HACKING

Prepared for the Macmillan Encyclopedia of Computers

J.A.N. Lee [1]
1991 January 23
Final Draft

Introduction

The term "hacking" in the 1980's became a buzzword in the media which was taken to be derogatory and which by misuse and overuse was attached to any form of socially non-acceptable computing activity outside of polite society. Within this context "hackers" were assumed to be the fringe society of the computing fraternity, mainly characterized as "youngsters" who did not know any better and who had obtained access to a technology with which they terrorized the world of communications and computing. To be tagged as a "hacker" was to portray a person as member of a less than acceptable group of near criminals whose activities were not be to be undertaken by the upright citizenry. These connotations are in contrast to the use of the term in the 1950's and 1960's when hackers were at least to be tolerated for their potential, though not necessarily displayed in public. In many ways the early use of the term held a connotation similar to that of a "boffin" during World War II who was characterized as a backroom activist who when left to their own devices could produce some wonderful inventions. Scientists such as Edison (electric light bulb, phonograph, etc.), Fleming (penicillin), Barnes-Wallis (the bouncing bomb and swept wing aircraft), Watson-Watt (radar) and possibly even Babbage (the difference and analytical engines), may have been honored to be identified as hackers. Only in more recent times has there been a confusion between the terms "hacker", "petty criminal" and possibly "nerd".

The Term - its Origins and Development

[2]hack (hak),
n. 1. a horse for hire. 2. an old, worn out horse. 3. a literary drudge. 4. a coach for hire. 5. a taxi cab. adj. 1. employed as a hack. 2. trite. v.t. to chop or cut roughly. v.i. 1. to make rough cuts. 2. to give harsh dry coughs. n. 1. a tool for hacking. 2. a gash or notch. 3. a harsh,dry cough. - hack'er. n. - hack'ing, adj.

The concept of hacking as a methodology to achieve some particular goal has the allusion of working at something by experimentation or empirical means, learning about the process under review or development by ad hoc mechanisms. This may have had an origin from the use of the term "v.t. to chop or cut roughly. v.i. to make rough cuts" as in the process of empirical development where numerous different routes are explored in a search for the most effective approach to a solution, but without necessarily having planned a prearranged ordering of search or necessarily a methodology for evaluation. To chance upon a solution through "hacking through a problem" is often as educational as structured learning, and thus it is not unreasonable to approach a problem in a field which is devoid of structure and methodology by "hacking". In hacking a computer, the enhancement of the system is an end in itself - applications of that system don't count. In the same manner, hacking has no life cycle and no specific end goal; an improvement is in itself an achievement, but not necessarily a reason for further activity. While hacking was generally counter-society it is not necessarily anti-society. In fact, the result of hacking is a "hack" and the beauty of a hack can only be realized if other can share in its beauty with others; the private hack is nonexistent.

The Early Years

Until the mid-1960's computing, programming and computer science had very little structure and many of the advances in the field were achieved through ad hoc methods. Hacking as a methodology matched the "free thinking" style of life of this period, and while there was an air of formalism amongst many professionals, in fact the basic methodology of computation was to repeat what had been successful up to that point; hacking merely changed the focus to concentrate on what might be done not what had been done. Hacking was (is) a form of development in which there were (are) no rules - just intelligent and intuitive exploration. Only as a structure was imposed on the field and acceptable methodologies for achieving a result were recognized did the art of hacking fall into disrepute; the hackers of the 1960's were the "flower children" of the computing world. The resurrection of the term in the 1980's implied a lack of connection to the reality and rationality of industrial computing.

Hacking is dependent on "free" access to computers - it grew up where such access was available in an unsupervised, non-regulated, non-conforming, interactive, hands-on environment (MIT, Berkeley) and eventually in the environment of personal computers.

The People

Throughout the early years of computing, following the development of the ENIAC, access to computing systems was highly restricted. To use such a system required the existence of a formal problem and commonly a formal application for the award of processing time in a process similar to that in applying for a research grant. Thus there was very little opportunity for solving a problem by empirical means; problems and solutions were well planned in advance, and priorities of need scheduled the accessibility of the machine. Perhaps the only persons who had such opportunities for experimentation were those who constructed or managed the machines - and they generally knew enough about the systems to not need to experiment. Thus hacking had to wait until there was a much more freer access to computing power by those whose interests were not as specific as to write a proposal and who were attracted to the machines for the sheer enjoyment of exploration.

The first opportunities for unfettered access to computing facilities occurred at MIT in the late-1950's when Lincoln Laboratories loaned the TX-0 computer to the Research Laboratory of Electronics (RLE). While there was a strong bureaucracy which controlled access to the IBM 704 computer in the Computation Center run by Philip Morse, Jack Dennis who "controlled" the TX-0 provided unrestrained access once the needs of formal research activities were satisfied. While this generally implied that available time was in the "graveyard shift" this did not matter to the aficionados of what we might recognize as the first "personal computer"; they merely altered their circadian rhythms to accommodate this minor shortcoming. The TX-0 was originally designed by Lincoln Laboratories as a hands-on controller for a much larger system under development, and thus its style of use was much different than that of the IBM 704 and the batch processing mode of operation. The TX-0 soon fell under the spell of, and cast its own web over the first hacker community. From this environment grew a plethora of proficiencies built-in to the skills of the hacker community. Perhaps we shall never totally tally the technological concepts which originated in this environment, but by all accounts it was a very fertile bed. Primary in the collection of products must be the whole field of computer games. "Star Wars" existed on the PDP-1 computer years before the Ping-Pong paddle was introduced into the family television, and twenty years before there was a personal computer. The technology and theory of game playing never crossed the minds of hackers, and yet their products were legends. Early script writing was developed for the TX-0 and the Computer Museum (Boston MA) still shows the cowboy film which was the result of this effort. In both instances such developments would not have had a high priority on a closed shop system.

The Benefits of Hacking

With respect to the problems of testing programs, Conway and Gries[3] suggested that this was a fertile ground to demonstrate the usefulness of the "most depraved minds"! Thus a benefit to the computer community is the free-wheeling exploration of systems by the benign hacker. Freedom and control may be incompatible attributes of such an environment, but it is clear that the tasks of program or system usage in a productive setting are not amenable to the recognition and acceptance of bugs and errors. On the other hand the challenge of testing may be a logical outlet for hacking inclinations in the make-up of a programmer. In several cases systems have been purposely exposed to hackers to test their security and their robustness. In 1989 LeeMah DataCom Security Corporation challenged hackers to retrieve a secret message hidden in a computer in Atlanta GA[4]. After giving the potential intruders a phone number and password, they were asked to retrieve a hidden message in the system. The prize was to be an eight-day, seven night, all-expenses paid trip for two to St. Moritz or Tahiti! In a seven-day period, with the rate of calls starting at 100 calls per hour on the first day, 7,476 attempts to access the critical message were attempted. Not one attempt succeeded! The company claimed to have "proven that a system ... will effectively meet the needs of dial-up access systems" and users "need not accept arduous, user-hostile telecommunications security plans". The challenge was repeated in 1990 with two sites, with the same basic start-up information, but with the challenge period extended to two weeks. Once again the system resisted intrusion. John Tuomy stated "the problem with all the coverage of successful hacker break-ins is that some people might get the impression that these hackers are invincible, or that the FBI arrests of some of them will act as a deterrent. The fact is that the government couldn't possibly arrest all the hackers out there, and certainly not guarantee the safety of the nation's computers. We believe strongly that computer crime can be prevented, but that businesses have to do it themselves".

The Psychology of Hacking and Programming

There is a certain allure to computing which is difficult to replicate in other environments. In many respects computing is always "real" rather than merely an example or model, though there is equally always the hope for more power and greater facilities to do bigger and better hacks. Whereas in other endeavors the development of a project such as a hot-rod car or a trip to Hawaii costs real dollars, computing costs nothing - it is a utility. Driving a hot-rod on a dirt strip is also fraught with real physical danger, while hot-rodding a computer is safe. The computer does not hit back even when the worst of effects are programmed.

Even the non-hacker and the non-programmer are effected by the computer. With the advent of e-mail systems, one can easily recognize the change in personality with comes from a non-evasive form of communication[5]. Persons who are puppydogs in face-to-face communication become wolves when they do not have to look into the eyes of the receiver and are not threatened physically by their textual combatant. Levy (1984) suggests that there is a "code of ethics" for hacking which, though not pasted on the walls, is in the air:

Hacking, whether it is benign or felonious, is associated with learning and exploration. While there are elder hackers, they grew up from the hacking covens of youngsters interested in exploring and exploiting the new ethereal world of electronic tripping. But like so many other new technologies, the growth of the amateur capabilities and the sharing of findings, soon outgrows the normal and the useful; to find an area in which to make a mark requires an excursion into the not so acceptable domains.

Communications and Accessible Computing

The period of the early 1960's at MIT was the period when Fernando Corbató and his colleagues took upon themselves the development of an interactive time sharing system which would provide personal computing to the university community while at the same time using all the available machine cycles. John McCarthy had realized that it was essential that a machine be used to its utmost, and that while batch processing solved the administrative problem of utilization, the downside of the solution was extremely long turn around times for individual programs. His solution was to have several programs ready for execution, so that while one program was waiting for a delaying activity (such as human input) another program could use the available machine cycles. In his memorandum to Philip Morse he used the example of the TX-0 to reinforce his arguments of how computing really should be accomplished. However he did not realize that in creating such a system the bureaucracy of the batch operating system would be carried over in the form of login identifiers and passwords. The hacker community was continually frustrated by the bureaucracy which accompanied the use of the Compatible Time Sharing System (CTSS) and the systems within Project MAC. The TX-0 had always been operated without a logon identification or password; files were in public storage, unrestrained by protective systems. Persons could roam through these files at will and were free to make changes and updates to files left there by others. On the premise that you can always make things better programs would be debugged overnight, have new features added, or be incorporated into other programs freely.

CTSS discouraged hacking. Add to this the fact that it was run on a two-million-dollar IBM machine that the hackers thought was much inferior to their PDP-6, and you had one loser system. No one was asking the hackers to use CTSS, but it was there, and sometimes you just have to do some hacking on what's available. When a hacker would try to use it, and a message would come on-screen saying that you couldn't log on without the proper password, he would be compelled to retaliate. Because to hackers, passwords were even more odious than locked doors. What could be worse than someone telling you that you weren't authorized to use his computer?

As it turned out, the hackers learned the CTSS system so well that they could circumvent the password requirements. Once they were on the system, they would rub it in a bit by leaving messages to the administrators high-tech equivalents of "Kilroy Was Here."

The Incompatible Time-sharing System (ITS): The title was particularly ironic because, in terms of friendliness to other systems and programs, ITS was much more compatible than CTSS. True to the Hacker Ethic, ITS could easily be linked to other things - that way it could be infinitely extended so users could probe the world more effectively. As in any time-sharing system, several users would be able to run programs on ITS at the same time. But on ITS, one user could also run several programs at once. ITS also allowed considerable use of the displays, and had what was for the time a very advanced system of editing that used the full screen.

There was an even more striking embodiment of the Hacker Ethic within ITS. Unlike almost any other time-sharing system, ITS did not use passwords. It was designed, in fact, to allow hackers maximum access to any user's file. The old practice of having paper tapes in a drawer, a collective program library where you'd have people use and improve your programs, was embedded in ITS; each user could open a set of personal files, stored on a disk. The open architecture of ITS encouraged users to look through these files, see what neat hacks other people were working on, look for bugs in the programs, and fix them. If you wanted a routine to calculate sine functions, for instance, you might look in [the] files and find [a] ten-instruction sine hack. You could go through the programs of the master hackers, looking for ideas, admiring the code. The idea was that computer programs belonged not to individuals, but to the world of users.

[6]

Of this period, self-confessed hacker Guy Steele (1983) said: "Despite stories you have read about the anti-social nerds glued permanently to display screens, totally addicted to the computer, hackers have (human) friend too. Often these friendships are formed and maintained through the computer". This era reached it's intended goal of providing interactive computing through the technology of time-sharing. It is also created the marriage between computers and communications systems which opened the door to a whole new field to explore.

The 1980's

The 1970's was a period of intense but limited activity by small groups of hackers. One such group was the Homebrew Club in the California Bay area, centered somewhat on Berkeley and concentrating on hardware systems in contrast to the earlier hacking activities on the east coast which had primarily been in relation to software. From this group came a number of innovations including a number of primordial personal computers -- Lee Felsenstein and the Sol, and the 6502-based Apple I from Steve Jobs and Steve Wozniak. Previously Wozniak had developed a "blue box" to access phone systems but legitimized his activities by turning to the development of the Apple I board. Cap'n Crunch[7] (John Draper) had earlier engineered a blue box based on the tones necessary to activate the Bell Telephone system and as published in various magazines to advertise the new tonal system; Draper added a few tones including one which, accessed the operator routines and thus provided an easy entrance into the toll call network. From this community grew not only the need but the answer to the demand for personal computing. They also inadvertently opened up a Pandora's box of accessibility when they connected the microcomputer to the telephone system through a modem. And so we moved into the 1980's with the personal computer moving into homes and bedrooms. No longer was it the privileged or canny few who had access to teletypes and who could access main frame computers. Even the smallest computer costing as little as $100 could be coupled to the family TV and a modem to provide an electronic tripping medium for the new breed of hackers. And this new breed did not build on the knowledge of the advances made by their predecessors; they had the equipment, they had the urge and, most times unbeknownst to their parents, they acquired the knowledge to travel the world without leaving the privacy of their bedrooms. No-one provided a code of ethics for their wanderings because their teachers were not sufficiently knowledgeable of the potential of this combination of computer and modem, and their parents had no adolescent experiences of their own on which to build an expectation of the outreach of the offspring. What was (and is) needed was a computer education package which had similar moral and ethical scenarios as they would have found in high school courses in driver education or sex education.

As the owner of a personal computer extends his awareness knowledge of the system there are several paths that can lead to further awareness and to further exploration: to install or develop new software packages, or to explore other people's packages. Given the limited resources of a teenager, the former is not easy unless currency can be exchanged for other possessions. Bulletin Boards were an early development for communication between PC users, but by their very nature they insisted on the possession of an environment which permitted a wider latitude of exploration than just a bulletin board. These boards also became (and still are) the repositories of software packages, many of them donated to the public domain by their developers. In other cases proprietary or copyrighted packages were available for some small cost -- either the provision of some other unique piece of software or in other cases an identification such as a credit card number. Though the board promised not to charge the card for any software, the card number did get used in other nefarious ways without the owner's prior knowledge; in many cases, of course, the card number belonged to the parent of the provider. Bulletin Boards were the obvious places to store the necessary hacking information for the uninitiated to make their first tours of computerworld. Boards have been found to contain the telephone numbers of local (and not so local) computer systems, information on the means of constructing blue boxes (and their modem equivalent) and other non-computational gadgets such as Molotov cocktails and Mace guns! Other boards have contained credit card numbers (which is of limited usefulness once the card has been reported as missing), credit card authorization information and merchant identification codes. Of course, not all Bulletin Boards are provided for perverse purposes, but one must ask the question as to what a board operator gets out of supplying this service. The operation of a board can use up a great deal of computing power, a dedicated telephone and ample storage. Like the TX-0, most bulletin boards have an open storage system, or at the very least provide supervisory access to files by the owner. Thus the owner collects information and products as they pass through the board; that is his pay-off.

Authors have categorized hackers of the 1980's to classify the intrusive form of their attack or the rationale for their entry into a system. Donn Parker[8] suggested that their intentions could be classified into three groupings based on their actions while accessing a system:

benign
- the hacker whose intentions are purely educational

unsavory
- the intruder whose intentions are not necessarily malicious but whose very presence can be negative

malicious
- the intruder whose primary intention is to cause the system to crash or to wreck havoc in its operation

while Landreth [9] suggested they could best be categorized by their activities:

novice
- the user whose first steps into the world of electronic tripping are tentative and exploratory, and whose intentions are merely to emulate those who he believes have gone before

student
- the visitor who has a fair knowledge of the means of access and whose new intentions are to learn more about the system under scrutiny without plans to change anything or to leave anything behind

tourist
- having discovered all there is to be known about his local systems decides to visit similar systems worldwide

crasher
- the hacker whose challenge is to defeat a system by bringing it to its knees

thief
- the system intruder whose intentions are to retrieve from the systems he can access data and programs that he can put to his own use (including providing the stolen information to others)

next


Last updated 96/10/14
© J.A.N. Lee, 1993, 1996.