Hack to The Future E-Book

Table of Contents

Cover

Table of Contents

Title Page

Introduction

What Does This Book Cover?

PART I: The Pre-Broadband Era

CHAPTER 1: A Subculture Explained

Defining a Community

Common Hacking Virtues

Terms

Hackers and Secrecy

Summary

Note

CHAPTER 2: Uncle Sam and Technology

World War I

Codebreaking

The Cold War

A Leak in the Walled Garden

Notes

CHAPTER 3: Commercializing Technology

Telephony

The Phone Phreakers

The Personal Computer

Communities

CHAPTER 4: Digital Disruption

Viral Genesis

Government in the 1970s

Notes

CHAPTER 5: Hacker Rehabilitation

The 414s

Shaping the Hacker Image

Legal Implications of Hacking

Hacktivism

Notes

CHAPTER 6: On the Other Side of The Wall

Soviet Intelligence

A “Closed Society”

Glasnost and Perestroika

Computers and Telecommunications

A New Class of Criminal

Notes

CHAPTER 7: Hackers of the World, Unite!

Project Cybersyn

Chaos Computer Club

Overseas Cooperation

The Australian Scene

AFP Tracking of Realm

Notes

CHAPTER 8: Electronic Delinquents

Digital Spycraft

Prosecuting the 414s

The Crypto Wars

Notes

CHAPTER 9: Hackers Go Mainstream

Computer Fraud and Abuse

Forging the Hacker Image

Notes

CHAPTER 10: The DEF CON Effect

An Internet for Everyone

Hacker Conferences

The Business of Hacking

Spot the Fed

Notes

PART II: The Post-Broadband Era

CHAPTER 11: In from the Cold

Hackers Meet Congress

Development of the Red Team

Operation Cybersnare

Thinking About the Future

Evident Surprise and Eligible Receiver

Notes

CHAPTER 12: Anonymous

USA PATRIOT Act

Project Chanology

HBGary

Notes

CHAPTER 13: Spy vs. Spy

“Collateral Murder”

Notes

CHAPTER 14: Cybernetting Society

Consumer Electronics

A Politicized Internet

Global Instability

Notes

CHAPTER 15: Hackers Unleashed

Solar Sunrise

Advanced Persistent Threat

Emergence of Chinese Hacking

American Elite

A New Domain

Notes

CHAPTER 16: Cyberwar

Operation Uphold Democracy

Cyberwarfare in Concept

Stuxnet

Combatant Hackers

Ukrainian Blackouts

Notes

CHAPTER 17: Politics As Usual

Memetic Warfare

Election Interference

Hacking Elections at DEF CON

Notes

Epilogue

CISA

Pillar II

Cyberwarfare in the 2020s

The Way from Here

Notes

Acknowledgments

About the Author

Index

Copyright

Dedication

End User License Agreement

List of Illustrations

Chapter 2

FIGURE 2.1 A map of ARPANET hosts in March, 1977

Chapter 3

FIGURE 3.1 A 1960 long-distance telephone map

FIGURE 3.2 Community Memory terminal at Leopold’s Records in Berkeley, Calif...

Chapter 5

FIGURE 5.1 An LANL system operator talks to a 414 hacker on their compromise...

FIGURE 5.2 NASA’s investigative record incorrectly attributed the origin of ...

Chapter 6

FIGURE 6.1 A map of Akademset nodes throughout the Soviet region

Chapter 7

FIGURE 7.1 A copy of the original post made in TAZ by the founders of the CC...

Guide

Cover

Title Page

Copyright

Dedication

Introduction

Table of Contents

Begin Reading

Epilogue

Acknowledgments

About the Author

Index

End User License Agreement

Pages

iii

xv

xvi

xvii

xviii

xix

xx

1

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

189

191

192

193

194

195

196

197

198

199

200

201

202

203

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

249

250

251

252

253

254

255

256

257

258

259

261

262

263

264

265

266

267

268

269

270

271

272

273

274

275

276

277

279

280

281

282

283

284

285

286

287

288

289

290

291

292

293

294

295

296

297

298

299

301

303

304

305

306

307

308

309

310

311

312

313

314

315

iv

v

316

Hack to the Future

How World Governments Relentlessly Pursue and Domesticate Hackers

Introduction

Over the course of the last 50 years, a subculture of technical geeks have gone from a small regionally separated group to one of the most powerful and mysterious forces in world politics. The public’s perception of hackers has been heavily influenced through three main sources: how the media portrays them, how the government interacts with them, and how hackers represent themselves through their actions and the culture they create.

Amateur hackers of the 1970s were proceeded by engineers at elite universities and military organizations who developed the technologies of the future behind locked doors. When these advanced-for-their-time computer technologies escaped the walls of highly funded laboratories, they fell into the hands of a preexisting coterie of proto-hackers called phone phreakers. How these early hackers went from a barely noticeable nuisance to sitting in the back rooms with modern political hatchet-men in roughly 40 years is the subject of this book.

Technology has taken such a major part of everyday life that nearly everyone has some understanding of what cybersecurity is and why it’s important. Although hacking as we think of it today exists as a fairly mainstream activity, it took several decades to achieve the respect it has today. The growth of modern consumer technology, and the industry of security that has been built up around it, has been forged by a dedicated cohort of nerds with the time, financial resources, and passion to create it. (I use the term nerd lovingly and apply it to myself.)

Writing a book about something as esoteric as hacker culture and how it came became prevalent is a challenge. Defining such a diverse group that has been around in one form or another for at least a century in its modern form is a difficult answer to give. Over the years, even the term hacking has been seen as controversial, especially among hackers themselves. Depending on who hears the term, it might inspire a range of emotional responses from unearned pride to stomach-turning cringe.

Some in the hacking community may recoil at the use of this term due to how wildly overgeneralized it is. At different times, the term hacker has been used as a way to demonize us or create guilt by association, unfairly implying that all of those who find ways of subverting technology are somehow definitionally criminal. At other times, the term has been overused to the point of being cliché. Admittedly, the words hacker and hacking are easy cultural touchpoints for people both inside and outside of the global community of hackers.

In spite of their controversial nature, I have chosen to use terms like hacker, hacking, and hacking community because they are a middle ground between outsiders, aspirational observers, and the wide spectrum of experts who these terms have described over the decades. Readers of this book should therefore understand that, in many cases, there are more accurate terms for practitioners of specific types of modern security.

The relationship between hackers and their governments is a mixed bag. Modern hackers are a product of the mistrustful Cold War era, which explains a lot about why their relationship with law enforcement was so fraught. Cold War fears of communism created a broader tribalistic fear of outsiders. During the Cold War, fear of people who were considered “weird” became synonymous with America’s fear of communism.

The same sort of skepticism hackers faced in the 1970s and 1980s was a milder version of previous moral panics, such as the Lavender Scare of the 1950s in which members of the latent LGBT community were seen as a threat to American stability. During this period, hundreds of queer government employees lost their jobs as a result of McCarthy-like purges. Although McCarthy’s ultimate disgrace and public censure in 1954 were a firm rebuke of the sort of “witch hunt” politics he championed, fear of outsiders never went out of style.

As institutions of authority, governments have a natural skepticism of any person or group threatening to undermine that authority. This is true throughout the world. When I began writing this book, I didn’t want to retread well-worn paths, examining specific individuals or groups in painstaking detail. For the individuals who I cover in this book, I mention their stories only as milestones in a long and complicated history. Many of them have written autobiographies that I encourage my audience to read. They are talented professional writers who will tell their stories with higher fidelity than I would ever be able to.

Instead, the goal of this book is to examine the contours of the history of hacking as seen primarily through three different perspectives: art, government, and from the viewpoint of hackers themselves. I have also tried to take a global approach to the material in this book in recognition that hacking has never been the exclusive dominion of one nationality. In fact, some of the most talented hackers in the world come from places you may least expect.

No matter where in the world hackers come from, a government somewhere has relentlessly pursued them, be it the American government and the legendary hackers of Melbourne, Australia, or the Chilean government’s pursuit of cybernetics genius Stafford Beer. Hacking is a team sport, and to apply a nationalistic bias, especially in today’s interconnected world, would be both outdated and naïve.

What Does This Book Cover?

This book covers the following topics:

Chapter 1: A Subculture Explained A re-telling of the 1903 story of magician Nevil Maskelyne and how his live disruption of a demonstration of Guglielmo Marconi’s radio system illustrates the early roots of hacker culture, defined by curiosity, mischief, defiance, and perseverance. It also explores the evolution of the hacker community, its diverse nature, common values, and the shifting perceptions surrounding hackers.

Chapter 2: Uncle Sam and Technology An examination of U.S. government history and the pre-internet employment of hackers and engineers in various agencies, including NASA, the military, and three-letter intelligence agencies such as the FBI, NSA, and CIA.

Chapter 3: Commercializing Technology  This chapter covers the development of modern consumer technology, specifically the Plain Old Telephone System (POTS), and the foundations of the modern hacking community within the phone phreaking community.

Chapter 4: Digital Disruption  In the 1970s, researchers in American tech labs began researching and theorizing ways to break the very same computer systems they were busy building.

Chapter 5: Hacker Rehabilitation  An analysis of some of the earliest hacks against the American government and how hackers got a second chance at redemption.

Chapter 6: On the Other Side of  The Wall Why exactly did hacking develop in the way it did in the United States? What were some of the conditions that led to computer hacking being so prevalent inside America’s Cold War borders?

Chapter 7: Hackers of the World, Unite! How early attempts to create computer networks developed outside of the context of North America, including a look at how some of the earliest European hacking groups got started.

Chapter 8: Electronic Delinquents American spy agencies begin to take an interest in computer networks, using emerging research into ARPANET as a model for their own classified computer systems. Law enforcement also takes an interest in the activities of hackers, testing legal efforts to crack down on them.

Chapter 9: Hackers Go Mainstream  Two of the most prolific hackers of the 1980s and 1990s are apprehended, both marking the end of an era and the beginning of a new life for the global hacking community at large.

Chapter 10: The DEF CON Effect  The acceptance of hackers continues to grow, resulting in the birth of an entire industry of computer security.

Chapter 11: In from the Coldy  The American government recognizes the potential value of embracing hackers and changes their approach to both prosecute and recruit them.

Chapter 12: Anonymous  A new strain of hacktivism surprises governments and powerful private organizations throughout the world. New approaches are developed to respond to hackers in this new age.

Chapter 13: Spy vs. Spy  American law enforcement finds an effective way of recruiting hacktivists to become informants against their own. The FBI finally finds a way to partner with hackers to achieve its national defense goals.

Chapter 14: Cybernetting Society  An analysis of the effect broadband Internet and mobile Internet-connected devices had on voting populations in the early 2010s. Hackers show their stripes in various global revolutions, becoming active participants in conflict of their own volition.

Chapter 15: Hackers Unleashed  Governments around the world begin to integrate hackers into their ranks, using their talents to influence geopolitics through military and intelligence operations.

Chapter 16: Cyberwar  Hackers find themselves in life-and-death geopolitical conflict, the implications of which threaten global stability.

Chapter 17: Politics As Usual  The world of politics finds uses for hackers, although the intentions of those hackers are unclear. Boundaries are redrawn as hacking becomes a legitimate pathway to political power.

Epilogue A final look at the current state of hacking, including the aftermath of the mid-2010s elections, and how national governments plan to forge new policies and relationships with hackers.

PART IThe Pre-Broadband Era

The pre-broadband era was to hackers what the Seven Seas was for age-of-sail explorers: a place of boundless possibility and few guardrails to protect innocent computer users. Being online during the pre-broadband age took a great deal of interest and technical competence. These two factors effectively acted as gatekeepers, promising entry to the hidden online world. Before broadband Internet, there were two distinct worlds: the online world and the real world. Entering one of these worlds meant that a user needed to leave the other, but the necessity to disconnect kept visitors to the online world tethered to the reality outside their window.

CHAPTER 1A Subculture Explained

A storm was brewing in the United Kingdom in June a, 1903. It wasn’t the historic rain storm that fell over the United Kingdom that same year, but a very different kind of storm that would mark the beginning of an age of technology-fueled communication. This communication age would act as a cultural touchstone stretching over 100 years into the future with ripples that have reached our current day.

Arthur Blok, a young assistant to a scientist named Sir John Ambrose Fleming, was sitting in a lecture hall at London’s Royal Institute, working on a demonstration of wireless radio technology. Ambrose was present as an “unimpeachable witness” to the operation of Guglielmo Marconi’s wireless “syntonic” technology. Ambrose himself was an accomplished inventor with 20 years of experience in electrical engineering and physics. He had been following Marconi’s innovations in radio for years and had even staked his own reputation on Marconi’s technology.

This demonstration was a proof of concept of Marconi’s radio technology, showing the public the viability of long-distance wireless transmissions sent from a site in Cornwall, in the southwest of the United Kingdom. The messages were then to be received at a listening post in Chelmsford, located in the southeast. Once there, the messages would be rebroadcast to the Royal Institute in London, which had constructed a 60 foot tower on the roof of the demonstration hall especially for this occasion. In the months before the Royal Institute demonstration, Marconi had made public claims about the security of his technology. In an article published on February 9, 1903, in the St. James Gazette, the following exchange was had between the reporter and Marconi1:

Reporter

: “Do you admit the possibility of tapping?

Marconi

: “Theoretically, the messages may be tapped. During the experiments on the Carlo Alberto, an installation was set up close to our station and tapping did take place, but then no attempt was made at secrecy….”

The reporter then asked Mr. Marconi, “Do you say then, Mr. Marconi, that you can confine the currents?”

To which Marconi replied, “Not exactly confine them, but I can tune my instruments so that no other instrument that is not similarly tuned can tap my messages….”

Radio signal interception was a hot topic in 1903, with many advanced nations not only beginning to adopt radio technology in their overseas communications (including diplomatic and wartime transmissions) but also dabbling in early efforts to intercept radio communications.

Inside the Royal Institute, Blok was busy tending to the radio equipment that would be used in the demonstration. Unexpectedly, Blok heard an incoming message. The demonstration wasn’t supposed to officially start for a few more minutes, but the rhythmic flashing of an arc lamp attached to the radio equipment confirmed that a message was indeed coming through. In a 1958 interview, Blok remembers what happened in the Royal Institute that day vividly,

But when I plainly heard the astounding word “rats” spelt out in Morse, the matter took on a new aspect. And when this irrelevant word was repeated, suspicion gave place to fear.

Not only was this unusual, but it was also alarming. Had something inside the system malfunctioned? His worst fears would be confirmed a moment later with a message that was a coherent series of words. They were rude but poetic, and began,

There was a young fellow of Italy

Who diddled the public quite prettily…

The poem was aimed at Marconi, who was an Italian immigrant. This crass poem confirmed that some form of sabotage was at play. When Marconi was notified of the interference, he had an idea of who could’ve sent such a message.

Nevil Maskelyne, a stage magician by trade, was supposed to be in attendance in the lecture hall that day. Instead, he had decided to construct his own antenna. Sitting in a room nearby the Royal Institute, Maskelyne timed his attack perfectly. He was a known competitor of Marconi. In the weeks before the public Royal Institute demonstration, Maskelyne had challenged Marconi’s monopoly of wireless technology, which had prohibited other scientists like Maskelyne from doing their own experiments and patenting similar radio technologies.

After losing a contract to Marconi to provide wireless services to Lloyd’s of London, Maskelyne abandoned commercially competing with Marconi and set his focus on sabotaging Marconi personally. The hijacking of the Marconi-Fleming demonstration had proven to the public that Marconi’s claims of syntonic transmission weren’t entirely accurate and had completely ruined the professional reputation of Mr. Fleming. The hijacking also stained Marconi’s reputation as well, although Marconi would go on to be recognized for his achievements in radio technology regardless.

This event was an important milestone in the development of at least one cornerstone of what we might now refer to as hacker culture. Maskelyne not only gave us an early example of spamming (i.e., repeating the word rats in an attempt to jam the legitimate transmission sent to the Royal Institute), he also pioneered what we would later call trolling. A direct result of the incident was a “flame war” between Maskelyne and Marconi, with each publicly condemning the other over their activities both in business and technology.

Although Maskelyne came from a wealthy family, he possessed what we might now consider to be a “hacker” ethos. He was a self-educated electrician who had been working with wireless technology for a few years before he hijacked Marconi’s demonstration. By 1900, he had already managed to get the public’s attention through high-profile demonstrations of his own wireless experiments and had established himself as an expert in wireless technology among his peers.

In one such demonstration, Maskelyne sent a radio message from a ground station up to a flying hot-air balloon, an almost-recognizable version of stunt hacking today. In another demonstration, he used a radio transmitter to remotely ignite gunpowder. Always the showman, he made a spectacle of his technological ideas.

In the Maskelyne affair, we can see how the threads of a culture form seemingly out of nowhere. Even though there were no terms at the time that could be used to specifically describe Maskelyne’s activities, he was using techniques that made the most sense for him at the time. For example, crowding out a single channel communication system with nonsense messages is a problem that persists today.

Today, the Maskelyne affair has become obscure even among members of this hacking community who can trace its lineage back to this event. Modern hackers don’t interact with the Maskelyne affair for its cultural value. In fact, it isn’t thought of much at all.

Defining a Community

Popular media has created a certain hacker stereotype that has been reinforced in television and movies for decades. In the 1980s and 1990s, the stereotype was a smart and carefree teenager who used their knowledge and access to create disruptions, either intentionally or unintentionally. They’re often shown wearing hoodies (with the hood up, while alone inside the house) and sometimes wearing sunglasses to cover their eyes. You might even see them wearing gloves to keep their fingerprints off their keyboards (to minimize evidence, of course) as they commit esoteric acts of cybercrime.

During the 2016 election, candidate Donald Trump even referenced a well-known trope of the “400-pound guy on his bed” as the likely culprit for a hack of the Democratic National Committee (DNC), which is thought to have had an impact on that election. Popular depictions also tend to show hackers as white men, which isn’t an all-around accurate depiction either.

The global community of hackers has been as diverse and vibrant as the general population. What has changed from decade to decade within the hacker community has been the treatment of this group by outside influence. This outside influence has had a major impact on the development of new generations of hackers coming up within the community. One major influence has been world governments trying to figure out the best way to govern this population.

Despite the ever-changing public understanding of exactly what a hacker is, there are some true commonalities that tend to define this notoriously mercurial group.

Common Hacking Virtues

One place we can look for broad definitions and commonalities about hackers is in a common system of values. It’s important to remember that not all hackers will maintain the same value system in the same way as any other member of the same community. Many hackers choose to associate themselves with some common qualities that they may feel improve their work. The following is a discussion of values that many hackers feel applies to them.

Curiosity

Despite being a cliché, curiosity is a common trait of the hacker personality. When presented with a locked box, the average hacker will want to use every tool in their arsenal to open it just to find out what’s inside. Unsurprisingly, puzzles are popular with hackers. It’s common to find puzzle-based games at hacker conferences throughout the world hosted in rooms full of people all tinkering and finagling data and exploits to break into computers specially designed to be breached by these hackers.

It’s common for hackers to be unsatisfied by being told they can’t do something. Regardless of how big a technical challenge may be, hackers are often willing to spend hundreds of hours of their personal time focused on solving a niche problem. Even when no financial gain is offered, the reward is simply the feeling of accomplishment.

What happens if I push this button in just this way? What if I offer this prompt too much information? What if I offer it not enough? What if I give it something that it doesn’t expect entirely? Hackers are excited by the prospect of discovering something that nobody even knew was there, possibly even discovering something that wasn’t intended to exist at all. This is the power of curiosity that hackers feel, and when they finally find it, the feeling of discovery can be intoxicating.

Mischief

Just as strong as the drive of satisfied curiosity among hackers is the motivation to do pranks. Most hackers have a wonderful sense of humor that they reflect in the outcomes of their hacks, and often in the code they write. After all, who needs money when you can have a good laugh?

Sometimes, it’s difficult for the average person to know why some hackers do the things that they do. As we’ll see in future chapters, sometimes mischief is the point. In the hacker community, pranks come in many forms—sometimes appearing as pranks “just for the lulz” and sometimes appearing as mean-spirited “flame wars” that end with personal attacks and private information being published. Whatever form mischief takes, these pranks are forms of self-expression that can be worth more than just money.

After all, the only thing more satisfying than defeating the unbreakable security of a friend’s web server is defacing his web page with a message declaring your own superiority. Gaining unauthorized access to a system thought to be secure is a recipe for mischief and chaos, and it is often done in good humor…but not always.

Defiance

Hackers don’t like to be told something can’t be done. Whether something can’t be done for legal or technical reasons, hackers thrive on the chase of proving their naysayers wrong. There’s a famous hacker trope about “voiding warranties.” Because product warranties typically require that users don’t modify the product’s hardware or software for a warranty to remain effective, defying the terms of a warranty and purposefully voiding the terms of service is a hacker’s rite of passage.

In the same way that the Titanic was considered unsinkable, some products are marketed as “unhackable.” The fastest way to prove that a product is indeed “hackable” is to declare it is perfectly secure, yet even marketers continue to tempt fate by inviting hackers to prove their claims wrong. We see this level of hubris in modern marketing, as we can clearly see as far back as the Maskelyne Affair.

Perseverance

One of the most recognizable keys to success for modern tech startups is the concept of “fail fast.” Fail fast dictates that solutions should be developed quickly and prove their value or “fail fast” so that a new attempt can be made. This approach to discovery relies on an attitude of perseverance to be successful. Hackers have also come to adopt the same attitude whether they’re building something that has never been built before, coding something new and complex, or finding a way to get into a secure system.

Most hackers are willing to spend days (or even weeks) on a single problem, single-mindedly focused on finding a solution before they can move onto a new challenge. It’s common to hear this focus attributed by hackers themselves to a diagnosis of attention deficit hyperactive disorder (ADHD). Whatever may be the cause of this uncanny focus and dedication, the effect on problem-solving is undeniable.

Terms

One of the first things to deal with when talking about hackers and their community is their relationship with the term hacker itself. Not everyone in the community likes to be referred to as a hacker. Some in the community feel that the term is dated, is inaccurate, or has a generally negative connotation. The Oxford dictionary defines a hacker as “A person who uses computers to gain unauthorized access to data.” A second definition of the term is “An enthusiastic and skillful computer programmer or user.” Both definitions do not acknowledge entire segments of the community of tinkerers to whom the modern use of the term typically applies.

For example, neither definition includes members of the community who participate in hardware hacking. Hardware hackers can be found sitting at a workbench carefully soldering contacts onto printed circuit boards or rigging components together to create unique devices for other purposes, such as long-range communications or Wi-Fi hacking. Their creations can be highly functional, beautiful pieces of art, or both at the same time! Despite not being explicitly mentioned by the dictionary definition of hacking, they are no less important to the culture of the community.

One may wonder, if the term is so controversial and inaccurate, why bother using the term at all? Despite being inexact, the terms hacker and hacking are the most convenient terms we currently have to describe members of this broad community and their activities.

The truth is the malicious connotation of the term hacker was placed on the community by the news media over decades of covering the actions of those who rightly or wrongly attracted the attention of law enforcement.

In fact, law enforcement attention hasn’t always been deserved. The legal system notoriously lags significantly far behind the development of new technologies to the point that hackers have become comfortable occasionally operating in a legal gray area. As one example, some security researchers examine products to assess their security value. Doing this can come with certain risks that may include legal liability. In the past, security researchers working in good faith intending to improve the security for all the users of a given system, have faced lawsuits from the same corporations who rejected taking actions on their findings.

The concept of responsible disclosure was born from the need of security researchers who had just found a security vulnerability and shared that vulnerability with the vendor of the product containing the vulnerability. Hackers who stay within legal, ethical, and moral boundaries with their activities may refer to themselves as white hat.

The term white hat comes from the Western genre, where the virtuous hero always dons a white-colored hat. The white-hat cowboy fights for good against the forces of evil using a superior set of values—truth, justice, and, of course, the American way. We tend to see the white hat as a one-dimensional avatar of goodness rather than a quality that can be shaped by the complicated decisions the cowboy might make.

The existence of a white hat then must necessitate the existence of a black hat. Predictably, black-hat activity doesn’t adhere to legal, ethical, and moral boundaries. However, many black hats work day jobs as legitimate security professionals with their client’s best interests at heart. In this case, that individual may consider themselves a gray hat—someone who subscribes to a moral and/or ethical framework but has comfort with legal ambiguity.

The language hackers use is so important to us that it has become part of our culture. Knowing the difference between an intrusion detection system (IDS) and intrusion prevention system (IPS) could mean the difference between keeping an attacker out of a sensitive network and only identifying when one might have already gained access. It’s for this reason that our language is constantly being reworked.

The changing nature and social implications of the greater culture that the hacker subculture is a part of means that we might stop using one set of terms and start using another. Terms like master and slave have become outdated, often being replaced by other, more specific words. The same is true of terms like white hat and black hat. Regardless of what color a hacker’s hat is, they’re all citizens of the same ecosystem.

It’s also important to remember that hats are removable and aren’t a permanent fixture of a hacker’s personality as much as it is a replaceable feature of a person’s daily attire. It’s more helpful to think of the white hat and black hat as terms that are applied to activities, not necessarily a person in general. For example, a person who makes money on the side performing cybercrime (i.e., black-hat activities) may work a perfectly legal and ethical day job as a penetration tester. We should not confuse a hacker’s activity one day with their overall personal ethics on another.

There is also a distinction between the concepts of hacking professionally and the idea of hacking recreationally. Not all work in this field is paid work, and many security-related projects start as unofficial research projects that hackers might do when they aren’t working their day job. These side projects are no less impactful and, in some cases, can be considered even more consequential as they tend to be passion projects rather than mundane security operations.

There’s a close relationship between hackers and the more formal, professional “information security” community. The differences between these two communities are subtle but important. While all information security professionals might consider themselves hackers, not all hackers consider themselves to be information security professionals.

The field of information or cybersecurity sprung from the recognition by mainstream industries that their most important systems, which are all now connected to the Internet, are prone to being attacked. The reasoning, therefore, is that it’s better to pay someone to breach your network and report their findings so that they can be addressed so that they can be addressed before an uncontrolled breach occurs.

The field of cybersecurity has created an environment for legitimizing activities that would be frowned on in any other context. As such, it has become a popular career field for individuals with an interest in subverting computer systems without being at risk legally. The activity most associated with hackers is, of course, getting unauthorized access to systems. This is usually referred to as exploitation, or the act of taking advantage of “vulnerabilities” that a hacker may find in a system. Exploiting a computer and getting it to operate in the way the hacker intends is the typical context where this term is applied and understood by the public.

Computer exploitation is a complex topic that has changed with the advent of security measures designed to make exploitation more difficult. On the other hand, the basic concept and approach to exploitation hasn’t changed much at all. Although the techniques may change, the methodology is the same—make the machine do something it is not supposed to do. Hackers can, and often do, apply this same concept to other nontechnical areas as well.

Some hackers who are skilled in the field of social engineering (or “people hacking”) take advantage of social expectations and standard operating procedures (SOPs) to exploit their way into positions of trust with others. The hacker may find a vulnerability in the form of a helpful office employee holding a door for someone they think is a co-worker struggling with a stack of boxes or a handyperson who has their hands full carrying a ladder inside. The hacker may then exploit that vulnerability to gain access to an area in which they do not have permission to be.

Vulnerabilities are like unlocked doors all around us. Hackers are merely the ones turning the handle and then walking through them.

Hackers and Secrecy

In his 2003 book Hacker Culture, author Douglas Thomas noted that any history of the hacking community should be recognized as a convergence of technology and secrecy. Critically, secrecy as a cultural thread is sewn through the fabric of the hacker community and is visible in their habits and interactions.

To my wife’s frustration, when I talk about other members of the hacking community, I sometimes refer to friends and colleagues with the name they use online. These self-given names (or handles) can be used as an individual’s persona both on and offline. In recent years, the practice of being recognized offline by a name used online has made its way out of hacker spaces. To most members of the hacking community, names and identities are treated as flexible pieces of information that are not only open to revision but expected to change as we grow and reinvent ourselves.

This fluidity in names is reflective of a culture that regularly deals in secrecy. Whether they’re working under a nondisclosure agreement (NDA) or for a top-secret government program, secrecy, privacy, and anonymity are native ground for hackers. This secrecy can even be seen in the unwritten rules hackers use to interact with one another. Like communicating in public, etiquette dictates that there are some questions that are appropriate to ask a hacker and some questions that aren’t. This principle applies to information that may be considered sensitive, which may include knowledge of vulnerabilities (weaknesses that may allow unauthorized access to a computer or network).

Like magicians, tricks of the trade are important to those who possess vulnerability information. Offensive security practitioners (sometimes called red teamers) tend to keep their best techniques private, sharing them only with a tight-knit group of collaborators. On more than one occasion, I’ve seen my co-workers react angrily upon learning that someone who they entrusted a special technique had used their technique and “burned” it by allowing it to be caught by an antivirus program. This renders techniques useless at worst or may increase the risk of identification at best.

Even practitioners in “blue team” or defensive activities have realized their own need for secrecy in recent years, as Fortune 500 companies that have hired teams of experts to clean up a severe breach take ethically questionable steps to ensure that the breach is kept out of the public eye. Secrecy is a long-running tradition in the hacker community and applies to professional life as much as it does personal life.

Summary

The hacking community is a difficult-to-define collection of clever tinkerers who work in a wide array of areas of interest. While we’re generally introverted, there are situations where we can and do enjoy the company of others. How the media and government define who we are and our actions over the years have created misunderstandings that have kept our subculture cryptic to outsiders.

Armed with this broad understanding of how the hacking community exists and operates today, we can begin to understand the cultural contours of each successive generation of hackers. We can also start to see how misconceptions from outside groups shape the public’s changing perception of who and what hackers are.

Even from the beginning, hackers have had a rebellious streak that can be seen throughout each ensuing decade. That rebelliousness has often been misunderstood by government, media, and industry leaders. These misunderstandings have led to life-changing decisions that include legal action aimed at financially curtailing hackers’ activity and at times even arrest.

When government leaders began to understand the power that hackers represented in the oncoming high-tech future, these leaders began to see that power as a weapon that could be wielded rather than feared. Over the 40 years since hacking became mainstream, world governments came to believe they could domesticate hackers for geopolitical gain. However, the truth about the relationship between hackers and their governments is a story that is still being written.

Note

1

   St. James Gazette Feb 9, 1903

CHAPTER 2Uncle Sam and Technology

In early September 1947, a computer system housed at a Naval base in Virginia began acting erratically. This computer was notoriously bulky, taking up an entire room, and consuming incredible amounts of electricity because of its use of vacuum tubes. The Harvard Mark II was controlled by a single dedicated console built into a nearby desk and could only be operated by highly skilled users.

Built at Harvard University, this computer was purpose-built for the U.S. Navy by a man named Howard Aiken. Its job was to perform the difficult math required to calculate ballistic missile trajectories. Their lumbering size made these early computers prone to difficult-to-diagnose problems. Finding the source of a malfunction could take an afternoon worth of searching.

To solve the problem the Mark II was having that September, a member of the maintenance team reached into the oversized apparatus and pulled an insect out of the complex twist of wires and circuitry. It was then taped to a page of the daily maintenance journal with a note beneath, “First actual case of a bug being found.” It is thought by many that the woman who found the bug was the legendary computer scientist Grace Hopper. However, while it’s true that Hopper was on the team that found the bug, it likely wasn’t Hopper herself who made the note in the maintenance journal.

This story of the first computer bug has been retold so many times it has created its own legend. As with any good myth, there are plenty of misunderstandings and misinterpretations. One such misinterpretation is that this incident coined the term computer bug. It’s a believable enough story, but this wasn’t the first time the term had been used in this context.

At the time that Hopper’s infamous bug was found, engineers had already been calling electronic defects bugs for decades. Some trace the original use of the term bug in the context of engineering back to Thomas Edison, who noted that he’d found a “bug in my apparatus” in one of his prototype telephones in a letter to a colleague dated March 3, 1878.

Despite the myth of the term’s origin in Hopper’s Naval research lab, it’s still one of the many anecdotes about early computing history that has been told thousands of times by hackers. It illustrates one of the challenges with telling any cultural origin story: not all anecdotes are verifiable. On the other hand, not all stories need to be verifiable for them to have an important cultural impact.

Today, we remember Hopper as a quiet and dedicated scientist. Hopper’s long list of contributions to computer science can’t be denied, along with her work breaking glass ceilings before most people knew there was a ceiling that needed to be broken.

Ask anyone in the field of computer science to name a female programmer, and Hopper’s name is sure to be the among the first names mentioned. Often pictured in her Navy uniform, her stoic gaze behind her trademark brow-frame glasses, Hopper is a genuine, well-earned legend in the history of hacking. Hopper’s story follows a short lineage of electronics and computer experts forged in early twentieth century conflict that was nurtured by world governments’ global struggle for power. In the twentieth century, the nation that conquered technology often conquered the world.

World War I

The U.S. government’s adoption of technology goes back to the turn of the century. As we’ve seen in the example of Maskelyne’s radio interception, the importance and impact of radio technology on the First and Second World Wars cannot be understated. In fact, the involvement of the United States in WWI hinged on the wireless interception of the historic Zimmermann telegram.

The Zimmerman telegram was a secret message sent by Germany from a radio facility located in the United States known as the “Telefunken plant” to Mexico 14 years after Maskelyne hijacked Marconi’s wireless demonstration. (The Telefunken plant was operating secretly under a “cutout” or “front” company called the Atlantic Communication Company located in West Sayville, New York.) The interception of the Zimmermann telegram draws a direct line between technology and the geopolitical events that shape our world. As the First World War developed, the U.S. military began treating radio and telephone communications as one in the same.

First established during the American Civil War, the U.S. Army Signal Corps became responsible for managing wartime communications. By WWI, the Army Signal Corps became known as a hub of technological innovation both in communications and interception technology. Although many of these technologies are taken for granted today, they had the power to change the outcomes of war in the early 1900s. Innovations such as the tactical FM radio, radio telephones, and even early radar prototypes were at the bleeding edge of technology under Colonel William Blair, who directed Signal Corps research from Ft. Monmouth, Virginia.

Codebreaking

After WWI, most modern world governments had accepted that control of electronic communications technology was essential for national defense. Many of these same governments established government bureaucracies for managing intelligence collected by signals interception. In the immediate wake of WWI, the United States tasked cryptologist Herbert O. Yardley with the transformation of the U.S. Army Cryptographic Section (tasked with decrypting encoded messages sent by world rivals) into a joint operation between the U.S. Army and the U.S. State Department.

This new department was referred to as either the Cipher Bureau or The American Black Chamber, as it is more popularly known. This bureau operated under the auspices of a private business communication company called the New York City Commercial Code Company. This organization lasted until Secretary of State Henry L. Stimson disbanded the organization famously saying, “Gentlemen do not read each other’s mail.” The defunding of this service was a historic blow to the development of America’s intelligence capability, but it wouldn’t be long before the United States was back in the market for skilled communication hackers.

The need for American communication experts become obvious with the outbreak of the Second World War with the major intelligence failure at Pearl Harbor. The failure of the United States to decrypt Japan’s plan to attack Pearl Harbor cost 2,400 American servicemen their lives and drew America into WWII. The attack was devastating, and it highlighted the need for greater allied effort to decrypt Axis communications used by both Japan and Germany.

As the war raged on, the United Kingdom directed its effort toward breaking the Nazi cipher system known as Enigma. For this work, the United Kingdom established a codebreaking unit in an English countryside manor called Bletchley Park. It was here that famed computer scientist and codebreaker Alan Turing managed to finish the work started by his Polish counterparts. This was no small accomplishment in computer engineering, and when Enigma was finally broken, it produced some of the most valuable intelligence of the war.

Enigma itself was a feat of computer engineering. Complex webs of electrical wires encased in special rotors would reconfigure their electronic arrangement whenever a key on the keyboard was pressed.

However, computers and programmers weren’t working only on codebreaking problems for the war effort. In the United States, analog computers, such as the predecessor to Hopper’s computer, the Harvard Mark I, were used to complete calculations for the highly classified Manhattan Project.

As WWII ended, a new world power conflict could be seen on the horizon between the United States and the Soviet Union. This conflict would be defined by technological and economic rivalry. The environment this conflict created became the perfect cultural backdrop for a young community of hackers.

The Cold War

The Second World War had been won, but it would be only a few short years before the world would be cast back into conflict among the victors. In many ways, the Cold War was a continuation of a conflict that began before WWII. In the post-WWI period, Soviet Bolsheviks overthrew Russian Tsarist forces and reorganized Russia into a nation modeled after Marxist theory.

The communist economic system stood in stark contrast to American capitalism. Before the outbreak of hostilities in Europe, the American government had deemed communism a fundamental threat to American values of capital extraction and sought to eradicate communist ideology from their shores.

Hitler’s rise to power in Europe before WWII had diverted attention from both capitalist and communist nations but only temporarily. This forced the American agenda of anticommunism to go dormant during the war. When WWII ended, the United States and the Soviet Union picked up right where they left off before the war.

At the heart of the Cold War was a paranoia that America’s communist enemies were already within our borders. This paranoia pervaded American life and was regularly exacerbated by U.S. political leadership, who stoked fears of communism. During this time, which would come to be called the second red scare, fear of “the other” was synonymous with fear of communism. It was common for derogatory terms like pinko or commie to be used against anyone whose behavior or appearance went against the grain.

Union laborers arguing for better pay and working conditions were often on the receiving end of cruel mistreatment by anti-communist cold warriors. During the worst days of the second red scare, scores of innocent Americans were blackballed from work opportunities and even faced harsh government-led investigations.

Government organizations such as the House Un-American Activities Committee (HUAC) led by Joseph McCarthy were convened under the banner of rooting out communism. HUAC terrorized everyday Americans and encouraged neighbors to turn each other in for suspicion of communist activities. McCarthyism, as it would come to be called, would harken back to America’s puritanical past during the witch hunts of the 1600s and would be compared quite literally in Arthur Miller’s timeless play The Crucible.

The most sinister aspect of McCarthyism was the effect it had on both the powerful and the meek. This fact was clearly demonstrated by the famous Hollywood “blacklists” on one hand for powerful, high-visibility actors and actresses and by the “lavender scare” persecutions of queer government officials in the 1950s and 1960s.