Hacking not just for geeks anymore By John Simerman TIMES STAFF WRITER http://www.hotcoco.com The phreaks still come out after school -- the spindly boys with too much time, plenty of brainpower and an appetite for anarchy. More stereotyping. But the long-chronicled image of the hacker -- the cracker, the ego-driven cyber-geek who penetrates, then leaves behind a flashy mark like a pubescent Zorro -- has taken a back seat. Long-chronicled by poor articles like this one. It is incredible that journalists can create a stereotype that is mostly unfounded, and later quote it as fact. In the minds of nervous corporations and government agencies, the hacker menace has put on muscle. Some experts are bemused at the FBI's arrest Wednesday night of Cloverdale boys accused of breaking into a Pentagon computer. They see a throwback. "Five or six years ago, it was a 16-year-old white male geek kid sitting in his room, very bright, very alone because he works better with machines than people, and Mom and Dad sit home thinking, 'Isn't it wonderful Sonny isn't getting into trouble?' " said Patricia Fisher, president of Janus Associates, a Connecticut-based computer security firm. "Now it's more a swarthy, middle-aged guy or gal who really knows how to pinpoint the information he wants. He's between 30 and 50, someone who has been in the intelligence service and has done this for a living for his government in the past." Dismantling of Soviet Union The change in the hacker demographic is a result, in part, of the breakup of the Soviet Union that put some of the country's top intelligence people out of work, said security experts. It's also due to hardened laws that raise the stakes on network break-ins. The new breed of hacker has many names. He is the "Uebercracker," the "Info Assassin," a stealthy computer expert with a specific target who goes beyond cookbook methods and random acts of violence. He searches for specific trade secrets, is paid to find coveted property and leaves no trace, or knocks out a system with confounding messages. These names seem to be exclusive to articles like this. "It's what you don't know and what you don't hear that worries you," said one encryption expert at a Silicon Valley security firm. Some younger hacking groups -- the ones who are in it for the thrill of the hunt -- insist that members formally agree they won't do damaging mischief. If caught, they may be treated lighter by law enforcement. "The prankster may commit serious crime, but he's not in it as a member of organized crime trying to shake down a company," said Steve Ross, director of security business solutions at Deloitte & Touche, the international accounting firm. "An awful lot of people who used to be doing some nefarious things are now in the computer business." Young mercenaries Some of the most successful young hackers now get paid for their work by corporations trying to protect networks from the Assassin. The Department of Defense, like many agencies, has its own Red Team of hackers who try to beat the agency's own systems to uncover weaknesses. Still, the budding and sometimes raging mischievousness that typifies the younger hacker remains in force. They still wreak havoc -- at computer firms, banks and perhaps also within the government's highly guarded computer systems. Security experts agree that, like always, it takes more time than know-how to cause trouble from behind the bedroom door. "These are kids who want to be cool," said Peter Tippett, president of the International Computer Security Association in Carlisle, Pa. "Most of them really don't know what they're doing." More stereotyping. Some of these kids do know what they are doing and are quite proficient at system security.