Phreakers, Trashers and Hackers
Jeff Humphrey and Bruce C. Gabrielson, PhD
Security Engineering Services
Chesapeake Beach, MD
Who Are They?
So who is the mysterious foe ... the security hobbyist of the world. Sought after and harassed, deadly to computer systems, networks, and communication services world-wide, admired by some, ignored by all to many, and hunted by a select few. In the paper following I will discuss a number of aspects related to the security of communication and system resources with a focus on the group of people accused of being responsible for a large percentage of UNIX, network based problems on the Internet.
The Computer Security world of the 90's is becoming outlandish in it's connectivity via the services of the Internet. Today, it is possible to own a color UNIX workstation, connected to the internet... with your own network mask and domain name for less than a hundred US dollars per month. With prices falling, high availability of public domain networking software (distributed freely via the internet no less), and rapid growth in the availability, distribution, and communication facilities the Internet offers ... anyone with the motivation can join a community of millions electronically.
Distances are small in the world of network computing. In an instance ... with a glance, a user can connect to your system ... compromise the systems security protections ... download key files from your personal workspace ... and leave a happy message of thanks in your email, all without leaving the sofa in front of the television set at his/her home.
System and network security of today's system too often depends on poorly maintained, unavailable, or even public domain software distributed from unauthenticated sites on the Internet. Lack of effective communication and distribution of security problems by vendors and sites, often leaves millions of systems on the network without recent patches for bugs and other problems. The CERT (Computer Emergency Response Team) has done much to enlighten the internet community of possible and probable problems with popular operating systems and software. The lack of authentication of most email systems can turn even the CERT advisories into a security problem due to possible forging of messages from other sources.
Where will it all end you might ask. The answer ... it won't. How can 1 protect myself? A simple answer ... collect as much information as you can to keep your site secure from bugs, 'disgruntled' employees, and outside intruders. So who are the adversaries?
The world community of pheakers has long plagued telephone systems. Phreaking is defined by the Hacker Jargon File as ...
Phreaking: [from 'phone freak'] n. 1. The art and science of cracking the phone network (so as, for example to make free long-distance calls). 2. By extension, security-cracking in any other context (especially, but not exclusively, on communications networks).
At one time phreaking was a semi-respectable activity among hackers; there was a gentleman's agreement that phreaking as an intellectual game and a form of exploration was OK, but serious theft of services was taboo. There was significant crossover between the hacker community and the hard-core phone phreaks who ran semi-underground networks of their own through such media as the legendary 'TAP newsletter'. This ethos began to break down in the mid-1980s as wider dissemination of the techniques put them in the hands of less responsible phreaks. Around the same time, changes in the phone network made old-style technical ingenuity less effective as a way of hacking it, so phreaking came to depend more on overtly criminal acts such as stealing phone-card numbers. The crimes and punishments of gangs like the '414 group' turned the game very ugly. A few old-time hackers still phreak casually just to keep their hands in, but most these days have hardly even heard of 'blue boxes' or any of the other paraphernalia of the great phreaks of yore.
A trasher is basically a person who searches for information via whatever means needed... which would compromise the security of your site. This activity often includes searching trash ... or refuse ... disposed of from the facility (thus the name). Trashing has always been around, and few admit to do it as a profession. It's normally associated with hackers and phreakers looking for 'codes', passwords, and the like.
Hard-core hackers often talk about trashing ... and seem amazed at what they can find out from the activity. Trashing has shown up in a number of Hollywood movies including the recent, SNEAKERS.
Pirates are generally people who break protections on commercially available software in order to distribute it to a wider audience at no charge. Typically, a pirate will break copy protections, make multiple copies of the software and distribute it to his or her friends on disk, via BBS, or by some other electronic means. In rare cases, the software is broken so that the assembly source can be generated for use of the functionality in otter products.
We all know hackers. A hacker is a person who by virtue of sheer motivation and determination ... seeks to find out everything there is to know about a particular subject. Related to computer systems and networks, hackers are often called 'gurus', 'VAX gods', network hackers, UNIX hackers, [insert any subject] hackers, etc ... and are often the focus of the technical/information based functions of an organization. The term hacker has been misused by everyone - namely the media and particularly the motion picture industry - that it is too often associated with what most hackers would call 'dark-side hackers', 'crackers', recently on usenet 'spiders', etc ... the term hacker has currently taken on a 'tainted' feel.
The network Hacker Jargon File defines a hackers as...
hacker: [originally, someone who makes furniture with an axe] n. 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who perter to learn only the minimal necessary. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating f hack value l. 4. A person who is good at programming quickly. 5. An expert at a particular program, or one who frequently does work using it or on it; as in 'a UNIX hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.) 6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example. 7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence 'password hacker', 'network hacker'. See I cracker}.
The most common hacker word for a malicious meddler, or hacker of computer and network security is 'cracker'. Following is the definition of a cracker from the network Hacker Jargon File ...
cracker: n. One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of I hacker (q.v., sense 8). An earlier attempt to establish 'worm' in this sense around 1981-82 on USENET was largely a failure.
For purposes of this paper, the term 'hacker' will be used to mean a person. who attempts and/or succeeds in breaking through computer and network security measures at a site. The reason is simply because the term has, in general usage, come to mean just that.
Hacker motivations to 'get inside' are many and varied. Most hackers, however, are typically inexperienced professionals, college students, or novices who wish to expand their capabilities - and/or - gain experience. Many hackers pride themselves on their skill and seek not to destroy, but simply to gain access so that the computer or network can be used for later experimentation. Hackers often believe that by exposing a hole or back-door in a computer system, they are actually helping the organization to close the holes ... many feeling that they are actually beneficial to the internet, and a needed resource.
To understand the hacker and his community is to understand the problem. In that vain, I will attempt to 'stereotype' the typical hacker, his influences, his personality, and his basic method of access to computer systems and networks.
Influences of the Media
The media has done much to influence young hackers in their pursuit of excellence. Hackers are regular people ... and are exposed to the same bombardment of television, radio, newspaper, and advertising messages that others are. Add to this, the story telling of the hacker community through publications, social events, etc ... combined with other media such as use-net news, ERC chat sessions, and technical books - papers - and journals ... and the hacker has all the motivation he or she needs to be incorporated into the hacker communities way of thinking.
Television has had its share of hacker controversy. The new wave of afternoon talk shows has increased the visibility of the hacker community recently with Geraldo's "Now It Can Be Told" - "Mad Hackers' Key Party" (Sept 30, 9 1) which allowed viewers to watch hackers in action. Episodes such as this go along way in promoting the hacker community as a 'technical ghtz' event in which all are recognized for their capabilities and/or talents. ne spirit of community is strong ...
Hollywood has helped the hacker community recruit for years ... with such movies as "Wargames", "Sneakers", etc. Recruit of course is a bad choice of words since hackers generally do not go out looking for members ... they are an elite.
Literary sources related to the workings of the hacker community are numerous. Typically, in these times, it's not fashionable to write a science fiction book especially one set in the modem era, which doesn't contain some facet of hacker life. A number of books, numerous games, newsletters, technical reports, and even comic books are directly aimed at the hacker community for their sales and/or distribution.
Books such as "Cyberpunk" and "Necromancer" are directly related to hacker activity, and are great informational, and inspirational sources to young hackers. Role-playing games ... long a fascination of 'thinking' teens have taken a bend toward the hacker community ... and their readership. One of the more recent additions to the genre' is the game "ShadowRun" which is set in a post-modem, gothic atmosphere of high-tech hackers dancing around the global network of systems (The MATRIX). Newly coined phrases from this game are already appearing in popular hacker speak ... including "Chummer", "Matrix", "Decker", etc. Mainstream usage is certain to appear soon ...
Hackers have their own newsletters distributed electronically and in some cases hardcopy. Some popular titles include ...
CDC (Cult Of The Dead Cow)
CPI (Corrupted Programming International)
CUD (Computer Underground Digest)
CDUGD (Computer Down-Under-Ground Digest)
FBI (Freaker's Bureau Inc)
DFP (Digital Free Press)
LOD (Legion Of Doom)
HUN (Hackers Unlimited)
NARC (Nuclear Anarchists/Phreakers/Hackers Digest)
NSA (National Security Anarchists)
PPP (Phucking Phield Phreakers)
UPI (United Phreakers Inc)
and the infamous 2600
Other technical journals exist, as do comic books relating directly to hacking, preaking, pirating, trashing, etc ...
There are a number of legendary figures in hacker history. I will mention only two for reasons of space, but they are numerous and distributed about the world. More information can be had by looking around the internet and watching use-net postings to folklore related groups, and many of the legendary personalities still reside in different areas on the network.
One of the more legendary 'phreaker' personalities ever is the infamous Captain Crunch. Details of his exploits can be found in a number of places on the network, not the least of which is one of the Phreaker bibles called "Phreak.man" (available nearly everywhere). The Captain's claim to fame was a toy surprise ... a whistle ... which was distributed in a popular brand of breakfast cereal named, of course, "Captain Crunch".
Of note to the phreaking community is that much of their ancestry ... those who started and perfected the art of phreaking ... were blind. This fact was recently alluded to in the movie "Sneakers" wherein the phreaker named "Whistler" was also blind, and had perfected a number of magical feats rumored to be possessed by early phreakers. In fact, two questions in one of the 'hacker tests' (kind of an entertainment/hacker competency test) are ...
0057 Have you ever talked into an acoustic modem? 0058 ... Did it answer ?
0059 Can you whistle 300 baud? 0060 ... 1200 baud?
Typical Personality Traits of Hackers
Stereotypically, hackers are an unusual bunch. The have been characterized as highly intelligent, egotistical, logical, quiet, withdrawn, inventive, creative, humorous, elitist, quirky, arrogant, talented, messy, control oriented, etc, etc ... with an image like that, it's no wonder - Hackers often feel like outsiders, or in an organization among themselves. People of a hacker nature are most often 'clicky' in that they socialize together in groups, and get along well with one another. Some have also described the hacker as 'incompletely socialized'.
For those who trust the interpretations of Jung's theories made by Myers Briggs, the hacker has been classified as typically being of the XNTP personality type, leaning more toward that of INTP specifically, with a scattering of others including INTJs. Typically, INTPs are characterized by many of the above stated ideas, and are often seen as leading a rather haphazard lifestyle.
NTs in general have been observed as often being 'afflicted' with psychological tendencies toward compulsive and obsessive behavior ... and the INTP is not exempt. This personality type can often fall deep into single-minded episodes of heightened awareness, and narrow focus, wherein the individual may dwell for days at a time without any knowledge what-so-ever of the goings-on around him or her. This deep 'trance like' state is often called a 'hacker high', 'trance', 'zone', or other highly descriptive words by hackers.
Another observation made by hackers and their associates is that hackers often are unaware of their social surroundings. This is actually a nice way of saying that the hacker doesn't care about his social surroundings, as they are often not as important as 'the real thing' of importance (such as getting a new toy 'on-line'). Hackers have also been said to have a total disregard for the upkeep of his or her living area. Assorted 'junk' is often thrown about, and is not likely to bother the hacker in any way... unless it inhibits his or her current activity. Hackers are often control-oriented when it concerns his or her current project directly This seems to be in total contrast to the 'chaotic' atmosphere around him or her ... but is very logical to the hacker and makes perfect sense.
Many sources characterize hackers as a humorous group. One went on to say;
Humor, Hacker: n. A distinctive style of shared intellectual humor found among hackers, having the following distinctive characteristics:
1. Fascination with form-vs.-context jokes, paradoxes, and humor having to do with confusion of metalevels (see meta). One way to make a hacker laugh: hold a red index card in front of him/her with "GREEN" written on it, or vice-versa (note, however, that this is funny only the first time).
2. Elaborate deadpan parodies of large intellectual constructs, such as specifications (see write-only memory ), standards documents, language descriptions (see INTERCAL), and even entire scientific theories (see quantum bogodynamics, computron).
3. Jokes that involve screwily precise reasoning from bizarre, ludicrous, or just grossly counter-intuitive premises.
4. Fascination with puns and wordplay.
5. A fondness for apparently mindless humor with subversive currents of intelligence in it --- for example, old Warner Brothers and Rocky & Bullwinkle cartoons, the Marx brothers, the early B-52s, and Monty Python's Flying Circus. Humor that combines this trait with elements of high camp and slapstick is especially favored.
6. References to the symbol-object antinomies and associated ideas in Zen Buddhism and (less often) Taoism. See has the X nature, Discordianism, zen, ha ha only serious[91, AI koans [ 1 0].
Organization of Hackers
By nature of their environment ... hackers are organized. Many hackers hold a philosophy of near anarchy, but when it comes down to it, the internet is a working web of information shared by many. The organization of the hacker community is centered around the basic fact that information can be exchanged at accelerated rates in a highly networked environment. Data travelling at super speeds can be examined, absorbed, acted upon, and re-transmitted in virtually no time - idea distribution takes only seconds, as opposed to the weeks it might have taken to publish the information in a technical journal.
A number of resources and services keep the hacker community at least slightly cohesive, here are a few ...
Email: Email is one of the most popular services on the network today with millions sending electronic messages around the world in a matter of seconds. Email allows hackers (as well as everyone else) to store and retrieve data that has been send to them directly. Email is one of the most widely distributed services available in the networked world ... working across architectures, networks, and even different network protocols via specialized gateways. Almost every networked system in the world supports email in one way or another ...
Talk: Internet talk is a service provided to many basic architectures on the network. With talk, hackers can communicate directly with very little chance of being caught exchanging sensitive data.
IRC-Chat: Chat channels have become an increasingly important social and informational resource for many hackers. By using chat channels, hackers can have 'multi-party' talk sessions with one another, exchanging information, and ideas to many different people at one time.
MUD/MUSHs: Multi-User Dungeons and WSHs (both are a virtual landscape of text... a multi-user adventure game), allow hackers to take care of another of things as once ... exchange of information, ideas, and they also fill a social need. MUDs and MUSHs are most everywhere on the network, and have various adventuring themes to role-play too. They are normally used for entertainment.
FTP depositories: FTP (File Transfer Protocol) allows hackers to exchange large amounts of data at very high speeds, often with little chance of discovery. One thing that makes FTP so attractive for file transfer is that binary information is so easily exchanged without the need to convert it to ASCII first.
Usenet News: Usenet News is an open forum for anyone who cares to use it. Hackers find this to be an easy place to transfer information and ideas, though its a little more difficult to transfer data of a sensitive nature.
Together, all of these services, plus others, allow hackers to maintain close communication with each other in a fast moving, low resistance environment. If data needs to go from point-A to point-B, there is always a way... some are just harder than others to coordinate.
There are a number of social groups that help to tie together groups of individual hackers in an area. Local computer user group meetings are one such place, where hackers and non-hackers alike can join together for the free flow of data and ideas. Another popular get together for the role players of the groups, are local festivals, sci-fi conventions, and fantasy conventions - all held in every small town around the United States and abroad.