[Mr. Martinez was contacted about this article on Feb 4th. I would like to say that he was extremely open to our critique and acknowledges some of the errors. A copy of his mail can be viewed here.] http://www.abcnews.go.com/sections/tech/DailyNews/hackers990203.html Computer Subculture Faces Generational Questions By Michael J. Martinez ABCNEWS.com Feb. 4 Computer hackers see themselves as intellectual rebels, free-speech advocates and knowledge seekers, dedicated to cruising the wrong way down the information superhighway with their middle fingers defiantly upraised. The authorities call them miscreants and criminals. Hackers have been blamed for more than $236 million in damage in the past year alone, according to the San Francisco-based Computer Security Institute (CSI). Fighting back, four major computer companies Cisco Systems, Sun Microsystems, Lucent Technologies and Network Associates ^× banded together last week to form a consortium called the Security Research Alliance to improve network security. Meanwhile, the world's most famous hacker Kevin Mitnick, who was arrested in 1995 for massive credit card fraud and other exploits that totaled some $80 million in damages, sits in a Los Angeles jail cell awaiting trial. And the hacker community itself is facing a subtle but growing cultural divide: a generation gap in the proudly youthful hacker subculture. [Of all the charges leveled at Mitnick, none of them are credit card fraud.] Old-School History The first hackers came of age in the 1970s, honing their skills on mainframe computers before moving on to other computers via phone lines. Hacking remote networks over the telephone system quickly became known as 'phone phreaking.' In the early 1980s, hackers began to together in groups like the Cult of the Dead Cow (cDc), l0pht (one of the oldest and most respected), newhackcity, the Masters of downloading and milw0rm. [Masters of Downloading and milw0rm are no more than 2 years old, and neither are respected among the hacker community. And the definition of 'phone phreaking' is a bit off. Phreaking is the term for hacking phone systems, not hacking computer systems OVER phone lines.] Old-school hackers tend to follow a distinct code of ethics that precludes damaging computer systems or corrupting data. Hacking has become corrupted to include cracking, says OXblood Ruffin, the foreign minister of the cDc (like the other hackers quoted in this article, he was interviewed under his hacker moniker, via e-mail). Cracking means destructive behaviors that encompass network intrusions, virus-based programming, and the like.^Ô Use Your Powers For Good, Not Evil Nevertheless, at last summer^Òs DefCon hacker convention in Las Vegas, the Cult of the Dead Cow whipped the young crowd into a frenzy with its rock-and-roll presentation of a new hacking tool. Called Back Orifice, it allows a user to gain control of machines running Windows 95, as long as those machines are connected to the Internet and users inadvertently activate the program through a 'trojan horse.' [Slight butcher of the definition 'trojan horse'. That is the concept of one, not a mechanism to load one.] The availability of such tools makes it far easier to acquire the skill set needed to break into remote computers. Many tools, called 'warez' by younger hackers, can be downloaded from sites across the Web. From there, a little experimentation is all that's needed to learn how to crack an unprotected Web site. ['warez' refers to illegal copies of commercial software more than hacking tools.] ^"Basically [the younger hacker is] the average Joe Schmoe high school kid who knows nothing about programming," says an independent hacker who calls himself Lord Somer, "but has some general knowledge on how to use proggies^Òor programs." Going Corporate Many more respectable hackers, meanwhile, have migrated to the corporate world, using their infiltration skills to protect their company's computers from sabotage. "This is something I always loved to do," says Matthew Harrigan, ex-hacker and the founder and chief technology officer of MicroCosm Computer Resources, a San Francisco-based computer security firm. "One day I figured it would be a better use of my time if I could do this and actually make some money." Founded in 1992, MicroCosm has grown to the point that Harrigan hired Silicon Valley veteran Art Case last year to take over the job of CEO. MicroCosm freely hires hackers as long as they measure up to Harrigan's ethical standards. "Hackers really have that broadband skill set and the frame of mind to use it well in computer security," Harrigan says. "The vast majority of them are not out to hurt anybody. They're out there to learn." Destructive Youth? John Vransevich, founder of AntiOnline, a Web site dedicated to computer security, first published the site as a 19-year-old college student enamored with the world of hacking. Now, his fledgling computer-security company has venture capital backing and bright new offices, even as Vransevich^Òs view of hackers has dimmed. "I've seen 16-year-olds breaking into Web sites for the hell of it, people breaking into 10,000 domains and deleting the content on them it's amazing," Vransevich says. "And each time this comes up, I^Òm asking myself why someone would do something like that." Harrigan agrees that a handful of the young people coming onto the hacker scene tend to be less disciplined and more destructive than past generations: "We weren't out there breaking into Internet sites, sending e-mail bombs, unleashing trojans on people." The rivalry between certain youngsters and older hackers has become so pronounced, Ruffin describes it in the terms of young gunslingers going after wild-West legends. "Today younger 'hackers' are out to make their mark and knock down a lot of the name hackers," Ruffin says, "which is understandable from a generational point of view." Hacktivism Catches On Many hackers have decided that if they're going to learn computer security by breaking into servers, those servers might as well belong to people they don't like. China, Indonesia, India and Mexico, among others, have all had sites attacked by "hacktivists." The government home pages are usually defaced with cyber-graffiti that spells out the hacker's particular beef with that government. Hacktivists have also performed denial-of-service attacks, blocking anyone else who tries to access that server. Groups like cDc, l0pht and others discourage hacking Web sites and denial-of-service attacks. Instead they try to help dissident computer groups in repressive societies. The cDc claims it has aided a Chinese hacker group, called the Hong Kong Blondes, by giving it advice and hacking tools including 5,000 copies of Back Orifice to distribute in China. [This makes it sound like they shipped 5000 copies overseas. Why stop at 5000? They made the software available and ANYONE may copy it as often as they like.] "So what if you hack a Web site and say 'your human rights policy sucks' or whatever the message says? At the end of the day, human rights aren't improved, no one's life is made better," says OXblood Ruffin, the cDc's 'foreign minister.' "But if you provide the tools for people to raise their own struggle, then you've done something."