An exploration into the quasiunderworld of computerdom ERIK LACITIS Seattle Times staff columnist Around 1986, when he was a junior at Bellevue High School, Jeff Moss was introduced by friends to the world of dumpster diving. Back then, Moss was known as Jeff Moss, not as the Dark Tangent, today one of cyber space's best known hackers, that group of people whose passion is delving into computer systems. Today's piece is the first of a periodic look at hacker culture, a world that I've been exploring of late. Our most private records these days - medical, financial - are stored on a computer disk. The problem is that in cyberspace, privacy is just another seven letter word. At their most innocent, hackers simply want to fulfill their curiosity. At the criminal end, they steal and sabotage. Well, of course, you could say that it's kind of ironic that the intense, restless Dark Tangent resides in Seattle. Puget Sound is the headquarters of Microsoft and Bill Gates, the corporation and the intense, restless man who seem to be featured on every other cover of Fortune magazine. They are rich and powerful. Moss, 27, isn't rich - he is, as a matter of fact, struggling to make ends meet and looking for a job that has something to do with computers - but he does wield a certain amount of power. The weekend of July 11 in Las Vegas, Moss will be staging Def Con V, the most publicized of hacker conferences. He openly invites law enforcement types to mingle with an audience that has been half jokingly said to include many people under indictment. On stage at Def Con, the wiry Moss will be moving the show along. It makes for interesting interaction, with the law enforcement types getting "I am the Fed" T-shirts and those who point them out getting "I spotted the Fed" T-shirts. Def Con comes from the Army term for "defense readiness condition." In the hacker world, you choose names because they sound cool, like "Dark Tangent," for example. Moss remembered a science fiction comic book he had liked in junior high, although it actually was called "D'Arc Tangent." Moss represents the more innocent side of hacking, the one in which as a kid he discovered the world of dumpster diving. Moss and some other computer type students would drive to the headquarters of Egghead Software or maybe a Microsoft production facility. It wasn't hard to sneak around the outside security cameras, Moss said, and then crawl into a trash bin. "You'd root around the Happy Meals, and it could be very lucrative. You could find all types of toys," he said. Back then, floppy disks were expensive, and the students would find piles of them thrown out when Microsoft was upgrading a product. One of his buddies, Moss said, collected 15,000 to 20,000 disks. Sometimes the kids would find coprocessors that had been thrown out because the connecting pins were bent. Moss unbent them and had usable equipment. The son of a professor in medicine, Moss was using a computer by the sixth grade. His family lived in Piedmont, the affluent California enclave next to Oakland. At that time, in the early 1980s, before the Internet revolution had taken place, electronic bulletin boards were the rage. "It introduced me to an online community that shared information that was not mainstream," he said. "They might be talking about growing pot, or where people could get free cable TV descramblers." In 1984 his family moved here, and at the welcoming party for his dad, Moss ran into another computer kid, who just happened to have a spare 300 baud acoustic coupler. That's laughable technology by today's standards, in which computer power and speed quickly double and quadruple. But it was enough for Moss to start logging on to Seattle bulletin boards. By his senior year in high school, Dark Tangent had appeared in cyber space, and Moss was running his own bulletin board, Dark Tangent System. By then, Moss had taken computer classes at the University of Washington and was writing programs and doing stuff. Stuff. "Yeah, we used to do 'stuff,'" he remembered. Moss doesn't really like to talk much about the stuff he did with computers. "Back then, there was no law against you doing this stuff. Now, there are mandatory sentencing guidelines," he said. He doesn't do "stuff" anymore, he said. Why bother? He has his own Web site (http://www.defcon.org) and he has friends who have computer networks. He can play around all he wants in cyberspace without breaking a law. Thrill is getting information In researching this story, though, I did talk with younger hackers for whom the thrill still is in surreptitiously getting information. I located them by using an Internet search engine that isolated postings that somehow mentioned Seattle on newsgroups such alt.hacker, alt.cyberspace.rebels, and alt.cyberpunk.tech. One such hacker was a University of Washington student. Since I started this story on the theme of irony, it's interesting to note his major: criminal justice. At least he'll know what to do if he ever gets in trouble, the hacker said. He showed me some of his toys, such as the Tranz 380 credit card read out slide machine whose code he's trying to break. But, mostly, this hacker had branched out into phone "phreaking" - the cell phone that is programmed to use somebody else's account the Radio Shack Pocket Tone Dialer that in 1993 earned him a few hundred bucks. The tone dialer actually was sold to store phone numbers. You simply held the apparatus against the mouth piece of a phone and pressed the appropriate memory button. Hackers figured out that by replacing a crystal in the dialer they could change the tones. In pay phones, it used to be that dropping, say, a quarter, caused a specific tone to be emitted. The crystals mimicked those tones. Free phone calls! The 22 year old said he approached foreign students at the UW. and told them that for $10 they could phone relatives back home and talk as long as they wanted. "Word got around to look for me in front of the HUB (the student union building), the guy who always wears the black cap," the hacker said. (Phone companies have since made a change so the pocket dialers can't fool newer style pay phones.) I asked the hacker if he had any, you know, moral misgivings. "I don't target individuals. It's corporations," he said. "To me, it's kind of payback against the big companies that rip people off. I see my parents working hard, and they skill come up a little short because the big companies are always raising their rates." Sometimes high school hackers are caught and prosecuted. But, in truth, law enforcement officials will tell you they have much, much bigger targets, like the employee stealing company secrets or sabotaging the computer network. For many computer users, hackers are a vague but mostly unrealized threat. But in one federally sponsored survey, six out 10 major corporations responded that they were bothered in the prior year by hacker who caused million of dollars in damage. I suppose illicitness is a matter of degree. The young hackers who go into the CIA or Department of Defense Web site and alter it so that suddenly Playboy magazine appears are not quite the same as industrial spies. Computers: a way to get around "If you're a high schooler, maybe you can't afford a car, and so you're stuck in your house," Moss said, remembering those days in his life. "But with a computer you suddenly can be transported to a whole lot of places, where you're not judged by what kind of cool car you have or what you look like. You get respect for knowledge. If you can do something that somebody else hasn't done, you get bragging rights." After graduating from Bellevue High in 1988, Moss earned a bachelor of arts degree at Gonzaga University, then began studying law at the University of Dayton. Studying law bored him. "I found myself reading computer journals more than law journals. Law is the art of what can get done, not what's right," he said. After a couple of years, Moss dropped out, worked for a company that makes games then started a Web hosting company. By then, he had already organized two Def Con conferences. The idea for the first Def Con began when Moss was talking to another young hacker who wanted to hold a party thanking people who had belonged to a computer network he had run. That evolved into a mass posting on the Internet, announcing Def Con I. Since that first gathering of hackers in 1993, all the Def Cons have been held in Las Vegas. At least if the conference was a bust, Moss figured, those attending would have other memories. There are other gatherings of hackers, but none with such an open invitation. Moss decided to invite as speakers everybody from prosecutors to encryption specialists. The first year, 110 people paid to attend; the next year it was 350, then 550. Last year, more than 800 hackers paid the $40 fee. That doesn't earn Moss much money, just enough, he said, to buy more computer hardware. He has not cashed in on his fame in the computer world. Other hackers now sell expensive anti-hacking software and anti hacking seminars to corporations, but Moss hasn't made the marketing leap. "What's the saying? If you're in your 20s and sell out, you're a fool. And if you're in your 30s and don't sell out, you're a fool," Moss said. He has three more years before hitting that magic Three-O. I asked Moss if he thought Dark Tangent could have a good conversation with Bill Gates. "We'd have a great talk," Moss said. "I'd start talking to him about the olden days, when the world was like an oyster and he was unwrapping all this great new technology. I guess we'd talk about how he missed the Internet thing. I don't think it was a conscious decision on his part. It was corporate inertia. He was probably insulated at that point and didn't at first get the significance of it." his part. It was corporate inertia. He was probably insulated at that point and didn't at first get the significance of it." Gates might find irony in Moss' tale of how even Dark Tangent has been a target of hackers. "Computer security is like trying to prove the negative. Maybe you've never been broken into because of excellent security. Or maybe it's because no one's yet tried," Moss said. "But everybody's vulnerable." Being hacked by a hacker Moss said that his email as Dark Tangent is being monitored by a hacker and that he assumes the email could be tampered with. Everybody's vulnerable. Moss and I talked lots more about how everybody's vulnerable in this new cyberspace world. It goes far beyond doctoring e-mail, and many of you reading this have stories you could tell. The ways you can contact me are listed at the end of this story. You know it's not Dark Tangent we have to worry about. It could be that real quiet fellow employee who always looks angry about something and just keeps typing on his computer. Watch out, if he ever decides to press the "execute" button. Erik Lacitis' column runs Sunday, Tuesday and Friday. His phone number is 206.464.2237 His email address is: elacnew@seatimes.com The Seattle Times March 9, 1997 _________________________________________________________________ Tips from Jeff Moss, a.k.a. Dark Tangent' on making your computer more secure. General * Apply the latest service patches to your operating system and programs. For example, on the Microsoft Web site (http.//www.microsoft.com) you can download service packs to fix bugs in Windows 95. Periodically check the Web sites and apply those fixes. * Have a regular backup schedule in which you back up all critical data. That way, when your machine explodes, you'll have everything you need to start a new system. * Treat email as you would treat a postcard, meaning that can read it. * Consider encrypting important data, using the PGP encryption program that's available free on the Internet (a search of the term PGP) should lead to a site from which you can download the * Each time you download a new program from the Internet, run an antivirus or macro software program. Businesses * Consider "air walling" your corporate network, so that computers linked to the Internet are not connected to computers linked with corporate networks. * Filter Java and ActiveX, the two computer languages that allow Web sites to remotely execute programs on your Web browser. This prevents any of your employees from accidentally triggering a hostile program that is coming in from the Web. Individuals * On Windows 95, turn, "print" and "file sharing" to prevent any chance of remote snooping when you're on the Internet. * Pay attention to all warning boxes that pop up as you use your browser. Read them and make an informed decision. Even though you see those boxes frequently and it's easy to ignore them, sooner or later the warnings will be about something that will cause damage. The Seattle Times March 9, 1997