In Defense of Hacking

by rthieme on March 11, 2000

david-aitel-at-black-hat-seattle The following article was published in the Village Voice, February 16 – 22, 2000
and the LA Weekly under the title “Hacking the Future.”

Let’s get our definitions straight. Last week’s attacks on dozens of Web sites
were not the work of hackers. They were the work of script kiddies, and the
difference is everything. Script kiddies download ready-made tools and use them
to damage the network. Script kiddies criminally distort the essential ethos of
hacking, which is to pass through the network without a trace. Hackers read the
unknown, sense the contours of the codes that make tomorrow’s booms and busts.
It’s no wonder that last week hackers everywhere cringed when the media confused them with script kiddies. Not less than 10 years ago, the word hacker conjured a
dedicated geek, hunched over a glowing terminal, working late into the night to solve an intractable dilemma. Now hacker means something akin to cybercriminal. The semantic shift is regrettable, not only because the distortion inhibits
clarity, but because it buries a piece of history we’d be wise to keep fresh: It
was hackers who cobbled together the Internet.

Hacking is a quest for knowledge. You can see the essence of the activity in meetings at security firms like Secure Computing, where hackers are a key part of the professional services team. With clients in the Fortune 500 and
three-letter government agencies, like DOD and NSA, the stakes are high, and when the firm faces a perplexing problem, brainstorming sessions go late into the night. Ideas fly from one person to another like pinballs off flippers, as
the group mind turns over and examines the puzzle from all sides.

The concept of a “group mind” flows from the structure of the Internet itself, parallel processor harnessed to parallel processor to achieve a single goal. It’s no coincidence that information technology professionals often think in a
style similar to the way computers calculate. The network taught them how to reason digitally; it imprinted itself on their minds just as they imprinted their minds on it.

Is it any wonder, then, that hackers are the leaders of the new millennium? By leader I mean someone who forges ahead and names the emergent realities of the
dim future. Consider Tim Berners-Lee, who designed the first Web protocols and wrote the first browser code. Berners-Lee was a hacker. Or consider Richard
Stallman, the evangelist of Open Source software. Stallman is an extraordinary hacker.

I recently consulted with a major mutual fund, and after the meeting I traded war stories with its head of IT. He fondly recalled the old days of hacking Unix systems. That this former “delinquent” now runs a system executing billion-dollar transactions is not shocking. Most of the bright people in the IT
business learned how to hack by-what else?-hacking.

Let’s go back to Open Source for a moment. It’s now the conventional wisdom that the Linux operating system and GNU Project are miracles of modern computing, which may one day triumph over the clunky software produced by the Microsoft-Apple cartel. Stallman launched the GNU Project by asking hackers to
volunteer their services. Of course, they did. Likewise, Linux was founded on the belief that complex systems must be open, evolving, and free in order to reach their ull potential. In other words, they must be hackable and they must be hacked. Continuously.

Now comes the FBI and President Clinton with criminal sanctions for these script kiddies. It’s right and just to keep the peace, but let’s remember that in the Internet’s embryonic stage, hacking, far from being criminal, was encouraged.
When computers were first networked through telephone lines and slow modems, bulletin boards emerged as crossroads where cybertravelers could leave messages and valuable information about how the phone lines intersected with microprocessors. By these postings, the network formed a symbiotic relationship with its users, and through the give and take of countless exchanges between
hackers, the network bootstrapped itself to a higher level of complexity. As Tom
Jackiewicz, who helps administer upt.org, an outgrowth of the hackers’ favorite, the UPT Bulletin Board, recalls, “In the old days of a decade ago, no kid could
afford a Solaris workstation. The only machines available were online. You could learn only by roaming the network.”

Today the stakes are higher, security tighter, but the basic modalities of hacking and its relationship to innovation remain. The challenge du jour is the
gauntlet thrown down by Microsoft, which claims that Windows NT, the operating system of many businesses, is secure. What a claim! For a baseball fan it would be like hearing the Yankees brag that they could play an entire season without
losing a single game. Hackers love to find flaws in Windows NT. For them, the payoff is the power rush of the thunk! when the stone hits Goliath in the forehead.

One of the sharpest stones to leave a hacker’s sling is a program called Back Orifice 2000. Developed by a group called Cult of the Dead Cow, the program can be loaded stealthily on a Windows network, giving a remote user control over the
network. Why develop such a weapon? In the current environment of ubiquitous distributed computing-that is, networks and nodes everywhere-the hackers argue
that no operating system protects against stealthy executables like Back Orifice. So the program is a form of shock therapy. It jerks Microsoft into action, stirring an indolent industry into making the Internet more secure. The upgrades that come as a result benefit every Windows user.

As a culture we are just beginning to recognize this dynamic. One of the first hacker groups to benefit from our grudging acceptance of the craft is LOpht, which crossed over from the computing underground to the mainstream after finding flaws in Windows NT. Their transition has been so successful that when
Congress conducted an investigation into Internet security it asked two LOpht members, Mudge and Weld Pond, to come to Washington for a briefing. Now LOpht has teamed up with former Compaq Computer executives to form @Stake, a security firm that has the media and Wall Street swooning.

So when is a hacker not a felon? When he receives $10 million in venture capital? When Congress invites him to a hearing?

When we lump all hackers into a criminal class we are liable to forget their essential role as architects of the information age. Edward O. Wilson said that
scientists are characterized by a passion for knowledge, obsession, and daring. Hackers share that passion, the hunter-gatherer gene for restless wandering,
wondering what’s beyond the next hill. They hack because it’s fun, because it’s a challenge, and because the activity shapes their identity. Their strengths-love of risk, toleration of ambiguity, and ability to sift meaning from disparate sources-power the very network we all rush to join.

{ 0 comments… add one now }

Leave a Comment

Previous post:

Next post: