Monday, March 1, 2010

Hackers

The government hasn't always known how to handle computer crime (some would say that it still doesn't). What's different now is that (mostly) the Bad Guys are clearly bad. You know, stealing money and such.

It didn't used to be this way. In the late 1980s and early 1990s there was a hysterical reaction to what we look at today as activities that are almost certainly protected by the first amendment.

Twenty years ago on this day, Steve Jackson Games was raided.

Mentor remained under guard in his apartment as agents prepared to raid Steve Jackson Games. The fact that this was a business headquarters and not a private residence did not deter the agents. It was still very early; no one was at work yet. The agents prepared to break down the door, but Mentor, eavesdropping on the Secret Service walkie-talkie traffic, begged them not to do it, and offered his key to the building.

The exact details of the next events are unclear. The agents would not let anyone else into the building. Their search warrant, when produced, was unsigned. Apparently they breakfasted from the local "Whataburger," as the litter from hamburgers was later found inside. They also extensively sampled a bag of jellybeans kept by an SJG employee. Someone tore a "Dukakis for President" sticker from the wall.

Bruce Sterling tells the tale of the case of the stolen E911 documents in The Hacker Crackdown (online at Project Gutenberg). When technical specifications for the Emergency 911 (E911) system appeared on hacker BBS systems, AT&T freaked out. The got the Secret Service to freak out, and a whole strange case began to play out.

The hackers were portrayed as cyber supermen, with l33t skillz that were a Clear and Present Danger to the Republic (this continued through at least the Kevin Mitnick case). The technical documents were highly sensitive, and worth millions. Turns out that this was slightly exaggerated, as the court case revealed:

Zenner continued to probe. Exactly what bits of knowledge in the Document were, in fact, unknown to the public? Locations of E911 computers? Phone numbers for telco personnel? Ongoing maintenance subcommittees? Hadn't Neidorf removed much of this?

Then he pounced. "Are you familiar with Bellcore Technical Reference Document TR-TSY-000350?" It was, Zenner explained, officially titled "E911 Public Safety Answering Point Interface Between 1-1AESS Switch and Customer Premises Equipment." It contained highly detailed and specific technical information about the E911 System. It was published by Bellcore and publicly available for about $20.

So much for the case against those dang meddling kids. If you're interested in this sort of thing, read The Hacker Crackdown, which is an excellent introduction, and free online (thanks, Bruce!). Also read The Cuckoo's Egg, which is a view of real crime from more or less the same period. As I said, it took a while for the Fed.Gov to start to get a feel for what's online crime, and what's not. That bit's still a work in progress.

As fallout from this case, the Electronic Frontier Foundation was formed in response, and continue to do great work protecting electronic speech.

Phrack Magazine isn't really active much anymore, but it another interesting introduction to the hacker community. Remember, "hacker" is a term much abused in the press.

Obligatory Disclaimer: I know some of the people described in Bruce's book. I worked with some of the d00dz at security startups. They're good guys. Georgetown University's Dorothy Denning included one of my articles in her book "Internet Besieged", which talks about many of the same issues from an academic perspective. Also, I wasted more time than I care to recall playing GURPS, back in The Day.

2 comments:

The Big Guy said...

"...Also, I wasted more time than I care to recall playing GURPS, back in The Day."

We have waaaay too much in common.
I remember hanging out with Steve Jackon at GenCon in 1980...
(Back when they held the 'con at UW-Parkside)
He had the best nametag-
In very modest type- "Steve Jackson" and in parentheses under his name "Big Fat Hairy Deal"...
I got my intro to gaming playing the old "pocket" games that SJ published with MicroGames '77-'79- Melee, OGRE, Wizard, etc, back before he became "Steve Jackson Games".
I remember "play-testing" Killer in '79, and winding up with SJ, the guys from Flying Buffalo, and 2 of the writers from Gamelords getting collared by the Parkside campus cops after a "suspicious activity" report.
I was caught on the roof of the parking deck with a sofa cushion labeled "2 ton safe" waiting for an opportune moment...

Good times...good times...

TOTWTYTR said...

A guy I know well, and who you have met, got his start in computers when he hacked into the high school main frame system back in the early 1980s. As it tells it, it was ridiculously easy since the password was the street address of the school administration building. Or maybe the address of the high school.

Intelligently, they put him in charge of securing the system, as I recall.