An exploration into the quasiunderworld of computerdom
ERIK LACITIS
Seattle Times staff columnist
Around 1986, when he was a junior at Bellevue High School, Jeff Moss
was introduced by friends to the world of dumpster diving. Back then,
Moss was known as Jeff Moss, not as the Dark Tangent, today one of
cyber space's best known hackers, that group of people whose passion is
delving into computer systems.
Today's piece is the first of a periodic look at hacker culture, a
world that I've been exploring of late. Our most private records these
days - medical, financial - are stored on a computer disk.
The problem is that in cyberspace, privacy is just another seven letter
word. At their most innocent, hackers simply want to fulfill their
curiosity. At the criminal end, they steal and sabotage.
Well, of course, you could say that it's kind of ironic that the
intense, restless Dark Tangent resides in Seattle.
Puget Sound is the headquarters of Microsoft and Bill Gates, the
corporation and the intense, restless man who seem to be featured on
every other cover of Fortune magazine. They are rich and powerful.
Moss, 27, isn't rich - he is, as a matter of fact, struggling to make
ends meet and looking for a job that has something to do with
computers - but he does wield a certain amount of power.
The weekend of July 11 in Las Vegas, Moss will be staging Def Con
V, the most publicized of hacker conferences. He openly invites law
enforcement types to mingle with an audience that has been half
jokingly said to include many people under indictment. On stage at Def
Con, the wiry Moss will be moving the show along.
It makes for interesting interaction, with the law enforcement types
getting "I am the Fed" T-shirts and those who point them out getting "I
spotted the Fed" T-shirts.
Def Con comes from the Army term for "defense readiness condition." In
the hacker world, you choose names because they sound cool, like "Dark
Tangent," for example. Moss remembered a science fiction comic book he
had liked in junior high, although it actually was called "D'Arc
Tangent."
Moss represents the more innocent side of hacking, the one in which as
a kid he discovered the world of dumpster diving. Moss and some other
computer type students would drive to the headquarters of Egghead
Software or maybe a Microsoft production facility.
It wasn't hard to sneak around the outside security cameras, Moss
said, and then crawl into a trash bin.
"You'd root around the Happy Meals, and it could be very lucrative.
You could find all types of toys," he said. Back then, floppy disks
were expensive, and the students would find piles of them thrown out
when Microsoft was upgrading a product.
One of his buddies, Moss said, collected 15,000 to 20,000 disks.
Sometimes the kids would find coprocessors that had been thrown out
because the connecting pins were bent. Moss unbent them and had usable
equipment.
The son of a professor in medicine, Moss was using a computer by the
sixth grade. His family lived in Piedmont, the affluent California
enclave next to Oakland. At that time, in the early 1980s, before the
Internet revolution had taken place, electronic bulletin boards were
the rage.
"It introduced me to an online community that shared information that
was not mainstream," he said. "They might be talking about growing
pot, or where people could get free cable TV descramblers."
In 1984 his family moved here, and at the welcoming party for his dad,
Moss ran into another computer kid, who just happened to have a spare
300 baud acoustic coupler. That's laughable technology by today's
standards, in which computer power and speed quickly double and
quadruple. But it was enough for Moss to start logging on to Seattle
bulletin boards.
By his senior year in high school, Dark Tangent had appeared in cyber
space, and Moss was running his own bulletin board, Dark Tangent
System. By then, Moss had taken computer classes at the University of
Washington and was writing programs and doing stuff.
Stuff.
"Yeah, we used to do 'stuff,'" he remembered. Moss doesn't really
like to talk much about the stuff he did with computers. "Back then,
there was no law against you doing this stuff. Now, there are
mandatory sentencing guidelines," he said.
He doesn't do "stuff" anymore, he said. Why bother? He has his own Web
site (http://www.defcon.org) and he has friends who have computer
networks. He can play around all he wants in cyberspace without
breaking a law.
Thrill is getting information
In researching this story, though, I did talk with younger hackers for
whom the thrill still is in surreptitiously getting information.
I located them by using an Internet search engine that isolated
postings that somehow mentioned Seattle on newsgroups such
alt.hacker, alt.cyberspace.rebels, and alt.cyberpunk.tech.
One such hacker was a University of Washington student. Since I
started this story on the theme of irony, it's interesting to note his
major: criminal justice. At least he'll know what to do if he ever
gets in trouble, the hacker said.
He showed me some of his toys, such as the Tranz 380 credit card read
out slide machine whose code he's trying to break. But, mostly, this
hacker had branched out into phone "phreaking" - the cell phone that
is programmed to use somebody else's account the Radio Shack Pocket
Tone Dialer that in 1993 earned him a few hundred bucks.
The tone dialer actually was sold to store phone numbers. You simply
held the apparatus against the mouth piece of a phone and pressed the
appropriate memory button.
Hackers figured out that by replacing a crystal in the dialer they
could change the tones. In pay phones, it used to be that dropping,
say, a quarter, caused a specific tone to be emitted. The crystals
mimicked those tones. Free phone calls!
The 22 year old said he approached foreign students at the UW. and told
them that for $10 they could phone relatives back home and talk as
long as they wanted.
"Word got around to look for me in front of the HUB (the student union
building), the guy who always wears the black cap," the hacker said.
(Phone companies have since made a change so the pocket dialers can't
fool newer style pay phones.)
I asked the hacker if he had any, you know, moral misgivings.
"I don't target individuals. It's corporations," he said. "To me, it's
kind of payback against the big companies that rip people off. I see
my parents working hard, and they skill come up a little short because
the big companies are always raising their rates."
Sometimes high school hackers are caught and prosecuted. But, in truth,
law enforcement officials will tell you they have much, much bigger
targets, like the employee stealing company secrets or sabotaging the
computer network.
For many computer users, hackers are a vague but mostly unrealized
threat. But in one federally sponsored survey, six out 10 major
corporations responded that they were bothered in the prior year by
hacker who caused million of dollars in damage.
I suppose illicitness is a matter of degree. The young hackers who go
into the CIA or Department of Defense Web site and alter it so that
suddenly Playboy magazine appears are not quite the same as industrial
spies.
Computers: a way to get around
"If you're a high schooler, maybe you can't afford a car, and so
you're stuck in your house," Moss said, remembering those days in his
life.
"But with a computer you suddenly can be transported to a whole lot of
places, where you're not judged by what kind of cool car you have or
what you look like.
You get respect for knowledge. If you can do something that somebody
else hasn't done, you get bragging rights."
After graduating from Bellevue High in 1988, Moss earned a bachelor of
arts degree at Gonzaga University, then began studying law at the
University of Dayton. Studying law bored him.
"I found myself reading computer journals more than law journals. Law
is the art of what can get done, not what's right," he said. After a
couple of years, Moss dropped out, worked for a company that makes
games then started a Web hosting company.
By then, he had already organized two Def Con conferences. The idea
for the first Def Con began when Moss was talking to another young
hacker who wanted to hold a party thanking people who had belonged to
a computer network he had run. That evolved into a mass posting on the
Internet, announcing Def Con I. Since that first gathering of hackers
in 1993, all the Def Cons have been held in Las Vegas. At least if the
conference was a bust, Moss figured, those attending would have other
memories.
There are other gatherings of hackers, but none with such an open
invitation. Moss decided to invite as speakers everybody from
prosecutors to encryption specialists. The first year, 110 people paid
to attend; the next year it was 350, then 550. Last year, more than
800 hackers paid the $40 fee.
That doesn't earn Moss much money, just enough, he said, to buy more
computer hardware. He has not cashed in on his fame in the computer
world. Other hackers now sell expensive anti-hacking software and anti
hacking seminars to corporations, but Moss hasn't made the marketing
leap.
"What's the saying? If you're in your 20s and sell out, you're a fool.
And if you're in your 30s and don't sell out, you're a fool," Moss
said. He has three more years before hitting that magic Three-O.
I asked Moss if he thought Dark Tangent could have a good conversation
with Bill Gates.
"We'd have a great talk," Moss said. "I'd start talking to him about
the olden days, when the world was like an oyster and he was
unwrapping all this great new technology. I guess we'd talk about how
he missed the Internet thing. I don't think it was a conscious
decision on his part. It was corporate inertia. He was probably
insulated at that point and didn't at first get the significance of
it." his part. It was corporate inertia. He was probably insulated at
that point and didn't at first get the significance of it."
Gates might find irony in Moss' tale of how even Dark Tangent has been
a target of hackers.
"Computer security is like trying to prove the negative. Maybe you've
never been broken into because of excellent security. Or maybe it's
because no one's yet tried," Moss said. "But everybody's vulnerable."
Being hacked by a hacker
Moss said that his email as Dark Tangent is being monitored by a
hacker and that he assumes the email could be tampered with.
Everybody's vulnerable.
Moss and I talked lots more about how everybody's vulnerable in this
new cyberspace world. It goes far beyond doctoring e-mail, and many of
you reading this have stories you could tell. The ways you can contact
me are listed at the end of this story.
You know it's not Dark Tangent we have to worry about. It could be
that real quiet fellow employee who always looks angry about something
and just keeps typing on his computer.
Watch out, if he ever decides to press the "execute" button.
Erik Lacitis' column runs Sunday, Tuesday and Friday. His phone number
is 206.464.2237 His email address is: elacnew@seatimes.com
The Seattle Times
March 9, 1997
_________________________________________________________________
Tips from Jeff Moss, a.k.a. Dark Tangent' on making your computer more
secure.
General
* Apply the latest service patches to your operating system and
programs. For example, on the Microsoft Web site
(http.//www.microsoft.com) you can download service packs to
fix bugs in Windows 95. Periodically check the Web sites and
apply those fixes.
* Have a regular backup schedule in which you back up all critical
data. That way, when your machine explodes, you'll have everything
you need to start a new system.
* Treat email as you would treat a postcard, meaning that can read
it.
* Consider encrypting important data, using the PGP encryption
program that's available free on the Internet (a search of the
term PGP) should lead to a site from which you can download
the
* Each time you download a new program from the Internet, run an
antivirus or macro software program.
Businesses
* Consider "air walling" your corporate network, so that computers
linked to the Internet are not connected to computers linked with
corporate networks.
* Filter Java and ActiveX, the two computer languages that allow Web
sites to remotely execute programs on your Web browser. This
prevents any of your employees from accidentally triggering a
hostile program that is coming in from the Web.
Individuals
* On Windows 95, turn, "print" and "file sharing" to prevent any
chance of remote snooping when you're on the Internet.
* Pay attention to all warning boxes that pop up as you use your
browser. Read them and make an informed decision. Even though you
see those boxes frequently and it's easy to ignore them, sooner or
later the warnings will be about something that will cause damage.
The Seattle Times
March 9, 1997