Hackers in The Mist by Roger Blake (e-mail: rblake@ripco.com) December 2, 1994 Anthropology C99 Independent Study Northwestern University Abstract: In this article I explore the culture of computer hackers. Through interviews and time spent with hackers, I have come to appreciate their respect for information. In this culture information is looked upon as the key to status, wealth, and power. Hackers use information to gain status within their group, and power over their environment. Whether in someone's head or on a disk, information is the means by which hacker society is stratified. Table of Contents: Abstract Table of Contents Forward The Project The Researcher The Target Culture Why Hackers Hack Who Are Hackers? Profile of a Hacker What Hackers do When they are not Hacking The Hacker Personality What Hackers Do System Hacking Packet Sniffing Password Guessing Phreaking The Blue Box The Red Box Hacking Without Using Machines Social Engineering Trashing A Closer Look at Status What is Elite? The Information Economy How do Hackers Become Elite? Conclusion Afterward Appendix: Works Cited Hackers in The Mist Forward: The Project: Welcome to the computer age! In the few short decades since the advent of personal computing, human lives (at least in the Western setting) have been changed dramatically. Everything from a short trip to the supermarket to a common telephone call is somehow involved with computer technology. Even this article, which a few short years ago would have been written by hand or on a typewriter, is being written with help from a computer. Computers are everywhere, and effect our lives in dramatic ways. Computers and information technology are being integrated into all aspects of the human experience. Communication on every level is being sped up due to the influence of information technology. Today, whole societies with rituals and cultures all their own are forming themselves with the aid of computers. Face-to-face interaction is no longer necessary for social interaction. In that sense, computers are even revolutionalizing the way that individuals interact in a cultural context. In an attempt to understand exactly how the information revolution is affecting human culture, I chose to study a culture which exists primarily on-line. This research project deals with hackers, the seedy underbelly of cyberspace. I have spent time around these people, both on-line and in person, and have seen what they are capable of. Not only are they one of the most potentially powerful "on-line cultures", but probably one of the most intriguing as well. I am an avid computer user. The machines themselves, with all their bugs and quirks, can be quite interesting. What can be even more interesting is how people interact with these "thinking machines." People react to computers in different ways -- sometimes fear and sometimes acceptance. In the case of hackers, the interaction with computers is so seemingly irrational that it is a puzzle unto itself. With my research, I sought to understand why it is that people would go to such great lengths to gain an elite level of technological proficiency. I ended up gaining a better appreciation for how the changing face of information effecting our lives. The Researcher: In a lot of ways, this project is a reaction to my previous experiences as an ethnographer. As part of the degree requirements for the Anthropology Department at Northwestern University, I studied a religious group not far from where I lived. Although they were very nice people, I never felt like I had all that much common ground with them. I was only nineteen at the time, and the median age for the individuals in that target culture was around fifty. To make matters worse, I had to overcome my natural shyness to talk to a group of people with whom I did not feel like I had anything in common. With the hackers, on the other hand, I already had some common ground. Like the hackers, I gain much pleasure from computer use, and consequently spend large amounts of time on- line. I was also the same age as many of the hackers I was studying. There was no menacing generation gap between me and my target culture this time. All and all, I felt generally more comfortable around this target culture. Of course, there is an added advantage for the shy researcher in studying "on-line" cultures. It is much less threatening to approach people within the friendly confines of cyberspace, then it would be in person. Doing fieldwork in cyberspace is well suited to my personality. Similarly, I am personally well equipped to deal with the digital universe. I am familiar with all major operating systems, especially including Unix. Many other researchers would have had to spend valuable time acquainting themselves with the subtle intricacies of computer manipulation. However, since this is what I do with my free time, I do not have to waste research time learning the my way around. Of course, another added attraction of this project is that it allowed me to bring together two parts of my life. In my youth, I spent many late night hours, in front of a computer screen, calling BBSes (computer bulletein board systems). This project has allowed me to integrate my admiration for digital communities everywhere with my study of anthropology. While doing this project I was allowed to be ananthropologist and a computer user at the same time. In many ways, it was almost like not doing work. I could bask in the digital landscape and get academic credit for it. What fun! I enjoy working with computers, so in that sense my personal equation was a benefit. However, I did have the typical preconceived notions of my sub-culture. I was presently surprised to find hackers much more friendly then I had expected. For the most part they are pleasant company. They were also generally less menacing then I had previously imagined. During the course of this project, I was only threatened once, and apparently not very seriously. The hackers I have had contact with were not the malicious sociopaths that one might expect. I was not sure what to expect from this target culture, but I was happy to find out that hackers can be very pleasant company. The Target Culture: During the course of this project, I was fortunate enough to spend time with a gang of hackers, concentrated in the Chicago area. They call themselves L0CK, which is an acronym for Legion of Codez Kidz (the 0 is intentionally substituted for an 'o'). There are about ten members of this gang, all of whom I have at least spoken with. L0CK is not the only hacker gang populating the digital landscape, however, they were the only gang I had access to. Although I did have contact with hackers from other gangs, it was difficult to develoup a rapport with any other gangs. L0CK was in my hometown, and so was I. Developing a rapport took some time, and face-to-face interaction, which proximity allowed, was invaluable. Trust doen not come naturally to people who are doing illegal activities, and hackers are no exception. I do not think I could have gotten as good a rapport going with another gang without face-to-face interaction. For the most part, I am not aliasing hackers. In this culture, there is a custom of assigning oneself a handle. I am using the handles of my informants as opposed to aliasing aliases. Many hackers like to brag, so using their name in an article such as this, is, for them, just doing their bragging for them. Why Hackers Hack: For the most part this article will concern itself with hacker motivation. Why do hackers go through all the trouble to do what they do? Most people in society do not spend the time to break into computer systems. It does not have much appeal to them. Why then do certain people spend so much of their time and energy accomplishing these feats of technological wizardry? There are probably as many answers to that question as there are hackers (maybe more). It is important to realize that these people are individuals with their own hopes, fears, desires, and everything else that comes with being human. However, there are general patterns to the motivation behind the computer hacker's drive to manipulate technology. The problem of hacker motivation is probably one of the more interesting questions concerning this sub-culture. In order to put hacker motivation into an intellectual framework, I fell back on some basic anthropological theory. Max Weber believed that social stratification was based on three factors: wealth, power, and prestige (1922). Although having one of these factors does not necessarily entail having the other two, it does help. Weber's tri-partite system is very useful for explaining social status. However, in the 'computer age' it would almost be necessary to make some sort of addendum. Information is a very real part of the system that Weber presented. Hackers use information in order to get wealth, power, and prestige. Hackers rarely use information to gain wealth. This is not considered socially acceptable. As Sarlo reminded me in an interview, carding (using stolen credit card numbers for profit) is "poisen to the underground," and "doesn't make you a hacker, it makes you an idiot (Sarlo 1994: 12)." They do, however, use it within their group to stratify themselves. Hackers with the most information gain the highest prestige within the community. They also gain a great deal of power from that information. Most people can not cancel the phone service of those who upset them. To a truly proficient hacker, this is not a very difficult problem. Hacking involves the accumulation of knowledge, which is accompanied by the greater status and power. Who Are Hackers? Who exactly are these techno-wiz kids who could potentially have our technologically dependant civilization by the throat? Where did they come from, and how did they get to be that way? Could my son or daughter be a hacker? In order to understand this culture, it is important to consider who hackers are. Profile of a Hacker: One of my informants lent me a book entitled Information Warfare, by Winn Schwartau. He did not seem to have much regard for most of the contents of the book, but he pointed out one chapter in particular, which he believed had some truth to it. That chapter presented two profiles of a hacker, one from the hackers point of view and the other from the point of view of a clinical psychologist (Schwartau 1994: 196). According to the hackers with which Schwartau had contact, hackers tend to share certain characteristics in common. They are mostly male, between the ages of twelve and twenty-eight. Most are highly intelligent, but never did very well in school. Also, according to Schwartau, hackers consider themselves misfits and misunderstood. They have a history of dysfunctionalism in their families, and finally, they have trouble getting dates. From what I have seen of hackers, and my informants agree, this profile, is not very far from the truth. The youngest hackers I met were in high school, maybe fourteen or fifteen. It is hard to get any real information out of hackers, but this much is difficult to hide. The oldest hacker I met was, at least, in his late twenties. By his own admission, this is quite old for a hacker. Most hackers this old tend to move on, as has the relatively old hacker I spoke with. The hackers I met in person tended to be in there late teens and early twenties. Hackers in general, tend to come off as being quite intelligent. To get any sort of respect as a hacker, technical proficiency has to be demonstrated. Intelligence is almost a prerequisite for being a successful hacker. Hackers deal with technology, and it's manipulation. The successful manipulation of technology, or even people, by its very nature takes quite a bit of intelligence. Hackers seem to be, and most likely are, a very intelligent group. Although hackers are intelligent, it is interesting to note that very many of them are not university educated. Many of them do have some university background, but overall, a surprising number of them are self taught. Bloot commented that, "most hackers don't think that college has anything to offer them (Bloot 1994: 2)." As far as the family life of a hacker is concerned, it is really hard to say with any certainty. No one ever mentioned, to me any family problems. However, instances of abuse or other domestic problems are seldom discussed with prying outsiders, like ethnographic researchers. In an interview, DataPimp said "A lot of hackers lost control over their lives when they were kids. Not to many had control over their own lives. They found refuge in a place where they had total control [computing] (Datapimp 1994: 4)." Hackers are quick to identify themselves as a group which does not have the best social skills. In a usenet post advertising a hacker meeting there was a very appropriate quote which illustrates this aspect of hacker identity. The post read "Bask in the STUDLYNESS of untanned, skinny malnutritioned and socially maladroit computer hackers - LIVE!" This quote was of course, meant as a joke, hackers do seem to believe this about themselves. Although, hackers characterize themselves as 'socially maladroit' I did find them pleasant company. It is hard to believe that any group with that poor of a set of social skills would ever accomplish anything by means of social engineering. Although there are undoubtably some hackers with poor social skills, this is not always the case. Of course, from a researchers stand point, this is hard to evaluate. Most people who suffer from shyness are not going to try to make any kind of impression on a researcher. It is possible that the great majority of hackers are extremely 'socially maladroit,' and that I only met the out going ones. Hacking seems to be a predominantly white teen-age male phenomenon. I have met several hackers in person, and all of them have been of European descent. I might have met hackers of other races while on-line, however one of the most prominent features of IRC is that no one can see anyone else. I have been told that there are hackers of other races, but I have not met any. There does not seem to be any reason why hacking should be a uniquely white phenomenon. There just does not seem to be an abundance of minority hackers. One very surprising fact, was the abundance of female hackers. Although, all the hackers I met were white, a significant portion, about ten to fifteen percent, were female. Female hackers are a minority, but they do exist. This was very surprising to me, because most people do not think of women as getting involved in anything computer related. Fortunately, women are making advances in all facets of our society, and hackerdom is no exception. What Hackers do When They are not Hacking: Almost no one hacks professionally. There are a few hackers who eventually become security consultants, and get to hack for a living. However, this fate is reserved mostly for either the most accomplished hackers or the most indited. Very few members of the underground are hackers primarily. In many ways it is kind of like a hobby. Although there are instances of companies hiring hackers to beef up their own security, this is relatively rare. What is even more rare, is when a company will hire hackers for corporate espionage. Although these events make for exciting fiction, reality, unfortunately, is rarely that interesting. Most hackers work in the computer field either as a part of a company, or more commonly as a freelance consultant. Since hacking requires a great deal of technical proficiency, and that very proficiency is quite a marketable trait. Hackers are very employable people when they are not accomplishing some technological feat of wizardry. The Hacker Personality: Schwartau presents hackers as suffering from some sort of "clinical narcissistic personality disorder (Schwartau 1994: 196)." Although this might be a component of certain hackers' personalities, this is an uneasy generalization of what hackers are like, as well as their motivation. However, it is generally possible to put hackers into two very opposite groups, the paranoid, and the talkative. This is more of a spectrum in which individual hackers might fall, then an actual grouping. For the most part, all the hackers I had contact with would fall somewhere in between these two extremes. Paranoid hackers have some very good reasons to be paranoid. Not only does their own government want them stopped, but several of their friends could destroy their lives with little or no effort. Trying to keep ahead of the FBI, the Secret Service, and most of all, your own associates, can get rather taxing, and paranoia is an understandable result. A very talkative hacker, who calls himself Guido Sanchez had this to say about paranoid hackers, during a tape recorded interview: There are paranoid hackers out there, like a couple people that we know, that are so paranoid about giving out their real information. Like when I say... They are fun to have fun with. "Yeah, hey who are you doing, Mr. Smith, hahaha, of 666 Psychopath." They get really freaked out. Once you realize, I could care less if you knew my real information because, I mean as long as you knew how to react to it. Talkative hackers, on the other hand, are wonderful for interviewing. Talkative hackers love to brag, and the curious researcher is an all too willing outlet for that bragging (Sanchez 1994: 8). What Hackers Do: According to Guido Sanchez, hacking is "using your knowledge of usually technology, sometimes people, and human nature. It's using your technology to get things that no one else normally could (Sanchez 1994: 1)." Hacking any sort of system, whether it is electronic or social, results in the hacker gaining some sort of control, and therefore power, over that system. Knowledge of how a system functions is converted into power over that system. System Hacking: For the most part, computer hackers gain unauthorized access into computers running Unix. The reason for this is simple. Most mainframe computers, which are accessible either by modem or network run the Unix operating system. The fact that Unix is so widely used makes it's own downfall. Many people use Unix, therefore many people have knowledge of it. That knowledge can, of course, be used to manipulate the system, and even take it over. There are several means of gaining control over a computer system, and several more are being discovered every day. As individuals learn more about Unix, more and more security holes are uncovered. Every day, hackers come up with a new ways of turning information (knowledge) into control of a computer system and the power with people invest in it. Packet sniffing: One of the easiest ways of gaining acces to a computer is to do what is known as packet sniffing. This procedure involves listening to data transmissions and logging the interesting ones to a disk. On any computer network, such as The Internet, when data goes from one computer to another it has to pass through several other computers as well. Hackers will often use software to listen for key strings of characters such as 'login:' or 'password' and use that to collect passwords. Any time someone uses telnet to login remotely into a computer, their password is vulnerable. I have seen packet sniffing logs and can honestly say that this is a safe and effective means of collecting people's passwords. No account is secure, unless it is never accessed (and even then it is not very secure). Password Guessing: Once a hacker has access to a system they will often try to decode the password file. In Unix the password file is kept in the '/etc' directory. In most modern Unix systems the passwords are shadowed. What that means is that the password is not kept in the actual password file, but is hidden somewhere else. This is only a problem to the novice hacker. More advance hackers will often try to copy the password file by using the send mail port on Unix (port 25). This port does not have any security on it, because it is expected to receive file transmissions in the form of e-mail from any computer on earth. I do not quite understand how this works, but I have seen hackers use this port to capture a shadowed password file. Once a password file, or a copy of it, is obtained, it is mostly useless in it's raw state. Passwords are encrypted in a very complicated way, which makes them impractical to decode by conventional means. This is where password guessing comes into play. Software packages such as Crack and CrackerJack, will go through password files and try to guess people's individual passwords. Password guessers employ large dictionary files, which are multi-megabyte lists of words. The words compared against the encrypted password file until matches are made. Once the program makes a match, it is logged, and the hacker has access to yet another account. Roger Safian, security 'expert' for Northwestern University, has run password guessers on his own system and had good results (Safian 1994: 1). According to Safian, he managed to gain the passwords for over two thousand accounts in under one weekend. Actual hackers I have spoken with have also affirmed the relative merits of password guessing software. Protecting one's self from password guessing is very difficult. The word lists that password guessers draw from are so exhaustive as to encompass several different languages. The best thing to do is not to chose a word or combination of words as a password. Combining letters with numbers also helps, but in the end, there is not much that can be done. A good password guesser, run long enough, will try every alpha numeric combination. The only thing a user can hope for is to have a password that the hacker will give up on before it is guessed. Password guessing can take a long time with odd passwords. Phreaking: In modern Western culture, the telephone is relied upon. It is so much a part of every day existence, that it is only noticed by it's absence. The various phone companies who regulate this institution have a great deal of power and influence over our lives (not to mention influence with law enforcement agencies). There is a wealth of power available to those who have the knowledge to manipulate the telephone system. Phreaking is the practice of intentionally misusing, from the phone companies perspective, telephone technology. Although phreaking is practiced by most hackers, unlike other hacks, it does not, for the most part, destroy the illusion of privacy in America. However, it is a form of hacking that is widely practiced, and very intriguing to anyone who has gotten really high phone bills. Most phreaking is done with what are called boxes. A box is any means by which phreaking is accomplished. Usually, a box is some sort of gadget which is inside a literal box, but this is not always true. The beige box, which is a procedure, is the only box which is not an object. Boxes are differentiated from each other by descriptive adjectives, which are usually colors. Usually, the boxes get named after what the first one looked like, or what the inventor chooses. The first blue box, for example, was blue, and the chasse of the first cheese box originally held cheese. The Blue Box: This is an old favorite of phreakers everywhere. This box used to be very popular with college students, especially at technical schools. As a matter of fact, Steve Wosniak and Steve Jobs, were originally in the business of making and selling blue boxes while still in college. Fortunately, they have since moved on to more reputable aspects of the computer industry. This box allows the user to make free phone calls anywhere in the world, from any phone in the United States. It uses a system of tones to trick the telephone system into letting the user seize trunk lines. Trunk lines are large phone lines from which all the individual phone lines stem from. Once a trunk line is seized, out-going phone calls can be made with no one to bill them to. A blue box emits DTMF tones, which are the same tones which are heard when dialing a normal phone. It also emits another tone, whose frequency is 2600hrz. This tone is what actually allows the user to make free phone calls. Using a blue box is relatively simple. First, pick up the receiver of a phone and dial a toll free number (any number in the 800 area code). United States law requires these numbers, as well as directory assistance, to be accessible from any public pay phone. While the phone is ringing, play the 2600hrz sound into the receiver. This will make the switching equipment think that you have hung up the phone. Do not really hang up the phone, or you will have to start all over. At this point, you have control over a trunk line, and you can use the other tones on the blue box to dial the number you are trying to reach. The billing equipment will not keep notice this call, because the 2600hrz tone is the same tone that the switching equipment uses to signal an end of a call. As far as the billing equipment is concerned, you have already hung up the phone! Be warned about the safety of using blue boxes. In the past few years, most RBOCs (Regional Bell Owned Companies) have taken steps to monitor blue boxing. Although, blue boxes still 'work,' the calls made are also logged by telephone company computers. The phone company will know the general area from which the call was originated and also the number which was dialed. Telco security officials check these logs, and will question anyone who receives telephone calls that were blue boxed. Either stay away from blue boxes, or only call people who have very short memories. The Red Box: The red box works specifically on pay phones. Each time a coin is put into a pay phone that phone relays an acoustic signal to a telephone company computer. Pay phone use sounds to tell a computer how much money has been deposited into it. A red box, emulates those tones thus fooling that computer into thinking that the user has deposited money into the pay phone. Like a blue box, the red box produces tones which must be played into the receiver of the telephone. This box is very simple to use. Simply, pick up the phone play the correct amount of tones into the receiver, and dial. Unlike a blue box, this box can only be used from a pay phone. Although this may be slightly inconvenient, it is a generally safer method of phreaking. Red boxes are similar to use, as well as make. Radio Shack sells 'pocket dialers' which can be easily modified into red boxes. Personally, I find it a bit hard to believe that anyone buys pocket dialers for any other purpose. Why would anyone need to buy a device which allows push button phones to be dialed? In any case, a look inside one of these devices will give an indication as to how easy they are to modify. All that has to be done is replace the quartz crystal (which is conveniently placed all by itself for easy access) with a 6.5535 megahrz crystal. If one chooses to use a modified Radio Shack pocket dialer, just press the '*' key to emulate a nickel being deposited. To emulate a dime press that same key twice, and to emulate a quarter press it five times. If pressing a key so many times is inconvenient, remember that radio shack has provided a memory function in their auto dialers. Instead of pressing the '*' key five times in rapid succession, just program one of the phone numbers as '*****' to emulate a quarter. Red boxing is a relatively safe and easy means of phreaking. However, at this point in time, phone companies are taking measures to make red boxes useless. Pay phones, called phortress phones, do not accept tonal input from the receiver unless the proper amount of money has been deposited. Of course, unscrewing the receiver and touching a piece of metal to the ends of the speaker there will take care of that problem (that measure was used in the movie War Games, however, the film makers left out the part about the red or blue boxes). Also, phone companies are starting to introduce payphones that differentiate between real coin tones and red box tones. Hacking Without Using Machines: Social Engineering: Social engineering is the practice of conning people. For the most part people are manipulated in order to gain information or some sort of access. This is a highly valued skill amongst hackers, and a quite useful one as well. Instead of performing some near super-human feat of arcane Unix trickery, it is often times easier just to ask someone for their password. A surprising amount of critical information can be gained from conversations with people. Most tech-support personal, for example, do not expect to have hackers on the other end of the phone. A clever hacker can impersonate a frustrated user and get such information as dial-ups and publicly accessible logins. To most users, this information is relatively benign. However, to a certain portion of the computer literate population, this information can be used to gain control over computer systems and the data with which they are entrusted. Trashing: Another way of gaining valuable information, and the power that goes with it, is by trashing. Trashing is the practice of going through another's refuse in order to gain information. Hackers actually get together in groups and go through people's dumpsters. I can personally vouch for the effectiveness of this means of information gathering. L0Ck allowed me to participate in a trashing session, and I was amazed as to what people were willing to throw out (Field Notes 1994: 5). The hackers and I set out to go trashing at around 9:00pm on a Friday night. The trash in question belonged to local Internet provider, called XYZ Communications (an alias) located in downtown Chicago. There were about ten hackers and myself, and it took us about a half hour to sift through an entire dumpster. Much to my surprise, we found several users passwords which had been written down and discarded. Even more shockingly, we found many credit card numbers of subscribers to this Internet provider. Apparently, XYZ Communications has a subscribe by fax service whereby the subscribers are asked to fax in their credit card numbers. Once these faxes are processed they are discarded, and hackers, or anyone else, can come by and gather a slew of credit card numbers with expiration dates. For me, this experience was a rude awakening. How many people had I given my credit card number to, and who had it now? All of this was very unsettling, and proved the power of trashing as a means of information gathering. The hacker gang I was with was compiling the credit card numbers for a prank against XYZ Communication. They were trying to alter the XYZ's computers so that when subscribers were looked up by someone using the finger command in Unix, a message would displayed about the relative safety of subscribing to XYZ. Along with that message, the the subscriber's type of credit card and expiration would also be displayed. The hackers with which I have had contact, considered a prank a worthy use of credit information. Although manipulation of credit card data for personal gain (called carding), would seem to make sense as a hack, this is not socially acceptable in this sub-culture. Carding is the reason behind most hacker arrests and is considered to be very foolish. The secret service is willing to overlook a surprising amount of hacking, but no law enforcement agency is willing to overlook a credit card thief. A Closer Look at Status: Since this article is about hackers being motivated by a drive towards high status, it becomes necessary to examine that high status itself. In order to understand what hackers are working towards the folk term elite must be understood. What is Elite? Elite was initially a code word for underground computer bulletin boards. As Guido Sanchez, hacker and operator of an underground bulletin board, said, "I guess the code word for a pirate bulletin board would be an elite bulletin board. You call up and you would say 'hey, can I have elite access?' You know, 'cause I guess they suspected that law enforcement wouldn't know how to say 'elite' in a new user application (Sanchez 1994: 1)." Back in the earlier days of underground BBSing (calling up computer bulletin boards), elite was synonymous with the illicit activities which would occur in the confines of certain bulletin boards. If someone were to ask for elite access, they would be asking for access to illicit sections of bulletin boards. The Golden Era of Hacking has long since passed on. According to Datapimp it lasted from 1984 to 1988 (Datapimp 1994: 8). Although BBSing is still a popular pastime, especially amongst hackers, the term elite is no longer primarily associated with illicit activities. According to maxEpoo, an elite hacker, the term elite now is "a synonym to "cool" more or less (maxEpoo 1994: 2)." He also went on the explain that elitness is "a combination of status and how good you are at what you do (maxEpoo 1994: 2)." In this sub-culture people are judged, ideally, on their technical proficiency. If you want to be considered 'cool' in hacker social circles it is necessary to be somewhat technically proficient. Elitness is therefore dependant upon technical proficiency. The Information Economy: In hacker circles elitness is measured by the amount of knowledge one has. Knowledge, which is all too easily turned into power, is also, in the case of hackers, turned into status. An elite hacker is one who possess a great deal of knowledge. This knowledge is either in their head or in the form of computer data. Since knowledge is seen as the key to elitness (high status), it is very highly valued. So much so, in fact, that an information economy has developed on-line. This is how Guido Sanchez, who operates his own Bulletin Board described the information economy: "It's a commodity system, with the pirates, with the adult text file people, with the virus community. I mean, I had a board called Nun-Beaters Anonymous, which is still up, that had all these viruses on it for free, and usually you would have to get a hundred file points, which is basically, you upload something, you get so many file points. A hundred file points was supposed to be a lot, and then you get to download a virus. That's how it was on most boards. So many people took advantage of that. I mean they just downloaded three hundred viruses from my board and then just put it up on their own board, and I just completely flooded the market. And most local boards still have the original NBA package of viruses. I think even Ripco did that with text files. And it turned into such a commodity market. Most people don't even read the text files. They say 'oh yeah, there's that new text file,' and they don't even read the thing. They just use it as commodities to show how elite they are (Sanchez 1994: 6)." Hackers realize the value of information, and they go to great lengths to possess it. Whether it be sifting through someone's trash (trashing), or risking your freedom by trying to break into government databases. Information is of such great value to these people that an economy of information has developed. Sarlo echoed the above sentiment by saying, "Yeah, and basically, if you look at money, that's all that money is is information. It is a unit of information, so you know 'OK, so I'm this rich...' It's basically a conceptual (Sarlo 1994: 6)." It is not very difficult to see parallels to the information economy in other aspects of life, apart from computing. For example, as a college student, I pay a great deal of money for the privilege of obtaining information. My tuition is, in essence, a monetary sum attached to the quantity and quality of information I am supposed to obtain. Data can be given a monetary value and be traded like any other commodity. How do hackers become elite? Elitness is an acquired status. Elitness is a knowledge and the technical proficiency which comes with it translated as status. This technical proficiency has to be demonstrated in some way or another in order for an individual to be considered elite. A hacker must some how acquire a knowledge base and then demonstrate this knowledge to his or her cohorts. Usually, knowledge of general computer related subjects is picked up the same way non-hackers might learn it. Hackers learn about computers through books, classes, and personal experimentation. Knowledge of hacking, in particular, comes from other hackers, either through conversation or text files traded on bulletin boards. Hackers usually get that knowledge by experimenting or by asking other hackers. Chanda Lier, for example, being a female got others to give her hacking information quite easily. According to an interview in Phrack (a hacker magazine) "She was dumbfounded, and being female, there were 30 guys on the conference ready and willing to provide her with information as to origins of loops, conferences, boxing, etc. Scott (Hack-Man) later filled her in on the rest, gave her more numbers and such and that's where it [her career in the computer underground] all began (Phrack 23)." Hackers are often unwilling to give advice to those who are not already technically proficient. MaxEpoo described his rise to elitness by saying, "initially, when I first started, I got mine [elitness] from bullshitting people into believing I was already a very good hacker/whatever. Eventually people got word and I just moved up from there... I was actually very out of 'the know', but I got inside info from people who thought I was 'elite' or cool (maxEpoo 1994: 2)" As in the cases of maxEpoo and Chanda Leir some social engineering (either in the form of feminine wiles or social engineering) was required to get more knowledge. Conclusion: Hackers want to become elite. Everyone wants high status, and in hacker culture high status is measured by the amount of information one has. Since, in this culture, information is the key to status, and information is also a means to get power (the old adage knowledge is power is very true in hacker circles), an information economy has developed. Hackers trade information in hopes of getting more information and thus becoming more elite. Elitness/high status is based in information. Afterward: Hackers hack for a variety of different reasons. They are, after all, human beings with all the personal baggage that goes with that status. Not all hackers are alike. Some hack for prestige, some for intellectual curiosity, and some for reasons I probably cannot imagine. Intentional Misuse, for example, expressed that his hacking is much more "passive" then that of most hackers (apparently some hackers are into machismo) (Misuse 1994: 1). With regards to his own hacking, Guido Sanchez said, "There's somethings that I'll hack for. I'll hack for women; I'll hack to get inside a girl's pants, but I won't hack for America, ok? Now, I'm not exactly sure why that is... (Sanchez 1994: 2)" MaxEpoo compared his own hacking to playing a sport, except that people "don't get arrested for playing most sports (maxEpoo 1994: 3)." Hackers are human beings, and although I have tried to express their hacking as a prestige/power/wealth gaining enterprise, it is important to realize that hackers have their own reasons. Although elitness a part of hacker culture, it is far from being the only thing. Computer technology has sped up communication so much that cultural history can now travel at the speed of light. As Datapimp said "it's hard to do write anything on us cause we can literally change from day to day (Datapimp 1994: 7)." Hackers have lightning fast communication at their finger-tips. By the time pen meets paper, or even fingers meet keyboard, any ethnographic data is pretty much out of date. Hackers, when I knew them, were a really good example of how data can be translated into status, power, and wealth. They used their knowledge to get status in the form of prestige from other hackers. They also used their knowledge to get power over their environment (hacking systems that normally have power over most people, like the phone system). Finally, knowledge was even able to be translated into money with lucrative consulting jobs. Not only is knowledge power, but it can also be prestige and wealth too. Works Cited Blootin 1994/11/25 interviewed by Roger Blake, at Willard Hall Datapimp 1994/11/12 interviewed by Roger Blake, on IRC Intentional Misuse 1994/12/1 interviewed by Roger Blake, at the 3rd Coast Cafe maxEpoo 1994/11/30 interviewed by Roger Blake, on IRC Phrack Magazine 1989/2/25 Issue 24, available via ftp://ftp.eff.org/pub/CuD/Phrack Safian, Roger 1994/10/26 interviewed by Roger Blake, in his office Sanchez, Guido 1994/10/16 interviewed by Roger Blake, in Burger King Sarlo, 1994/10/16 interviewed by Roger Blake, in Burger King Schwartau, Winn 1994, Information Warfare, Thunder's Mouth Press