August 31, 1999
hackers "try to be ethical and moral"
By James Hebert
Consider the locksmith.
an expert in security -- how to bolster it,
how to thwart it.
his knowledge of locks and other safety devices,
he shares some common ground with a very different
kind of security expert: the burglar.
of course, would ever confuse the two. Yet when
it comes to computer security, there are some
people who believe they've suffered precisely
that kind of misunderstanding.
call themselves hackers, although not in the
destructive sense that the word has come to
may possess the same skills as the computer
criminals who break into networks in order to
steal and vandalize.
these hackers use their skills, they say, for
very different purposes: To expand their knowledge,
to test security systems (sometimes as paid
consultants), or sometimes simply for the enjoyment
of matching wits against system administrators.
the vanguard of these "white hat"
hackers is 2600, a quarterly magazine that has
spawned more than 80 local chapters of socially
minded hackers in the United States and beyond.
Its Web site is http://www.2600.com.
Diego 2600, as the local chapter is called,
was founded a little over a year ago, and has
a Web site as well: http://www.sd2600.net
name "2600," according to a group
leader, refers to the sound frequency that phone
hackers once used to hack into phone lines.
chapter's meetings -- held, as are all 2600
meetings worldwide, at 5 p.m. local time on
the first Friday of each month -- now typically
attract several dozen people.
are a mostly young but diverse assortment of
computer aces who share, they say, a common
belief: That it's possible to be a hacker without
also being a menace to society.
so much more you can do with computers, without
having to do criminal activities," says
the local group's founder, who goes by the computer
pseudonym Skalore (his real name is Ben).
try to be ethical and moral."
Skalore, like some other members of the group,
prefers not to divulge his full name or other
personal information, he hardly seems to fit
the popular image of the phantom hacker.
works, he says, as a webmaster for a plastics
company. He signs his e-mails with a quote from
the Declaration of Independence: "We hold
these truths to be self-evident, that all men
are created equal."
his head is a baseball cap with the legend "SD2600".
("It's good advertising," he notes).
-- or at least getting the word out about their
idea of hacking -- is one of the goals of the
group, whose meetings are held at the EspressoNet
cyber-cafe in the Golden Triangle area, and
are open to anyone. (There will be no meeting
in September because of Toorcon, a convention
the group is hosting this weekend.)
want people to be set straight," says fellow
member H1kari (real name: David Hulton), who
helped Skalore found San Diego 2600.
Skalore: "That's the purpose of it, really."
beyond the public-awareness angle, the San Diego
2600 meeting is also a social gathering, a place
for members to compare notes or show off gadgets.
one midsummer meeting begins, a knot of teen-agers
is huddled over a couple of laptop computers
inside the cafe.
the patio outside is AT (who also goes by the
moniker Prole), a recent UCSD grad who works
in computer security for a start-up company.
He is talking with a couple of friends about
Defcon, a big annual hackers' convention that
took place in Las Vegas a month ago. july 31
- aug. 2
of them, Brendan, is a UCSD math major who sports
a pierced tongue, heavy black boots and a T-shirt
bearing the logo of the industrial-rock band
Skinny Puppy. Another, Chris, works for Cox
Communications, and arrives straight from his
job with a plastic ID badge still pinned to
drifting among the various groups are Kevin
McDonald and Ciaran Foley, whose business attire
marks them as something other than the usual
company, the X'It Group, deals with matters
of computer security, and they're here looking
to hire a few whiz kids to test their clients'
they want to pay these young experts to hack
stuff doesn't come on resumes," notes Foley.
"It's trial by fire."
co-founders Skalore and H1kari marvel over all
the subgroups that have evolved at the meeting
over the past couple of years.
rattle off a list: the programmers, the gamers,
the college students, the security pros, and
a group of neophytes that the two call "the
kids just starting out."
the youngest meeting attendees, though, seem
to be hyper-aware of the public perception of
hackers, and eager to insist that they're not
of that ilk.
Much of their concern of late has centered around
the case of Kevin Mitnick, the hacker who was
sentenced earlier this month in L.A. to almost
four years in prison and ordered to pay $4,125
in restitution, after pleading guilty last March
to five felony counts related to computer break-ins
at high-tech companies. The break-ins were alleged
to have caused millions of dollars in damage.
who will be released next year because of time
already served, was arrested after a 1995 FBI
manhunt -- assisted by Tsutomu Shimomura, a
computer security expert, who was then working
at the San Diego Supercomputer Center at UCSD.
subsequent book about the case, "Takedown,"
written with New York Times reporter John Markoff,
is being made into a movie by Miramax Films,
though no release date has been set.
magazine has championed Mitnick's cause since
his arrest, saying the government's claims about
the damage he caused were inflated, and complaining
that he was being held unconstitutionally without
magazine also mounted protests at Miramax's
offices last year after its editor, Emmanuel
Goldstein, saw an early copy of the "Takedown"
script that he believed defamed Mitnick.
issues have filtered down to local 2600 members
like Band1t, who likes to call himself a computer
expert rather than a hacker, and Fortezza, whose
expertise is in phreaking, or hacking into phone
both of these teen-agers believe, as Fortezza
puts it, that Mitnick "is in jail because
he did something he shouldn't have done,"
the hacking menace he presented was overblown.
in jail because of the stuff he did," says
Band1t. "But they're exaggerating the cost."
much as stresses morality and responsibility,
though, the issues at stake are not always quite
so simple as "good hackers vs. bad hackers."
the magazine (and in 2600-related newsgroups
on the Net), it's typical for writers to give
tips on how to break into phone systems or computer
networks, although these generally include disclaimers
that the tips are for informational use only,
and that the magazine does not condone criminal
it's undeniable that similar information is
sometimes used for destructive purposes, from
simple vandalism to flat-out fraud.
agent Stew Roberts, a supervisor with the agency's
computer-crimes squad, says that even hackers
with the most harmless intentions often cause
damage by accident.
a company has been compromised," Roberts
says, "they don't know whether (the break-in)
was done by some kid or by some well-organized
companies end up spending additional money trying
to assess damage and determine whether any information
has been stolen.
FBI computer expert, who asked not to be identified,
said that among the most constructive of the
"white hat" hackers are those who
channel their skills into creating computer
that's usually after we catch them" engaging
in more harmful activities, he said.
says Roberts, the agency hardly considers San
Diego 2600 to be Public Enemy No. 1.
don't think we view them as some nefarious group
that we're the adversary of," he says.
of them are in school, so it's a hobby for them
now. For a lot of them, it'll be a living someday.
And most of them will probably stay legit."
the members of San Diego 2600, it's only a small
percentage of hackers that cause all the image
is part of their psychology," says H1kari.
"If they didn't have computers, they'd
be doing it somewhere else."
bad rap also happens, says Skalore, "because
people don't understand the field. They don't
see the people behind the scenes, working to
fix security problems."
equally to blame, say some members, are false
images perpetuated in the media and popular
of the "Takedown" movie, Band1t says
that "it's just a way to make money. It's
just media stereotypes."
real life, says H1kari, hackers defy such easy
don't like to use labels," he says.
Skalore: "We're just people."