A Hacker Survey (August, 1987) ------------------------------ At times like these, people begin asking philosophical questions. What is right and what isn't? We thought that would be a good subject to ponder for the hackers of the world and this is what we've managed to come up with so far. Feel free to write in with your own comments, whether you're a hacker or not. The one thing that most of the hackers we spoke with seem to agree upon is that stealing merchandise with credit card numbers is wrong. Many went on to say that this does not comprise hacking at all. In other words, any moron can get a credit card number and many do. Why are such people categorized as computer hackers? Probably because some of them use computers to get credit card numbers, said a few. Others believe it's because the public and the media don't understand how anything involving credit card fraud can be accomplished without the help of a computer. It's quite possible to commit credit card fraud simply by picking a credit slip out of the garbage or by standing around an ATM machine until somebody discards a receipt that has their Visa number on it. Since many credit checks don't verify the person's name or the card s expiration date, it's become extraordinarily easy. Which is another reason many hackers dislike it. What should happen to such people? Many hackers believed they should be dealt with severely, although prison terms weren't mentioned. Almost all believe they should pay back whatever it was they stole. How about long-distance fraud? Reactions to this were mixed. Some feel that ripping off long-distance companies is exactly like credit card fraud. Others believe it's a few steps above it, particularly if a hacker uses ingenuity and common sense to avoid being caught. A few questioned whether or not there was actually any loss of money to the company involved, particularly the big ones, "Who does AT&T have to pay when they're stuck with a fraudulent phone bill? Do they pay themselves? The smaller companies usually pay AT&T, but who do the bigger companies have to pay? It's not like we'd make a two-hour call across the country if we had to pay for it, so the lost revenue speech is kind of hard to swallow." "It seems to me that the phone lines would still be there whether or not we were on them, the computers would still be running if we weren't on them, either way the cost to the company is almost the same." A few pointed out that the bad publicity surrounding code abuse probably does more harm than the actual phone bills. Some said that toll fraud was a necessary part of computer hacking, but it wasn't a form of hacking in itself. But nearly all we questioned seemed to agree that when caught, the culprit should be made to pay back what they used, as long as they're presented with evidence that they made the calls. What kind of hacking is acceptable in the hacker world? Generally, access to systems that a hacker would never gain access to, regardless of how much he was willing to pay. Systems like the phone company computers, credit checks, census bureaus, and private military systems were mentioned most. "By accessing these, we're learning a lot more than we ever could on Compuserve." "We can uncover lots of secrets, like how easy it is to change somebody s credit or how easy it is to find an unlisted phone number. People would never know these things if it weren't for us." These kind of hackers look upon themselves as "technological Louis and Clarks." What kind of price should a hacker pay if he s caught on a non-public system? A few said a fine of some sort should be imposed. But most seemed to believe that an agreement of some sort could be reached between the various parties, such as the hacker telling the operators how they accessed their system and what bugs were present to allow them to do this. Very few were sympathetic to companies or organizations that allowed hacking to go on for long periods of time. "It's their own fault who else is there to blame? If we didn't get in there, somebody else would have." "Lots of times we tell them about their bugs, and they either ignore us or just fix it without even saying thanks. I think they deserve what they get, honestly." Hackers have a distinct definition of what is good hacking and what is bad hacking. Bad hacking would include actions like crashing a system for no particular reason. "Good hacking is entering a system, creating ambiguous accounts, covering your tracks, defeating the accounting, gaining high access, exploring, learning, and leaving. A bad hacker erases files and reads others' mail."