http://www.torontostar.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=988515142192&call_page=TS_@Biz&call_pageid=971794782442&call_pagepath=Business/@Biz&col=971886476975
Rachel Ross
TECHNOLOGY REPORTER
Apr. 30, 2001
DETROIT - It's a Saturday afternoon and a handful of teens have paid
good money to learn math. Really hard math. The kind you learn in your
final year of university.
Fifteen, sixteen, seventeen year-olds - and a couple of adults too -
are quietly taking notes.
A very smart man in a white lab coat writes equations on large sheets
of paper tacked to the wall at the front of the room.
He's teaching them about elliptical curve cryptography, math used to
obscure data into a code that can later be deciphered. It's used to
encrypt information traveling over the Internet.
Cryptography is one of many topics covered at the annual network
security conference known as Rubi Con, where hackers - yes, those kids
who try to break through security into computer systems - and security
professionals give presentations, and learn from each other's
adventures.
These are keeners who understand the digital things that most people
have no clue about. They read computer code, manuals for phone
equipment and sometimes other people's e-mail. They find the
weaknesses and flaws in the software and hardware we use everyday. But
these guys - well, most are male, though not all - aren't usually
after money or infamy. And they don't leave a trail of trouble
wherever they go.
``Many hackers are actually just curious technophiles,'' said Denis A.
Baldwin, network administrator for Michigan lighting firm CAE, Inc.
who attended the conference. They ``choose to be civilized in their
conquests to prove their efforts and skills. No need to break
something to prove your point if you can leave it standing for
generations to come to see and prove against as well, right?''
Says Nick Farr, one of the conference organizers: ``They are the
Edisons, the Teslas . . . the kids who grew up immersed in the
information age, and the generation that will probably make the
strongest contributions to its fundamental infrastructure.''
There are hackers who want to use your credit card number - but most
of them just want to prove that they can get it.
It's difficult to generalize about a group of people whose defining
quality is independent thinking. They don't all hate cats, take drugs
and listen to punk music. There is no hacker uniform. The one guy at
this conference with the green dreadlocks and chains hanging from his
pants actually stands out from the rather average- looking crowd.
The biggest thing they have in common is their curiosity. It's also
their greatest gift, something the business world shouldn't overlook.
They're brainy, brash, attracted to riddles, energized by a bit of
risk.
``Hackers, by their fundamental nature, enjoy the exploration and
creative manipulation of information systems,'' says Farr, who calls
himself a ``hacker sociologist.'' He is completing his thesis at the
University of Michigan on the work ethic of hackers and how they fit
in with the current corporate culture.
``If an employer can channel a hacker's energy into a project, the
hacker will work furiously and without additional reward to solve the
problem or finish the project.''
About half a dozen teens drove down from Ontario for the annual
conference, eager for knowledge. Some of them want to learn how to
break into things - both physical and digital./ In contrast, others
want be able to better secure their networks.
The Canadian clan brought three cars' worth of computer equipment to
the conference, including several desktop computers, a couple of
laptops and a lot of wire to connect them all together.
Most of them met for the first time just a few months ago at a meeting
for hackers, an Ontario chapter of the popular hacker publication
2600. Such meetings are held all over the U.S. and Canada.
2600 - the trade magazine for hackers - takes its name from the early
days of hacking, when the phone system was the primary target for
inquiring minds. So-called ``phreakers'' would use a variety of
techniques to make free long-distance calls. One popular technique
used a whistle from the breakfast cereal, Captain Crunch, which
happened to produce a tone of exactly 2600 hertz. Play that thing into
a phone and voila, free long distance.
Today's phone systems aren't vulnerable to the Captain's whistle, but
2600 lives on as the title of the magazine.
The two young men who founded this particular 2600 chapter and led the
rest of the gang down to the conference call themselves Flame0ut and
PrussianSnow. Everybody's got a nickname here: Cyanosis, Prez, Asher,
Carbon. It makes a lot sense given that much of what they do isn't
legal.
There's no magic naming system. It's usually based on something they
like or something that just sounds cool.
(Their nicknames will be used throughout this story to protect their
identities.)
PrussianSnow, a spindly guy in a long black trench coat with a
mustache and long black hair, has opted for a fairly traditional
career path. He's been accepted at two engineering schools, and plans
to start next year. ``That's what I want to do, that's who I am.
Analyzing systems, figuring stuff out. That's what I'm really
interested in.''
Flame0ut looks like he's always thinking, but he's given up on the
educational system - he dropped out of high school. He said he was
failing all his classes. Now he works as a network administrator. But
the job, like school, doesn't challenge him enough to keep him
interested.
Sara Housser is a spokesperson for Career Edge, which helps students
without experience get a first job. While she recognizes their skills,
she questions how well they will ultimately fit into the workplace.
``Are they going to be able to do the day-to-day stuff that's
required, or will their attention span waver?'' said Housser. ``Will
somebody else's agenda keep them interested?''
According to Farr, ``youthful hackers are being hired for jobs that
bore them, or insult their intelligence.''
Flame0ut admits he isn't particularly interested in the agenda of his
current employer. The job, installing software, is far below his skill
level and doesn't pique his curiosity.
``It's not just that I like to disassemble things. Boring things are
boring to take apart,'' said Flame0ut. ``It's only complex things that
are things interesting to disassemble and they become increasingly
interesting to disassemble when there is ingenuity involved in their
design.''
Flame0ut and PrussianSnow's most talked-about exploit, The Millennium
Phone Hack, gave them access to free long-distance calls from any
payphone. But they never made any. They made a couple of local calls
to test their equipment, but once they were satisfied that their
solution worked, they went home.
There were the same kinds of non-malicious adventures at the
conference.
The guys spend a lot of time ``packet sniffing,'' a hacker technique
that involves reading packets of data sent to and from computers
accessing the Internet. Do you know that box that pops up when you're
surfing the Internet, asking if you really want to submit personal
information? If the information being sent isn't encrypted, hackers
can read it.
Sometimes a hacker can spend hours reading data and it won't produce
anything useful.
But here in Detroit, their patience paid off when they found the
username and password for a Hotmail e-mail account used by another
person at the conference.
Someone with evil intentions would keep that password a secret, and
use it every so often to wait for a juicy piece of e-mail to show up.
The kids from Ontario did the opposite, writing the username and
password on a big piece of paper in the lobby of the hotel - basically
notifying the Hotmail user they have his information and he should
probably change it.
Hackers' curiosity often reaches beyond the Internet.
The hackers at Rubi Con had an affinity for physical infiltration -
breaking into abandoned buildings, exploring drains, climbing onto
rooftops where they're not supposed to be.
The hotel where the conference was held was perfect for it. The fourth
floor has been abandoned for decades and while the elevator doesn't
stop there, people found their way in. In small groups they explored
the eerie rooms. Sheets were pinned to the windows to keep outsiders
from looking in at the smashed mirrors, rusted bicycles, hanging wires
and broken ceiling tiles. It was an infiltrator's dream.
Once you set aside the illegality of their techniques, it's easy to
see that some of these hackers are basically good people. The kind who
will experiment, invent, and quite possibly change the world.
But it would be foolish to think that all hackers are saints.
Farr thinks employers do their homework before hiring a hacker.
``The question employers need to ask themselves is where and when to
hire these innately curious folk,`` said Farr.
Most computer security companies, such as Guardent in Toronto, have a
simple rule about hiring hackers. They won't hire anyone with a
criminal past.
That leaves most of the kids at Rubi-Con in the game.
``The work schedule and habits of the typical hacker are a sign of the
workplace to come,'' said Farr.
``The best solutions come from people whose passion for their work
drives them, not a pre-set schedule or some survival derivative
function.''
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Tue May 1 01:52 CDT 2001