by Carolyn Meinel
Where did cyberspace come from? What makes it grow? Who keeps it free despite criminals, cutthroat monopolistic corporations, and Big Brother government agencies?
Hackers.
Wait just one minute, you may ask. Aren’t hackers guys like Kevin Mitnick who tap people’s phones, steal people’s private e-mail and download gazillions of credit cards from dotcoms?
Sigh. When reporters descend on someone caught committing computer crime, the culprit parades around exclaiming “I am a f***ing genius, man! I am a hacker!” Reporters, being by nature gullible, buy the story. The result? Us real hackers get a totally undeserved black eye.
Eric Raymond, author of The New Hacker’s Dictionary argues, “Real hackers call these people [computer criminals] ‘crackers’ and want nothing to do with them... being able to break security doesn’t make you a hacker any more than being able to hot wire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end...
“The basic difference is, hackers build things; crackers break them.”
OK, we admit it -- us hackers also know how to break into computers. Big deal. As Raymond points out, hackers do one heck of a lot more than just break into things.
Today, over two-thirds of all web sites run on the Apache webserver. It’s a free, powerful and secure webserver. Where did it come from? You guessed it, hackers.
The second most popular operating system in the world (after the various forms of Windows) is Linux. Many of the world’s top supercomputers get their blinding speed from Linux. Yet it is so easy to install and use that millions of people run it on their home computers. Linux, too, is free. It was created and is constantly improved by a team of hackers led by Linus Torvalds.
When the bad guys hit your computer, who are you gonna call? 911? Chances are your attacker is hitting you from out of state, or from another country. The local police can’t touch them. So do you call the FBI? If they even return your call, they will want to know how much money the bad guys are stealing. Unless you are a giant company with political pull, the FBI will brush you off. How about calling a computer security company? You’d better be rich, because their help will cost hundreds of thousands of dollars.
So where can you get help?
Recently Sydney Urshan complained to me that someone was attacking a web site of mine, techbroker.com, which was hosted at his company Nethollywood.net.
Urshan is a real hacker. He’s invented a router that milks more bandwidth out of a DSL line than you would dream was possible. He’s also written a shareware program to defeat copy protection for Macintosh programs, KeyDisk TERMINATOR. He also has invented a novel optical storage device.
Urshan also had figured out how to make his web hosting service exceptionally secure. However, no one hacker knows how to do everything. Like most people, hackers often work best in teams. So we are always calling on each other to help solve problems.
A few minutes after Urshan and I spoke, Greggory Peck phoned me. “What’s up, Carolyn.” He knows something is always hopping around me.
“Someone is trying to break into my Techbroker web site…” I began.
Peck interrupted. “Let me in on this! I want to play.” Since then Peck, who normally makes an astronomical salary handling computer security for his employer, has been working with Urshan, without pay, to quell the attacker(s) and increase security.
Attacks have been coming in from many different computers, often from Korea, China and other Asian countries. When Peck first saw Chinese computers among the attackers, he phoned me. “Carolyn, I have a moral dilemma. The Chinese government executes computer criminals. Should I report these attacks?”
I wouldn’t want anyone to face a firing squad over this. However, looking over the records of the attacks, we figured out that our assailants were not Chinese. It was one person or gang, based in the US, attacking from many computers that they had taken over.
Once we settled the moral issue, Peck began a campaign of arranging for the attacker(s) to get kicked off every computer they used. The attackers had to run and hide. So far every attack has flopped.
Urshan could have solved his problem by kicking Techbroker.com off of Nethollywood. Instead, he has the satisfaction of being an Internet freedom fighter.
Meanwhile, “I’ve been having a blast!” says Peck.
Another hacker friend, Bruce Meyer, called me when he discovered an intruder on a computer where he works. The simple fix would have been to simply rebuild the victim computer to be sufficiently secure that the intruder would never return. However, the hacker spirit is to learn as much as possible and do the best job possible, not just slide by. So I called a friend and asked him to help analyze the incident. According to Meyer, “This fellow called saying ‘I’m a friend of Carolyn’s. Don’t tell anyone I ever helped you.’”
First, this Lone Ranger type tracked down who the attacker was. What he did to the culprit, well, no one is telling. Hacker justice, hmmm… Then he and Meyer worked together to beef up security.
By now even your home computer may have been hit by computer crime. Just what you need -- some brat displaying dirty pictures on your desktop and deleting files. As Bruce Meyer says, “It’s war out there. It’s like people who knock out car windows. It’s all the same mentality.”
Giant corporations are hoping to make lots of money by selling you products to hold off these cyberbarbarians. If you can’t or don’t want to afford their firewalls and intrusion detection systems, what do you do? Hackers come to the rescue! Check out http://happyhacker.org/defend/ for reviews and links of the latest free firewalls.
Home firewalls can be great entertainment. Since Peck started beating up the bad guys on the cyberspace frontier, the baddies have tried to get even by attacking his home computer. Peck used to play EverQuest a lot. However, nowadays he gets thrills by watching his home firewall for incoming attacks. “Netbus attack? Sheesh. You lamer, what’s next?” Then he runs his diagnostic tools against his latest attacker, just to snicker over how pitiful the attacker’s computer is, and gloat over how easy it would be to show them what it feels like to be on the receiving end. (Peck swears he doesn’t break into his attackers’ computers.) He caps the evening’s jollity by getting the Internet access provider for each attacker to pull the plug.
This is hacker justice. We don’t protect you by putting the bad guys behind bars. We simply wait for them to be stupid enough to attack us, and then pull the plug on their Internet access. Sure, the baddies can always get another Internet Service Provider. And if they use that one to attack us, we’ll get that one to pull the plug, too. We want to force the cyberbaddies to get so desperate that their only hope is to attack us from a terminal at the local library. Or, they can leave us alone, and we’ll leave them alone.
What about spam (unsolicited e-mail)? Yes, it’s a pain to have to delete all those unwanted emails. It could be much worse, however. Greedy advertisers first discovered the potential of e-mail in 1995. E-mail is much cheaper than regular mail. As a result, soon spammers discovered dirty tricks to harvest or guess the addresses of tens of millions of people, and ways to pump out junk mail even cheaper by taking over other peoples’ e-mail servers. (An e-mail server gathers e-mail produced on peoples’ desktop computers and sends them to their destinations.)
By 1996 the volume of junk mail was threatening to bog down the entire Internet. Because junk e-mail is almost free to send, it looked like we would soon reach the day when the average person would have to sift through thousands of e-mails each day just to find legitimate messages. Politicians struggled to think up ways to outlaw spam and put them out of business. Hah. Lots of luck.
Who came to the rescue? First the computer criminal element tried to stop spam by breaking into and damaging any computer used to send spam. This didn’t do much good. Usually the person or company that owned the mail server computer didn’t know it was being used for spam. Back then only experts knew how to keep spammers from using their mail servers. Meanwhile, spammers would just take over yet another mail server.
In October 1997, the president of Rt66 Internet (rt66.com), John Mocho, decided it was time to show the world how to prevent spam. He altered his Sendmail server to make junk e-mail disappear without a trace. That way spammers would think they were sending out millions of emails, but unknown to them it all went to byte heaven. Then Mocho went to work to persuade the Sendmail developers to make this a standard feature.
Sendmail is yet another free hacker product. Its developers agreed with Mocho and revamped Sendmail to make it automatically refuse spam, and have the option of making it disappear without a trace. Soon the commercial e-mail server companies also added spam blocking as a default setting.
If you get junk e-mail today, blame it on people who are using ancient mail servers. Meanwhile, hacker volunteers are tracking down the owners of those few remaining computers that spammers use and making sure they install spam-blocking servers.
Recently Meyer had to do battle with a spammer. Even though in theory it now looks easy to keep spammers from taking over Internet mail servers, Meyer found that they are getting way too good at finding ways to evade spam protections. However, hackers have come to the rescue by creating tools to analyze mail servers for the flaws that enable spammers to take them over. Meyer recommends the Spamcop reporting tool http://spamcop.net/ and Open Relay testing tool http://www.abuse.net/relay.html.
“We’re going to win the war,” says Meyer. “I daresay that the cracker problem has heightened our security consciousness tremendously in the past few years. If my server had never been cracked, and my mail server had never been used as an open relay to launch a global mass mailing that weekend, my servers would still be as wide open as they ever were. Since that happened I have spent far in excess of 1,000 hours single-handedly upgrading servers.”
Now let’s talk about the most serious computer-related crime today. The Internet has made it much easier for kiddie pornographers to peddle their wares. With this growing money incentive, it is likely that an increasing number of children are being raped, tortured and killed to satisfy consumers’ desires. To track a digital image back to a crime scene, to put the criminals behind bars and rescue their victims is beyond the talents of most people in law enforcement. Who comes to the rescue? Hackers!
Today they and other hacker teams are working with US and international law enforcement to rescue the victims of kiddie porn factories. They have participated in summit meetings with the FBI and other citizens’ groups in Myrtle Beach, South Carolina, and in Charlotte, North Carolina. Some hackers, such as Michael Vaughan of Predator-hunter.com, provide free training for law enforcement people in how to track commercial child-abuse rings.
It’s still early in the war against commercial child abuse. However, history tells us that once again, hackers are going to make the difference.
Now, let’s talk about the biggest threat on the planet: giant, snoopy governments. Who is going to protect our privacy from the guys with search warrants? You guessed right, hackers.
Today the most powerful privacy technique is encryption: the scrambling of information so that only the intended recipient can view it. The United States and most other govenments have tried to regulate encryption so that we can only use encryption that governments can defeat.
In 1991 Phil Zimmerman released a free encryption program he wrote, Pretty Good Privacy (PGP). Because it was good enough to foil government investigators, the US federal government prosecuted him under the International Trade in Arms Regulations. (Yes, the feds consider encryption to be a weapon). Tens of thousands of hackers came to the rescue, defying threats of arrest by providing download sites for PGP. In early 1996 the federal government bowed to this unprecedented protest and dropped the case.
Skeptics say this may have been simply because the feds figured out how to crack PGP. Let’s face it, encryption is an arms race. The government side has tons of money to throw at it. However, today many hacker cryptographers continue to work on new, more powerful encryption schemes, and make their programs freely available.
If enough of us keep at it, the cyberspace frontier will always be the place to be. Viva hackers!
Your Friend, The Computer Hacker
One should never put on one’s best trousers to go out to battle for freedom and truth. -- Henrik Ibsen.
Carolyn Meinel is the author of The Happy Hacker and Überhacker.
Loompanics Unlimited 2001 Main Catalog