Paul A. Taylor: Hackers; Crime In The Digital Sublime (1999) ISBN: 0415180724 Pages: 224

"There is frequently in non-fictional accounts of hacking a rather curious mix of self-indulgent reliance upon seemingly trivial, tangential or simply mundane details of different hacking episodes coupled with a simultaneous and frequent resort to hyperbolic description...An overtly sensationalist tendency is evident in a sample of the titles and subtitles of some of the best-known recent books from the spate of non-fictional and journalistic accounts of hacking published in recent years..."

I tend to think that most of the readers of attrition have been online longer than I have. They have seen firsthand all the Cliff Stolls, the Markoffs, the Quittners and Slatallas, the She-who-cannot-be-named come around with their books. Books about Hackers are not to be trusted. Books on hackers are even worse than webpages about them: you gotta pay for a book! Isn't mister Taylor yet another in a long line of people trying to make a buck out of a culture that isn't his? Over-hyping an underground culture is a quick and easy way to cash in.

OK, Taylor has written a book. The books sells. He's making money out of the hacker phenomenon. But this book *is* different. The writer is not over-hyping the subject. He treats it with care and respect. Despite the title, this is a serious study of hackers, done in a respectable way. No sensationalism here. No (negative) biases. Instead, you get a book that is well-researched, slightly scholarly but on the light side. Definitely worth reading.

Taylor is on the side of the hackers from the very start, but he cannot be accused of being an asskisser (though some other people who reviewed the book felt differently about this). He brings in all the parties that are in some way or another involved with the underground and allows each one of them to give their take: European and American hackers, corporate security experts, the "feds", computer science academics and a whole bunch of other people, including of course, Bruce Sterling (but no book on hackers would be complete without him in it, no?). I read some other reviews where people complained about the amount of quotes in this book. To me, the amount of quotes and fragmentary nature of the book is a good thing: a little bit of everything with no exclusion of viewpoints. You must also remember that this book isn't specifically targeted at hackers or security experts, so the writer can't really go deep into subjects that are of interest to professionals but obscure to others.

I would guess that every issue under the sun regarding hackers is at the very least touched upon in this book. Since there is simply too much to mention, I will give some examples of issues addressed in the book:

• The "degradation ritual" by which the underground is turned into the "moral pariah" of society, a "substitute activity for fixing security flaws.".


• The typical "us versus them" binary mindset that prevails in both the underground and the mainstream. Taylor's book begins with a (longer) quote almost wittily saying: "It is an interesting fact that most scientific research and speculation on deviance concerns itself with the people who break rules rather than with those who make and enforce them.".


• The justifications that hackers use for their actions: obsession, curiosity, boredom, powertrip, peer recognition, political rebellion. Hackers jump from the social to the technical like chameleons: sometimes it lies with the technology, sometimes with society. Not all arguments are strong. Some hackers use the "You are not breaking the speed limit unless you get caught" type of rhetoric, others reduce computing to something non-human and thus of trivial value, the "It's just zeroes and ones" argument. The younger generation of hackers feels that the world "owes" them amusement.


• Despite a (loose and informal) "code of ethics", the lack of consensus in the underground is underlined. Hackers are individualistic, their culture informal, and they don't accept institutionally imposed ways of thinking. The most interesting thing about rules is how to subvert them. On the other hand, hackers who do not adhere to a basic, somewhat suitable code of behaviour because of greed and malicious or criminal intent are shunned by the rest of the underground. But, says Taylor:

  "Alongside the more contestable categories of hacking activity with their own purported ethic and kick there are some more straightforwardly criminal variants of technological endeavour that should perhaps be acknowledged early on."

  
  

  "...the pressure to commercialise their[hacker's] activity may...be increasing as techniques become more widely desired by traditional criminal groups.".



• The corporate security world doesn't (want to) make a distinction between a hacker and a cracker. Hackers obviously do, and they point out that even authorities themselves trespass. Hackers also argue that their expertise could be more effectively utilized instead of being suppressed or kept in the dark when applied.

IMO the most interesting part of the book were the technical arguments given against hacking and trusting hacker employees by the computer security experts. If you don't want to read the whole book, at least have a look at pages 101 to 106. The experts quoted in there do not have a very high opinion of hackers. Hackers like to point out that they make a tangible contribution to computer security, since much of what they do is pushing the envelope. Because of the way the operate and because of the mindset they bring to bear on the tech problems they face, hackers are able to come up with new creative ways to solve technical problems. Cookbook hacking is all good and well, but that doesn't make you into a hacker. An act of hacking gets "hack value" when it has something original about it, something novel. But the experts in the book claim that there isn't anything novel or creative about hacking. Hackers don't do anything that hasn't been done before that can be considered a substantial contribution to computer security. A few quotes (and these are obviously not Taylor's own):

"I think it is a misconception to believe that most (emphasis: 'most') hackers have expertise that's particularly worthwhile. Many, of course, work from cookbooks, lists of known holes. While such lists are useful to the vendors and to CERT, they're in some sense, uninteresting - few, if any, show any degree of conceptual novelty."

"All that breaking into a system teaches is how to break into a system. It's very similar to testing software with random testing...It is only a crude approximation, and is viewed as real testing only by the uninformed."

"Everyone I know in major corporations, when faced with a choice between a) a student whose resume brags about all the machines he's broken into over the network; or b) a student whose resume lists courses in cryptography, law, and software engineering would hire b) and avoid a) like the plague."

Why do the experts say this? Are hackers exaggerating their findings because they are out of touch with the state of computing? Looking at the situations hackers get themselves into and the creativity needed in such situations, they can't allow themselves to be out of touch. So is it mere arrogance? Another attempt to discredit the hackers? A few more quotes from the book:

"Following the implemented moral categories, engineers regard technology as "morally neutral", and they do not feel responsible for faults or misuse as they regard these as tasks of the users; unfortunately, users cannot understand today's very complex systems...to control the adequacy of IT results!"

"Crackers do not provide a service by breaking in - we know the situation is bad, and we know why - it is because computer professionals are ignorant and the fault should lie squarely with our education system...Computer security issues are ignored - or worse misstated by our teachers..."

Review by: DeeGeneRate

Review by Robert M. Slade

13 sample pages and reviews from Amazon.com