffering, nor destruction and damage to computer systems through their behaviour. In reality, it was these sponge like individuals who pioneered our electronic age, and are responsible for where we are today. Such free thinkers established the majority of Silicon Valley, and the development of the Apple Corporation. It is ironic that so much money is being spent attempting to foil and control hackers, when acceptance and incorporation of their uniqueness into the social collective would generate financial gain, and an endless supply of wonders through their developments.

Bibliography

Agre P., "The next Internet hero", Infonautics Corporation, Internet Address – http://www.elibrary.com, 1997.
Anderson J., "Hackers on white horses", Newsday, Internet Address – http://www.elibrary.com, 1995.
Arthur C., "A dinosaur, a duck and a hack that wasn’t", Newspaper publishing P.L.C, Internet Address – http://www.elibrary.com, 1997.
Bondy, J., "Crime and Information Technology", Royal Melbourne Institute of Technology Lectures, 1999.
Chasin S., "Bugtraq", Internet Address – http://www.geek-girl.com/bugtraq, 1999.
Cross L., "Fraud, Crime & Intellectual Property", Australian Federal Police guest speaker at Royal Melbourne Institute of Technology, 1999.
Denning D., "Concerning Hackers who break into computer systems", Digital Equipment Corporation Research Center, 1990.
Caldell D. J., "Computer crime", Australian Federal Police guest speaker at Royal Melbourne Institute of Technology, 1999.
Gulker, C. "The Kevin Mitnick/Tsutomu Shimomura affair", Random Access, Internet Address – www.gulker.com, 1999
Hafner K., and Markoff J., "Cyberpunk", Simon & Schuster Inc, 1991.
Kaiser, T. "Kevin Mitnick", Newsgroup alt.security, Internet Address – http://www.nando.net/newsroom/nt/nation7.html, 1995
Matrix, A., "Ethical hacking", Internet Address – http://www.hideaway.net/ethics.html , 1998.
Matrix, A., "The reality of ethical hacking", Internet Address – http://hideaway.net/news/ethics2.html, 1999.
McMullen B., "Hacker hackles raised over time cover story", Newsbytes, Internet Address – http://www.elibrary.com, 1993.
Mentor, "The Mentor’s last words", Internet Address - http://www.ozemail.com.au/~evanspencer/Documents/Doc20.htm, undated.
Mohan S., "Networking and telecom: Ethical hacking finds network holes", Infonautics Corporation, Internet Address – http://www.elibrary.com, 1999.
O’Conner C., "Pornography and other offensive content", Guest speaker from the Victoria Police Child Exploitation Unit at Royal Melbourne Institute of Technology, 1999.
Poulsen, K. "Chaos theory", Ziff-Davis TV Inc., 1999
Poulsen, K. "Grassroots Hacktivism", Ziff-Davis TV Inc., 1998
Power R., "Computer security issues and trends", Computer Security Institute, Internet Address - http://www.gocsi.com/testify.htm, 1996.
Quinn M., and Evenson L., "The downfall of a computer whiz / How a lonely misfit became the FBI’s most wanted Hacker", San Francisco Chronicle, 1995.
Randolph, D. "The United States V. Kevin David Mitnick", Internet Address – http://www.kevinmitnick.com/about.html, 1999
Ruben, J., "Computer hacking is a crime", Internet Address - http://english.ttu.edu/courses/1302/castner/fall97/castner67/JRCHB~1.htm, 1997.
Sycamnias, E., "What exactly is a hacker", Internet Address - http://www.ozemail.com.au/~evanspencer/Documents/Doc12.htm, 1998.
Sycamnias, E., "Interviews with Rsnake, founder of E.H.A.P (on #EHAP – Efnet)", Personal Interview, 1999.
Sycamnias, E., "Kevin Mitnick", Internet Address - http://www.ozemail.com.au/~evanspencer/Documents/Doc46.htm, 1999.
Taylor P., "Them and Us – A study of a technoculture", Routledge & Kegan Paul Publishing, Internet Address - http://www.ozemail.com.au/~evanspencer/Documents/Doc21.htm, 1989.
Thiruselvam P., and Meinel C., "Guide to (mostly) harmless hacking", Internet Address – http://www.skydomain.com/library/gtmhh-cc1.txt, 1997.
Wahlert G., "Crime in cyberspace: Trends in computer crime in Australia", Platypus, Internet Address – http://www.afp.au/onl_aus/cyber.htm, 1999.
Warwick, P. "Further study in white-collar crime: Hacking & criminal hacking – Computer crime – Kevin Mitnick – Regulation and control of white-collar computer crime", Internet Address – http://www.ozemail.com.au/~wtmp/wcc.html, 1998
Author Unknown, "Protect your PC’s privacy", Internet Address – http://www.bigbrotherinside.com, 1999.
Author Unknown, "The ethics of hacking", Internet Address - http://www.ozemail.com.au/~evanspencer/Documents/Doc15.htm, 1994.
Author Unknown, "E.H.A.P Corporate Mission", Internet Address - http://www.ehap.org/ehap-about.html, 1999.
Author Unknown, "Software companies are embracing hackers as the unofficial vanguard of security", Infonautics Corporation, Internet Address – http://www.elibrary.com, 1999.
Author Unknown, "Computer Crime & Security Survey", Victoria Police, 1998.
Author Unknown, "Network protection firms recruit hackers to fight computer sabotage", Infonautics Corporation, Internet Address – http://www.elibrary.com, 1999.
Author Unknown, "Why we still have to free Kevin Mitnick", Internet Address – http://www.kevinmitnick.com, 1999
Author Unknown, "Bugtraq Mailing List", 1999.