Dissecting the ``Hacker Manifesto''
Total Page:16
File Type:pdf, Size:1020Kb
Dissecting the ``Hacker Manifesto'' S.M. Furnell Research Co-ordinator, Network Research Group, School of Electronic, Communication and Electrical Engineering, University of Plymouth, Plymouth, UK P.S. Dowland Research Student, Network Research Group, School of Electronic, Communication and Electrical Engineering, University of Plymouth, Plymouth, UK P.W. Sanders Visiting Professor, Network Research Group, School of Electronic, Communication and Electrical Engineering, University of Plymouth, Plymouth, UK Keywords as the ``Hacker Manifesto''. This was Computer security, Hacking, Introduction written in 1986 by a hacker who operated Information society The definition of the term ``hacker'' has under the pseudonym of ``The Mentor'' Abstract changed considerably over the last 30 years. and who was a member of the notorious Twelve years ago, a text was In the 1960s, hackers were the dedicated hacking group the Legion of Doom (Sterling, written within the hacking com- software and hardware gurus, and the term 1992). The full text is reproduced in munity which is widely referred to largely referred to persons capable of imple- Figure 1. as the ``Hacker Manifesto''. This text, and the opinions that it menting elegant/technically advanced solu- The Manifesto is still widely accessible, offers, have since been widely tions to technologically complex problems. In some 12 years after it was originally written. embraced by the hacker commu- the 1990s, however, the name implies some- Ordinarily, this could be considered no great nity and the document is refer- thing rather different and is commonly used feat for a piece of literature. However, it is enced from numerous sites on the Internet. This paper sets out to to refer to people dedicated to entering possibly more significant in the context of examine the content of the Mani- systems by identifying and exploiting the technology field, where the pace of festo and considers the validity of security weaknesses. At the extreme are a change frequently renders once leading edge many of the messages that it subset (often distinguished by the term imparts. The Manifesto is consid- thoughts obsolete after a few years. In fact, ered to present an undoubtedly ``crackers'') who perform openly malicious the Manifesto probably has wider exposure pro-hacker message, without ac- actions on the systems they enter, such as now than it did at the time that it was knowledging other perspectives or deleting files, modifying data and stealing written. A search on the WWW yields the wider implications of the ac- information. Such activities would be tivities that it is advocating. The numerous links to sites reproducing paper explores some of these frowned on by the traditional hackers from the text. Indeed, a search for the term issues, examining both the con- the 1960s. ``hacker'' followed by ``manifesto'' yielded sequences of the Manifesto's dis- Modern-day hackers are one part of a so- more hits than a search for ``Orange Book'' semination and ways in which called Computing Underground (Mizrach, security professionals and society followed by ``security'' (560 versus 173 hits, at large should respond. It is 1997). This is something of a catch-all term, with both figures resulting from Infoseek concluded that whilst the Mani- which encompasses a number of sub-groups searches conducted on 31 August 1998 festo obviously cannot bear the that would generally be classed as undesir- using the terms specified). For the unini- sole responsibility for promoting able by society at large. These include the tiated, the Orange Book is the name com- and encouraging hacker activity, it aforementioned crackers, phreakers (who at best sends out an incomplete monly used to refer to the US Department of message that should be balanced actively explore and/or control the telecom- Defence Trusted Computer Systems with appropriate counter-argu- munications networks), virus writers and Evaluation Criteria, a significant publication ment. software pirates. in the IT security field which was published This paper considers the principles from at roughly the same time as the Manifesto which many hackers operate and the justifi- (DOD, 1985). This crude example suggests cations that are often presented for their that the hacker perspective is more actions. Significant reference is made to the widely available than specific security so-called ``Hacker Manifesto'', which encap- guidelines. In addition, the Manifesto has sulates many of their beliefs and is widely found its way into other forms of media available within the hacker community. outside the WWW. For example, segments from it have been quoted in the 1995 film Hackers (MGM, 1997). Consequently, Information Management & The Hacker Manifesto Computer Security the text cannot be easily dismissed as 7/2 [1999] 69±75 A popular element of hacker culture is a being merely the thoughts of one person # MCB University Press brief text entitled The Conscience of a Hacker, and the material is worthy of further [ISSN 0968-5227] which is more widely known and referred to examination. [69] S.M. Furnell, P.S. Dowland Figure 1 and P.W. Sanders The ``Hacker Manifesto'' Dissecting the ``Hacker Manifesto'' Information Management & Computer Security 7/2 [1999] 69±75 the modern, mass media definition). That Dissecting the Manifesto said, however, the Manifesto only presents a When reading the text of the Manifesto, the restricted view of a hacker ± as largely a first thing that is clear is that it is not using curious explorer, pursuing knowledge and/ the term ``hacker'' in its original, 1960s sense, or intellectual challenge. Fundamentally, i.e. the system and coding gurus as described, however, even unauthorised exploration of a for example, by Levy (1984). The perspective system is equivalent to trespassing and may is instead that of people gaining un- still result in a breach of commercial con- authorised access to computer systems (i.e. fidentiality or personal privacy. Parallels are [ 70 ] S.M. Furnell, P.S. Dowland frequently drawn between cyberspace and be an attractive target to hackers, with and P.W. Sanders the physical world (e.g. discussion of con- numerous incidents reported in the general Dissecting the ``Hacker cepts such as ``community'' occur in both media (Ungoed-Thomas, 1998). A standard Manifesto'' contexts). If such comparisons are applied to defence in such cases is often simple curios- Information Management & Computer Security notions such as property and privacy, it is ity rather than some more sinister purpose. 7/2 [1999] 69±75 clear that the incursions that some hackers However, the sharing of knowledge is one of would argue to be acceptable online would the underlying principles of the hacker not be so easily justified in the real-world community and, therefore, even if the hacker equivalent. For example, we could draw a effecting the break-in chooses not to use the parallel between an individual's Web site and information irresponsibly, others who gain his/her home, or between a company's site access through him/her may not be so and its high-street office or showroom. The reliable. hacker ethic would state that unauthorised Moving on from the debate about simple entry into the system running such a WWW exploration, a substantial body of evidence is server would be acceptable as long as no available to prove that various other moti- damage is done. However, no one would be vations frequently prevail. Examples include likely to be very tolerant of an intruder financial gain, espionage, malice/revenge or offering such excuses if found exploring in general mischief. Therefore, even if the their home or office. Regardless of whether ``harmless exploration'' proposition is ac- you agree with its sentiments, the views laid cepted as one potential motivation, security out in the Manifesto contradict the law in is still required to ensure protection against many countries. It would, for example, these other cases. breach the section of the UK Computer Another motivation stated in the Manifesto Misuse Act relating to ``Unauthorised access is to enable the free use of services that would to computer programs and data'' (HMSO, be ``dirt cheap'' were they not run by ``profit- 1990). eering gluttons''. The main parties referred to The defence that a hacker may not set here are telecommunications service opera- out intentionally to damage a system is tors, who provide the basic infrastructure actually a convenient over-simplification of through which hackers (and other users) are the issue. Actions may have an uninten- able to connect to remote systems. The tional/indirect impact that is not foreseen by observation that services could be cheaper the hacker. Many do not know in advance may well be valid in some cases, especially the nature of the systems that they are trying where a key player is able to exploit a to penetrate or the tasks that they are monopoly position. However, over time, performing (indeed, part of the challenge market forces (primarily the emergence of may be to find out). However, in a worst-case competition) or legislation often redress the scenario, the mere presence of a hacker balance and result in charges being reduced could result in undesirable consequences to a more realistic level. By contrast, the (e.g. degradation of system performance activities of hackers are more likely to such that essential operations are not com- provoke a response solely in respect of the pleted quickly enough ± which could be breach of security. As an aside, it may be