Letters Issue 48 Contents Winter Games




THE HACKER

Hero or outlaw? Wendie Pearson rips away the mask behind the modem

A hacker. Portrayed as a thief.

THE solitary, night-time hero of the computer age. His face lit in the reflected glow of his VDU, he sits hunched over the bewildering spaghetti of his customised terminal. His fingers glide across the keyboard, guided as if by instinct, and at his fingertips are the secrets of a nation.

Myth or reality? Hero or villain?

Let's take a look into this twilight world, and talk to some of its shadows.

Many people - and particularly those who have no contact with micros or people who use them - view hacking purely as a criminal activity, thinking that a hacker enters a computer's system only for personal gain. Computer users, on the other hand, are more tolerant.

A set of moral standards seems to have grown up around hacking, with those who indulge obeying certain unwritten rules. Those include the understanding that one does not hack for personal gain, but merely for the excitement of getting into a system which isn't secure enough to keep you out. Another is the understanding that hacking shouldn't be malicious, and that hackers should not delete or change data.

These rules act as a gentleman's agreement between hackers whose image is far removed from that painted by the police.

The law surrounding hacking is vague. Two men were arrested in March last year, in connection with the long-running problems at Prestel involving hackers, and charged with forgery.

The use of the Forgery and Counterfeiting Act of 1981 against the pair came as a shock to the hacking community, one of whom commented at the time: "Theft of electricity would have been a more appropriate charge. In the USA, hackers have been charged with theft of computer time and trespass, but nothing like this." The case has yet to come to trial.

Since no ruling on hacking has yet reached the statute book, it is hard for hackers to know where they stand. What are they allowed to do? We asked Scotland Yard.

Spokesman Nick Jordan says: "We have a problem with this sort of query as we have one man who is an expert in hacking and he has a list of queries the length of his arm. He is a detective inspector in the fraud squad and all queries go to him."

Maggie Adams, at Scotland Yard, comments: "There is no specific legislation to cover hacking, so it's very much a grey area. The view of the police is that they consider hacking a crime rather than a prank, and if anyone was found to be indulging in it we would charge them with a criminal offence.


"I don't feel
there should be any
law against it.
Hacking wouldn't
exist if companies
designed their
equipment properly
in the first place"

"People would be charged under existing legislation, like forgery or false accounting. We consider hacking very much a crime, as do many other people. We discourage it altogether."

Over in the States, the FBI are not amused at rumours that their organisation is recruiting computer hackers into its ranks, via British newspapers.

Lane Bonner, supervisory special agent at the FBI headquarters' press office in Washington DC, denies it absolutely. "The FBI may have individuals who come in and lecture our training sessions as an instructional aid, and the agents who investigate computer fraud violations must have experience in this area, but we don't hire hackers."

Bonner confirms that in the famous Star Wars hacking case, where several youths allegedly broke into a government system and moved satellites around, the scare was without foundation.

"There were two cases regarding this one in California and the other in Virginia," he explains. "The Department of Defense in Washington DC issued a statement saying that there was no infiltration of government computers in the satellite case."

The hackers concerned apparently accessed a non-classified list of contractors doing business with the US Department of Defense in Washington.

Not surprisingly, big businesses are going to war on hackers, and technology in the security field is moving fast in an attempt to keep up with hacking.

One device recently tested by the FBI is a fingerprint analysis system which reads your fingerprint before allowing you access to the system. Whether this would catch on in the UK is debatable, especially in view of the fuss which erupted when London Transport first introduced photographs on travel cards. It seems we are very fond of our anonymity.

The wave of computer crime which has hit the States might influence the way in which we think of hacking over here. To many people, computer crime and hacking are two different things, while those not familiar with hacking assume that the two are synonymous.

Either way, panic has erupted across the Atlantic at the way financial institutions are reportedly losing millions of dollars a year to computer crime, some of which is ssociated with hacking. Although computer crime is nothing new, it is this sort of activity which gives hacking a bad name.

In the UK, Lloyds Bank is not too fussed about the problem. "No one has ever made a successful attempt at breaking into our system," comments head office spokeswoman Terry Harman. "We have elaborate security so we haven't sustained any losses from hacking."

Asked if Lloyds would consider hiring an ex-hacker in their computer department, the response is negative. "I doubt that we'd go out of our way to employ someone who had a history of breaking into systems," she says. "We'd sooner employ ordinary systems analysts who are used to our system, and who may have helped in its initial development."

Meanwhile, the Ministry of Defence remains silent, refusing to say whether there are many attempts to break into the UK defence system, or whether it would be keen to employ ex-hackers.

Over at the Stock Exchange, spokesman Luke Glass says, "I shouldn't think anyone has broken into our system - it's a rather boring one, anyway, and I shouldn't think anyone would tell you what security measures we take."

Asked if they would employ any ex-hackers he says: "I wouldn't be surprised if we didn't have some already. We have a large technical staff, who are obviously aware of these techniques."

At Prestel, however, the response is a little more tight-upped and more than a little embarrassed. Spokesman Mike Abbot: "I'm not sure what the state of play is at present, but we have tightened up our system, since the Duke of Edinburgh's mailbox was hacked into 18 months ago." Quite!

So what do the hackers themselves have to say?

One 23 year old ex-hacker, who used to work for British Telecom, says: "I don't feel there should be any law against it. Hacking wouldn't exist if companies designed their equipment properly in the first place.

"Leaving people's files unprotected is dangerous, and systems shouldn't be so vulnerable, but I think companies are getting more efficient at protecting data.

"You need patience, logic and background knowledge in order to hack, but in the end there is no reward and it isn't really worth it. It's just a curiosity pastime, rather like doing a jigsaw puzzle."

Unemployed Chris Stevenson, 22, has been hacking for two years. "You know your brain should be able to beat the computer and you are trying to prove that it can. There are lots of bulletin boards around which publish lists of phone numbers which help you hack into certain systems, and there are specialist hackers' bulletin boards around giving advice on this subject, or lists of phone numbers both here and abroad."

Like other hackers, Stevenson feels there is no harm in hacking as long as no damage is done and no data altered. "As long as information is gathered and not passed on, it's no different to hearing someone's conversation in the supermarket. If someone is bending over the freezer talking in Hungarian and you hear it, it's perfectly legal to translate it.

"It's the same with hacking - you are translating data into readable code."


"You have to put
two and two together
to get into a system;
It's like being a
detective. You may
have to wait months
for the information
that you need"

Stevenson believes that after gathering phone numbers of computer systems from bulletin boards, many hackers then collect information on how the systems work.

"You have to put two and two together to get into a system; it's like being a detective. You may wait months for the information that you need.

"You'll need the phone number first, and then you'll need to know someone's name and guess their password, or you guess both, or you know both. It varies in each case, but what you basically need is a password, name and phone number."

Stevenson adds that there is no mystery to hacking. "You just need persistence, lots of computer literate friends, and the capacity to cope with a big phone bill - �200 a quarter, minimum, and often much more.

"You don't have to be clever to hack - any dumb dumb can do it, which makes it even more dangerous. You just need to enjoy the challenge."

James Fairfax, a 16-year-old schoolboy from west London, agrees. "The most common reason for hacking is to see if you can crack it," he says. "It's amazing how simple some passwords are. You just get the phone number from a friend and then experiment with names and password numbers."

However, Fairfax says companies are really wising up. "These days, you might need four passwords to enter a system on four different levels. It's only at the fourth level, for instance, that you could change or delete information, but I don't agree with doing that anyway."

He is pensive about the views of the police. "They're right if someone was to hack into criminal records or the police national computer, that would be an offence, but hacking into the Open University to see what courses they do, I don't feel is in the same category."

The message seems to be that although the law is unclear, police action is anything but. That said, there is still a proliferation of books about hacking including The Hacker's Handbook by the mysterious Hugo Cornwall, and Out of the Inner Circle by Bill Landreth.

The law is lagging far behind the quick changes in technology, leaving g huge gaps on the statute book. Just as software copyright law took literally years to establish. the law on hacking seems to be taking the same slow track. Only time will tell - stand back and watch!



Letters Issue 48 Contents Winter Games

Sinclair User
March 1986