Hackers

Zortoaster wrote a review of a book that might be of interest to folks around here:" In lieu of the Norwegian police's crackdown on 16-year-old hacker Jon Johansen, who broke the DVD copying protection, Paul A. Taylor's book Hackers raises a series of interesting questions about crackers and cracking. The book scores high on content but lacks somewhat in presentation. He manages to spell out issues that are often only implicit in the computer security debate, and is able to paint a multi-faceted picture of the hacker, represented by the cracker, community setting it apart from the very black and white, good or bad, presentation of hackers in the mass media." Hackers author Paul A. Taylor pages 224 publisher Routledge, London: 09/1999 rating 7/10 reviewer Zortoaster ISBN 0415180724 summary In lieu of the Norwegian police's crackdown on 16 -year-old hacker Jon Johansen who broke the DVD copying protection, Paul A. Taylor's book Hackers raises a series of interesting questions about crackers and cracking. The book scores high on content but lacks somewhat in presentation. Hackers and hacking

Hackers starts out with a discussion on the hacker, what he (as is pointed out in the book, the hacker is almost always a 'he') does, and why he does what he does. Somewhat sadly, although fairly well-founded, is Taylor's choice of terminology. He chooses to consistently address the cracker as hacker. A hacker is not a cracker, but a cracker is always a hacker (put in more technical terms: the cracker is a subset of the hacker class -- think object orientation here), which is a point Taylor seems to willfully ignore. That he chooses to use the terminology in this manner is rather sad because it puts an ugly stain on the respectability of the hackers -- those of us who not meddling in computer break-ins or other dubious activities, but merely hack code to produce cool software. Throughout the rest of this review I will be using the term cracker to refer to Taylor's hackers, and hacker when referring to real hackers

However, since crackers are a subset of hackers, much of Taylor's discussion on the hack and hacking is applicable to the hacker community at large. This is one of the things that makes Hackers an interesting read. For a newcomer to the hacker community Taylor's discussion on the 'hack' is quite enlightening. Even for oldtimers his discussion may shed some new light on the hack. Contrary to existing material on the matter, like the Jargon File, Taylor is the first to spell out the criteria implicit in earlier treatises on the hack: 1) simplicity, 2) mastery, and 3) illicitness [as in 'against the rules', reviewers comment] (p.15). This latter criteria is in its use of the 'illicitness' term only applicable to the cracking activity. In a sense it is applicable to hacking as well. Then in the shape of 'against the rules'. We are not neccessarily talking against the rules of justice, but against what the system's rules say is possible. In that sense, calling the third criteria illicitness hints at somewhat dubious activities, but is in fact not. It is an important element in the regular hack (if such thing as a regular hack does exist), too.

Taylor manages to view the hacker community from a fresh angle. Being a sociology researcher his angle is quite different from that represented by for instance Eric S. Raymond or Gisle Hannemyr. One drawback is that Taylor draws on Steven Levy's overly romanticized hacker ethics as presented in Levy's book of 1984: Hackers. It is time someone tried looking somewhat deeper into the hacker psychology to realize that while Levy's five tenets may to a certain degree represent attitudes within the hacker community, it is not, contrary to what Levy proposes, an ethos by which hackers live and die (apart from this, though, Levy's book is highly enjoyable and recommended reading). I'm also having some problems accepting the psychosexual theories on hacking that Taylor proposes. They seem a bit far fetched to me. It's been a while since everybody agreed that Freud's psycho-therapy was kind of overly sex-fixated.

Taylor addresses a largely ignored issue in hacker literature, that of the gender question. Why are there next to no female hackers? He addresses the point through looking at societal factors, by explaining how the community is a masculine environemnt -- the new wild west, so to say -- and the fact that electronic communication creates misogynity through its anonymity. At the end of the chapter it is a bit hard to grasp what Taylor's point is, though (see Presentation for more).

Another issue thoroughly treated is the question of hacker motivation. What drives the hacker to hack? Taylor's background within sociology is again helpful, as he regards the issue from a fresh perspective. Hacker motivation has previously been treated by Eric Raymond in his essay Homesteading the Noosphere . Taylor's angle is to compare academic theories on hacker motivation with the the reasons the hackers' themselves give. From the discrepancy between these two angles he lists four reasons for hacking: obsession, curiosity, boredom, and the feeling of power. If not directly contradicting Raymond's view -- that hackers hack simply to gain peer esteem and status within the community -- Taylor gives Raymond's view a more multi-faceted hue. He goes beneath the drive for esteem, trying to address the reasons why anyone would need to gain esteem from their peers. As such, Taylor manages to add something new to a discussion that has been on the brink of going stale.

Issues on computer security and cracking

Taylor's main focus on crackers is how society at large is to deal with them. Are crackers to be treated as criminal masterminds plotting to bring the world to its knees, or simply misguided kids trying to do something exciting with their computer knowledge? Several views are drawn up, with Taylor quoting representatives of each view without really making any kind of judgment himself as to the better way of handling crackers. It is an exercise in how difficult the question truly is.

A number of other quite intriguing cracker/computer security issues are spelled out by Taylor, as well. Issues include who is to blame when a computer system has been cracked? The system administrator for not maintaining sufficient security or the cracker for breaking into a system to which he doesn't have legal access? Should anti-cracking laws be targeted at stopping all kinds of illegal computer use, or are there degrees to the crime being committed? Is printing your personal CV on the company's printers even though it is explicitly forbidden to use company equipment for personal use to be treated as a computer crime equal to that of breaking into a banking system and tampering with the data?

Taylor also questions the computer security companies' motivations (and rightly so, one might add). Are they simply running a protection racket like that of the mafia, using cracking and virus alerts to scare their customers into investing in expensive counter-measure software? Or are they avenging angels siding with the innocent, the not particularly compu-fluent masses? Using the dichotomy of the computer security industry vs. the crackers, Taylor raises the issue of whether good computer security can only be achieved through knowing the enemy, the crackers. Can crackers and computer security consultants work together in a symbiosis, or are they eternal enemies never to be reconciliated?

Another issue dealt with is how crackers are to be handled. Should their acts be punished in the harshest way, or should they be helped into redirecting their activities into more useful terms? The question is whether the cracker is to be treated as a nuisance or as an asset. Taylor treats this issue quite thoroughly referring from the parliamentary discussion in Britain. He also discusses in what ways legislation can prevent cracking. He shows how little the law enforcement agencies know about cracking and how they employed overkill (refer to the Norwegian police's recent raid on the hacker who broke the DVD encryption).

Presentation

However intriguing the book might be it is presented in a very unorderly and weird way. The pages are filled with rather long quotations from various e-mails, books, interviews, etc. I gather the intention is to present the reader with the direct opinions of the book's "main characters," giving us in a way a first person view of the matter. The idea is nice, but the effect is that it ruins the fluidity of the text, making the book somewhat hard to follow. Also: it is at times quite difficult to grasp what message Taylor is trying to convey when he is expressing himself through the extracts of other people's opinions. Quotes are OK, but when, without exaggeration, 50% of the average page is taken up by quotations it is a little bit too much of the good stuff.

Having said that, the book is very structured, each chapter building nicely on previous chapters. The conclusion at the end of almost all chapters helps clarify Taylor's opinions a bit, which is nice. Still, it does not weigh up for the confusion created by the excessive use of quotations.

Conclusion

Taylor succeeds with explaining the relationship between crackers and the computer security industry, presenting the matter in a more multifaceted way than that of the mass media. The book is a definite must for those wanting an introduction to the social sides of computer security. However, I find it rather amazing that a book written in 1999 seems to totally ignore the writings of Eric Raymond, as these are probably the best works on how hackers view their own culture. Despite this, I believe Hackers might prove an interesting read even for the hardcore hacker, if only as an alternative look at our own culture.

Purchase this book at fatbrain.

Re:Another Good Book

[synthetic]

Freely available at the following URL : The Hacker Crackdown : Law and Disorder on the Electronic Frontier .

Security is our responsibility

[JDax]

There's been alot written about why crackers do what they do - in articles, books, and on websites. &nbsp And there are even interviews and quotes from White Hats who tell you exactly why they do what they do - that is, to point out the casualness and outright laziness of many sysadmins and sysops regarding security and proper configuration of their systems. &nbsp Microsoft has recently pointed out the ebay fiasco in their rather cagy dot-truth" page. &nbsp In reality, the problem was one of misconfiguration and not some defect in the OS or hardware. &nbsp This extends to many of the major sites and particularly to their router configurations (or misconfigurations). &nbsp It's also been said that much of the DDoSing going on can be reduced dramatically if one pays close attention to how their equipment is configured.

The topic of security is a fascinating one and with the proliferation of 24/7 broadband access, ie., ADSL, cable, ISDN, it is prudent that whether you plan to put a windoze box, *nix box, Mac box, or Be box on the net, you RESEARCH security before you put that box out there.

The latest DDoS attacks were blamed on zombie Linux boxen out on the net. &nbsp Alot of the reports focussed particularly on those PCs sitting on college campuses with big pipes. &nbsp I think that in the education arena, particulary in the CS departments at the colleges, driving home the issue of computer security is a MUST

.

Re:Arrogant BS

[xtal]

Bull. Neither men not women are "hardwired" for anything, other than a few relexive responses which, revealingly, are the same across the gender line. Response to loud noises, the eye-blink reflex, etc. There is little else in human beings that is hardwired AT ALL. Sure there are differences between male and female humans, but most of them are hardware. Men grow beards, women grow breasts. The social stuff, however, is far too complex to be left to the slow, unreliable hardware. Social things change too fast. The fast responses that software allows are the only solution. So humans learn, grow, and adapt. Faster than their hardwiring would allow.

I am SOOOOOOO sick of this PC bullshit, it's not funny. Are you an idiot? Go have a look at a PET or CAT scan of a human female, and then do the same for a male. Do you still need a clue? Men and women are wired DIFFERENTLY. Yes, that's right, the Y chromosome-challenged are indeed physically different than those that aren't. That's right - men and women are PHYSICALLY DIFFERENT. In the HEAD.

Maybe the women hackers are just better at not getting caught (when they're breaking rules) or avoiding attention (when they're just bending them).

This is bullshit, too. I've played on both sides of the hacking fence, and I'd guess maybe 10% of the community is female. The number is about the same for my electrical engineering grad class, too - and it's been about constant since women started getting involved.

It might not be nice and PC to say, but for whatever reason, most women are not interested in computers. Most guys aren't either. I suspect that hacking is some sort of disorder - this has merit - most of the sexual deviants in the world, are, low and behold, male as well. It took me hundreds and thousands of solitary hours hacking and reading and coding to get where I am now. I don't think I'm well adjusted by normal means. I don't think this is a problem, either. The correlations and implications are interesting - Someone should look into THAT. But, fsck science. It's not politically correct.

Kudos!

Re:Arrogant BS

[Lowther]

Right on !

Men and women are definitely wired differently. Hence the growing discipline of 'gender dimorphism', which study of the differences.

Examples of this include peripheral vision - men's is better because of millions of years of hunting. Men are proven better at map-reading, and women are better at listening. Women have a more sensitive palate, which is why scottish whisky blending houses employ women tasters. The list goes on ....

Check out "Why Men Don't Listen and Women Can't Read Maps" by Allan Pease, which tells you more about it.