Hacker Perspective: Shadow E. Figure
The stage is set as follows: my entire hacking career has developed in prison.
Bill Clinton was still the President when I arrived. Since then, Moore's Law has transmogrified technology to science fiction proportions. Think back a little bit. Google was in its infancy, Microsoft ruled the world, cellular communications few and far between, two-way paging the latest trend. This was my reality the last time I was in the free world! Most telling, the size of the entire Internet then was about equal to its output each day now.
Rather than finding myself immersed in this decade plus of advancement, I have been positioned to study it from afar. Lurking on the periphery, silently assessing the effects of this whirlwind which has ensnared the entire globe.
Considering the cosmopolitan nature of consuming technology and the strangely esoteric nature of understanding technology, hacker culture's orientation in society suddenly becomes of paramount importance.
I don't think hacking is an outgrowth of digital technologies.
I believe we can trace its origins all the way to the primordial genesis of our bipedal ancestors. It is an inborn spark, an inherent element of consciousness. A metaprogram or sub-routine which developed as a high-level adaptation during the burst of human evolution.
The ephemeral instinct expressed as curiosity, that desire to know and interact within one's own terms; even today these traits have taken a hand in shaping the future. If you have read your McLuhan, you know that the various shapes and forms of technology are externalizations and outward projections of consciousness. Consider then, the latent power of pushing the envelope in every direction.
Seeking evidence of the hacker spirit in antiquity, we must look no further than the mythic archetype of Prometheus. Zeus, father of the Gods, has forbidden to mankind the use of fire. Covertly entering Mount Olympus, Prometheus liberates fire from the god's abode and delivers it to man. Consequently, man nearly destroys himself with this powerful new technology and, in the process, dooms Prometheus to punishment for his actions.
Behind this myth lies the ingenuity and curiosity of humankind harnessing the forces of nature towards its collective benefit. What eventually came to be science was the continuation of these traits. Every new invention or theory has always been a revolution against orthodoxy...
These revolutions have driven civilization forward.
Zeus has become Big Brother; Prometheus, (((Emmanuel Goldstein))). We now stand at a crossroads where the virtues of ethical hacking, exploration, experimentation, and the sharing of discovery are the most potent weapons against obscurity, ignorance, and totalitarianism.
Our symbiosis with advanced technologies is nearly complete. Every sphere of our activity has become increasingly dependent upon them. Who else is going to discover and elucidate what is going on? ISPs? Cellular carriers? The FCC?
To anyone with the moxie and drive to engage in "hacking," the methods and inclinations are natural, if not hard fought in the trenches of doing. So how do we gauge the importance of our work? Only by continuing to carry on can we hope to give voice to our need for freedom. I can think of nothing more important than that.
Lofty philosophical musings aside, I'm sure some have begun to wonder what types of opportunities for hackers there are in prison. Believe me when I tell you that finding out from me is perhaps much better than learning firsthand. There may even be a segment of people who are unaware that such opportunities exist at all. In my experience, the entire process is catalyzed from the endless series of what we will call "unfortunate luxuries," which seem to dominate prison life.
The first and most obvious is time.
With no social responsibilities (aside from keeping a good grip on the soap), I can pursue at my leisure massive amounts of hard data. Prison libraries tend to make this situation dynamic; strange donations and weird bequests have stocked the shelves with outdated textbooks and obscure how-to reference manuals.
In a minimal amount of time, the entire history of communications technology was assimilated. But more than this, I developed a penchant for "hidden' or "secret" knowledge. This lead to a study of cryptography, which is nestled snugly right next to hacking.
To pursue such studies in books leads to a tendency to transfer this knowledge into the real world. The ordinary and mundane transforms into the wondrous and magical; how does all this stuff work? Thus begins the endless quest.
The second unfortunate luxury happens to be security.
Prison epitomizes the illusion of security. This is an important distinction, because security by design is only imposed through acceptance (or force). If you accept a restriction, it becomes a fact. Entire industries exist within the prison underground geared towards subverting and passing security. There are some interesting implications in this, which we will get back to.
For now, let's examine another unfortunate luxury: prison labor.
If you are picturing a chain gang on the side of the road, wait a minute - this is far more dubious. Corporate America has had an epiphany which has led to a long series of contracts to employ prison labor for all sorts of interesting tasks. Think of it as outsourcing within the country.
So this is how I came to find myself seated at a Windows box for the first time. It's one thing to read endlessly about bits and bytes and code and packets of data and networks. It's quite another to get to experience it. I landed a "data entry" job, once the demand for computer-literate individuals became apparent.
Really, any robot could have done my job.
An I suppose this eventually led to a little exploration. That, and the fact that curiosity seems to trump inhibition. It started innocently enough - just some poking around to discover what was on the server and what I had permissions to do. Is finding one's limitations where it always begins?
Spaced over 13 drives were hundreds of gigs of disorganized and mostly obsolete data. Clicking on a hyperlink one day, I discovered that I had access to a browser, but port 80 was blocked. I went right to Telnet for a net scan. Since everything else appeared to be opened, I went for FTP.
I had thumbed a few copies of 2600 at this point; this is the only way I can explain the first destination that popped into my head. I quickly retrieved everything available, but to this day one file has haunted me: "This is an unrecognized IP address."
With the sheer volume of data on the server, I figured it would be safe to access some harmless information. No one ever forbade me from doing so.
I didn't even look at what was obtained.
Instead, I just printed it all out and took it back to my cell for processing. It is not every day that you behold the Holy Grail; this is what the HackFAQ was to me at that time. Reading all the box plans was an irrevocable step in my life down the road to hackerdom. As I sat reading, a terror began to dawn on me however; the possibility of a bread and water diet, left to rot in the hole.
Action was swift; armed with a new set of resources, I hoped back on FTP and retrieved a packet sniffer. With no ability to install programs, I had to camouflage the executable as a customer file and coerce my boss into the task of unwitting hacker.
When I accessed the data dump in Notepad, I immediately thanked my luck; no encryption.
Obtaining new credentials became a trivial task. From a workstation, I was able to log on as "sysadmin" and cover whatever tracks I could think of. I never did anything diabolical, but here I was: a Class A felon with unrestricted network access to a vast corporate playground. Account data, credit card information, unlimited Internet access. Not to mention all the havoc that could be wreaked from the ability to spoof emails and impersonate various executives.
My task accomplished, I moved on to other, more constructive projects.
Buckminster Fuller noted that you cannot expect to change a system by criticizing it; you do so by making it obsolete. Being able to view the overall architecture of their data flow, I was able to spot a few bottlenecks. I proposed a common sense solution and they actually provided me with some development tools.
I went from being a data monkey to being tasked with creating a new database. I quickly understood the common disdain for script kiddies. How can you develop a proper respect for data security until you write those first few lines of code? The bug bit me; the desire to program only seems to grow over time.
Unfortunately, I lost the job due to some non-work-related shenanigans before I was able to complete the project.
My departure was in haste. With no one to maintain the data dump, I often wonder how large the file got before they detected the network breach?
I lamented that this was the end of my digital life. It turned out to be the beginning. Do all hackers at some point develop a sixth sense? An automatic gravitation towards mischief?
What caught my eye about the new law library computers were the giant steel plates bolted on the front of the slave towers.
Really? USB rootkits and live CDs are pretty few and far between here. This is such a great metaphor for D.O.C. security.
I sat down to investigate. The available d-base seemed straightforward enough (two words, both rhyme Editor's Note: LexisNexis). Many links were disabled, shortcut keys were off, and text fields couldn't read JavaScript.
I surfed around a little and found myself on the parent company website. I typed a search string into the search portal and stared at Google for about a minute trying to compute the use of this giant steel plate.
The only question that remained for me was how to force a reboot.
I puzzled over this long enough to notice the wall outlet. The boot sequence showed a Linux platform, but I ended up with a strange prompt I hadn't seen before. It notified me I had 20 seconds to authenticate, but if I entered any credentials, even bogus ones, the count would renew.
Worse, there appeared to be no intrusion countermeasures whatsoever. To solve this problem, I had to revert back to old but useful methods; I shoulder surfed some valid credentials. I now had access to the Department was pretty boring. But in the process of trying to get a better one to peek around with, I realized something. Every username was the officer name. Every password was their badge number. It couldn't be any easier.
There are many more adventures and exploits, but you get the picture.
A new dimension has recently arisen; corporations have delved into every area of our lives. You can purchase an inordinate amount of stuff suddenly.
I have an MP3 player which can send and receive emails and pictures (only to pre-approved addresses and the data is uploaded via Fireware to a kiosk on the yard, then to a central server for forwarding).
There are kiosks for video-calling and flat screens which double as monitors. The latest rumor says secure cell phones are next. In an institution of over 3,000 inmates, at least one unauthorized cell phone was confiscated in the last year for every ten inmates. It's pretty obvious why they would consider doing so. They can't seem to get control any other way, even if cellular jamming seems trivial. Perhaps the intel is too good?
I may not have any high tech anecdotes of de-obfuscating code or other Herculean tasks, but these experiences should at least illustrate that no matter where hackers are, there is something worth exploring.
Hopefully, there is some inspiration also; the level of access to all of you on the outside is miraculous, an endless plethora of gadgets and information. I, on the other hand, live in a world where an oppressive agency suppresses my rights any chance they get.
Their hand touches everything with control, and nearly everything is outlawed. Thought crime is a reality.
You may say that people in prison deserve this, but you would miss the point that this type of control is not only coveted by nearly all authorities, it is a possible future for everyone. This is our gauge of importance for what hackers do; it is our job to prevent this future.
I leave you with one final thought.
It has occurred to me that the propensity to designate hackers as criminals stems from a similarity in operating procedures between the two.
In either case, the world view tends towards dissecting the systems encountered. Once the exploits, vulnerabilities, and weaknesses have been exposed, the distinction occurs. A criminal will use the information for some type of personal gain and attempt to horde it.
More often than not, this activity is in service to some other felonious pursuit, rather than learning.
Hackers, however, experiment with the structure of the system, doing all sorts of things that were never intended, all the while uncovering many new discoveries in the process. They then share their experience with the community, pushing the collective a little further along.
This free and open exchange of information undermines the illusion of security which the creators (read: "profiteers") of such systems hope to propagate. An unwillingness to address the issues, which are exposed, makes the hacker paradoxically more dangerous to those interests, and creates a motive to vilify the observant voice. Criminals exploit ignorance; hackers expose it. Thus, all the confusion.
Well, I'm off to buy some more low compression MP3s for $1.80 a song, and to do some more exploring.
If parole comes through, perhaps I'll see you at a 2600 meeting.
Until then, Happy Hacking!
Shout out to the warden, Left to Rott, and the Secret Society!