|illustration by Lloyd Miller|
LET'S GET OUR DEFINITIONS STRAIGHT. LAST WEEK AN UNprecedented wave of attacks hit Yahoo, eBay, Amazon and dozens of other sites, jamming the Web's normally smooth operations. This week, President Clinton will hold a cyber-summit of top law-enforcement officials and Internet executives to combat the “hackers.” But the e-barrages were not the work of hackers. They were the work of script kiddies, and the difference is everything. Script kiddies download ready-made tools and use them to damage the network. Script kiddies criminally distort the essential ethos of hacking, which is to pass through the network without a trace. Hackers read the unknown, sensing the contours of the code that drives all tomorrow's IPO parties and stock market booms.
It's no wonder that last week hackers everywhere cringed when the media confused them with script kiddies. Not less than 10 years ago, the word hacker conjured a dedicated geek, hunched over a glowing terminal, working late into the night to solve an intractable dilemma. Now hacker means something akin to cybercriminal. The semantic shift is regrettable, not only because the distortion inhibits clarity, but because it buries a piece of history we'd be wise to keep fresh: It was hackers who cobbled together the Internet.
Let's define terms again. Hacking is a quest for knowledge. You can see the essence of the activity in the brainstorming sessions at security firms like Secure Computing, where hackers are a key part of the professional services team. With clients in the Fortune 500 and three-letter government agencies, like the CIA and FBI, the stakes are high, and when the firm faces a perplexing problem, brainstorming sessions go late into the night. Ideas fly from one to another like pinballs off flippers, as the group mind turns over and examines the puzzle from all sides.
Group mind. There's a concept that flows from the structure of the Internet itself, parallel processors harnessed to parallel processors to achieve a single goal. It's no coincidence that information-technology professionals often think in a style similar to the way computers calculate. The network taught them how to reason digitally, it imprinted itself on their minds just as they imprinted their minds on it.
Is it any wonder, then, that hackers are the leaders of the new millennium? Again, a question of terminology. By leader I mean someone who forges ahead and names the dim future. Consider Tim Berners-Lee, who designed the first Web protocols and wrote the first browser code. Berners-Lee was a hacker. Or consider Richard Stallman, the single-minded evangelist of Open Source software. Stallman is an extraordinary hacker. I could go on and on. I recently consulted with a major mutual fund, and after the meeting I traded war stories with its head of information technology (IT). He fondly recalled the old days of phone phreaking and hacking Unix systems. That this former “delinquent” now runs a system executing billion-dollar transactions is not at all shocking. Most of the bright people in the IT business learned how to hack by — what else? — hacking.
Let's go back to Open Source for a moment. It's now the conventional wisdom that the Linux operating system and GNU Project are miracles of modern computing, which may one day triumph over the clunky software produced by the Microsoft-Apple cartel. Stallman launched the GNU Project by asking hackers to volunteer their services. Of course, they did. Likewise, Linux was founded on the belief that complex systems must be open, evolving and free in order to reach their full potential. In other words, they must be hackable and they must be hacked. Continuously.
Now comes the FBI and President Clinton with criminal sanctions for these script kiddies. It's right and just to keep the peace, but let's remember that in the Internet's embryonic stage, hacking, far from being criminal, was encouraged. When computers were first networked through telephone lines and slow modems, Bulletin Boards emerged as crossroads where cybertravelers could leave messages and valuable information about how the phone lines intersected with microprocessors. By these postings, the network formed a symbiotic relationship with its users, and through the give and take of countless exchanges between hackers, the network bootstrapped itself to a higher level of complexity. As Tom Jackiewicz, who helps administer upt.org, an outgrowth of the hacker's favorite, the UPT Bulletin Board, recalls, “In the old days of a decade ago, no kid could afford a Solaris workstation. The only machines available were online. You could learn only by roaming the network.''
Today the stakes are higher, security tighter, but the basic modalities of hacking and its relationship to innovation remain. The challenge du jour is the gauntlet thrown down by Microsoft, which claims that Windows NT, the operating system of many businesses, is secure. What a claim! For a baseball fan it would be like hearing the Yankees brag that they could play an entire season without losing a single game. Hackers love to find flaws in Windows NT. For them, the payoff is the power rush of the thunk! when the stone hits Goliath in the forehead.
One of the sharpest stones to leave a hacker's sling is a program called Back Orifice 2000. Developed by a group called Cult of the Dead Cow, Back Orifice is a highly sophisticated hack for Windows NT. The program can be loaded stealthily on a Windows network and gives a remote user control over the network. Why develop such a weapon? In the current environment of ubiquitous distributed computing — that is, networks and nodes everywhere — the hackers argue that no operating system provides a good solution to the problem of stealthy executables like Back Orifice. So the program is a form of shock therapy. It jerks Microsoft into action, stirs an indolent industry into making the Internet more secure. The upgrades that come as a result benefit all the companies relying on Windows NT.
As a culture we are just beginning to recognize this dynamic. One of the first hacker groups to benefit from our grudging acceptance of the craft is LOpht, which crossed over from the computing underground to the mainstream after finding flaws in Windows NT. Their transition has been so successful that when Congress conducted an investigation into Internet security, it asked two LOpht members, Mudge and Weld Pond, to come to Washington for a briefing. Who better to map the territory than the original explorers? Now LOpht has teamed up with executives formerly with Cambridge Technology Partners, Forrester Research and Compaq Computer to form @Stake, a computer security firm that has the media and Wall Street swooning.
So when is a hacker not a felon? When he receives $10 million in venture capital? When Congress invites him to a hearing?
When we lump all hackers into a criminal class we are liable to forget their essential role as architects of the information age. Edward O. Wilson said that scientists are characterized by a passion for knowledge, obsession and daring. Hackers share that passion, the hunter-gatherer gene for restless wandering, wondering what's beyond the next hill. They hack because it's fun, because it's a challenge, and because the activity shapes their identity. Their strengths — love of risk, toleration of ambiguity and ability to sift meaning from disparate sources — power the very network we all rush to join.