By Danny Wicentowski
By Lindsay Toler
By Paul Friswold
By Lindsay Toler
By Danny Wicentowski
By Lindsay Toler
By Lindsay Toler
By Lindsay Toler
Prophet passed the purloined telephone data to Phrack editor Craig Neidorf of Chesterfield, then a 20-year-old political-science student at the University of Missouri-Columbia. Neidorf, a.k.a. Knight Lightning, and his buddy Taran King disseminated the sensitive information on electronic bulletin-board systems (BBSs) across the country, including Metal Shop BBS in St. Louis.
In an e-mail message to the Riverfront Times, Robert Holloway, a.k.a. Spuds, recounts what he says happened next: "The Secret Service came to Mizzou and sequestered (Neidorf and Taran King) for questioning. The hard drive that had the BBS on it was given to me and Grim (one of my friends) for safekeeping, because it contained evidence that could have probably ... put them in prison. Over the course of the next few months, strange things kept happening. It was an interesting experience."
Ultimately the feds dropped the charges of wire fraud and interstate transportation of stolen property pending against Neidorf, after it was revealed in his trial that the 911 documents, which BellSouth valued at nearly $80,000, could be purchased by the public in hard-copy form for a mere $13. Operation Sundevil had another unexpected outcome: It spurred the creation of the Electronic Frontier Foundation, a watchdog organization seeking to protect First Amendment rights on the fledgling Internet.
During this time, Spuds -- then a North County high-school student -- co-founded the local branch of 2600, a computer-hacker club devoted to a quarterly magazine of the same name. At 28, Spuds may now be considered the dean of the St. Louis chapter, which continues to hold its monthly meetings in the basement food court of the St. Louis Galleria.
It's a Friday evening, and the December meeting is in full session. The youngest 2600 enthusiast is barely old enough to drive a car; the oldest is the father of teenage children. The 10 of them, nine men and one woman, huddle at a couple of tables in the far corner of the food court, surrounded on two sides by a profusion of pink and red poinsettias. The mirrored walls reflect an otherwise frenetic scene -- harried husbands, dazed moms, squealing kids. In the background, a brass band plays "Joy to the World."
But the conspicuous absence of parcels indicates that the bunch hunkered down in the smoking section didn't come to the mall to go Christmas shopping. Their conversation likewise sets them apart from the rest of the crowd. Arcane talk flows from one technical subject to the next, crossing and recrossing the invisible frontier between reality and science fiction. In the flash of a nerve synapse, the discussion may jump from routers to ports, molecular mutations to genetic programming, neural networks to electromagnetic pulsation, artificial intelligence to the encryption of DNA for espionage purposes.
An older guy, clad in a karate sweatshirt and sporting a flattop, boasts of having his entire house wired for T-1 access. As he jabbers, his hands move quickly, as if he's talking in sign language. He is an Air Force lifer, down from Iowa to attend reserve meetings over the weekend at Scott Air Force Base. Since retiring from active military service, Flattop has gone to work for a computer-security firm. He claims that he received an invitation to the White House to attend an anti-virus summit meeting organized by the National Security Council. A teenager seated next to him nods his head in admiration, his face half-eclipsed by the long, curved bill of a baseball cap.
Other young men in attendance aren't so impressed by Flattop's braggadocio. They are softly talking among themselves, casting wary glances in his direction. Two of them are high-school students; the other says he is a freshman in college. Freshman sarcastically remarks that he doesn't believe most of what Flattop says and tries to ignore the rest. The kibitzing then turns to the filters used by high schools to censor the Internet. The students complain that the devices block Web sites that express opinions on just about any issue, from guns to abortion rights.
Spuds sits Buddha-like, listening calmly as Flattop raves on about the computer lab he installed in his basement. An occasional puckish grin creeps across Spud's face. He wears a frayed white T-shirt and sandals, sips from a giant soft-drink cup. His girlfriend occasionally cradles her head on his shoulder. During the course of the evening, younger members gravitate toward his end of the table, seeking counsel.
So goes another meeting of the local chapter of 2600. The periodical, which began publishing out of New York in 1984, takes its title from the frequency that phone "phreaks" once used to place free long-distance calls. Phone phreaks are seen as the progenitors of today's hackers, who by now have a lengthy history of their own.
Long before the dot-coms invaded the World Wide Web, even before the Internet acquired its current name, Spuds had begun navigating cyberspace. In 1979, at age 7, he disassembled his first IBM PC and then put it back together -- much to the relief of his panic-stricken grandparents. It wasn't long before he discovered how to dial up electronic bulletin boards and communicate with other explorers. Over the years, his computer skills have taken him places online that he is reluctant to divulge. He blames past transgressions on youthful indiscretion and a misplaced sense of power. Spuds now holds down a legit job as a computer engineer for an Internet-service provider in the region. He has been promoted twice in less than a year, receiving a hefty raise. Not surprisingly, his recent career successes have tempered his views. Spuds now regards malicious hackers -- those who deface Web sites and spread computer viruses -- with total disdain. He labels such acts déclassé.
"I would never sic a virus on somebody else," he says. "It's like blowing up somebody's house. Destruction is stupid. It's an inelegant way of going about something. Spreading viruses is like getting drunk on Boone's Farm Strawberry [a cheap wine]. If you're going to do something, than do it right, be classy about it. To deface someone's Web site is not classy at all." Spuds expresses similar opinions toward other forms of electronic vandalism. Many hackers should be credited with pointing out weaknesses in networks instead of being condemned for discovering them, he says.
One of the most common hacker stunts is overloading a Web site with requests. In such "denial of service" attacks, hackers unleash programs that enlist the support of innocent third-party computers -- called "zombies" -- who then are directed to simultaneously log onto the same Internet site. When sites are "pinged" in this manner, they crash or slow to a glacial pace. Because denial-of-service programs can be downloaded readily from numerous hacker Web sites, it's relatively simple for inexperienced hackers, or "script kiddies," to disable an Internet location with a few keystrokes.
Malicious hackers who dabble in these nefarious deeds are known as "black hats." Their exploits are the stuff of legend, ranging from reports of widespread electronic credit-card fraud to linking the CIA's home page to a porn site. The Pentagon alone estimates that hackers assault its computer network about 250,000 times a year. A 30-second public-service spot that aired during the Super Bowl a couple of years ago showed two Russian nuclear-missile crewmen questioning the credibility of a launch order. Uncertain as to whether the instructions were the work of a hacker, they decided to push the button anyway.
Spuds contends that such sensational portrayals are misleading. Rather than being a part of a unified horde of anarchists, nihilists and Luddites, most hackers are individuals who "have a good reason why they do the things they do -- and it's not an illegal reason." They are driven not by inherent evil, says Spuds, but a desire to understand how something works: "If you never open the hood of your car, you don't know where the dipstick is. It's not a magic trick. There are people out there who can get into anything, given enough time. But it's got to be worth their while." Sought-after information must be vitally important, or the hack itself must be sufficiently difficult to challenge the hacker's skills, to garner serious attention. "I know that I could stop all your e-mail from flowing to you forever. Why don't I do it?" asks Spuds. He answers one rhetorical question with another: "What's the point?"
The origins of hacking stem from research conducted at the Massachusetts Institute of Technology in the early 1960s, when scientists at the school's artificial-intelligence lab began pushing computer programs beyond what they were supposed to do. Hackers were then considered the test pilots of the computer world, esteemed by their colleagues for their ability to quickly and efficiently decipher complex codes and detect glitches. These early whiz kids were responsible for the stereotype of a computer nerd with horn-rimmed glasses, a slide rule and a plastic pocket protector full of pens. By the early 1970s, the geeky image had been altered a tad by the more rebellious phone phreaks who tapped into Ma Bell. Phreakers included Steven Jobs and Stephen Wozniak, the founders of Apple Computer Inc. The most notorious phreaker, however, was Captain Crunch, who discovered that a give-away whistle from a cereal box could be used to mimic the precise tone needed to make free long-distance calls.
Hacking didn't become inextricably tied to terrorism until a decade ago, when the mainstream press began reporting on Operation Sundevil. The bust involved 28 search warrants in 14 cities that netted the seizure of 23,000 floppy disks and about 40 computer systems. The younger hackers at the 2600 meeting aren't aware of the bust, even though important elements of the saga took place in St. Louis and at the University of Missouri-Columbia, but Spuds' memory of those days has influenced his worldview.
The rear of his Ford Focus is covered with bumper stickers supporting 2600's latest free-speech battle. In January, the Motion Picture Association of America sued Eric Corley, the magazine's publisher, for posting a source code on the 2600 Web site (www.2600.com) that allows DVD video disks to be played on Linux operating systems. The computer program that descrambles the DVD encryption code was devised by Jon Johansen, a 16-year-old hacker from Norway. The motion-picture industry is concerned that mass dissemination of the software on the Internet will lead to widespread pirating of movies in the same manner Napster has led to the wholesale pirating of music.
Corley has long cast himself as a combatant on the frontlines of cyberspace. He uses the pen name Emmanuel Goldstein, after the shadowy figure who opposed the totalitarian rule of Big Brother in George Orwell's novel 1984. In this case, he has some powerful allies, including the Electronic Frontier Foundation, the New York Times and legal scholars from the country's top law schools. Nevertheless, in September, Judge Lewis Kaplan of the U.S. District Court for the Southern District of New York ruled in Hollywood's favor. The case in now on appeal.
"Just because hackers can do something doesn't mean that they do," says Spuds. Xerox machines and VHS video recorders both allow users to infringe on copyrights, but they haven't been outlawed, he adds. In Spud's opinion, a software program is comparable to a work of art: "It's like a person who goes out and paints on a canvas. You can say, "That's a bad code' or "That's a good code,' but it's all expression. I absolutely believe that it should be protected under the First Amendment." As it stands, computers loaded with Microsoft Windows or Apple Macintosh operating systems are the only ones capable of playing DVDs. Linux-driven machines are excluded. "That's wrong," says Spuds. "They don't give us the freedom of choice that we want."
In July, Spuds attended the HOPE (Hackers on Planet Earth) 2000 conference in New York City, which was sponsored by 2600. Hackers from around the world gathered at the Hotel Pennsylvania in Manhattan to hear Jello Biafra give the keynote speech. The former singer for the punk-rock group the Dead Kennedys is now a self-proclaimed media critic and opponent of censorship. Panel discussions at the conference included such topics as "Selling Out: The Pros and Cons of Working for the Man" and "Hacktivism: Terrorism or the New Hope."
Activist hackers, or "hacktivists," as they are called, are becoming an increasingly larger presence on the World Wide Web. Last year, 2600 estimates, more than 350 high-profile Web sites were hacked. Thousands of other hacks are never reported, making it impossible to gauge the total volume. Just how many hacks are politically motivated is uncertain as well. But it's clear that politics is playing a larger role. Online political activism gained prominence in 1994, when Zapatista backers formed an online support network to help spread information about the plight of the rebels in the southern Mexican state of Chiapas. In 1996, hackers rewrote the CIA's Web page to read "Central Stupidity Agency," then linked it to porn sites. In Romania, opponents of former leftist President Ion Iliescu earlier this year linked a site favorable to him to the FBI's Most Wanted list. Moreover, the continuing conflict in the Middle East has provoked a cyberwar, with pro-Israeli and pro-Palestinian hackers defacing Web sites in an effort to distribute propaganda.
Two of the oldest and most notorious groups still "hacktive" are Germany's Chaos Computer Club and the Cult of the Dead Cow in the United States. The Chaos Computer Club's exploits date back to 1987, when the group broke into NASA's computer, revealing the inherent weaknesses in the space agency's security system. Andy Mueller-Maguhn, the 29-year-old radical leader of Chaos, was recently elected to an indefinite term as the European representative on the board of the Internet Corporation for Assigned Names and Numbers. The nonprofit organization, which was set up by the United States in 1998, has the influential duty of assigning domain names on the Internet.
In the United States, the Cult of the Dead Cow has been around since 1984. Its ranks are filled with members who use online handles such as Dildog, Oxblood Ruffin, Nightstalker, Tweedy Fish and Death Veggie. The group's latest mission is to break through the electronic firewall that the communist Chinese government has installed to shield its population from Western culture.
Each summer, members of the Cult of the Dead Cow and thousands of other elite hackers converge on Las Vegas for the annual three-day Def Con conference, the world's numero uno hacker convention. Def Con also draws an assortment of Defense Department and CIA officials and private security spooks, who are there to both spy on the proceedings and recruit new employees. Law-enforcement and espionage agents are so prevalent at Def Con that the convention's organizers hold a "Spot the Fed" contest. The feds gravitate to such hacker conclaves out of respect and fear, because they know that the people who attend these meetings have the power to seriously upset Internet business.
"Once you attend one of these conferences, your name is on a list," says Spuds. "You've got an FBI file; you got to know that from the beginning. I would find it hard to believe that attending 2600 meetings for 10 years straight wouldn't get you on a list somewhere." Whenever Spuds speaks to a fed at a conference, he says, he is careful to preface whatever technical advice he provides with the word "theoretically."
One of the means by which Spuds can theoretically "own" someone else's Web site is called "blackholing." To demonstrate this technique, he logs onto the Internet, and, with a few keystrokes, hijacks all traffic destined for a government intelligence agency's Web site to his own Web site (www.wearehope.com).
"It takes a while for this stuff to propagate all over the Net," he says. "Everybody who is trying to find the [government] Web site is going to my Web site. If I let this go on for a few hours or so, every computer in the world would be going to my Web site instead. This is highly illegal, as far as the government is concerned, so I'm going to change it back."
Not changing it back would be déclassé.