The Computer Underground

.. their info. I myself %sic% would like to work for the telco, doing something interesting, like programming a switch. Something that isn’t slave labor bullshit. Something that you enjoy, but have to take risks in order to participate unless you are lucky enough to work for the telco.

To have access to telco things, manuals, etc would be great (DP, message log, 1988). Phreaking involves having the dedication to commit yourself to learning as much about the phone system/network as possible. Since most of this information is not made public, phreaks have to resort to legally questionable means to obtain the knowledge they want (TP2, message log, 1988). Most members of the underground do not approach the telephone system with such passion. Many hackers are interested in the phone system solely to the extent that they can exploit its weaknesses and pursue other goals. In this case, phreaking becomes a means and not a pursuit unto itself.

Another individual, one who identifies himself as a hacker, explains: I know very little about phones . . . I just hack. See, I can’t exactly call these numbers direct.

A lot of people are in the same boat. In my case, phreaking is a tool, an often used one, but nonetheless a tool (TU, message log, 1988). In the world of the computer underground, the ability to “phreak a call” is taken for granted. The invention of the telephone credit card has opened the door to wide-scale phreaking. With these cards, no special knowledge or equipment is required to phreak a call, only valid credit card numbers, known as “codez,” are needed to call any location in the world.

This easy access to free long-distance service is instrumental for maintaining contact with CU participants scattered across the nation. Pirating The third major role in the computer underground is that of the software pirate. Software piracy refers to the unauthorized copying and distribution of copy- righted software. This activity centers around computer bulletin board systems that specialize in “warez.”7 There pirates can contribute and share 7 “Warez” is a common underground term that refers to pirated software. copies of commercial software. Having access to these systems (usually obtained by contributing a copyrighted program via a telephone modem) allows the pirate to copy, or “download,” between two to six programs that others have contributed. Software piracy is a growing concern among software publishing companies. Some contend that the illegal copying of software programs costs the industry billions of dollars in lost revenues. Pirates challenge this, and claim that in many ways pirating is a hobby, much like collecting stamps or baseball cards, and their participation actually induces them to spend more on software than they would otherwise, even to the point of buying software they don’t truly need: There’s a certain sense of, ahh, satisfaction in having the latest program, or being the first to upload a program on the “want list.” I just like to play around with them, see what they can do. If I like something, I’ll buy it, or try out several programs like it, then buy one.

In fact, if I wasn’t pirating, I wouldn’t buy any warez, because some of these I buy I do for uploading or just for the fun of it. So I figure the software companies are making money off me, and this is pretty much the same for all the really elite boards, the ones that have the best and most programs. . . .

I just bought a $117. program, an accounting program, and I have absolutely no use for it. It’s for small businesses. I thought maybe it would auto- write checks, but it’s really a bit too high powered for me. I thought it would be fun to trade to some other boards, but I learned a lot from just looking at it (JX, field notes, 1989).

Pirates and phreak/hackers do not necessarily support the activities of each other, and there is distrust and misunderstanding between the two groups. At least part of this distrust lies in the phreak/hacker perception that piracy is an unskilled activity.8 While p/hackers probably don’t disapprove of piracy as an activity, they nevertheless tend to avoid pirate bulletin board systems –partly because there is little pertinent phreak/hack information contained on them, and partly because of the belief that pirates indiscriminately abuse the telephone network in pursuit of the latest computer game. One hacker illustrates this belief by theorizing that pirates are responsible for a large part of telephone credit card fraud. The media claims that it is solely hackers who are responsible for losses pertaining to large telecommunication companies and long distance services. This is not the case. We are %hackers% but a small portion of these losses.

The rest are caused by pirates and thieves who sell these codes to people on the street (AF, message log, 1988). Other hackers complained that uploading large 8 A possible exception to this are those pirates that have the programming skills needed to remove copy protection from software. By removing the program code that inhibits duplicate copies from being made these individuals, known as “crackers,” contribute greatly to the easy distribution of “warez.” programs frequently takes several hours to complete, and it is pirate calls, not the ones placed by “tele- communications enthusiasts” (a popular euphemism for phreakers and hackers) that cost the telephone industry large sums of money. However, the data do not support the assertation that all pirates phreak their calls. Phreaking is considered “very tacky” among elite pirates, and system operators (Sysops) of pirate bulletin boards discourage phreaked calls because it draws attention to the system when the call is discovered by the telephone company.

Regardless of whether it is the lack of phreak/ hack skills, the reputation for abusing the network, or some other reason, there is indeed a certain amount of division between the world of phreakers and hackers and that of pirates. The two communities co-exist and share resources and methods, but function separately. Social Organization and Deviant Associations Having outlined and defined the activities of the computer underground, the question of social organization can be addressed. Joel Best and David Luckenbill (1982) have developed a typology for identifying the social organization of deviant associations. Essentially they state that deviant organizations, regardless of their actual type of deviance, will vary in the complexity of their division of labor, coordination among organization roles, and the purposiveness with which they attempt to achieve their goals.

Those organizations which display high levels in each of these categories are more sophisticated than those with lower levels. Deviants relations with one another can be arrayed along the dimension of organizational sophistication. Beginning with the least sophisticated form, %we% discuss five forms of the social organization of deviants: loners, colleagues, peers, mobs, and formal organizations. These organization forms are defined in terms of four variables: whether the deviants associate with one another; whether they participate in deviance together; whether their deviance requires an elaborate division of labor; and whether their organization’s activities extend over time and space (Best and Luckenbill, 1982, p.24). These four variables, also known as mutual association, mutual participation, elaborate division of labor, and extended organization, are indicators of the social organization of deviant groups. The following, taken from Best and Luckenbill, illustrates: FORM OF MUTUAL MUTUAL DIVISION EXTENDED ORGAN- ASSOCIA- PARTICIPA-OF ORGAN- IZATION TION TION LABOR IZATION ————————————– Loners no no no no Colleagues yes no no no Peers yes yes no no Mobs yes yes yes no Formal Organizations yes yes yes yes (1982, p.25) Loners do not associate with other deviants, participate in shared deviance, have a division of labor, or maintain their deviance over extended time and space.

Colleagues differ from loners because they associate with fellow deviants. Peers not only associate with one another, but also participate in deviance together. In mobs, this shared participation requires an elaborate division of labor. Finally, formal organizations involve mutual association, mutual participation, an elaborate division of labor, and deviant activities extended over time and space (Best and Luckenbill, 1982, pp.24-25). The five forms of organizations are presented as ideal types, and “organizational sophistication” should be regarded as forming a continuum with groups located at various points along the range (Best and Luckenbill, 1982, p.25).

With these two caveats in mind, we begin to examine the computer underground in terms of each of the four organizational variables. The first level, mutual association, is addressed in the following section. Mutual Association Mutual association is an indicator of organizational sophistication in deviant associations. Its presence in the computer underground indicates that on a social organization level phreak/hackers act as “colleagues.” Best and Luckenbill discuss the advantages of mutual association for unconventional groups: The more sophisticated the form of organization, the more likely the deviants can help one another with their problems. Deviants help one another in many ways: by teaching each other deviant skills and a deviant ideology; by working together to carry out complicated tasks; by giving each other sociable contacts and moral support; by supplying one another with deviant equipment; by protecting each other from the authorities; and so forth.

Just as %others% rely on one another in the course of everyday life, deviants find it easier to cope with practical problems when they have the help of deviant associates (1982,pp.27-28). Hackers, phreakers, and pirates face practical problems. For example, in order to pursue their activities they require equipment9 and knowledge. The 9 The basic equipment consists of a modem, phone line, and a computer — all items that are available through legitimate channels. It is the way the equipment is used, and the associated knowledge that is required, that distinguishes hackers from other computer users.

The problem of acquiring the latter must be solved and, additionally, they must devise ways to prevent discovery , apprehension and sanctioning by social control agents.10 One method of solving these problems is to turn to other CU members for help and support. Various means of communication have been established that allow individuals to interact regardless of their location. As might be expected, the communication channels used by the CU reflect their interest and ability in high- technology, but the technical aspects of these methods should not overshadow the mutual association that they support. This section examines the structure of mutual association within the computer underground. 10 Telephone company security personnel, local law enforcement, FBI, and Secret Service agents have all been involved in apprehending hackers.

The Structure of the Computer Underground Both computer underground communities, the p/hackers and the pirates, depend on communications technology to provide meeting places for social and “occupational” exchanges. However, phreakers, hackers, and pirates are widely dispersed across the country and, in many cases, the globe. In order for the communication to be organized and available to participants in many time zones and “working” under different schedules, centralized points of information distribution are required. Several existing technologies — computer bulletin boards, voice mail boxes, “chat” lines, and telephone bridges/loops — have been adopted by the CU for use as communication points. Each of these technologies will be addressed in turn, giving cultural insight into CU activities, and illustrating mutual association among CU participants. Bulletin Board Systems Communication in the computer underground takes place largely at night, and primarily through Bulletin Board Systems (BBS).

By calling these systems and “logging on” with an account and password individuals can leave messages to each other, download files and programs, and, depending on the number of phone lines into the system, type messages to other users that may be logged on at the same time. Computer Bulletin Board Systems, or “boards,” are quite common in this computerized age. Nearly every medium-sized city or town has at least one. But not all BBS are part of the computer underground culture. In fact, many systems prohibit users from discussing CU related activity.

However, since all bulletin boards systems essentially function alike it is only the content, users, and CU culture that distinguish an “underground” from a “legitimate” bulletin board. Computer Underground BBS are generally owned and operated by a single person (known as the “system operator” or “sysop”). Typically setup in a spare bedroom, the costs of running the system are paid by the sysop, though some boards solicit donations from users. The sysop maintains the board and allocates accounts to people who call the system. It is difficult to assess the number of underground bulletin boards in operation at any one time. BBS in general are transitory in nature, and CU boards are no exception to this. Since they are operated by private individuals, they are often set up and closed down at the whim of the operator.

A week that sees two new boards come online may also see another close down. A “lifetime” of anywhere from 1 month to 1-1/2 years is common for pirate and phreak/hack boards.11 One BBS, claimed to be the “busiest phreak/hack board in the country” at the time,12 operated for less than one year and was suddenly closed when the operator was laid off work. Further compounding the difficulty of estimating the number of CU boards is their “underground” status. CU systems do not typically publicize their existence. However, once access to one has been achieved, it is easy to learn of other systems by asking users for the phone numbers. Additionally, most BBS maintain lists of other boards that users can download or read.

So it is possible, despite the difficulties, to get a feel for the number of CU boards in operation. boards are the most common of “underground” BBS. While there is no national “directory” of pirate boards, there are several listings of numbers for specific 11 While some non-CU BBS’ have been operating since 1981, the longest operating phreak/hack board has only been in operation since 1984. 12 At it’s peak this p/h board was receiving 1000 calls a month and supported a community of 167 users (TP BBS, message log, 1989). computer brands.13 One list of Apple pirate boards has 700 entries.

Another, for IBM boards, lists just over 500. While there is no way of determining if these lists are comprehensive, they provide a minimum estimate. Pirate boards for systems other than IBM or Apple seem to exhibit similar numbers. David Small, a software developer that has taken an aggressive stance in closing down pirate boards, estimates that there are two thousand in existence at any one time (1988). Based on the boards discovered in the course of this research, and working from an assumption that each of the four major brands of microcomputers have equal numbers of pirate boards, two thousand is a reasonable estimate. The phreak/hack BBS community is not divided by differing brands of micro-computers.

The applicability of phreak/hack information to a wide range of systems does not require the specialization that pirate boards exhibit. This makes it easier to estimate the number of systems in this category. John Maxfield, a computer security consultant, has asserted that there are “thousands” of phreak/hack 13 Pirate boards are normally “system specific” in that they only support one brand or model of microcomputer. boards in existence (WGN-Radio, November 1988). The data, however, do not confirm this. A list of phreak/hack boards compiled by asking active p/hackers and downloading BBS lists from known phreak/hack boards, indicates that there are probably no more than one hundred. Experienced phreak/hackers say that the quality of these boards varies greatly, and of those that are in operation today only a few (less than ten) attract the active and knowledgeable user.

Right after “War Games” came out there must have been hundreds of hacker bulletin boards spring up. But 99% of those were lame. Just a bunch of dumb kids that saw the movie and spent all there %sic% time asking “anyone got any k00l numberz?” instead of actually hacking on anything. But for a while there was %sic% maybe ten systems worth calling . . .

where you could actually learn something and talk to people who knew what was going Nowadays %sic% there are maybe three that I consider good . . . and about four or five others that are okay. The problem is that anybody can set up a board with a k-rad name and call it a hacker board and the media/feds will consider it one if it gets busted. But it never really was worth a shit from the beginning.(TP2, field notes, 1989) Towards a BBS Culture. Defining and identifying CU boards can be problematic.

The lack of an ideal type undoubtedly contributes to the varying estimates of the number of CU bulletin board systems. While developing such a typology is not the intent of this work, it is appropriate to examine the activities and characteristics exhibited by BBS supporting the pirate and phreak/hack communities. While much of the culture of pirate and phreak/hack worlds overlap, there are some differences in terms of how the BBS medium is used to serve their interests. We begin with a short discussion of the differences between the two communities, then discuss cultural characteristics common to all CU BBS systems. All BBS feature a “files area” where programs and text files are available for downloading by users. Initially these programs/files are supplied by the system operator, but as the board grows they are contributed (called “uploading”) by callers.

The content and size of the files area differs according to whether the board supports the pirate or phreak/hack community. The files area on a pirate board consists primarily of programs and program documentation. Normally these programs are for only one brand of micro-computer (usually the same as the system is being run on). Text files on general or non-computer topics are uncommon. A “files area” menu from a pirate BBS illustrates the emphasis on software: %1% Documentation %2% Telecommunications %3% Misc Applications %4% Word Processing %5% Graphics %6% Utilities %7% Games 1 %8% Games 2 %9% XXX Rated %10% Elite 1 %11% Elite 2 %12% Super Elite (IN BBS, message log, 1988) The “files area” on a phreak/hack BBS is noticeably smaller than it is on pirate systems.

It consists primarily of instructional files (known as “g- files” for “general files”) and copies of phreak/hack newsletters and journals. Pirated commercial software is very rare; any programs that are available are usually non- copyrighted specialized programs used to automate the more mundane aspects of phreaking or hacking. It is not uncommon to find them in forms usable by different brands of computers. A “files area” list from a phreak/hack BBS is listed here (edited for size): Misc Stuff ————- BRR2 .TXT: Bell Research Report Volume II BRR1 .TXT: Bell Research Report Volume I CONFIDE .ARC: Confide v1.0 DES EnCryption/DeCryption CNA .TXT: A bunch of CNA numbers CLIPS .ARC: newsclippings/articles on hackers and busts ESS1 .TXT: FILE DESCRIBING THE ESS1 CHIP TELEPHON.TXT: NY Times Article on hackers/phreaks HP-3000 .TXT: This tells a little info about hp VIRUS .TXT: Digest of PC anti-viral programs. Hack/Phreak Programs ———————– THIEF .ARC: Code Thief for IBM! PC-LOK11.ARC: IBM Hard Disk Lock Utility-fairly good.

PHONELIS.COM: Do a PHONE DIR command on VAX from DCL. XMO .FOR: VAX Xmodem Package in FORTRAN PASSWORD.ARC: IBM Password on bootup. Not too bad. Archived Gfiles ———————- PHRACK15.ARC: Phrack #15 PHRACK10.ARC: Phrack #10 PHRACK20.ARC: Phrack #20 ATI1 6.ARC : ATI issues one thru six PHRACK5.ARC : Phrack #5 PHRACK25.ARC: Phrack #25 PHUN1.ARC : P/Hun first issue TCSJ.ARC : Telecom Security Journal ATI31.ARC : Activist Times Inc number 31 LODTECH3.ARC: LoD Tech Journal three (TPP BBS, message log, 1988) The difference in files area size is consistent with the activities of pirates and phreak/hackers. The main commodity of exchange between pirates is, as discussed earlier, copyrighted software thus accounting for the heavy use of that area of the board that permits exchange of programs.

The phreak/hackers, on the other hand, primarily exchange information about outside systems and techniques. Their interests are better served by the “message bases” of BBS. The “message bases” (areas where callers leave messages to other users) are heavily used on phreak/hack systems. The messages are not specific to one brand of micro-computer due to the fact that not all users own the same equipment. Rather than focus on the equipment owned by the phreak/hacker, the messages deal with their “targets.” Everything from phreak/hacking techniques to CU gossip is discussed. On some boards all the messages, regardless of topic, are strung together in one area.

But on others there are separate areas dealing with specific networks and mainframe computers: Message Boards available: 1 : General 2 : Telecommunications 3 : Electronics 4 : Packet Switched Nets 5 : VAX/DEC 6 : Unix 7 : Primos 8 : HP-x000 9 : Engineering 10 : Programming & Theory 11 : Phrack Inc. 12 : Sociological Inquiries 13 : Security Personnel & Discussion 14 : Upper Deck 15 : Instructors (TPP BBS, message log, 1988) The pirate community, on the other hand, makes little use of the “message bases.” Most users prefer to spend their time (which may be limited by the system operator on a per day or per call basis) uploading and/or downloading files rather than leaving messages for others. Those messages that do exist are usually specific to the pirating enterprise such as help with programs on the board, requests for specific programs (“want lists”), and notices about other pirate bulletin boards that users may want to call. Occasional discussion of phreaking may occur, but the emphasis is on techniques used to make free calls, not technical network discussions as often occurs on phreak/hack systems. A list of message areas from a large pirate BBS illustrates the emphasis on the pirating enterprise.

A message area for general discussions has been created, but those areas devoted to pirating display more use: Area %1% General Discussion 15 messages Area %2% Pirating Only!! 75 messages Area %3% Warez Wants 31 messages Area %4% **private messages** 10 messages (TL BBS, message log, 1988) In addition to the differences between files and message use on pirate and phreak/hack boards, they differ in degree of community cohesiveness. Every BBS has a group of “users” –the people who have accounts on the system. The group of users that call a specific BBS can be considered to be a “community” of loosely associated individuals by virtue of their “membership” in the BBS. Additionally, the system itself, serving either pirates or phreak/hackers, exists within a loose network of other bulletin boards that serve these same interests. It is within this larger community where pirate and phreak/hack boards seem to differ.

Due to the brand-specific nature of pirate boards, there is not a strong network between pirate BBS that operate on other systems. This is understandable as a pirate that owned an Apple computer would have little use for the programs found on an IBM board. However, this creates separate communities of active pirates, each loosely associated with other users of their computer type, but with little or no contact with pirate communities on other systems. There is, however, a degree of cohesiveness among pirate boards that support the same micro-computers. While the users may be different on systems, the data shows that some pirate boards are “networked” with each other via special software that allows messages and files to be automatically shared between different boards. Thus a message posted on a west coast pirate board will be automatically copied on an east coast BBS later that night.

In a like manner, software programs can be sent between “networked” boards. The extent of this network is unknown. The pirate BBS community also exhibits cohesiveness in the form of “co-sysops.” As discussed earlier, sysops are the system operators and usually owners of BBS. On some pirate boards, “co-sysop” distinction is given to an operator of another board, often located in another state. This forms a loose network of “sister boards” where the sysop of one has co-sysop privileges on the other. However, this cooperative effort appears to be limited mainly to the system operators as comparing user lists from sister boards shows little overlap between the regular callers.

How co- sysop positions are utilized is unknown, and it is suspected that they are largely honorary. But nonetheless it is indicative of mutual association between a small number of boards. The phreak/hack board community does not exhibit the same brand-specific division as the pirate community. Unlike the divided community of pirates, phreak/hackers appear to maintain contacts throughout the country. Obtaining and comparing user lists from several phreak/hack BBS reveals largely the same group of people using several different boards across the country.14 While phreak/hack boards have yet to adopt the “networking” software used by pirate boards, an active group of phreak/hackers is known to use the sophisticated university mainframe computer network, called Bitnet, to exchange phreak/hack newsletters and gossip.

Despite the operational differences between pirate 14 In fact, users lists from phreak/hack BBSs located in Europe and Australia show that many U.S. p/hackers utilize these systems as well. and phreak/hack boards, their cultures are remarkably similar. Any discussion of the computer underground must include both communities. Additionally, a formulation of the culture of CU BBS must address the means in which access to the board, and thus deviant associates, is obtained.

For a caller to successfully enter the CU BBS community, he must display an awareness of CU culture and technical skill in the CU enterprise. If the caller fails to exhibit cultural knowledge, then access to the board is unlikely to be granted. The ways in which this cultural knowledge is obtained and displayed illustrates the social nature of the CU and further displays some of the subcultural norms of behavior. On most “licit” (non-underground) boards, obtaining permission to use the system is accomplished by logging on and providing a name and home phone number to the system operator (sysop). Sysop’s normally do not check the validity of the information, and once a caller has provided it he or she is granted full access to the system.

There is normally one level of access for all users, with only the sysop having more “powerful” access. Obtaining access to underground bulletin boards is more complicated and requires more steps to complete. In an attempt to prevent law enforcement agents (“feds”) from obtaining accounts on systems where pirates or p/hackers are vulnerable, if not to actual arrest, then at least to exposing their latest act- ivities and methods, sysop’s of illicit boards attempt to limit access to the system. One method of doing this is to restrict publicizing the existence of the board. Computer underground BBS are not normally included in BBS listings found in computer books and magazines, and there is a norm, particularly strong on p/hack systems, that the boards are not to be mentioned on non-CU systems. There are, however, some “entry-level” CU BBS that are fairly well known.

These systems are known as “anarchist” boards. “Anarchist” boards, while exhibiting many of the same characteristics as pirate and phreak/hack boards, are really a cross between the two and serve primarily as social outlets for both pirates and phreak/hackers. The message areas on “anarchist” boards are quite active, “chatty” messages are not discouraged. Indeed there are normally several different message areas devoted to a wide range of topics including everything from “skipping school” to “punk rock.” The files area contains both warez (but normally only the newest games, and specific to the computer system that the board runs on) and phreak/hack text files. Neither collection is as extensive as it would be on pirate- only or p/hack-only systems. The data suggest that one function of “anarchist” boards is to introduce newcomers to the culture of the computer underground.

By acting as “feeder boards,” they can provide preliminary socialization and instruction for CU behavior and techniques. Additionally, “anarchist” boards frequently provide areas where phone numbers to pirate and p/hack systems can be traded, thus providing systems where more in- depth information, and other contacts, can be found. A phreak/hacker describes how an “anarchist.