Hosler
Quinn Hosler Game Theory & Democracy Dr. Bray Friday, December 7, 2012
Hacking. What It Actually Is
With the advent of the Internet, we like to think that our lives have gotten easier. We no longer have to go out of the house, or even get out of a chair to do tasks that previously would have required a decent chunk of our day. For example, say you need to buy a birthday present for your nephew? Not a problem. Just sit down, lean-back, and relax while searching through more products in an hour than you could ever actually see in a store. Don’t have enough money on your debit card to pay for it? Not a problem either, just visit your bank’s website and transfer money from your savings. Over the last decade we have been getting more and more used to this sense of near instant gratification. However, as people have no doubt heard on the news in the past few months, the wonderful place that we call the Internet is full of crooks, thieves, and swindlers. All of whom are trying to compromise your security, steal your money, and in general, ruin your life… or at least your credit score. These types of people are often referred to as hackers. Not because they’re particularly bad at golf, or spend their lives chopping away at trees, but because they possess superior knowledge of computers and computer systems, and are able to exploit weakness to gain access to privileged information. With the word “hacker” being used solely to describe a person whose goal is to steal your personal information, it would be easy to assume the word refers specifically to people with malicious intent. In fact, the mainstream definition of a hacker is, “a person who uses computers to gain unauthorized access to data [1]”. However, this is only one definition of a “hacker”. Specifically, it is the definition of a black hat hacker.
1 Hosler
In general, the term hacker tends to have three flavors associated with it; black hats, white hats, and expert programmers [2]. Typically black hats hack for the sole purpose of personal gain. They often attempt to access sensitive databases in order to steal credit card information, email addresses, usernames and passwords. This information is then sold or used by the hackers themselves. This is in contrast to white hats, also known as ethical hackers, whom mostly consist of computer security professionals. White hats use their knowledge of computers to help companies make their security systems more secure. It is often part of a white hat’s job to attempt to hack into their client’s systems to test security. Once a flaw is found and exploited, a white hat reports back to the company and fixes it. However, it is very unlikely that either of these types of hackers could exist without the expert programmers. Expert programmers are the people who have brought computers to where they are today. In fact, it’s the hacker Steve
Wozniak who is almost universally accredited with bringing affordable PCs to the public.
Although Wozniak did not invent the computer, he was the first one with enough detailed knowledge of computer hardware to be able to create a PC from affordable parts [2]. We owe many of the other luxuries we enjoy today to hackers as well, such as the Internet and modern day gaming. Hackers have been pushing the limits of technology since the beginning. After all, that is the primary definition of a hacker. Hackers did not come about the same time as computers did though. They’ve actually been around much longer. They just used a different form of technology and were called a different name, phreaks.
Phone phreaking has a rather humble set of roots. It all started in 1957 when an eight- year-old blind boy named Joe Engressia was calling around listening to recorded telephone messages. Joe had always been fascinated with telephones, and one day he was on the phone whistling to himself, when the call he was on suddenly terminated. Not understanding why and
2 Hosler being blessed with perfect pitch, he experimented a bit and discovered that the fourth E above middle C would cause a phone call to terminate every time [3]. This was the discovery of the magical sound of 2600 Hertz [4]. Eventually Engressia called Ma Bell and asked them why when he whistled a particular sound the call was terminated. It was explained to him that a sound at that frequency was an internal company signal to take control of the trunk line [5]. At the time it was too technical for him. After all, he was only 8 years old. However, after more experimenting he realized that it essentially dropped the connection to the receiver of the phone call, but left the line on the caller’s side still connected. Over the years Engressia learned to manipulate the trunk lines and became skilled enough to make calls to anywhere in the world without getting billed for them. He was able to do this because he found the frequencies of other company signals. For example, the frequency for the number 1 was a combination of 700 Hz and 900 Hz, and the signal for 2 was a combination of 700 Hz and 1100 Hz [6]. It turned out that after the trunk line had become disconnected from the intended receiver of the call due to the 2600 Hz tone it began listening for routing signals. This was when Engressia was able to use the frequencies of the numbers to call any number, anywhere. At first this may not sound particularly special. After all it was possible just to call any number in the world. The difference is that the way Engressia found to do, the calls were free. Engressia found that if he first called a toll free 800 number and disconnected the trunk line when the recording started, he could direct his call anywhere and it would still be marked as free by the phone companies accounting machines. During Engressia’s phreaking career his goal was never to hurt the company or the system in any way. His motivation wasn’t the fact that he could make free calls, but rather the knowledge he gained from exploring.
3 Hosler
At this time, though, phreaking was quite a bit more difficult for people who didn’t have perfect pitch, as they didn’t have the ability to accurately produce the correct frequencies needed.
They often relied on electric organs, cassette recorders, or even canaries to produce the appropriate sounds. This problem is why one of the best-known phreaks, John Draper, was introduced to the culture. At the time, Draper was spending his time living in a Volkswagen
Microbus testing a radio transmitter he had built. During his testing he broadcasted a telephone number to get feedback from listeners on signal quality. One of the calls Draper received was from Denny Teresi, a friend of Engressia, who asked Draper if he would be willing to meet with them. At the meeting, Engressia and Teresi asked Draper if he could use his background in electronics to create a device that could generate tones at specific frequencies. Their goal was to use this device to gain easier entry into the AT&T phone system. The device that was created became infamously known as the blue box.
A blue box itself was a rather simple device that consisted of a set of audio oscillators, a telephone keypad, an audio amplifier, and a speaker [6]. All one had to do to use it was hold the speaker to the telephone receiver and dial the number they wanted after they had disconnected the trunk line. With the invention of the blue box, phreaking culture expanded at a rapid pace.
This was because the ability to produce the correct sounds was only a trip to Radio Shack and an assembly away.
Phone phreaking continued to grow until the 1971 October issue of Esquire ran an article named “Secrets of the Little Blue Box” by Ron Rosenbaum. In this issue, the lid was blown off of what was previously a little known culture. It told the world about the power of the blue box and exposed the abilities of phone phreaks. The article told of some of the escapades of John
Draper as well. For example, one of the stories in the article was about a time when Draper
4 Hosler called himself from all around the world. It explained how he first connected to Tokyo, then to
India, from India to Greece, then South Africa, London, New York, back to California and finally to the phone next to him [7]. Draper said that even though there was a 20 second delay and the voice on the other line was faint he was able to hear himself. Another story that was highlighted was the historic “2111” conference. Now a day hackers have the Internet as a place to communicate and share ideas. In the 60’s and 70’s there was no Internet, so phreaks had to find a way to communicate with each other and they managed to do it through conference calls.
The “2111” conference call took place over several months on a remote switching machine in
Vancouver, Canada. Phreaks could call in at any time, day or night, and pick other phreaks’ brains. Information was shared about new techniques, lines, and telephone numbers. The conferences were brought to an end though on April 1st 1971. The phone phreaks knew the end was coming, because they had heard that the company was switching the equipment. The last few days were frantic with communication, as every phone phreak in America was connecting on and off throughout the day. Younger members were often boosted up by more experienced members just so they would be able to experience the conference before it was shut down. The end came early in the morning on April 1st, by about 4 am there was nothing left of the “2111” conference.
The article also made distinctions about the motivation behind the phone phreaks. One quote from Joe Engressia sums up most people’s intent nicely. Joe said, “I don't hate Ma Bell the way some phone phreaks do. I don't want to screw Ma Bell. With me it's the pleasure of pure knowledge. There's something beautiful about the system when you know it intimately the way I do.” To Joe and most other phreaks, this was what phreaking was all about. They didn’t care
5 Hosler about the free calls. They only wanted to know how the system worked. This was the drive that kept them phreaking.
The 1971 article brought phreaking into the public eye. It caused a rise in the number of active phreaks, but also brought a rise in the number of busts the phone company was making.
However, the rise in arrests didn’t seem to deter most phone phreaks, as phreaking was in its heyday. Not everybody who was beginning to phreak now was doing it for knowledge of the system though. Many were doing it to steal personal information like credit card numbers. This was the beginning of the stereotype of hacking. Over the next decade or so, phone phreaking’s popularity slowly decreased. The phone company was developing new ways to find phreaks and telephone equipment was changing from analog to digital. The 2600 Hz signal was being phased out, and blue boxes no longer worked [3].
Fast forward a few decades, and it is very easy to see that today’s hacking community is analogous to the phreaking community of the 1960s and 1970s. There are still the people who are curious and only want to learn about the system, generally labeled as white hats. There are also the people who use their skills for personal gain, generally known as black hats. Since it seems like the ubiquitous meaning of a “hacker” is a black hat hacker, I thought would be interesting to see what definition Duke students associated with the word. To do this I designed a simple survey. This survey was not aimed at any particular group, but rather a random assortment of people outside of the Marketplace who were willing to donate their time to answer a few questions. I was able to find a total of 34 participants. Below is a copy of the questions they were asked:
6 Hosler What's'Your'Opinion'of'Hacker's? What's'Your'Opinion'of'Hacker's? How$Do$You$Define$A$Hacker? How$Do$You$Define$A$Hacker?*$check$all$that$apply *$check$all$that$apply 1) A$Person$Who's$Goal$Is$To$Steal$My$Credit$Cards$and$Passwords 1) A$Person$Who's$Goal$Is$To$Steal$My$Credit$Cards$and$Passwords 2) A$Person$Who$Loves$to$Experiment$and$Make$Things$Better 2) A$Person$Who$Loves$to$Experiment$and$Make$Things$Better 3) A$Person$Who$Is$A$Technology$Security$Professional 3) A$Person$Who$Is$A$Technology$Security$Professional 4) An$Expert$Programmer 4) An$Expert$Programmer 5) A$Mix$of$a$Security$Person$and$A$Thief 5) A$Mix$of$a$Security$Person$and$A$Thief 6) A$Person$Who$Is$Talented$At$Superficial$Fixes 6) A$Person$Who$Is$Talented$At$Superficial$Fixes
Who$Do$You$Believe$The$Most$Famous$Hackers$Are? Who$Do$You$Believe$The$Most$Famous$Hackers$Are?*$Rank$in$Your$Preferred$Order *$Rank$in$Your$Preferred$Order Linus$Torvalds Linus$Torvalds John$Draper$(aka$Captain$Crunch) John$Draper$(aka$Captain$Crunch) Bill$Gates Bill$Gates Steve$Wozniak Steve$Wozniak Kevin$Mitnick Guido$van$Rossum Richard$Stallman Richard$Stallman Tim$BernersXLee Tim$BernersWLee
Do$You$Consider$Yourself$A$Hacker? Do$You$Consider$Yourself$A$Hacker? 1) Yes 1)2) YesNo 2) No
Do$You$Believe$You've$Ever$Hacked$Somebody? Do$You$Believe$You've$Ever$Hacked$Somebody? 1) Yes 1)2) YesNo 2) No
In this survey, students were asked what they thought hackers were, who they thought the most famous ones are, and if they had ever been hacked, or hacked someone else.
How"Do"You"Define"A"Hacker? Choices #"of"Votes A"Person"Who's"Goal"Is"To"Steal"My"Credit"Cards"and"Passwords 32
An"Expert"Programmer 21 A"Person"Who"Loves"To"Experiment"and"Make"Things"Better 18 A"Person"Who"Is"A"Technology"Security"Professional 10 A"Mix"of"a"Security"Person"and"a"Thief 10 A"Person"Who"Is"Talented"At"Superficial"Fixes 8
The first question asked how participants defined a hacker, and had a near unanimous winner. Nearly everybody who participated in the survey thought that a hacker is a person who is
7 Hosler trying to get at his or her personal information. Honestly, this is not much of a surprise. As I said before, the definition of a hacker that the media typically uses is the black hat definition. This seems to have caused the word “hacker” to only have that meaning now. I was surprised at how low the security professional definition was ranked though. I figured that it would have been higher since a white hat is generally defined as a security professional. However, it also makes sense that if a person were using a word to define a malicious person, they shouldn’t have any reason to associate it with a benevolent person. After all, there are very few words in the English language that could describe such opposites with a single word. I can’t think of any off the top of my head. One result of this survey question that I was happy to see was that “a person who loves to experiment and make things better” ranked so high. Any more if you search the Internet for the word “hacks”, you would find websites that show you ways to make everyday objects or experiences better or more efficient. In actuality, if you hear someone openly call him or herself a hacker anymore; this is probably the definition they are referring to. This type of hacker does not fit cleanly into a single category of black hats, white hats, or expert programmers, but rather creates its own. This is the definition of hacker that is growing in popularity, although this particular definition is not often used in the media.
Who$Do$You$Believe$The$Most$Famous$Hackers$Are? 3 4 7 2 1 5 6
3 0 4 8 11 16 19 21 1$=Linus$Torvalds 4 E4 0 3 8 8 9 11 2$=$John$Draper$(aka$Captain$Crunch) 7 E8 E3 0 5 9 13 12 3$=$Bill$Gates 2 E11 E8 E5 0 8 10 15 4$=$Steve$Wozniak 1 E16 E8 E9 E8 0 7 11 5$=$Guido$van$Rossum
5 E19 E9 E13 E10 E7 0 12 6$=$Richard$Stallman 6 E21 E11 E12 E15 E11 E12 0 7$=$Tim$BernersELee
Plurality$E$ 3,$4,$1,$7,$2,$6,$5 IRV$E$ 3,$4,$7,$1,$2,$5,$6, Borda$E$ 3,$4,$7,$2,$1,$5,$6 IR$Borda$E$ 3,$4,$7,$2,$1,$5,$6 Ranked$Pairs$E$ 3,$7,$4,$2,$5,$1,$6 Shulza$Method$E$ 3 $ 8 Hackers in this context have had a very measurable impact on society. If we treat the term hacker to refer to a person that pushes technology beyond perceived norms at the time, we can see several fields in computing in which they have made a measurable impact.
Personal computing machines - Steve Wozniak is almost universally accredited with bringing the affordable PC to the masses. Whilst the precursors of the technology were already developed at PARC, it took a hacker with detailed knowledge of hardware components to meld together a PC from disparate parts at an affordable price. Hosler Gaming - Hackers have been pushing the limits of gaming for decades. Probably the most famous hackerThe in this next arena question is John I asked Carmack. was a preferenCarmacktial pioneered ballot about several which technologies hackers the participants to push graphical capabilities of the PC beyond what was conventionally possible. Internet thoughtInfrastructure were the most - Tim famous. Berners-Lee The results inventor from thisof the question World are Wide pretty Web. much ordered by how Web 2.0 - AJAX the foundation of web 2.0 is often regarded as a huge hack by professional big ofsoftware a name developers.the person is .Often This isthe why constructs Bill Gates will came bend in firstthe rulesand Steve to work Wozniak arround in second. limitations in the infrastructure. BeingOpen theSource founders - Linus of two Torvalds of the largesthimself compute is oftenr regardedcompanies, as a alot hacker. of people have heard their
Thenames stereotypical. Unfortunately, view of I amanaged hacker isto simply confuse an a loexpertt of participants programmer with that this lacks question; engineering most of themdiscipline and the focus required for large team projects. However most of the innovations listed above require a sustainedhad never ammount heard some of effort. of the names. If any of the participants told me that they didn’t know any
Famousof the people hackers on the list, I told them to rank the names that sounded familiar at the top and
Somerandomly people place might the argue rest. Thethat reasobasedn Ion chose impact, to include could this we questionnot say anythough successful is because technologist one of my is a hacker? To test this and to be able to be able to rank famous hackers quantatively an experiment was conducted.sources had The a methodologychart that gauged was the as relative follows: popularity of hackers in 2006 using Google [2]. I
thoughtA base thatlist ofit wouldhackers be was interesting obtained to repeatfrom thethe Wikipediasame process entry they on used hackers. now to see if the results For each entry in this base list, two Google searches were done. The first one contained the hackers differ.name. I The also second wanted searchto see ifcontained the survey the results hackers were name similar. as wellBelow as arethe the term two hacker. charts. TheThe numberleft of matches for each search were recorded. The results were analysed to see the relative number of hits, as well as the rate at which a oneparticular is the original hackers survey name from appeared 2006 andwith the the one term on thehacker. right is the one that I did. These were compared against well known people in the technology industry. Original 2006 Ranking New 2012 Ranking Hits*on* Google*with* Hits*on* Hacker term*'hacker' Google Hacker*Quotient Relative*Popularity Tim*Berners=Lee 737,000 1,350,000 0.55 0.01 Dan*Bernstein 34,600,000 13,600,000 2.54 0.10 John*Carmack 244,000 1,800,000 0.14 0.01 Shawn*Fanning 495,000 917,000 0.54 0.01 Bill*Gosper 134,000 131,000 1.02 0.00 Richard*Greenblatt 2,030,000 1,510,000 1.34 0.01 Grace*Hopper 197,000 2,170,000 0.09 0.02 Bill*Joy 921,000 63,500,000 0.01 0.46 Donald*Knuth 93,600 266,000 0.35 0.00 John*McCarthy 1,080,000 57,100,000 0.02 0.41 Rob*Pike 1,770,000 10,500,000 0.17 0.08 Guido*van*Rossum 95,900 454,000 0.21 0.00 Randal*Schwartz 541,000 325,000 1.66 0.00 Richard*Stallman 866,000 3,160,000 0.27 0.02 Bjarne*Stroustrup 691,000 715,000 0.97 0.01 Theo*de*Raadt 520,000 216,000 2.41 0.00 Michael*Tiemann 1,540,000 874,000 1.76 0.01 Linus*Torvalds 1,030,000 6,560,000 0.16 0.05 Larry*Wall 5,570,000 139,000,000 0.04 1.00 Steve*Wozniak 827,000 5,950,000 0.14 0.04 Wietse*Venema 119,000 250,000 0.48 0.00 Rasmus*Lerdorf 252,000 414,000 0.61 0.00 As you can tell, it looks like a lot has changed in just the 6 years between the rankings. In
2006 there were no hackers that had a quotient about .55, but the chart I constructed had 5. Also
in 2006 there was a correlation between the hackers with the highest quotient and the hackers
9 Hosler with the highest relative popularity. In the rankings of the today though, there seems to be an inverse correlation, the hackers with the highest relative popularity have some of the lowest hacker quotients. In my opinion, I think that the differences in results between the two surveys are a result of how Google has changed over the years, rather than how hackers’ popularity has increased or decreased. I think that some of the hacker’s innovations have affected the results also. For example, Larry Wall created a high-level programming language called Perl. Over the last couple years it has had a huge increase in its user base and I believe this is the reason that
Wall received 139 million hits on Google, a number that came no where close to being touched 6 years. Overall for this question, I don’t think I was able to gain much insight on anything other than the fact technology has changed over time, and that isn’t exactly Earth shattering.
For my final two questions I asked participants if they were a hacker or if they had ever hacked somebody. I thought that I might get some interesting results from a few people, but it turns out that the group that I surveyed was rather normal and boring. Do(You(Consider(Yourself(A(Hacker? Choices #"of"Votes Do(You(Consider(Yourself(A(Hacker?Yes 5 ChoicesNo #"of"Votes29 Yes 5 No 29
Do(You(Believe(You've(Ever(Hacked(Somebody? Choices #"of"Votes Do(You(Believe(You've(Ever(Hacked(Somebody?Yes 3 ChoicesNo #"of"Votes31 Yes 3 No 31 It turns out that a whopping five people I surveyed considered themselves a hacker.
When I asked them what they had done, the general response was that they had taken something and made it better in some way. While I was personally happy that this is the definition they used
I was hoping to find someone who was an expert with a computer. For the fourth question I only had three responders who thought they had hacked somebody. When I asked them what they had
10 Hosler done the general response was that they had gotten on somebody else’s computer and seen something they shouldn’t have. I was hoping to survey somebody who had done something cool, or really bad, but I didn’t have any luck.
Overall, I hope that this paper has opened your eyes to a world you never know about. To me it is simply amazing that people are able to learn something so intimately, solely out of curiosity. I hope that the future will still be able to support people similar to the phone phreaks of the 1900s and the experimenters of today. With the advent of new security and tighter laws this may not be possible though. It is important to remember that it is often young hackers who grow up to be the next leaders in technology. Hackers created most of the great innovations we have today, and we need to leave the door open for them to do the same thing for the future.
11 Hosler
Works Referenced
1. Dictionaries, O., "hacker". Oxford Dictionaries. April 2010, 2010, Oxford University Press. 2. Carmelo Kintana, V.R., Sandra Lemon, Hansen Lio & Michael Frederick, History & Impact of Hacking: Final Paper. 2006. 3. Robson, G.D., The Origins of Phreaking, in Blacklisted! 4112004. 4. 2600 Hz, 2008: Wikipedia. 5. Rosenbaum, R. The Official Phreaker's Manual. 1971 Dec. 4, 2012]; Available from: http://myoldmac.net/FAQ/TheBlueBox-1.htm. 6. Blue Box. 2012; Available from: http://en.wikipedia.org/wiki/Blue_box. 7. Rosenbaum, R., Secrets of the Little Blue Box, in Esquire1971.
12