**************************************************************************** >C O M P U T E R U N D E R G R O U N D< >D I G E S T< *** Volume 1, Issue #1.06 (April 27, 1990) ** **************************************************************************** MODERATORS: Jim Thomas / Gordon Meyer REPLY TO: TK0JUT2@NIU.bitnet COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing information among computerists and to the presentation and debate of diverse views. -------------------------------------------------------------------- DISCLAIMER: The views represented herein do not necessarily represent the views of the moderators. Contributors assume all responsibility for assuring that articles submitted do not violate copyright protections. -------------------------------------------------------------------- *************************************************************** *** Computer Underground Digest Issue #1.06 / File 4 of 5 *** *************************************************************** Review of: THE CUCKOO'S EGG: TRACKING A SPY THROUGH THE MAZE OF COMPUTER ESPIONAGE. by Clifford Stoll. New York: Doubleday; 326 pp. Reviewed by Jim Thomas, Northern Illinois University 23 April, 1990 Ah, shucks, Clifford Stoll is just a regular guy, like, ya know? He likes the Grateful Dead, eats bagels, tries to get out of work, doesn't like the FBI, cheers the monsters in GODZILLA VERSUS MONSTER ZERO, and, gee, wants his friends to think he's politically correct. His tennies even squish when they're wet. Just "good ol' Cliff," a self-styled former hippy with long hair who apparently doesn't know that Hippy died before he could possibly have been one. But, no matter. Cliff just wants to re-assure us that he's not such a bad guy. But, Clifford Stoll grew up. He says so. Chasing those nasty hackers via modem and a slew of computers made him see the error of his ways. Those nasty perpetrators (he prefers "varmint," "eggsucker," "skunk," "louse," "bastard," and he's oh, so clever in translating bureaucratic-speak into Cliffspeak (p. 256-257)). THE CUCKOO'S EGG is a book of ironies: An amoral moralist produces a diatribe against hackers that is perhaps the best hacking primer for novices around. Although taking swipes against law enforcement agents at every opportunity, Stoll nonetheless assumes the role of Kafka's Joseph K. in acquiescing to those he seems to loath. In protecting the public by tracking down an alleged spy, he subverts the public trust by distorting his topic and inexcusably glossing over the complexity of issues. He is a scientist by profession while ignoring the factual precision of his craft in his writing. For all the posturing and moralizing, Stoll produced a compelling mystery of sorts. A hacker has broken into the University of California/Berkeley's system, and only a minor error gave him away. Stoll notices the error and alerts his superiors who begrudgingly allow him to track down the culprit. Any computer undergrounder can identify with and appreciate Stoll's obsession and patience in attempting to trace the hacker through a maze of international gateways and computer systems. But, Stoll apparently misses the obvious affinity he has with those he condemns. He simply dismisses hackers as "monsters" and displays virtually no recognition of the similarities between his own activity and those of the computer underground. This is what makes Stoll's work so dangerous: His work is an unreflective exercise in self-promotion, a tome that divides the sacred world of technocrats from the profane activities of those who would challenge it; Stoll stigmatizes without understanding. Stoll's work is irresponsible because his image of the world reminds us of a simpler time, one where everything sprang from either the forces of light or of darkness. Hackers are bad: They trash things, are immature, should be punished, and threaten the foundations of hi-tech civilization as we know it. Stoll, on the other hand, is good: He hates hackers, single handedly saved civilization from the modem-macho demons, and fought the good fight as any true he-man would. God help the hacker when Clifford Stoll gets angry: "It was him against me now. For real" (p. 106). Stoll's disdain for hackers' alleged violations of privacy hardly stood in the way of his own activities, but, for a good obsession, one that's "for real," what can a few violations of his own hurt? God forbid that hackers monitor others' communications. Stoll, however, suffered only the briefest of qualms when he himself monitors them. But, his "sweetheart Martha," a law student, absolved him of any ethical violations: "'Look,' she mumbled, burning the roof of her mouth on the vulcanized mozzarella. 'You're not the government, so you don't need a search warrant. THE WORST IT WOULD BE IS AN INVASION OF PRIVACY %emphasis added%. And people dialing up a computer PROBABLY HAVE NO RIGHT TO INSIST THAT THE SYSTEM'S OWNER NOT LOOK OVER THEIR SHOULDER %emphasis added%. So I don't see why you can't.' So with a clear conscience, I started building a monitoring system" (p. 20). Why be bothered that he neither is the owner of the system nor, according to his continual complaining, possesses the authorization to monitor from his superiors. He has been self-absolved and can proceed with a clear conscience, and proceed he does--with a vengeance. Stoll "borrows," without authorization, "thirty or forty monitors" by "liberating personal computers from secretaries' desks." No big deal. "THERE'D BE HELL TO PAY ON MONDAY, BUT IT'S EASIER TO GIVE AN APOLOGY THAN GET PERMISSION" (p. 22, emphasis added). How does Stoll's excitement for learning about phone traces (p. 30) differ from the typical hacker's? How do his own efforts in phone traces differ from a phreak's? Like any good p/hacker, he enlists allies to feed him information, and then uses that information. The difference is that Stoll is on a mission. For Real. And what are a few indiscretions to a man on a mission? "I worried about how the hacker might abuse our network connections over the weekend. Rather than camping out in the computer room, I pulled the plugs to all the networks. To cover my tracks, I posted a greeting for every user logging in: 'Due to building construction, all networks are down until Monday.' It wold surely isolate the hacker from the Milnet. By counting complaints, I could take a census of how many people relied on this network. Quite a few, it turned out. Enough to get me into trouble." Complaints led to a request for Stoll to look into the "problem." "It took five minutes to patch the network through. The boss thought I'd done magic. I kept my mouth shut" (p. 88). Stoll's depiction of hackers as emerging from the slime of some primordial ethical muck for engaging in behaviors that he himself relishes is bothersome. It is this immoralism that makes the work so dangerous. Stoll has found a way to play the hacking game without suffering the risks to which hackers are subject. Some might call this cowardly. To assure that the reader understands the difference between "white deviance" and "black deviance," he goes to great pains to establish considerable distance between himself and those he criticizes in a ploy similar to historical witch hunts. Witch hunts begin when the targets are labelled as "other," as something quite different from normal people. In Stoll's view, hackers, like witches, are creatures not quite like the rest of us, and his repetitious use of such pejorative terms as "rats," "monsters," "vandals," and "bastard" transforms the hacker into something less than human. This transformation contributes to the hysteria of the media, legislators, and law enforcement agents who use such observations to justify the purge of the sacred temples from this techno-menace. After all, says Stoll, hackers aren't just bright kids: "They're technically skilled but ethically bankrupt programmers without any respect for others' work--or privacy. They're not destroying one or two programs. They're trying to wreck the cooperation that builds our networks" (p. 159). Stoll would never wreck "a wonderful playground for everybody else by putting razor blades in the sand," and analogy he uses to describe hackers in a recent NEWSWEEK article ("The Hacker Dragnet," NEWSWEEK, April 30, 1990: p. 50). Or, if he did, he would just apologize on Monday morning! In a classic example of a degradation ritual, Stoll--through assertion and hyperbole rather than reasoned argument--has redefined the moral status of hackers into something menacing. The imagery he presents is not of normal people engaging in occasionally questionable activities, but of a demonic force intent on destroying the fabric of computer networks. His logic implies a pathological syllogism: a) Cancer is a disease and must be eradicated b) Hackers are a cancer of the techno-body c) THERFORE: Hackers must be eradicated. Such unchallenged logic has led to the flurry of anti-computer abuse laws, confiscation of equipment, a chilling effect on speech on BBSs, media fright stories, and to a public perception of hackers that seems--judging from existing data--quite unjustified. Stoll's lack of reflection on the SOCIAL MEANING and significance of the computer underground and his identification of ALL hacking activity with those of the dramatic and quite rare example of an alleged spy both distorts the nature of all computer underground activity and grossly over-estimates its danger. I call this dangerous because it is demagoguery of the worst sort: Under the guise of a story-telling narrative, it creates an imagery of a target population for control, but allows little room for debating the assertions and values that justify scapegoating on the other. Consider just a few of many examples. First, Stoll claims that hackers are a menace because they "trash" programs. True, some hackers may trash programs, just as some drivers use automobiles in bank robberies. But, Stoll ignores a primary tenet of the hacker ethic, which is "though shalt not trash!" The image presented in THE CUCKOO'S EGG ignores this, which obscures the respect that hackers generally have for the work of others. Second, Stoll believes hackers are a danger to computerized information processing: Information in databases? They've %hackers% no qualms, if they can figure out how to get it. Suppose it's a list of AIDS patients? Or your last year's income tax return? Or my credit history? (p 287). Even if hackers are able to obtain such information, they are scarcely the threat that Stoll claims. Hackers are not interested in credit histories, but in mastering computer technology. Yes, some individuals may illegally obtain such information, but these are not the breed of hackers about whom Stoll writes. Further, the danger of misuse of personal information hardly comes from hackers, but from those who claim authorized access to it and use it for profit. Third, Stoll compares hacking into computers with house invasion. Such a comparison is dramatic but unconvincing. Even if we were to concede the impropriety of accessing a university or corporate computer, which most hackers target, this is hardly the same as forcibly entering one's home. A better analogy might be to compare hacking with the person across the street who focuses binoculars through the bedroom window of a copulating couple, or, at worst, an independent entrepreneur who sets up an unauthorized lemonade stand on the corner of a private yard. But, even if I were to concede that hacking is akin to forcible entry, which I do not, should it be criminalized? In England, trespass is a civil, not a criminal, wrong, and it is up to the party to bring civil charges. Unfortunately, computer technology is changing faster than the law is able to keep up with it, and rather than seek new ways to deal with new problems, Stoll's logic implies the simple continuation of the "law-'n-order" mentality. Finally, Stoll believes that hackers destroy the community of computerists, and "if that trust is broken, the community will vanish forever" (p. 288). Dramatic? Yes. True? No. This threat to some imaginary commonweal would seem a critical indictment if accurate, but most computer users do not share a sense of community, or, if they do, some convincing data would be helpful. Stoll's presumed empiricist bent when analyzing problems in his own field of astronomy does not seen to carry over to his social commentary. But, perhaps men on a mission need not worry about facts. In fact, being unencumbered by data, Stoll the scientist seems particularly unrestrained in his comments. Stoll's work is disingenuous for several reasons. At the intellectual level, it provides a persuasive, but simplistic, moral imagery of the nature of right and wrong, and provides what--to a lay reader--would seem a compelling justification for more statutes and severe penalties against the computer underground. This is troublesome for two reasons. First, it leads to a mentality of social control by law enforcement during a social phase when some would argue we are already over-controlled. Second, it invokes a punishment model that assumes we can stamp out behaviors to which we object if only we apprehend and convict a sufficient number of violators. We already have existing laws sufficient to prosecute those who destroy private property, trespass, defraud, spy, or engage in many of those activities by which Stoll stigmatizes hackers. We do not need more. In addition, there is little evidence that punishment will in the long run reduce any given offense, and the research of Gordon Meyer and I suggests that criminalization may, in fact, contribute to the growth of the computer underground. The computer underground is a complex group comprised of many different activities. One need not approve of these activities to recognize that, in some ways, they constitute a resistance to the strains produced by an increasingly centralized and inaccessible technology. Although I hesitate to carry the analogy too far, participants in the computer underground can at least in part be understood as a form of social resistance to the rapid domination of technological knowledge production and the new forms of control and social arrangements that it creates. Whether one agrees with this this specific judgment or not, it is quite obvious that the computer underground is a phenomenon far more complicated and rich than described in THE CUCKOO'S EGG. I have found that, when writing about hackers, there is always the inane question: "Do you approve of hacking? Why do you defend them?" This, it seems, strikes at the heart of the problem with Stoll's book: It is, at root, a self-serving and ideological diatribe that condemns but provides no understanding. To provide a balanced account of the computer underground in 1990 is akin to what Stoll might have experienced if he studied astronomy in seventeenth century Italy: Some issues are so beclouded by public hysteria whipped up by obscurantists with a stake in promoting ignorance that any account counter to the National Party Line is heretical. Perhaps this is why Stoll took the easy path consistent with the dominant law enforcement and media view. Or, perhaps Stoll really believes his new-found maturity has transformed him from a pseudo-hippy into a model citizen: Omigod! Listening to myself talk like this, I realize that I've become a grown up (sob!)--a person who REALLY HAS A STAKE %original emphasis%. My graduate student mentality of earlier days let me think of the world as just a research project: to be studied, data extracted, patterns noted. Suddenly there are conclusions to be drawn; conclusions that carry moral weight. I guess I've come of age. (p 322). One suspects that, had Stoll lived in the time of Galileo, he would have told that troublesome astronomer to quit acting like a child and grow up. The acknowledgments in the book list Stoll's e-mail address as: CLIFF@cfa.harvard.edu =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ + END THIS FILE + +=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+===+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=  Downloaded From P-80 International Information Systems 304-744-2253 12yrs+