GENWiki

Premier IT Outsourcing and Support Services within the UK

User Tools

Site Tools

Problem, Formatting or Query -  Send Feedback

Was this page helpful?-10+1


archive:100:hack_ths
                          NORTHERN ILLINOIS UNIVERSITY
               THE SOCIAL ORGANIZATION OF THE COMPUTER UNDERGROUND
                    A THESIS SUBMITTED TO THE GRADUATE SCHOOL
                   IN PARTIAL FULFILLMENT OF THE REQUIREMENTS
                                 FOR THE DEGREE
                                 MASTER OF ARTS
                             DEPARTMENT OF SOCIOLOGY
                                       BY
                                 GORDON R. MEYER
                                 %CompuServe: 72307,1502%
                                 %GEnie: GRMEYER%
                                DEKALB, ILLINOIS
                                   AUGUST 1989
                                    ABSTRACT
           Name: Gordon R. Meyer            Department: Sociology
           Title: The Social Organization of the Computer Underground
           Major: Criminology               Degree: M.A.
           Approved by:                     Date:
           __________________________       ________________________
           Thesis Director
                        NORTHERN ILLINOIS UNIVERSITY
                                    ABSTRACT
             This paper examines the social organization of the
             "computer underground" (CU).  The CU is composed of
             actors in three roles, "computer hackers," "phone
             phreaks," and "software pirates."  These roles have
             frequently been ignored or confused in media and other
             accounts of CU activity. By utilizing a data set culled
             from CU channels of communication this paper provides
             an ethnographic account of computer underground
             organization. It is concluded that despite the
             widespread social network of the computer underground,
             it is organized primarily on the level of colleagues,
             with only small groups approaching peer relationships.
             Certification: In accordance with departmental and
                            Graduate School policies, this thesis
                            is accepted in partial fulfillment
                            of degree requirements.
                            _____________________________________
                            Thesis Director
                            _____________________________________
                            Date
                                 ACKNOWLEDGMENTS
                       FOR CRITIQUE, ADVICE, AND COMMENTS:
                               DR. JAMES L. MASSEY
                                 DR. JIM THOMAS
                             DR. DAVID F. LUCKENBILL
                         FOR SUPPORT AND ENCOURAGEMENT:
                                  GALE GREINKE
                               SPECIAL THANKS TO:
                          D.C., T.M., T.K., K.L., D.P.,
                                 M.H., AND G.Z.
                           THIS WORK IS DEDICATED TO:
                                 GEORGE HAYDUKE
                                       AND
                                   BARRY FREED
                                TABLE OF CONTENTS
             Introduction . . . . . . . . . . . . . . . . . . .    1
             Methodology  . . . . . . . . . . . . . . . . . . .    6
             What is the Computer Underground?  . . . . . . . .   11
             Topography of the Computer Underground . . . . . .   20
                  Hacking     . . . . . . . . . . . . . . . . .   20
                  Phreaking . . . . . . . . . . . . . . . . . .   21
                  Pirating    . . . . . . . . . . . . . . . . .   24
             Social Organization and Deviant Associations . . .   28
             Mutual Association . . . . . . . . . . . . . . . .   31
             The Structure of the Computer Underground  . . . .   33
                  Bulletin Board Systems    . . . . . . . . . .   33
                       Towards a BBS Culture  . . . . . . . . .   37
                  Bridges, Loops, and Voice Mail Boxes    . . .   53
                  Summary   . . . . . . . . . . . . . . . . . .   57
             Mutual Participation . . . . . . . . . . . . . . .   59
                  Pirate Groups   . . . . . . . . . . . . . . .   63
                  Phreak/hack groups    . . . . . . . . . . . .   64
                  Summary   . . . . . . . . . . . . . . . . . .   67
             Conclusion . . . . . . . . . . . . . . . . . . . .   69
             REFERENCES . . . . . . . . . . . . . . . . . . . .   75
             APPENDIX A. COMPUTER UNDERGROUND PSEUDONYMS  . . .   76
             APPENDIX B.
               NEW USER QUESTIONNAIRE FROM A PHREAK/HACK BBS  .   77
                                  Introduction
                  The proliferation of home computers has been
             accompanied by a corresponding social problem involving
             the activities of so-called "computer hackers."
             "Hackers" are computer aficionados who "break in" to
             corporate and government computer systems using their
             home computer and a telephone modem.  The prevalence of
             the problem has been dramatized by the media and
             enforcement agents, and evidenced by the rise of
             specialized private security firms to confront the
             "hackers."  But despite this flurry of attention,
             little research has examined the social world of the
             "computer hacker." Our current knowledge in this regard
             derives from hackers who have been caught, from
             enforcement agents, and from computer security
             specialists.  The everyday world and activities of the
             "computer hacker" remain largely unknown.
                  This study examines the way actors in the
             "computer underground" (CU) organize to perform their
             acts. The computer underground, as it is called by
             those who participate in it, is composed of actors
             adhering to one of three roles: "hackers," "phreakers,"
             or "pirates." To further understanding this growing
             "social problem," this project will isolate and clarify

^

                                                                   8
             these roles, and examine how each contributes to the
             culture as a whole. By doing so the sociological
             question of how the "underground" is organized will be
             answered, rather than the technical question of how CU
             participants perform their acts.
                  Best and Luckenbill (1982) describe three basic
             approaches to the study of "deviant" groups.  The first
             approach is from a social psychological level, where
             analysis focuses on the needs, motives, and individual
             characteristics of the actors involved.  Secondly,
             deviant groups can be studied at a socio-structural
             level.  Here the emphasis is on the distribution and
             consequences of deviance within the society as a whole.
             The third approach, the one adopted by this work, forms
             a middle ground between the former two by addressing
             the social organization of deviant groups.   Focusing
             upon neither the individual nor societal structures
             entirely, social organization refers to the network of
             social relations between individuals involved in a
             common activity (pp. 13-14).  Assessing the degree and
             manner in which the underground is organized provides
             the opportunity to also examine the culture, roles, and
             channels of communication used by the computer
             underground. The focus here is on the day to day
             experience of persons whose activities have been

^

                                                                   9
             criminalized over the past several years.
                  Hackers, and the "danger" that they present in our
             computer dependent society, have often received
             attention from the legal community and the media. Since
             1980, every state and the federal government has
             criminalized  "theft by browsing" of computerized
             information (Hollinger and Lanza-Kaduce, 1988, pp.101-
             102). In the media, hackers have been portrayed as
             maladjusted losers, forming "high-tech street gangs"
             (Chicago Tribune, 1989) that are dangerous to society.
             My research will show that the computer underground
             consists of a more sophisticated level of social
             organization than has been generally recognized. The
             very fact that CU participants are to some extent
             "networked" has implications for social control
             policies that may have been implemented based on an in-
             complete understanding of the activity. This project
             not only offers sociological insight into the organ-
             ization of deviant associations, but may be helpful to
             policy makers as well.
                  I begin with a discussion of the definitional
             problems that inhibit the sociological analysis of the
             computer underground. The emergence of the computer
             underground is a recent phenomenon, and the lack of
             empirical research on the topic has created an area

^

                                                                  10
             where few "standard" definitions and categories exist.
             This work will show that terms such as "hacker,"
             "phreaker," and "pirate" have different meanings for
             those who have written about the computer underground
             and those who participate in it. This work bridges
             these inconsistencies by providing definitions that
             focus on the intentions and goals of the participants,
             rather than the legality or morality of their actions.
                  Following the definition of CU activities is a
             discussion of the structure of the underground.
             Utilizing a typology for understanding the social
             organization of deviant associations, developed by Best
             and Luckenbill (1982), the organization of the
             computer underground is examined in depth.
                  The analysis begins by examining the structure of
             mutual association. This provides insight into how CU
             activity is organized, the ways in which information is
             obtained and disseminated, and explores the subcultural
             facets of the computer underground.  More importantly,
             it clearly illustrates that the computer underground is
             primarily a social network of individuals that perform
             their acts separately, yet support each other by
             sharing information and other resources.
                  After describing mutual association within the
             underground community, evidence of mutual participation

^

                                                                  11
             is presented. Although the CU is a social network, the
             ties developed at the social level encourage the
             formation of small "work groups." At this level, some
             members of the CU work in cooperation to perform their
             acts. The organization and purposes of these groups are
             examined, as well as their relationship to the CU as a
             whole. However, because only limited numbers of
             individuals join these short-lived associations, it is
             concluded that the CU is organized as colleagues. Those
             who do join "work groups" display the characteristics
             of peers, but most CU activity takes place at a fairly
             low level of sophistication.

^

                                                                  12
                                  Methodology
                  Adopting an ethnographic approach, data have been
             gathered by participating in, monitoring, and cata-
             loging channels of communication used by active members
             of the computer underground. These channels, which will
             be examined in detail later,  include electronic
             bulletin board systems (BBS), voice mail boxes,
             bridges, loops, e-mail, and telephone conversations.
             These sources provide a window through which to observe
             interactions, language, and cultural meanings without
             intruding upon the situation or violating the privacy
             of the participants.  Because these communication
             centers are the "back stage" area of the computer
             underground, they provided insight into organizational
             (and other) issues that CU participants face, and the
             methods they use to resolve them.
                  As with any ethnographic research, steps have been
             taken to protect the identity of informants.  The
             culture of the computer underground aids the researcher
             in this task since phreakers, hackers, and pirates
             regularly adopt pseudonyms to mask their identity.
             However to further ensure confidentiality, all of the
             pseudonyms cited in this research have been changed by
             the author. Additionally, any information that is

^

                                                                  13
             potentially incriminating has been removed or altered.
                  The data set used for this study consists
             primarily of messages, or "logs," which are the primary
             form of communication between users.  These logs were
             "captured" (recorded using the computer to save the
             messages) from several hundred computer bulletin
             boards1 located across the United States.  The bulk of
             the data were gathered over a seventeen month period
             (12/87 to 4/89) and will reflect the characteristics of
             the computer underground during that time span.
             However, some data, provided to the researcher by
             cooperative subjects, dates as far back as 1984.
                  The logged data were supplemented by referring to
             several CU "publications."  The members of the computer
             underground produce and distribute several technical
             and tutorial newsletters and "journals."  Since these
             "publications" are not widely available outside of CU
             circles I have given a brief description of each below.
                  Legion of Doom/Hackers Technical Journal.  This
             ____________________
                  1 Computer Bulletin Boards (BBS) are personal
             computers that have been equipped with a telephone
             modem and special software. Users can connect with a
             BBS by dialing, with their own computer and modem, the
             phone number to which the BBS is connected. After
             "logging in" by supplying a valid user name and pass-
             word, the user can leave messages to other users of the
             system.  These messages are not private and anyone
             calling the BBS can freely read and respond to them.
                                                                  14
             publication is written and distributed by a group known
             as "The Legion of Doom/Legion of Hackers" (LoD/H).  It
             is available in electronic format (a computer text
             file) and contains highly technical information on
             computer operating systems. As of this writing, three
             issues have been published.
                  PHRACK Inc.:  Phrack Inc is a newsletter that
             contains various articles, written by different
             authors, and "published" under one banner.  Phrack
             Inc's first issue was released in 1985, making it the
             oldest of the electronically distributed underground
             publications.  CU participants are invited to submit
             articles to the editors, who release a new issue when a
             sufficient number (about nine) of acceptable pieces
             have been gathered. Phrack also features a lengthy
             "World News" with stories about hackers who have been
             apprehended and interviews with various members of the
             underground. As of this writing twenty-seven issues of
             Phrack, have been published.
                  Phreakers/Hackers Underground Network (P/Hun):
             Like Phrack, P/Hun collects articles from various
             authors and releases them as one issue.  Three issues
             have been published to date.
                  Activist Times, Incorporated (ATI): Unlike the
             other electronically distributed publications, ATI does

^

                                                                  15
             not limit itself to strictly computer/telephone news.
             Articles normally include commentary on world and
             government events, and other "general interest" topics.
             ATI issues are generally small and consist of articles
             written by a core group of four to seven people.
             Unlike the publications discussed thus far, ATI is
             available in printed "hard copy" form by sending
             postage reimbursement to the editor.  ATI is currently
             on their 38th issue.
                  2600 Magazine:  Published in a traditional
             (printed) magazine format, 2600 (named for the
             frequency tone used to make free long distance phone
             calls) is arguably an "underground" publication as it
             is available on some newsstands and at some libraries.
             Begun in 1987 as a monthly magazine, it is now
             published quarterly. Subscription rates are $25.00 a
             year with a complete back-issue selection available.
             The magazine specializes in publishing technical
             information on telephone switching systems, satellite
             descrambling codes, and news about the computer
             underground.
                  TAP/YIPL: First established in 1972 as YIPL (Youth
             International Party Line), this publication soon
             changed its name to TAP (Technical Assistance Party).
             Co-founded by Abbie Hoffman, it is generally recognized

^

                                                                  16
             as the grandfather of computer underground
             publications.  Publication of the 2-4 page newsletter
             has been very sporadic over the years, and currently
             two different versions of TAP, each published in
             different areas of the country, are in circulation.
                  Utilizing a data set that consists of current
             message logs, old messages logs, and various CU
             publications yields a reasonably rich collection from
             which to draw the analysis.  Examination of the older
             logs and publications shows that while the actors have
             changed over the years, cultural norms and
             characteristics have remained consistent over time.

^

                                                                  17
                        What is the Computer Underground?
                  Defining the "computer underground" can be
             difficult. The sociologist soon finds that there are
             several competing definitions of computer underground
             activity.  Those who have written on the subject, the
             media, criminologists, computer programmers, social
             control agents, and CU participants themselves, have
             adopted definitions consistent with their own social
             positions and perspectives. Not surprisingly, these
             definitions rarely correspond. Therefore, before
             discussing the organization of the computer
             underground, it is necessary to discuss and compare the
             various definitions.  This will illustrate the range of
             beliefs about CU activity, and provide a springboard
             for the discussion of types of roles and activities
             found in the underground.
                  We begin with a discussion of the media image of
             computer hackers. The media's concept of "hackers" is
             important because the criminalization of the activity
             has largely occurred as the result of media drama-
             tization of the "problem" (Hollinger and Lanza-Kaduce,
             1988). In fact, it was a collection of newspaper and
             film clips that was presented to the United States
             Congress during legislative debates as evidence of the

^

                                                                  18
             computer hacking problem (Hollinger and Lanza-Kaduce,
             1988, p.107).  Unfortunately, the media assessment of
             the computer underground displays a naive understanding
             of CU activity.
                  The media generally makes little distinction
             between different types of CU activity. Most any
             computer-related crime activity can be attributed to
             "hackers."  Everything from embezzlement to computer
             viruses have, at one time or another, been attributed
             to them. Additionally, hackers are often described as
             being sociopathic or malicious, creating a media image
             of the computer underground that may exaggerate their
             propensity for doing damage.
                  The labeling of hackers as being "evil" is well
             illustrated by two recent media examples. The first is
             from Eddie Schwartz, a WGN-Radio talk show host. Here
             Schwartz is addressing "Anna," a self-identified hacker
             that has phoned into the show:
                  You know what Anna, you know what disturbs
                  me? You don't sound like a stupid person but
                  you represent a . . . a . . . a . . . lack of
                  morality that disturbs me greatly. You really
                  do. I think you represent a certain way of
                  thinking that is morally bankrupt. And I'm
                  not trying to offend you, but I . . . I'm
                  offended by you! (WGN Radio, 1988)
                  Just two months later, NBC-TV's "Hour Magazine"
             featured a segment on "computer crime."  In this
             example, Jay Bloombecker, director of the National

^

                                                                  19
             Center for Computer Crime Data, discusses the "hacker
             problem" with the host of the show, Gary Collins.
                  Collins: . . . are they %hackers% malicious
                  in intent, or are they simply out to prove,
                  ah, a certain machismo amongst their peers?
                  Bloombecker: I think so. I've talked about
                  "modem macho" as one explanation for what's
                  being done. And a lot of the cases seem to
                  involve %proving% %sic% that he . . . can do
                  something really spiffy with computers. But,
                  some of the cases are so evil, like causing
                  so many computers to break, they can't look
                  at that as just trying to prove that you're
                  better than other people.
                  GC: So that's just some of it, some kind of
                  "bet" against the computer industry, or
                  against the company.
                  JB: No, I think it's more than just
                  rottenness. And like someone who uses
                  graffiti doesn't care too much whose building
                  it is, they just want to be destructive.
                  GC: You're talking about a sociopath in
                  control of a computer!
                  JB: Ah, lots of computers, because there's
                  thousands, or tens of thousands %of hackers%
                  (NBC-TV, 1988).
                  The media image of computer hackers, and thus all
             members of the computer underground, is burdened with
             value-laden assumptions about their psychological
             makeup, and focuses almost entirely upon the morality
             of their actions.  Additionally, since media stories
             are taken from the accounts of police blotters,
             security personnel, and hackers who have been caught,
             each of whom have different perspectives and

^

                                                                  20
             definitions of their own, the media definition, if not
             inherently biased, is at best inconsistent.
                  Criminologists, by way of contrast, have done
             little to define the computer underground from a
             sociological perspective.  Those criminological
             definitions that do exist are less judgmental than the
             media image, but no more precise. Labels of
             "electronic trespassers" (Parker, 1983), and
             "electronic vandals" (Bequai, 1987) have both been
             applied to hackers.  Both terms, while acknowledging
             that "hacking" is deviant, shy away from labeling it as
             "criminal" or sociopathic behavior.  Yet despite this
             seemingly non-judgmental approach to the computer
             underground, both Parker and Bequai have testified
             before Congress, on behalf of the computer security in-
             dustry, on the "danger" of computer hackers.
             Unfortunately, their "expert" testimony was largely
             based on information culled from newspaper stories, the
             objectiveness of which has been seriously questioned
             (Hollinger and Lanza-Kaduce 1988 p.105).
                  Computer security specialists, on the other hand,
             are often quick to identify CU participants as part of
             the criminal element. Correspondingly, some reject the
             notion that there are different roles and motivations
             among computer underground participants and thereby

^

                                                                  21
             refuse to define just what it is that a "hacker" or
             "phreaker" does.  John Maxfield, a "hacker expert,"
             suggests that differentiating between "hackers" and
             "phone phreaks" is a moot point, preferring instead
             that they all just be called "criminals" (WGN-Radio.
             Sept 28, 1988).
                  The reluctance or inability to differentiate
             between roles and activities in the computer
             underground, as exhibited in the media and computer
             security firms, creates an ambiguous definition of
             "hacker" that possesses  two extremes: the modern-day
             bank robber at one end, the trespassing teenager at the
             other.  Thus, most any criminal or mischievous act that
             involves computers can be attributed to "hackers,"2
             regardless of the nature of the crime.
                  Further compounding the inconsistent use of
             "hacker" is the evolution of meaning that the word has
             undergone.   "Hacker" was first  applied to computer
             related activities when it was used by programmers in
             the late 1950's.  At that time it referred to the
             pioneering researchers, such as those at M.I.T., who
             ____________________
                  2 During the WGN-Radio show on computer crime one
             caller, who was experiencing a malfunctioning phone
             that would "chirp" occasionally while hung up, believed
             that "computer hackers" were responsible for the
             problem.  The panel assured her that it was unrelated
             to CU activity.
                                                                  22
             were constantly adjusting and experimenting with the
             new technology (Levy, 1984. p.7).  A "hacker" in this
             context refers to an unorthodox, yet talented,
             professional programmer. This use of the term still
             exits today, though it is largely limited to
             professional computing circles.
                  Another definition of "hacker" refers to one who
             obtains unauthorized, if not illegal, access to
             computer systems and networks.  This definition was
             popularized by the movie War Games and, generally
             speaking, is the one used by the media.3 It is also the
             definition favored by the computer underground.
                  Both the members of the computer underground and
             computer programmers claim ownership of "hacker," and
             each defend the "proper" use of term.  The computer
             professionals maintain that using "hackers" (or
             "hacking") to refer to any illegal or illicit activity
             is a corruption of the "true" meaning of the word.  Bob
             Bickford, a professional programmer who has organized
             several programmer conferences, explains:
             ____________________
                  3 This is not always true of course.  The AP
             Stylebook has yet to specify how "hacker" should be
             used.  A recent  Associated Press story featured a
             computer professional explaining that a "real hacker"
             would never do anything illegal.  Yet just a few weeks
             later Associated Press distributed stories proclaiming
             that West German "hackers" had broken into US Defense
             Department computer systems.
                                                                  23
                  At the most recent conference %called
                  "Hackers 4.0"% we had 200 of the most
                  brilliant computer professionals in the world
                  together for one weekend; this crowd included
                  several PhD's, several presidents of
                  companies (including large companies, such as
                  Pixar), and various artists, writers,
                  engineers, and programmers.  These people all
                  consider themselves Hackers: all derive great
                  joy from their work, from finding ways around
                  problems and limits, from creating rather
                  than destroying.  It would be a great
                  disservice to these people, and the thousands
                  of professionals like them, to let some
                  pathetic teenaged criminals destroy the one
                  word which captures their style of
                  interaction with the universe: Hackers
                  (Bickford, 1988).
                  Participants in the computer underground also
             object to the "misuse" of the term. Their objection
             centers around the indiscriminate use of the word to
             refer to computer related crime in general and not,
             specifically, the activities of the computer
             underground:
                  Whenever the slightest little thing happens
                  involving computer security, or the breach
                  thereof, the media goes fucking bat shit and
                  points all their fingers at us 'nasty
                  hackers.' They're so damned ignorant it's
                  sick (EN, message log, 1988).
                  . . . whenever the media happens upon
                  anything that involves malicious computer use
                  it's the "HACKERS."  The word is a catch
                  phrase it makes mom drop the dishes and watch
                  the TV.  They use the word because not only
                  they don't really know the meaning but they
                  have lack of a word to describe the
                  perpetrator.  That's why hacker has such a
                  bad name, its always associated with evil
                  things and such (PA, message log, 1988).
                  I never seen a phreaker called a phreaker

^

                                                                  24
                  when caught and he's printed in the
                  newspaper. You always see them "Hacker caught
                  in telephone fraud."  "Hacker defrauds old
                  man with phone calling card." What someone
                  should do is tell the fucken (sic) media to
                  get it straight (TP2, message log, 1988).
                  Obviously the CU and computer professional
             definitions of "hacker" refer to different social
             groups.  As Best and Luckenbill (1982, p. 39) observe:
             "Every social group modifies the basic language to fit
             its own circumstance, creating new words or using
             ordinary words in special ways."  Which definition, if
             either, will come into widespread use remains to be
             seen.  However, since computer break-ins are likely to
             receive more media attention than clever feats of
             programming, the CU definition is likely to dominate
             simply by being used more often.4  But as long as the
             two definitions do exist there will be confusion unless
             writers and researchers adequately specify the group
             under discussion.  For this reason, I suggest that
             sociologists, and criminologists in particular, adopt
             the "underground" definition for consistency and
             ____________________
                  4 Another factor may be the adoption  of a close
             proximity to the underground definition being included
             in the 1986 edition of Webster's New World dictionary:
                  hack.er n. 1. a person who hacks 2. an unskilled
             golfer, tennis player, etc. 3. a talented amateur user
             of computers, specif. one who attempts to gain
             unauthorized access to files.
                                                                  25
             accuracy when speaking of the actions of CU
             participants.
                  While it is recognized that computer hacking is a
             relatively new phenomenon, the indiscriminant use of
             the term to refer to many different forms of unorthodox
             computer use has been counterproductive to
             understanding the extent of the activity. To avoid this
             a "computer hacker" should be defined as an individual,
             associated with the computer underground, who
             specializes in obtaining unauthorized access to
             computer systems.  A "phone phreak" in an individual,
             associated with the computer underground, who
             specializes in obtaining unauthorized information about
             the phone system.  A "software pirate" is an
             individual, associated with the computer underground,
             who distributes or collects copyrighted computer
             software. These definitions have been derived from the
             data, instead of relying upon those who defend the
             "integrity" of the original meanings, or those who are
             unfamiliar with the culture.

^

                                                                  26
                     Topography of the Computer Underground
                  Having defined the three main roles in the
             computer underground, it is necessary to examine each
             activity separately in order to provide a general
             typology of the computer underground.  In doing so, the
             ways in which each contributes to the culture as a
             whole will be illustrated, and the divisions between
             them that affect the overall organization will be
             developed. Analysis of these roles and divisions is
             crucial to understanding identity, access, and mobility
             within the culture.
             Hacking
                  In the vernacular of the computer underground,
             "hacking" refers to gaining access and exploring
             computer systems and networks. "Hacking" encompasses
             both the act and the methods used to obtain valid user
             accounts on computer systems.
                    "Hacking" also refers to the activity that
             occurs once access to another computer has been
             obtained. Since the system is being used without
             authorization, the hacker does not, generally speaking,
             have access to the usual operating manuals and other
             resources that are available to legitimate users.

^

                                                                  27
             Therefore, the hacker must experiment with commands and
             explore various files in order to understand and
             effectively use the system.  The goal here is to
             explore and experiment with the system that has been
             entered. By examining files and, perhaps, by a little
             clever programming, the hacker may be able to obtain
             protected information or more powerful access
             privileges.5
             Phreaking
                  Another role in the computer underground is that
             of the "phone phreak."  Phone phreaking, usually called
             just "phreaking," was widely publicized when the
             exploits of John "Cap'n Crunch" Draper, the "father of
             phreaking," were publicized in a 1971 Esquire magazine
             article.
                  The term "phreaking" encompasses several different
             means of circumventing  the billing mechanisms of
             telephone companies.  By using these methods, long-
             ____________________
                  5 Contrary to the image sometimes perpetuated by
             computer security consultants, the data indicate that
             hackers refrain from deliberately destroying data or
             otherwise damaging the system.  Doing so would conflict
             with their instrumental goal of blending in with the
             average user so as not to attract undue attention to
             their presence and cause the account to be deleted.
             After spending what may be a substantial amount of time
             obtaining a high access  account, the hacker places a
             high priority on not being discovered using it.
                                                                  28
             distance phone calls can be placed without cost. In
             many cases the methods also prevent, or at least
             inhibit, the possibility of calls being traced to their
             source thereby helping the phreaker to avoid being
             caught.
                  Early phreaking methods involved electro-
             mechanical devices that generated key tones, or altered
             line voltages in certain ways as to trick the
             mechanical switches of the phone company into
             connecting calls without charging.  However the advent
             of computerized telephone-switching systems largely
             made these devices obsolete.  In order to continue
             their practice the phreaks have had to learn hacking
             skills:6
                  Phreaking and hacking have just recently
                  merged, because now, the telephone companies
                  are using computers to operate their network.
                  So, in order to learn more about these
                  computers in relation to the network, phreaks
                  have learned hacking skills, and can now
                  program, and get around inside the machines
                  (AF, message log, 1988).
                  For most members of the computer underground,
             phreaking is simply a tool that allows them to call
             long distance without amassing enormous phone bills.
             ____________________
                  6 Because the two activities are so closely
             related, with phreakers learning hacking skills and
             hackers breaking into "telco" computers, reference is
             usually made to phreak/hacking or "p/hackers."  This
             paper follows this convention.
                                                                  29
             Those who have a deeper and more technically oriented
             interest in the "telco" (telephone company) are known
             as phreakers. They, like the hackers discussed earlier,
             desire to master and explore a system that few
             outsiders really understand:
                  The phone system is the most interesting,
                  fascinating thing that I know of. There is so
                  much to know. Even phreaks have their own
                  areas of knowledge.  There is so much to know
                  that  one phreak could know something fairly
                  important and the next  phreak not.  The next
                  phreak might know ten things that the  first
                  phreak doesn't though. It all depends upon
                  where and  how they get their info.  I myself
                  %sic% would like to work for the telco, doing
                  something interesting, like programming a
                  switch. Something that isn't slave labor
                  bullshit. Something that you enjoy, but have
                  to take risks in order to participate unless
                  you are lucky enough to work for the telco.
                  To have access to telco things, manuals, etc
                  would be great (DP, message log, 1988).
                  Phreaking involves having the dedication to
                  commit yourself to learning as much about the
                  phone system/network as possible. Since most
                  of this information is not made public,
                  phreaks have to resort to legally
                  questionable means to obtain the knowledge
                  they want (TP2, message log, 1988).
                  Most members of the underground do not approach
             the telephone system with such passion. Many hackers
             are interested in the phone system solely to the extent
             that they can exploit its weaknesses and pursue other
             goals.  In this case, phreaking becomes a means and not
             a pursuit unto itself. Another individual, one who

^

                                                                  30
             identifies himself as a hacker, explains:
                  I know very little about phones . . . I just
                  hack. See, I can't exactly call these numbers
                  direct.  A lot of people are in the same
                  boat.  In my case, phreaking is a tool, an
                  often used one, but nonetheless a tool (TU,
                  message log, 1988).
                  In the world of the computer underground, the
             ability to "phreak a call" is taken for granted.  The
             invention of the telephone credit card has opened the
             door to wide-scale phreaking.  With these cards, no
             special knowledge or equipment is required to phreak a
             call, only valid credit card numbers, known as "codez,"
             are needed to call any location in the world.  This
             easy access to free long-distance service is
             instrumental for maintaining contact with CU
             participants scattered across the nation.
             Pirating
                  The third major role in the computer underground
             is that of the software pirate.  Software piracy refers
             to the unauthorized copying and distribution of copy-
             righted software.  This activity centers around
             computer bulletin board systems that specialize in
             "warez."7   There pirates can contribute and share
             ____________________
                  7 "Warez" is a common underground term that refers
             to pirated software.
                                                                  31
             copies of commercial software. Having access to these
             systems (usually obtained by contributing a copyrighted
             program via a telephone modem) allows the pirate to
             copy, or "download," between two to six programs that
             others have contributed.
                  Software piracy is a growing concern among
             software publishing companies. Some contend that the
             illegal copying of software programs costs the industry
             billions of dollars in lost revenues. Pirates challenge
             this, and claim that in many ways pirating is a hobby,
             much like collecting stamps or baseball cards, and
             their participation actually induces them to spend more
             on software than they would otherwise, even to the
             point of buying software they don't truly need:
                  There's a certain sense of, ahh, satisfaction
                  in having the latest program, or being the
                  first to upload a program on the "want list."
                  I just like to play around with them, see
                  what they can do. If I like something, I'll
                  buy it, or try out several programs like it,
                  then buy one. In fact, if I wasn't pirating,
                  I wouldn't buy any warez, because some of
                  these I buy I do for uploading or just for
                  the fun of it. So I figure the software
                  companies are making money off me, and this
                  is pretty much the same for all the really
                  elite boards, the ones that have the best and
                  most programs. . . . I just bought a $117.
                  program, an accounting program, and I have
                  absolutely no use for it. It's for small
                  businesses.  I thought maybe it would auto-
                  write checks, but it's really a bit too high
                  powered for me. I thought it would be fun to
                  trade to some other boards, but I learned a
                  lot from just looking at it (JX, field notes,
                  1989).

^

                                                                  32
                  Pirates and phreak/hackers do not necessarily
             support the activities of each other, and there is
             distrust and misunderstanding between the two groups.
             At least part of this distrust lies in the
             phreak/hacker perception that piracy is an unskilled
             activity.8  While p/hackers probably don't disapprove
             of piracy as an activity, they nevertheless tend to
             avoid pirate bulletin board systems --partly because
             there is little pertinent phreak/hack information
             contained on them, and partly because of the belief
             that pirates indiscriminately abuse the telephone
             network in pursuit of the latest computer game.  One
             hacker illustrates this belief by theorizing that
             pirates are responsible for a large part of telephone
             credit card fraud.
                  The media claims that it is solely hackers
                  who are responsible for losses pertaining to
                  large telecommunication companies and long
                  distance services.  This is not the case.  We
                  are %hackers% but a small portion of these
                  losses.  The rest are caused by pirates and
                  thieves who sell these codes to people on the
                  street (AF, message log, 1988).
                  Other hackers complained that uploading large
             ____________________
                  8 A possible exception to this are those pirates
             that have the programming skills needed to remove copy
             protection from software.  By removing the program code
             that inhibits duplicate copies from being made these
             individuals, known as "crackers," contribute greatly to
             the easy distribution of "warez."
                                                                  33
             programs frequently takes several hours to complete,
             and it is pirate calls, not the ones placed by "tele-
             communications enthusiasts" (a popular euphemism for
             phreakers and hackers) that cost the telephone industry
             large sums of money. However, the data do not support
             the assertation that all pirates phreak their calls.
             Phreaking is considered "very tacky" among elite
             pirates, and system operators (Sysops) of pirate
             bulletin boards discourage phreaked calls because it
             draws attention to the system when the call is
             discovered by the telephone company.
                  Regardless of whether it is the lack of phreak/
             hack skills, the reputation for abusing the network, or
             some other reason, there is indeed a certain amount of
             division between the world of phreakers and hackers and
             that of pirates. The two communities co-exist and share
             resources and methods, but function separately.
                                                                  34
                  Social Organization and Deviant Associations
                  Having outlined and defined the activities of the
             computer underground, the question of social
             organization can be addressed.  Joel Best and David
             Luckenbill (1982) have developed a typology for
             identifying the social organization of deviant
             associations.  Essentially they state that deviant
             organizations, regardless of their actual type of
             deviance, will vary in the complexity of their division
             of labor, coordination among organization roles, and
             the purposiveness with which they attempt to achieve
             their goals.  Those organizations which display high
             levels in each of these categories are more
             sophisticated than those with lower levels.
                  Deviants relations with one another can be
                  arrayed along the dimension of organizational
                  sophistication. Beginning with the least
                  sophisticated form, %we% discuss five forms
                  of the social organization of deviants:
                  loners, colleagues, peers, mobs, and formal
                  organizations.  These organization forms are
                  defined in terms of four variables: whether
                  the deviants associate with one another;
                  whether they participate in deviance
                  together; whether their deviance requires an
                  elaborate division of labor; and whether
                  their organization's activities extend over
                  time and space (Best and Luckenbill, 1982,
                  p.24).
             These four variables, also known as mutual association,
             mutual participation, elaborate division of labor, and

^

                                                                  35
             extended organization, are indicators of the social
             organization of deviant groups. The following, taken
             from Best and Luckenbill, illustrates:
             FORM OF       MUTUAL    MUTUAL      DIVISION  EXTENDED
             ORGAN-        ASSOCIA-  PARTICIPA-  OF        ORGAN-
             IZATION       TION      TION        LABOR     IZATION
             -----------------------------------------------------
             Loners         no        no          no        no
             Colleagues     yes       no          no        no
             Peers          yes       yes         no        no
             Mobs           yes       yes         yes       no
             Formal
             Organizations  yes       yes         yes       yes
             _____________________________________________________
                                                     (1982, p.25)
                  Loners do not associate with other deviants,
                  participate in shared deviance, have a
                  division of labor, or maintain their deviance
                  over extended time and space.  Colleagues
                  differ from loners because they associate
                  with fellow deviants. Peers not only
                  associate with one another, but also
                  participate in deviance together.  In mobs,
                  this shared participation requires an
                  elaborate division of labor.  Finally, formal
                  organizations involve mutual association,
                  mutual participation, an elaborate division
                  of labor, and deviant activities extended
                  over time and space (Best and Luckenbill,
                  1982, pp.24-25).
                  The five forms of organizations are presented as
             ideal types, and "organizational sophistication" should
             be regarded as forming a continuum with groups located
             at various points along the range (Best and Luckenbill,
             1982, p.25).  With these two caveats in mind, we begin
             to examine the computer underground in terms of each of

^

                                                                  36
             the four organizational variables. The first level,
             mutual association, is addressed in the following
             section.
                                                                  37
                               Mutual Association
                  Mutual association is an indicator of
             organizational sophistication in deviant associations.
             Its presence in the computer underground indicates that
             on a social organization level phreak/hackers act as
             "colleagues."  Best and Luckenbill discuss the
             advantages of mutual association for unconventional
             groups:
                  The more sophisticated the form of
                  organization, the more likely the deviants
                  can help one another with their problems.
                  Deviants help one another in many ways: by
                  teaching each other deviant skills and a
                  deviant ideology; by working together to
                  carry out complicated tasks; by giving each
                  other sociable contacts and moral support; by
                  supplying one another with deviant equipment;
                  by protecting each other from the
                  authorities; and so forth.  Just as  %others%
                  rely on one another in the course of everyday
                  life, deviants find it easier to cope with
                  practical problems when they have the help of
                  deviant associates (1982,pp.27-28).
                  Hackers, phreakers, and pirates face practical
             problems. For example, in order to pursue their
             activities they require  equipment9 and knowledge.  The
             ____________________
                  9 The basic equipment consists of a modem, phone
             line, and a computer -- all items that are available
             through legitimate channels.  It is the way the
             equipment is used, and the associated knowledge that is
             required, that distinguishes hackers from other
             computer users.
                                                                  38
             problem of acquiring the latter must be solved and,
             additionally, they must devise ways to prevent
             discovery , apprehension and sanctioning by social
             control agents.10
                  One method of solving these problems is to turn to
             other CU members for help and support.  Various means
             of communication have been established that allow
             individuals to interact regardless of their location.
             As might be expected, the communication channels used
             by the CU reflect their interest and ability in high-
             technology, but the technical aspects of these methods
             should not overshadow the mutual association that they
             support.  This section examines the structure  of
             mutual association within the computer underground.
             ____________________
                  10 Telephone company security personnel, local law
             enforcement, FBI, and Secret Service agents have all
             been involved in apprehending hackers.
                                                                  39
                    The Structure of the Computer Underground
                  Both computer underground communities, the
             p/hackers and the pirates, depend on communications
             technology to provide meeting places for social and
             "occupational" exchanges.  However, phreakers, hackers,
             and pirates are widely dispersed across the country
             and, in many cases, the globe.  In order for the
             communication to be organized and available to
             participants in many time zones and "working" under
             different schedules, centralized points of information
             distribution are required.  Several existing
             technologies --computer bulletin boards, voice mail
             boxes, "chat" lines, and telephone bridges/loops --
             have been adopted by the CU for use as communication
             points. Each of these technologies will be addressed in
             turn, giving cultural insight into CU activities, and
             illustrating mutual association among CU participants.
             Bulletin Board Systems
                  Communication in the computer underground takes
             place largely at night, and primarily through Bulletin
             Board Systems (BBS).  By calling these systems and
             "logging on" with an account and password individuals
             can leave messages to each other, download files and

^

                                                                  40
             programs, and, depending on the number of phone lines
             into the system, type messages to other users that may
             be logged on at the same time.
                  Computer Bulletin Board Systems, or "boards,"  are
             quite common in this computerized age.  Nearly every
             medium-sized city or town has at least one. But not all
             BBS are part of the computer underground culture.  In
             fact, many systems prohibit users from discussing CU
             related activity.  However, since all bulletin boards
             systems essentially function alike it is only the
             content, users, and CU culture that distinguish an
             "underground" from a "legitimate" bulletin board.
                  Computer Underground BBS are generally owned and
             operated by a single person (known as the "system
             operator" or "sysop"). Typically setup in a spare
             bedroom, the costs of running the system are paid by
             the sysop, though some boards solicit donations from
             users. The sysop maintains the board and allocates
             accounts to people who call the system.
                  It is difficult to assess the number of
             underground bulletin boards in operation at any one
             time. BBS in general are transitory in nature, and CU
             boards are no exception to this. Since they are
             operated by private individuals, they are often set up
             and closed down at the whim of the operator. A week

^

                                                                  41
             that sees two new boards come online may also see
             another close down.  A "lifetime" of anywhere from 1
             month to 1-1/2 years is common for pirate and
             phreak/hack boards.11   One BBS, claimed to be the
             "busiest phreak/hack board in the country" at the
             time,12 operated for less than one year and was
             suddenly closed when the operator was laid off work.
                  Further compounding the difficulty of estimating
             the number of CU boards is their "underground" status.
             CU systems do not typically publicize their existence.
             However, once access to one has been achieved, it is
             easy to learn of other systems by asking users for the
             phone numbers.  Additionally, most BBS maintain lists
             of other boards that users can download or read. So it
             is possible, despite the difficulties, to get a feel
             for the number of CU boards in operation.    Pirate
             boards are the most common of "underground" BBS.  While
             there is no national "directory" of pirate boards,
             there are several listings of numbers for specific
             ____________________
                  11 While some non-CU BBS' have been operating
             since 1981, the longest operating phreak/hack board has
             only been in operation since 1984.
                  12 At it's peak this p/h board was receiving 1000
             calls a month and supported a community of 167 users
             (TP BBS, message log, 1989).
                                                                  42
             computer brands.13  One list of Apple pirate boards has
             700 entries. Another, for IBM boards, lists just over
             500.  While there is no way of determining if these
             lists are comprehensive, they provide a minimum
             estimate. Pirate boards for systems other than IBM or
             Apple seem to exhibit similar numbers. David Small, a
             software developer that has taken an aggressive stance
             in closing down pirate boards, estimates that there are
             two thousand in existence at any one time (1988).
             Based on the boards discovered in the course of this
             research, and working from an assumption that each of
             the four major brands of microcomputers have equal
             numbers of pirate boards, two thousand is a reasonable
             estimate.
                  The phreak/hack BBS community is not divided by
             differing brands of micro-computers.  The applicability
             of phreak/hack information to a wide range of systems
             does not require the specialization that pirate boards
             exhibit.  This makes it easier to estimate the number
             of systems in this category.
                  John Maxfield, a computer security consultant, has
             asserted that there are "thousands" of phreak/hack
             ____________________
                  13 Pirate boards are normally "system specific" in
             that they only support one brand or model of
             microcomputer.
                                                                  43
             boards in existence (WGN-Radio, November 1988).  The
             data, however, do not confirm this.  A list of
             phreak/hack boards compiled by asking active p/hackers
             and downloading BBS lists from known phreak/hack
             boards, indicates that there are probably no more than
             one hundred.  Experienced phreak/hackers say that the
             quality of these boards varies greatly, and of those
             that are in operation today only a few (less than ten)
             attract the active and knowledgeable user.
                  Right after "War Games" came out there must
                  have been hundreds of hacker bulletin boards
                  spring up. But 99% of those were lame. Just a
                  bunch of dumb kids that saw the movie and
                  spent all there %sic% time asking "anyone got
                  any k00l numberz?" instead of actually
                  hacking on anything. But for a while there
                  was %sic% maybe ten systems worth calling . .
                  . where you could actually learn something
                  and talk to people who knew what was going
                  Nowadays %sic% there are maybe three that I
                  consider good . . . and about four or five
                  others that are okay.  The problem is that
                  anybody can set up a board with a k-rad name
                  and call it a hacker board and the media/feds
                  will consider it one if it gets busted. But
                  it never really was worth a shit from the
                  beginning.(TP2, field notes, 1989)
                  Towards a BBS Culture.  Defining and identifying
             CU boards can be problematic.  The lack of an ideal
             type undoubtedly contributes to the varying estimates
             of the number of CU bulletin board systems. While
             developing such a typology is not the intent of this
             work, it is appropriate to examine the activities and

^

                                                                  44
             characteristics exhibited by BBS supporting the pirate
             and phreak/hack communities.  While much of the culture
             of pirate and phreak/hack worlds overlap, there are
             some differences in terms of how the BBS medium is used
             to serve their interests. We begin with a short
             discussion of the differences between the two
             communities, then discuss cultural characteristics
             common to all CU BBS systems.
                  All BBS feature a "files area" where programs and
             text files are available for downloading by users.
             Initially these programs/files are supplied by the
             system operator, but as the board grows they are
             contributed (called "uploading") by callers. The
             content and size of the files area differs according to
             whether the board supports the pirate or phreak/hack
             community.
                  The files area on a pirate board consists
             primarily of programs and program documentation.
             Normally these programs are for only one brand of
             micro-computer (usually the same as the system is being
             run on). Text files on general or non-computer topics
             are uncommon.  A "files area" menu from a pirate BBS
             illustrates the emphasis on software:
                  %1% Documentation        %2% Telecommunications
                  %3% Misc Applications    %4% Word Processing
                  %5% Graphics             %6% Utilities
                  %7% Games 1              %8% Games 2

^

                                                                  45
                  %9% XXX Rated            %10% Elite_1
                  %11% Elite_2             %12% Super_Elite
                                    (IN BBS, message log, 1988)
                  The "files area" on a phreak/hack BBS is
             noticeably smaller than it is on pirate systems.  It
             consists primarily of instructional files (known as "g-
             files" for "general files") and copies of phreak/hack
             newsletters and journals.  Pirated commercial software
             is very rare; any programs that are available are
             usually non-copyrighted specialized programs used to
             automate the more mundane aspects of phreaking or
             hacking. It is not uncommon to find them in forms
             usable by different brands of computers.  A "files
             area" list from a phreak/hack BBS is listed here
             (edited for size):
                    Misc Stuff
                  -------------
                  BRR2    .TXT: Bell Research Report Volume II
                  BRR1    .TXT: Bell Research Report Volume I
                  CONFIDE .ARC: Confide v1.0 DES
                                EnCryption/DeCryption
                  CNA     .TXT: A bunch of CNA numbers
                  CLIPS   .ARC: newsclippings/articles on hackers
                                and busts
                  ESS1    .TXT: FILE DESCRIBING THE ESS1 CHIP
                  TELEPHON.TXT: NY Times Article on hackers/phreaks
                  HP-3000 .TXT: This tells a little info about hp
                  VIRUS   .TXT: Digest of PC anti-viral programs.
                  Hack/Phreak Programs
                  -----------------------
                  THIEF   .ARC: Code Thief for IBM!
                  PC-LOK11.ARC: IBM Hard Disk Lock Utility- fairly
                                good.
                  PHONELIS.COM: Do a PHONE DIR command on VAX from
                                DCL.
                  XMO     .FOR: VAX Xmodem Package in FORTRAN

^

                                                                  46
                  PASSWORD.ARC: IBM Password on bootup.  Not too
                                bad.
                  Archived Gfiles
                  ----------------------
                  PHRACK15.ARC: Phrack #15
                  PHRACK10.ARC: Phrack #10
                  PHRACK20.ARC: Phrack #20
                  ATI1_6.ARC  : ATI issues one thru six
                  PHRACK5.ARC : Phrack #5
                  PHRACK25.ARC: Phrack #25
                  PHUN1.ARC   : P/Hun first issue
                  TCSJ.ARC    : Telecom Security Journal
                  ATI31.ARC   : Activist Times Inc number 31
                  LODTECH3.ARC: LoD Tech Journal three
                                       (TPP BBS, message log, 1988)
                  The difference in files area size is consistent
             with the activities of pirates and phreak/hackers.  The
             main commodity of exchange between pirates is, as
             discussed earlier, copyrighted software thus accounting
             for the heavy use of that area of the board that
             permits exchange of programs.  The phreak/hackers, on
             the other hand, primarily exchange information about
             outside systems and techniques.  Their interests are
             better served by the "message bases" of BBS.
                  The "message bases" (areas where callers leave
             messages to other users) are heavily used on
             phreak/hack systems. The  messages are not specific to
             one brand of micro-computer due to the fact that not
             all users own the same equipment. Rather than focus on
             the equipment owned by the phreak/hacker, the messages
             deal with their "targets."  Everything from
             phreak/hacking techniques to CU gossip is discussed. On

^

                                                                  47
             some boards all the messages, regardless of topic, are
             strung together in one area.  But on others there are
             separate areas dealing with specific networks and
             mainframe computers:
                  Message Boards available:
                   1 : General
                   2 : Telecommunications
                   3 : Electronics
                   4 : Packet Switched Nets
                   5 : VAX/DEC
                   6 : Unix
                   7 : Primos
                   8 : HP-x000
                   9 : Engineering
                  10 : Programming & Theory
                  11 : Phrack Inc.
                  12 : Sociological Inquiries
                  13 : Security Personnel & Discussion
                  14 : Upper Deck
                  15 : Instructors
                                     (TPP BBS, message log, 1988)
                  The pirate community, on the other hand, makes
             little use of the "message bases." Most users prefer to
             spend their time (which may be limited by the system
             operator on a per day or per call basis) uploading
             and/or downloading files rather than leaving messages
             for others.  Those messages that do exist are usually
             specific to the pirating enterprise such as help with
             programs on the board, requests for specific programs
             ("want lists"), and notices about other pirate bulletin
             boards that users may want to call. Occasional
             discussion of phreaking may occur, but the emphasis is

^

                                                                  48
             on techniques used to make free calls, not technical
             network discussions as often occurs on phreak/hack
             systems.  A list of message areas from a large pirate
             BBS illustrates the emphasis on the pirating
             enterprise.  A message area for general discussions has
             been created, but those areas devoted to pirating
             display more use:
                  Area %1% General Discussion      15 messages
                  Area %2% Pirating Only!!         75 messages
                  Area %3% Warez Wants             31 messages
                  Area %4% **private messages**    10 messages
                                   (TL BBS, message log, 1988)
                  In addition to the differences between files and
             message use on pirate and phreak/hack boards, they
             differ in degree of community cohesiveness.  Every BBS
             has a group of "users" --the people who have accounts
             on the system. The group of users that call a specific
             BBS can be considered to be a "community" of loosely
             associated individuals by virtue of their "membership"
             in the BBS.
                  Additionally, the system itself, serving either
             pirates or phreak/hackers, exists within a loose
             network of other bulletin boards that serve these same
             interests. It is within this larger community where
             pirate and phreak/hack boards seem to differ.
                  Due to the brand-specific nature of pirate boards,
             there is not a strong network between pirate BBS that

^

                                                                  49
             operate on other systems.  This is understandable as a
             pirate that owned an Apple computer would have little
             use for the programs found on an IBM board.  However,
             this creates separate communities of active pirates,
             each loosely associated with other users of their
             computer type, but with little or no contact with
             pirate communities on other systems.
                  There is, however, a degree of cohesiveness among
             pirate boards that support the same micro-computers.
             While the users may be different on systems, the data
             shows that some pirate boards are "networked" with each
             other via special software that allows messages and
             files to be automatically shared between different
             boards.  Thus a message posted on a west coast pirate
             board will be automatically copied on an east coast BBS
             later that night. In a like manner, software programs
             can be sent between "networked" boards.  The extent of
             this network is unknown.
                  The pirate BBS community also exhibits
             cohesiveness in the form of "co-sysops."  As discussed
             earlier, sysops are the system operators and usually
             owners of BBS.  On some pirate boards, "co-sysop"
             distinction is given to an operator of another board,
             often located in another state. This forms a loose
             network of "sister boards" where the sysop of one has

^

                                                                  50
             co-sysop privileges on the other.   However, this
             cooperative effort appears to be limited mainly to the
             system operators as comparing user lists from sister
             boards shows little overlap between the regular
             callers. How co-sysop positions are utilized is
             unknown, and it is suspected that they are largely
             honorary.  But nonetheless it is indicative of mutual
             association between a small number of boards.
                   The phreak/hack board community does not exhibit
             the same brand-specific division as the pirate
             community.  Unlike the divided community of pirates,
             phreak/hackers appear to maintain contacts throughout
             the country.  Obtaining and comparing user lists from
             several phreak/hack BBS reveals largely the same group
             of people using several different boards across the
             country.14 While phreak/hack boards have yet to adopt
             the "networking" software used by pirate boards, an
             active group of phreak/hackers is known to use the
             sophisticated university mainframe computer network,
             called Bitnet, to exchange phreak/hack newsletters and
             gossip.
                  Despite the operational differences between pirate
             ____________________
                  14 In fact, users lists from phreak/hack BBSs
             located in Europe and Australia show that many U.S.
             p/hackers utilize these systems as well.
                                                                  51
             and phreak/hack boards, their cultures are remarkably
             similar. Any discussion of the computer underground
             must include both communities.  Additionally, a
             formulation of the culture of CU BBS must address the
             means in which access to the board, and thus deviant
             associates, is obtained.
                  For a caller to successfully enter the CU BBS
             community, he must display an awareness of CU culture
             and technical skill in the CU enterprise. If the caller
             fails to exhibit cultural knowledge, then access to the
             board is unlikely to be granted.  The ways in which
             this cultural knowledge is obtained and displayed
             illustrates the social nature of the CU and further
             displays some of the subcultural norms of behavior.
                  On most "licit" (non-underground) boards,
             obtaining permission to use the system is accomplished
             by logging on and providing a name and home phone
             number to the system operator (sysop).  Sysop's
             normally do not check the validity of the information,
             and once a caller has provided it he or she is granted
             full access to the system.  There is normally one level
             of access for all users, with only the sysop having
             more "powerful" access.
                  Obtaining access to underground bulletin boards is
             more complicated and requires more steps to complete.

^

                                                                  52
             In an attempt to prevent law enforcement agents
             ("feds") from obtaining accounts on systems where
             pirates or p/hackers are vulnerable, if not to actual
             arrest, then at least to exposing their latest act-
             ivities and methods, sysop's of illicit boards attempt
             to limit access to the system.
                  One method of doing this is to restrict
             publicizing the existence of the board.  Computer
             underground BBS are not normally included in BBS
             listings found in computer books and magazines, and
             there is a norm, particularly strong on p/hack systems,
             that the boards are not to be mentioned on non-CU
             systems.  There are, however, some "entry-level" CU BBS
             that are fairly well known.  These systems are known as
             "anarchist" boards.
                  "Anarchist" boards, while exhibiting many of the
             same characteristics as pirate and phreak/hack boards,
             are really a cross between the two and serve primarily
             as social outlets for both pirates and phreak/hackers.
             The message areas on "anarchist" boards are quite
             active, "chatty" messages are not discouraged. Indeed
             there are normally  several different message areas
             devoted to a wide range of topics including everything
             from "skipping school" to "punk rock." The files area
             contains both warez (but normally only the newest

^

                                                                  53
             games, and specific to the computer system that the
             board runs on) and phreak/hack text files.  Neither
             collection is as extensive as it would be on pirate-
             only or p/hack-only systems.
                  The data suggest that one function of "anarchist"
             boards is to introduce newcomers to the culture of the
             computer underground. By acting as "feeder boards,"
             they can provide preliminary socialization and
             instruction for CU behavior and techniques.
             Additionally, "anarchist" boards frequently provide
             areas where phone numbers to pirate and p/hack systems
             can be traded, thus providing systems where more in-
             depth information, and other contacts, can be found.  A
             phreak/hacker describes how an "anarchist" board was
             instrumental in introducing him to the computer
             underground:
                  I've been phreaking and hacking for about
                  four years now.  I discovered phreaking on my
                  own at this place I used to work.  We had
                  this small LD %long distance% provider that
                  used codez so I started hacking them out and
                  calling places myself . . . but I didn't know
                  no other phreaks at that time.  Then I
                  started using the codez to call boards from
                  home on my computer. Somebody gave me the
                  number to Jack Black's Whore House %an
                  "anarchy board"% and I started learning about
                  hacking and shit from the people and philes
                  they had there. Then one day this guy, King
                  Hammer, sent me some e-mail %a private
                  message% and told me to call his system.
                  That's where I really learned my way around
                  the nets and shit.  You could ask questions
                  and people would help you out and stuff. If I

^

                                                                  54
                  hadn't found out some of the tricks that I
                  did I probably would have got busted by now.
                  (TP2, field notes, 1989)
                  Once an individual has obtained the telephone
             number to a CU BBS, through whatever channels, callers
             follow essentially the same procedure as they do on
             licit systems . . . that of calling and logging on.
             However, since "underground" boards are not truly
             underground (that is, totally secret) first-time
             callers are not given access to the board itself. When
             a user is unable to provide an already valid
             username/password, the system will automatically begin
             its registration procedure.   First, the caller is
             asked to enter a "username" (the name used by the
             system to distinguish between callers) and "phone
             number."  These first system requests, normally seen
             only as "Enter Your Name and Phone Number," serve as
             partial screens to keep out non-underground callers
             that may have happened across the board.  The way that
             a user responds to these questions indicates if they
             have cultural knowledge of the CU. The  norm is to
             enter a pseudonym and a fake phone number.15 If a
             ____________________
                  15 A functional reason for this norm is that
             usernames and telephone numbers are stored on the
             computer as part of the BBS system files.  Should the
             BBS ever be seized in legal proceedings, this list of
             names and numbers (and on some systems addresses . . .
             which are also normally false) could be used to
             identify the users of the system.
                                                                  55
             caller enters his or her real name (or at least a name
             that does not appear to be a pseudonym) the system
             operator will be put on guard that the caller may not
             be aware of the type of board that he has called, for
             the pseudonym is the most visible of CU cultural
             traits.
                  All members of the underground adopt "handles" to
             protect their identity.  The pseudonyms become second
             identities and are used to log onto bulletin boards,
             and as  "signatures" on messages and instructional text
             files.16  They are not unlike those adopted by
             citizens-band radio users, and reflect both the humor
             and technical orientation of computer underground
             participants.  A review of handles used by phreakers,
             hackers, and pirates finds that they fall into three
             broad categories: figures from literature, films, and
             entertainment (often science fiction); names that play
             upon computers and related technologies; and
             nouns/descriptive names.  (See Appendix A for fictional
             examples of each.)
                  After providing a user name and entering a
             ____________________
                  16 The data suggest that, on the whole,
             individuals retain their handles over time.
                                                                  56
             password to be used for future calls, the caller is
             asked several more questions designed to screen users
             and determine initial access privileges.  Unlike licit
             boards, underground BBS may have several different
             levels of access with only the most trusted users being
             able to read messages and get files in "elite" or "high
             access" areas that are unknown and unavailable to other
             callers.  In many cases, pirate boards are able to
             operate "above ground"  and appear to be open-public
             access systems unless callers have the proper
             privileges to access the areas where the "good stuff"
             is located.  The answers given to access questionnaires
             determine whether a caller will receive access to some,
             all, or none of the higher levels.
                  These questionnaires frequently ask for "personal
             references" and a list of other boards the caller has
             "high access" on.  The question is vague, and random
             callers are unlikely to answer it correctly.  However,
             if the caller lists pseudonyms of other CU members that
             are known and trustworthy to the sysop, as well as some
             other boards that are known to have "good users" and
             "good security" access will usually be granted.17  If
             all the answers are relevant and indicative of CU
             ____________________
                  17 The data suggest that personal references are
             only checked if something seems unusual or suspicious.
                                                                  57
             knowledge, then initial access is normally granted.
                  Other methods of controlling access include
             presenting a "quiz" to determine if the technical
             knowledge of the user is up to par with the expertise
             expected on the boards.18  Some systems, instead of a
             quiz, ask the user to write a short statement (100
             words or less) about why they want access, where they
             got the phone number to the system, and what they can
             provide to other users. Some pirate boards come right
             out and ask the user to supply a list of the good
             "warez" that they can upload and what they are looking
             to download. If the caller fails to list recent
             copyrighted programs then it is evident that they are
             unaware of the nature of the BBS:
                  I had this one dude call up and he told me in
                  his message that he was looking for some
                  "good games."  So instead of giving him
                  access I just left him some e-mail %a private
                  message%.  I asked what kind of games he was
                  looking for. Next time he called he wrote
                  back and said "a public domain Asteroids
                  game."  I couldn't believe it. Not only is
                  Asteroids so damn old it's lame, but this guy
                  is looking for pd %public domain% shit.  No
                  way was he going to get access. He didn't
                  even know what this board is. I left him a
                  message telling him that I didn't have one.
                  He never called back after that (CH, sysop of
                  a pirate BBS, field notes, 1988).
             ____________________
                  18 One such quiz, from a p/h board, can be found
             in Appendix B.
                                                                  58
                  Ironically, the pseudo-elaborate security methods
             of underground boards, while they may be effective in
             keeping off random non-CU callers, are not effective in
             screening out "feds." Data and media accounts show that
             boards are regularly infiltrated by telephone security
             personnel and software companies. Also, the adoption of
             handles to protect identities is defeated by the
             consistent use of the same handle over time. But in
             order to obtain and maintain status and prestige in the
             CU one must keep the same pseudonym in order to
             (literally) "make a name for oneself." The fact that CU
             communication is not face-to-face requires a consistent
             means of identifying oneself to others.  The handle
             fulfills this purpose but at the same time becomes as
             attached to a single individual as a real name would.
             The access rituals of the computer underground, which
             are contingent on being a "known" pirate or
             phreak/hacker, make changing handles unproductive.
                  The life blood and center of the computer under-
             ground is the bulletin board network.  Acting as both
             the main trade center of performance related tools and
             innovations and as a means of socialization, the
             underground could not exist without the BBS network.
             They serve to "recruit" and educate newcomers and
             provide a way to traffic in information and software.

^

                                                                  59
             The pirating enterprise in particular is very dependent
             upon the BBS as they are the very means by which
             "warez" are traded.  For the phreak/hacker community,
             BBS provide a means of trading the resources of system
             numbers and passwords, as well as instructional texts
             on techniques.  The access process serves as evidence
             of mutual association amongst phreakers, hackers, and
             pirates as cultural knowledge is needed as well as
             personal references (evidence of acceptance and access
             to others).
                  The CU bulletin board systems are unique in that
             they provide a way to exchange information with a large
             number of others.  The other methods of CU commun-
             ication are based on conversations rather than written
             texts and thus are much less permanent.  These methods,
             discussed next, are telephone bridges/loops, voice mail
             boxes, and computer "chat" systems.
             Bridges, Loops, and Voice Mail Boxes
                  Of the additional means of communication used by
             the CU, telephone "bridges" and "loops" are most
             common.  Unlike BBS, which require data links provided
             by a computer and modem, bridges and loops are "old
             fashioned" voice connections.  Since they can not
             accommodate the transfer of programs or files they are
             used primarily by phreakers and hackers, and most often

^

                                                                  60
             as a social/recreational outlet.
                  A "bridge" is a technical name for what is
             commonly known as a "chat line" or "conference system."
             They are familiar to the  public as the pay-
             per-minute group conversation systems advertised on
             late night television.  Many bridge systems are owned
             by large corporations who maintain them for business
             use during the day.  While the numbers to these systems
             is not public knowledge, many of them have been
             discovered by phreaks who then utilize the systems
             during the night.
                  In addition to these pre-existing conference
             systems, phreakers have become skilled at  arranging
             for a temporary, private bridge to be created via
             AT&T's conference calling facilities.  This allows for
             conversations to be held among a self-selected group of
             phreak/hackers:19
                  Bridges can be %sic% extremely useful means
                  of distributing information as long as the
                  %phone% number is not known, and you don't
                  have a bunch of children online testing out
             ____________________
                  19 The data indicates that these private
             conference calls aren't "scheduled" in any real sense.
             One p/hacker will initiate the conference and call
             others at home to add them to the conference.  As more
             people join they suggest others to add. The initiator
             can temporarily jump out of the conference, call the
             new person and solicit their attendance. If they don't
             want to join or aren't home, the initiator simply
             returns to the conference without adding them in.
                                                                  61
                  their DTMF.20  The last great discussion I
                  participated with over a bridge occurred
                  about 2 months ago on an AT&T Quorum where
                  all we did was engineer 3/way %calls% and
                  restrict ourselves to purely technical infor-
                  mation. We could have convinced the Quorum
                  operators that we were AT&T technicians had
                  the need occurred. Don't let the kids ruin
                  all the fun and convenience of bridges.
                  Lameness is one thing, practicality is
                  another (DC, message log, 1988).
                  In addition to setting up "private" bridges,
             p/hackers can utilize "loop lines" in a further attempt
             to limit the number of eavesdroppers on their
             conversations. Unlike bridges, which connect a
             virtually unlimited number of callers at once, "loops"
             are limited to just two people at a time.
                  "Loop lines" are actually telephone company test
             lines installed for internal use.21  A loop consists of
             two separate telephone numbers that connect only to
             each other. Each end has a separate phone number, and
             when each person calls one end, they are connected to
             each other automatically.  This allows for individuals
             ____________________
                  20 "Dual Tone Multi Frequency" or in laymen terms,
             the touch tone sounds used to dial phone numbers.
                  21 These test lines are discovered by phreaks and
             hackers by programming their home computer to dial
             numbers at random and "listen" for the distinctive tone
             that an answering loop makes, by asking sympathetic
             telephone company employees, or through information
             contained on internal company computers.
                                                                  62
             to hold private conversations without divulging their
             location or identity by exchanging telephone numbers.
                  Finally, voice mail boxes ("VMB") are another
             means of communicating with individual actors. There
             are several commercial voice mail box systems located
             throughout the country.  They function similar to a
             telephone answering machine in that callers can call
             in, listen to a recorded message, and then leave a
             message for the box owner. Many of these systems are
             accessible via toll-free telephone numbers. The
             security of some VMB systems is notoriously poor. Many
             phreaks have expertise in "creating" boxes for
             themselves that are unknown (until discovered) by the
             owner of the system. However, these boxes are usually
             short lived since discovery by the system operator, and
             closure of the box, is only a matter of time. But as
             long as the box is functioning, it can serve as a means
             of communicating with others.  VMB numbers are
             frequently posted on bulletin boards with invitations
             to "call if you have any good stuff."  They are often
             used by pirates to exchange messages about new releases
             of software, and by phreak/hackers to trade account and
             access numbers.  Additionally, some of the underground
             newsletters and journals obtain boxes so users can call
             in news of arrests and other gossip.

^

                                                                  63
                  Like bulletin boards, VMBs are systems that allow
             information to be disseminated to a large number of
             associates, and unlike the live telephone conversations
             of bridges and loops, they are available at any time of
             the day.  Additionally, VMB's don't require use of a
             computer and modem, only a touch tone phone is needed
             to call the box.  Their usefulness is limited somewhat
             because they play only one "outgoing" message at a
             time, and their transitory nature limits their
             reliability.
             Summary
                  Phreakers, hackers and pirates do not act as
             loners.  They have adopted existing methods of
             communication, consistent with their skills in high
             technology, to form a social network that allows for
             the exchange of information, the socialization of new
             members, socializing with others, and in the case of
             pirates, performing the "deviant" act itself via these
             means.
                  These communication points create and foster
             groups of loosely associated individuals, with specific
             interests, coming together to exchange information
             and/or software. It is impossible to be a part of the
             social network of the computer underground and be a
             loner.   Based upon the Best and Luckenbill measure,

^

                                                                  64
             actors in the computer underground, by displaying
             mutual association, organize as colleagues.
                  The social network of the computer underground
             provides the opportunity for colleagues to form
             cooperative working relationships with others, thus
             moving the CU towards a more sophisticated form of
             social organization.  These "hacker groups" are
             addressed in the next section.

^

                                                                  65
                              Mutual Participation
                  In the previous chapter the ways in which the
             structure of the computer underground fosters mutual
             association  were discussed. Their social outlets and
             means for informational exchange bring the CU community
             together as deviant colleagues.  Their relationships
             fit quite well into the Best and Luckenbill (1982)
             typology of collegial associations:
                  The relationship between deviant colleagues
                  involves limited contact.  Like loners,
                  colleagues perform their deviant acts alone.
                  But unlike loners colleagues associate with
                  one another when they are not engaged in
                  deviance . . . In effect, there is a division
                  between two settings; onstage where
                  individual performs alone; and backstage,
                  where colleagues meet (cf Goffman).  In their
                  backstage meetings, colleagues discuss
                  matters of common interest, including
                  techniques for performing effectively, common
                  problems and how to deal with them, and ways
                  of coping with the outside world (1982 p.37).
                  However, despite the advantages of collegial
             association, ties between CU participants are weak.
             Loyalty between individuals seems rare, as the CU is
             replete with tales of phreak/hackers who, when
             apprehended, expose identities or "trade secrets" in
             order to avoid prosecution.  These weak collegial ties
             may be fostered by the anonymity of CU communication
             methods, and the fact that all CU actors are, to some

^

                                                                  66
             extent, in competition with each other. There are only
             so many systems with weak security and once such a
             system is found, sharing it with others will virtually
             ensure that the hole will be sealed when the increased
             activity is noticed.  Thus while p/hackers will share
             general knowledge with each other, specific information
             is not disseminated publicly.
                  As Best and Luckenbill have observed, in order to
             remain in a collegial relationship individuals must be
             able to successfully carry out operations alone (1982
             p.45). In order to sustain a career in p/hacking one
             must pursue and collect information independent of what
             is shared on the communication channels.  Despite the
             association with other phreakers and hackers, the
             actual performance of the phreak/hacking act is a
             solitary activity.22
                  That is not to say, however, that p/hackers never
             share specific information with others.  As discussed
             earlier, p/hack bulletin board systems frequently have
             differentiated levels of access where only highly
             regarded individuals are able to leave and read
             messages. These areas are frequently used to keep
             ____________________
                  22 This does not hold true for pirates. By
             definition they must trade programs with other
             individuals.
                                                                  67
             information from "unskilled" users at the lower levels.
             There are strong social norms that some information
             should not be shared too widely, as it may be either
             "abused" or fall into the hands of enforcement agents.
             For example, when one p/hacker announced that he was
             going to release a tutorial on how to infiltrate a new
             telephone company computer, he received the following
             messages in reply:
                  Not smart, DT. %That computer% is a system
                  which can be quite powerful if used to its
                  potential. I don't think that information on
                  programming the switches should be released
                  to anyone. Do you realize how destructive
                  %that computer% could really be if used by
                  someone who is irresponsible and intends on
                  destroying things? Don't even think about
                  releasing that file. If you do release that
                  file, it will disappear and will no longer
                  remain in circulation. Believe me. Not many
                  have the right to know about %that computer%,
                  or any other delicate telco computers for
                  that matter. Why do you think the fucking New
                  York Times published that big article on
                  hackers screwing around with telco machines?
                  Not only will you get into a lot of trouble
                  by releasing that file on %computer%, you
                  will be making telcos more aware of what is
                  actually happening, and soon no one will be
                  able to learn about their systems. Just think
                  twice (EP, message log, 1988).
                  Why would you want normal people to have such
                  knowledge? Any why would you post about it?
                  If you have knowledge that's fine but DON'T
                  spread that knowledge among others that may
                  abuse it. It's not impressive! I don't know
                  why anyone would want to disperse that
                  knowledge. Please don't release any "in
                  depth" files on such systems of great power.
                  Keep that to yourself it will just mess it up
                  for others (UU, message log, 1988).
                                                                  68
                  The desire to share information with selected
             colleagues often leads to the formation of cooperative
             "working groups." These partnerships are easily formed,
             as the structure of mutual association in the CU
             creates a means where "talent" can be judged on the
             basis of past interactions, longevity in the field, and
             mutual interests. When allegiances are formed, the CU
             actors begin "mutual participating" in their acts, thus
             becoming "peers" in terms of social organization.
                  Mutual participation, as defined in the Best and
             Luckenbill typology, is exhibited by actors sharing in
             the same deviant act, in the physical presence of one
             another (1982 p.45).  However, the measurement was
             "grounded" in studies of traditional deviant
             associations (eg:  street gangs, prostitutes, etc.)
             where "real-time" interaction is common. The technology
             used by the CU negates this requirement as actors can
             be located in different parts of the country.
             Additionally, "hacking" on a system, by a group of
             peers, does not require simultaneous participation by
             all members.  However Best and Luckenbill's typology is
             an ideal type, and the activities of peers in the
             computer underground do not fall outside of the spirit
             or intention of their concept of mutual participation.
             Their description of deviant peer associations is

^

                                                                  69
             presented here:
                  Deviant peers are distinguished from
                  colleagues by their shared participation in
                  deviance.  While colleagues carry out their
                  deviant operations alone, peers commit
                  deviant acts in one another's presence.
                  Peers cooperate in carrying out deviant
                  operations, but they have a minimal division
                  of labor, with each individual making roughly
                  comparable contribution.  Peer relationships
                  also tend to be egalitarian and informal;
                  some peers may be acknowledged leaders or
                  admired for their skill, but there is no set
                  division of authority.  Like colleagues,
                  peers share subcultural knowledge, but peer
                  groups typically provide their members with
                  more support.  In addition to cooperating in
                  deviant operations, peers may recruit and
                  socialize newcomers and supply one another
                  with deviant equipment and social support.
                  Thus, the bonds between peers are stronger
                  than those linking colleagues (1982, p.45).
                  Peer associations in the CU are largely limited to
             small groups23 working on a specified goal.  Both
             pirates and p/hackers organize themselves in this
             regard, though their characteristics differ.  We begin
             with a discussion of mutual participation among
             pirates.
             Pirate Groups
                  Pirate groups are composed of less than ten
             ____________________
                  23 In terms of the ideal type for deviant peers
             any two individuals working in cooperation exhibit
             mutual participation. The discussion here addresses
             groups that consist of three or more people that
             identify themselves as a sort of "club." Short-lived
             interaction between two people is not considered a
             "group" in the CU culture.
                                                                  70
             members.  Their primary purpose is to obtain the latest
             software, remove any copy-protection from it, and then
             distribute it to the pirate community.  Often the
             "warez" that they distribute will be adorned with the
             group name, so subsequent users will be aware of the
             source of the software.  Many pirate groups have "home"
             BBS systems that act as key distribution points, and as
             places where outsiders can communicate with members of
             the association. This researcher was unable to obtain
             data about the internal organization of pirate groups,
             but it appears that they are leaderless, with
             individual members working alone but giving credit to
             the group as a whole.
             Phreak/hack groups
             The existence of phreak/hacker groups is well
             documented in the data, and has been heavily reported
             in the media.  Two hacker groups in particular, The
             414's (named for the Wisconsin area code in which they
             lived), and The Inner Circle, received a large amount
             of press after being apprehended for various computer
             break-ins.  However, the "threat" that such groups
             represent has probably been overstated as the data
             indicate that "hacker gangs" vary greatly in
             organization and dedication to the CU enterprise.
                  Many hacker groups are short-lived associations of

^

                                                                  71
             convenience, much like the "no girls allowed!" clubs
             formed by young boys.  They often consist of four to
             nine beginning phreak/hackers who will assist each
             other in obtaining telephone credit-card numbers. By
             pooling their resources, a large number of illicit
             "codez" can be obtained and shared with others.
             Distribution of the account numbers is not limited to
             the group, they are often shared with the community at
             large, "courtesy of Codez Kidz Ltd." Groups of this
             type are looked at with disdain by "elite"
             phreak/hackers and are often criticized as being more
             interested in self-promotion then they are with
             actually phreaking or hacking.
                  Some hacker groups are very proficient and
             dedicated to their craft, however. These groups are
             characterized by smaller memberships, less visibility
             to non-members, and commitment to the CU enterprise.
             They are loosely organized, yet some have managed to
             exist six or more years despite members dropping out or
             being arrested. These "elite" groups are selective
             about membership, and cite trust and talent as the two
             leading requirements for joining:
                  The group exists mainly for information
                  trading. If you trust everyone else in the
                  group, it is very profitable to pool
                  information on systems . . . also it is nice
                  to know someone that you can call if you need
                  help on operating system X and to have people

^

                                                                  72
                  feel free to call you if they need help on
                  operating system Y (AN, message log, 1988).
                  Trust is a very important part of a group. I
                  think that's blatantly obvious. You have to
                  be able to trust the other members of the
                  group with the information you are providing
                  in order to be productive, and have a secure
                  situation (UU, message log, 1988).
                  . . . all groups serve the same purpose: to
                  make their members feel better about
                  themselves (like, wow, I'm in a group) and to
                  trade things, whether it's wares, codes, or
                  whatever. But the thing is that being in a
                  group is like saying "I trust you, so like,
                  what can we do together?" (NN, message log,
                  1988)
                  Indeed, hacker groups are formed primarily for the
             purpose of information exchange.  To this end, groups
             attempt to recruit members with a wide variety of
             "specializations" in order to have a better support
             network to turn to:
                  %Our group% has always been very selective
                  about members (took me six years to get in).
                  The only reason the group exists is to bring
                  together a diverse group of talents. There is
                  very little overlap in %the group% these
                  days.  Everyone has one thing that they are
                  the best in the country at, and are
                  conversant with just about any other form of
                  hacking.  As an example, I got into a Primos
                  computer this morning around 9 am. Once I got
                  in, I know enough about Primos to get around,
                  but that's it. So I call %PS% in New York,
                  give him the info, and when I get home
                  tonight, he has gotten in and decrypted the
                  entire username/password file and uploaded it
                  to me.  But two weeks ago he got into a VAX.
                  He got the account to me, I called it up and
                  set up three backdoors into the system that
                  we can get in if the account is detected or
                  deleted.  Simple matter of communism.  From
                  each according to his ability . . . etc. Also

^

                                                                  73
                  it helps that everyone in the group is
                  experienced enough that they don't fuck up
                  accounts you spend all day getting (TM, field
                  notes, 1989).
                  Consistent with the Best and Luckenbill ideal
             type, hacker groups do not exhibit a set division of
             authority or labor. Most groups are leaderless, and
             every member is free to pursue their own interests,
             involving other members of the group only when desired:
                  We just got our group together.  We've got a
                  guy that does VMB's and a Sprinter %obtains
                  "codez" from U.S. Sprint% and a couple of
                  hackers.  Everybody's free to pursue whatever
                  system they want but if they want or need
                  some help they can call on any of the other
                  members if they want to. Like if one guy is
                  scanning and finds a VAX he might call and
                  give me the dialup.  Then I might have to
                  call our Sprinter to get some codez so I can
                  start hacking on it.  Once I get through I'll
                  give the account to the other members.  But
                  if I found it myself I wouldn't have to give
                  it out but I probably would anyway 'cuz
                  keeping it would be bullshit (DC, field
                  notes, 1988).
                  There isn't a leader really.  The guy who
                  starts the group sort of acts like a contact
                  point but everyone else has everyones' phone
                  number and you can call whoever you want to
                  anytime.  Usually when you're putting a group
                  together you just get everyone you want and
                  you all decide on a name. (DC, field notes,
                  1988).
             Summary
                  By virtue of the extensive social network found in
             the CU, some participants form work groups.  The
             sophistication of these groups varies, but in all cases

^

                                                                  74
             it is evident that the groups exist to support what are
             primarily individually performed activities.  The
             groups exhibit many of the ideal-type characteristics
             of peer associations, and it is clear that in some
             cases the computer underground is socially organized as
             peers.
                                                                  75
                                   Conclusion
                  Phreakers, hackers, and pirates do not act as
             loners.  Loners do not associate with others, and are
             on their own in coping with the practical problems
             presented by their activities (Best and Luckenbill
             1982, p.28).  From the data presented here, it is
             evident that the computer underground has established
             an extensive social network for the exchange of
             resources and mutual support.  The characteristics of
             the CU varies according to the goals of the
             participants, but the presence of mutual association is
             consistent. Contact between individuals is limited,
             with the acts of phreaking or hacking being committed
             alone.  Computer underground participants do associate
             with one another in order to discuss matters of common
             interest, such as performance techniques, news, and
             problem solving.  To facilitate this informational
             exchange, they have established a technologically
             sophisticated network that utilizes computer bulletin
             boards, voice mail boxes, telephone bridges, and
             telephone loops.
                  The collegial organization of the computer
             underground is further evidenced by the establishment
             of a CU culture. The subcultural adaptation of

^

                                                                  76
             language, expectations of normative conduct, and status
             stratification based on mastery of cultural knowledge
             and skill, all indicate that the computer underground
             is, at the very least, a social organization of
             colleagues (see Best and Luckenbill, 1982, p.37).
                  The very structure that permits mutual association
             among CU participants also encourages some to form
             working relationships, thus acting as peers by mutually
             participating in CU activities. Peers organized in this
             manner share in their deviance, organizing informally
             with little division of labor or set division of
             authority (Best and Luckenbill, 1982, p.45).  These
             peer associations provide support to members, and can
             provide socialization and recruitment functions for
             newcomers. The establishment of work groups, through
             mutual participation, indicates that though the
             computer underground is largely organized as a network
             of colleagues, it is also, to some degree, a social
             organization of peers.
                  Best and Luckenbill (1982) describe two additional
             forms of deviant associations that are more
             organizationally sophisticated than peers: "mobs" and
             "formal organizations." The computer underground,
             however, does not display the requisite characteristics
             of these organizational types.  The primary

^

                                                                  77
             characteristic of "mobs" is an elaborate division of
             labor (Best and Luckenbill, 1982, p.25).  While some CU
             groups do exhibit a rudimentary division of labor based
             on individual members' specialization, it is not by any
             means "elaborate."  Any division of labor that does
             exist is voluntary and arises on the basis of
             specialized knowledge, not a specialized organizational
             role.
                  In much the same manner the lack of a designated
             leader or leadership hierarchy prevents CU groups from
             being categorized as "formal organizations" in the Best
             and Luckenbill typology.  Deviant organizations at this
             level are quite sophisticated and there is no empirical
             evidence that the computer underground is organized in
             this manner.
                  This study of the computer underground has been a
             test of the Best and Luckenbill typology of the social
             organization of deviants.  As a test of their
             organizational indicators, the CU has shown that the
             categories are well constructed, with the possible
             exception of limiting "mutual participation" to acts
             carried out in the presence of others.  However, if we
             modify this to include non-simultaneous, but
             cooperative, acts as found in phreak/hacker groups, the
             category is otherwise robust.  The flexibility of the

^

                                                                  78
             typology, which explicitly recognizes that not all
             deviant associations will display all of the character-
             istics (Best and Luckenbill, 1982, p.25), is a strength
             that allowed it to be easily used in terms of the
             computer underground.
                  By addressing the CU from a social organizational
             viewpoint we have seen that despite the high technology
             trappings of their craft, pirates, phreakers, and
             hackers display organizational characteristics found in
             other groups that have been criminalized.  This may
             suggest that the development of sophisticated tools to
             commit "crime" does not necessarily affect the ways in
             which individuals organize their activities.
                  The implications of peer and collegial
             organization for the members of the computer
             underground are vast.  The level of sophistication has
             a direct relationship to the types of resources on
             which individuals can draw (Best and Luckenbill, 1982,
             p.54).  Because CU members are mutually associated,
             they are able to turn to colleagues for advice and
             support with various problems.  However, at the
             collegial level they are left to enact the solutions
             independently.  Whether or not they are successful in
             doing so will determine if they choose to remain active
             in the computer underground.  The data show that

^

                                                                  79
             involvement in the CU is short in duration, unless
             success in early phreak/hack attempts is obtained.  As
             long as the CU remains organized as a collection of
             colleagues, this trend will continue.  Additionally, as
             the computer and telephone industries become more
             sophisticated in preventing the unauthorized use of
             their facilities, new phreak/hackers are unlikely to
             succeed in their initial attempts at the act, thus
             dropping away from the activity and never becoming
             acculturated to the point where peer relationships can
             be developed.
                  At the peer level, a dimension of sophistication
             that some members of the CU do display, the knowledge
             and resources to solve problems and obtain resources is
             greater.  However, even at this level the ties between
             peers remain weak at best.  Although their cooperative
             ties allow for more sophisticated operations, and
             somewhat reduce the CU's vulnerability to social
             control agents (Best and Luckenbill, 1982, p.53), it
             still does not completely eliminate the need for
             individual success in order to sustain a CU career.  As
             long as the CU remains at the current level of
             organizational sophistication, with weak ties and
             somewhat limited means of support and resource
             attainment, it will continue to be a transitory and

^

                                                                  80
             limited "criminal" enterprise.
                  This realization should be considered by policy
             makers who desire to further criminalize computer
             underground activities. Given the current organization
             of the CU, the future social costs of their actions are
             not likely to expand beyond the current level.  There
             is no evidence to support assertions that the CU is
             expanding, and the insight provided here shows that it
             is not likely to do so on a large scale.
                  For sociologists, the computer underground is a
             field rich for insight into several areas of concern.
             Future research into the career path of CU members, and
             the relationships between individuals, could prove
             helpful to those interested in applying theories of
             differential association and career deviance.
             Additionally, the computer underground provides a
             unique opportunity to study the process of
             criminalization, and its effect on those who are
             engaged in the behavior.
                                   REFERENCES
             Best, Joel and David F. Luckenbill. 1982. Organizing
             Deviance. Englewood Cliff, New Jersey: Prentice-Hall.
             Bequai, August. 1987. Technocrimes. Lexington,
             Mass.:Lexington Books.
             Bickford, Robert. 1988. Personal communication to
             Gordon Meyer.
             Chicago Tribune. 1989. "Computer hacker, 18, gets
             prison for fraud."  Feb. 15:2,1.
             Field Notes. Interviews with phreakers, hackers, and
             pirates. Conducted from 7/88 to 4/89 (confidential
             material in authors files).
             Hollinger, Richard C. and Lonn Lanza-Kaduce. 1988. "The
             Process of  Criminalization: The Case of Computer Crime
             Laws." Criminology 26:101-126.
             Levy, Steven. 1984. Hackers: Heroes of the Computer
             Revolution. New York: Dell Publishing.
             Message Logs from a variety of computer underground
             bulletin board systems, (confidential material), 1988-
             1989.
             NBC-TV. 1988. Hour Magazine. November 23, 1988.
             Parker, Donn B. 1983. Fighting Computer Crime. New
             York: Charles Scribner's Sons.
             Rosenbaum, Ron. 1971. "Secrets of the Little Blue Box."
             Esquire October, pp. 116-125.
             Small, David. 1988. Personal communication to Gordon
             Meyer.
             WGN-Radio. 1988. Ed Schwartz Show. September 27, 1988.
                                                                  82
                                   APPENDIX A
                         COMPUTER UNDERGROUND PSEUDONYMS
            _________________________________________________________
            |Literature, films,|Computers &        |Nouns, titles &  |
            |and Entertainment |related technology |Descriptive names|
            ---------------------------------------------------------
            | Pink Floyd       | Mrs. Teletype     | The Professor   |
            | Hatchet Molly    | Baudy Bastard     | Perfect Asshole |
            | Jedi Knight      | Doctor Phreak     | The Messiah     |
            | King Richard     | Lord FAX          | Right Wing Fool |
            | Captain Hoga     | CNA Office        | Bed Bug         |
            | Al Crowley       | Sir Mac           | Sleepy Head     |
            | Doc Holiday      | Busy Signal       | Mean  Underwear |
            | Mr. Big Dog      | Silicon Student   | Cockroach       |
            | Robin Williams   | Fiber Cables      | Primo Bomber    |
            | Big Bird         | Phone Crasher     | The Prisoner    |
            | Cross-eyed Mary  | Doc Cryptic       | Night Lighting  |
            | Capt. America    | Apple Maniac      | No Regrets      |
            | Uncle Sam        | Fuzzy Sector      | Grounded Zero   |
            | Thumpr           | Cntrl. Alt. Del.  | Spit Wad        |
            | Little John      | Byte Ripper       | Shadow Dove     |
            ----------------------------------------------------------
                                                                  83
                                   APPENDIX B
                  NEW USER QUESTIONNAIRE FROM A PHREAK/HACK BBS
                  Welcome to Analog Electronics Datum System.
             Please take this time to fill out a one-time
             questionnaire that will allow us to determine your
             level of access on Analog Electronics Datum System.
                  If any question is too difficult for you to
             answer, just answer with your best guess or a simple "I
             don't know."
                  We basically have two different divisions or types
             of users on this system:
                     (1) Apple (%%,Mac), and IBM software traders
                     (2) Telecommunication hobbyists - any/all
                         computers (networks, mainframes,
                         engineering)
                  Your answers will help us decide which category
             you belong to and what access you should get on our
             system.
  • What type of computer & modem are you using to call

this system?

  • Where did you get the phone number to Analog

Electronics Datum System?

  • We'll need your first name and real phone # where you

can be reached for validation purposes only, this

             information is kept in a password encoded file, on
             another computer (critical for higher validation):
             First for the FILE TRANSFER AREA ACCESS questions:
             (1) How many bits are in a nibble? (Assume 6502 micro
                 processor)
             (2) Define WORM, RAM, ROM, VDT, CRT, BPS? (Pick any 3)
             (3) What does 2400 baud mean in terms of bit transfer
                 speed?
                                                                  84
             (4) What is PT,MT,AE,BIN2,Ymodem Batch,BLU? (Pick any
                 4)
             (5) How many Megahertz does a standard Apple %%+ run
                 at? (rounding OK)
             Now for the TeleCommunication Questions:
             (1) Describe the Voice Transmission Use of a Loop:
             (2) If I gave you my phone #, how would you find my
                 name and address?!
             (3) Can you name any networking software operating
                 systems or protocols?
             (4) What is the highest frequency a twisted two wire
                 pair can transmit at?
             (5) We believe Phones and Computers Belong Together,
                 what do you BELIEVE?
             Ok, thanks for that info.
                A MESSAGE FROM AL CAPONE (LOCAL) AND THE TRADER (LD)
                                    SYSTEM VALIDATORS
  1. —————————————————-
                  Welcome  to  ALDS!  As a new  user you have  made
             a  change  for the better in choosing this system as
             one of your places of telecommunication exchange.   In
             my  opinion, this  is one, if  not  the  best, system
             in telecommunications today as most of the good  boards
             such as Shadowspawn, Metal  Shop  Private, etc. do not
             exist anymore.  Quality users exist on this system that
             have established a reputation for themselves so
             questions you ask will be answered thoroughly and
             precisely.  We are a sponsor board of the  LOD/H
             Technical  Journal,  and  accounts  have  been
             established representing  Phrack,  Inc.  and 2600
             Magazine.  (For our software trading people, we also
             have an excellent file transfer area . . . consistent
             with the rest of the nation . . . )
                  Due to the high quality of our system, we will

^

                                                                  85
             need some additional information about you.
             Maintenance  of a high  quality system requires high
             quality users, so the first step in  this  process is
             keeping the low quality users off of the system . . .
             so please cooperate with us . . . this is for your
             benefit as well as ours.   The information you give us
             will be cross referenced with other systems for
             accuracy, and if you leave false information, you may
             suffer low access or deletion.
                  All phone number information is stored outside of
             the housing of this system inside of an encrypted,
             password locked file for your security. So if you have
             left an invalid phone #, please leave one where you can
             be reached, or someone's name and number (if possible)
             that will vouch for you.  Keep in mind this validation
             can take up to 1 week to complete due to the high
             volume of new callers to our system.
             Note: Limited system access will be granted within 24
             Hrs if all of your  info seems correct.
             Thanks in advance . . .            Bugsy Malone
                                                The Swapper
                                             SYSOP/SYSTEM VALIDATORS
             % Bugsy Malone needs the following info: %
             (1) Your references (sysops, other users on this
                 system, other BBS).
             (2) Your interests in having access to our system.
             (3) How do you feel you can contribute to our system?
             (4) How many years of telecommunication experience do
                 you have?
             (5) Do you have any special talents in programming, or
                 operating systems?
                 If yes, then name the language(s) or operating
                 system(s).
             Enter message now, answering these questions:
             %after entering the message the BBS hangs up and the
             caller will  call back in 24 hours to see if access has
             been granted.%

^

!

/data/webs/external/dokuwiki/data/pages/archive/100/hack_ths.txt · Last modified: 2019/05/17 09:32 (external edit)