In 1964 I learned to use unit record equipment. My first hacker encounter of the 3rd kind was in 78-79 on our research system doing field trials of group communication by computer researching collective intelligence at NJIT. Starting design in '74 the computer science head proclaimed "nobody would ever waste the power of a computer doing electronic mail.". We were way ahead of the curve, too far apparently. The Electron Information Exchange System (EIES, pronounced eyes) was the internet to us, connecting the commercial packet switch networks, bitnet, arpanet, mailnet, amature radio packet meshnets. It was all text based, no graphics, but it was amazing demonstrating powers and capabilities far beyond what we have ubiquitously on the internet today as remembered by many EIES users. It was user driven to the extreme, users even automated themselves and shared capabilities easily.
One day "A. System Hacker" began participation in public conferences. He explained how he connected to random addresses on the international commercial packet switching networks and was able to get in and take over an unused account using our all too helpful help system. This was my first wake up call.
Student jobs were not very plentiful at NJIT so we challenged students to hack into our security. If they succeeded they got a job programming for EIES, their first job was plugging the hole.
There were a number of times I got sloppy and left holes exploited by hackers and lost a lot of work product and spent much time repairing the damage many times as a result. In the late 90's I allowed the 4chan group on the original WikiWorld running as phpWiki. I applauded their free expression philosophy unaware they attracted posters of the most extreme disturbing content. After a WikiTrial there was a consensus to throw them out. Well, they took down WikiWorld and forced a switch to MediaWiki. WikiWorld never fully recovered. WikiWorld was supposed to become an reincarnation of EIES on modern hardware and operating environments in the public domain. It did not get very far, and hackers were at least partly to blame.
Since then, I have felt like I have never been rid of them, as if there was a war of good guys (ethical hackers) protecting me against the bad guys attacking me. It is not like I have any hard evidence, just too many bizarre incidents to chalk them all up to coincidence. But none has revealed themselves to me since "A. System Hacker".
Hackers have been in my world over 35 years but Hopex last weekend was the first time I entered their world. I had a feeling I'd find both friends and enemies there. I am a consultant at AT&T Shannon research labs doing biometrics, multi-factor authentication and security and thought this was a good opportunity to learn how then enemy works. But, as a hobby I also hope to help resurrect WikiWorld and the EIES legacy, and I thought I might find some kindred spirits at Hopex due to decentralized nature and strong anonymous identities of WikiWorld who's protection might be necessary for its success.
When I arrived, I realized my business casual attire was a bit out of place. Very quickly many of my preconceived notions were shattered. It was no surprise that most were preoccupied with the evils of government surveillance and the loss of forth amendment rights. And I was not surprised many considered any obstacle to be a challenge. Tables with soldering irons were set up for hacking hardware. One area was set up for picking locks. Exhibitors offered challenges of breaking codes etc. for prizes. Someone brought in a pay phone loaded with change. Whoever could open it could keep the change. I had expected I would find some radical anarchists there, and there were some, but they did not find sympathy there, they were scorned and ostracized.
What surprised me were the three dominant themes: self reliance, the conflict between privacy and transparency in society and the deep culture of social engineering.
I identified strongly with the self reliance culture. My dad taught, if it ain't broke, don't fix it, but if is is broke, let's fix it! This was a meetup of do it yourself enthusiasts. Sessions on hacking cars and other devices was mostly geared toward self reliance and being able to fix things yourself or hacking them to give them greater functionality. On the one hand, the sense of community was extremely socialistic but in support of individual freedom against the tyranny of the majority. It was like a flashback to the sixties do your own thing that's groovy sort of thing rather than doing what the establishment wants you to do.
I was at first disturbed by people smoking joints right in front of the hotel. It seemed they were begging for trouble. Then I saw one person leaving the circle at a time saying they were going to look out, and another leaving when they came back, and an army of people not in the circle reporting possible trouble. And by the 2nd day I realized that they could socially engineer their way out of most any situation and were as safe as babies in their crib. So I joined them :-p There were orphaned bottles of top shelf booze at various tables for the taking. That was a bit tempting but I have not had a drink in over 3.5 months and am done with alcohol. The gave out free trip glasses and batteries.
There was deep concern over the conflict between privacy and transparency in society expressed in a number of sessions. Ethical hacking involves making hard choices. And the right thing to do is not always clear. I had no interest in the whistle blowers sessions initially as I did not agree with their ethical choices. However, there was significant content in most all of the talks and I cannot now so easily condemn their choices as is popular to do. The potential imagined harm they do is portrayed as overriding any good by the media and so we are sucked into believing it. They show how government cannot be trusted and despite the evidence they produce we stand behind the government and say the the government should be trusted and not second guessed and anyone who does not trust the untrustworthy government should be put in jail.
They showed how without hacking anything the freedom of information act has been a wonderful tool in finding out the truth we do not want to hear of the policies and lies that victimize citizens. I was shocked to see government investigator training that basically says to lie in prosecutions using "parallelization" creating a plausible (false) history supported by what evidence they have when there is insufficient evidence for what they believe happened. All the time I thought is was just bad cops who twisted the truth, but now I see they are trained to do it in black and white, at least the feds are. My brain was really hacked on this one. We really do not want to know this stuff, but it is good that someone is looking.
This leads into social engineering which is really the flip side of how we are victimized by twisted truth where we do to them what they do to us, creating a plausible history that leads to a positive outcome so that we are not victimized, and can get what we want.
I was lamenting to a guy that is certain places in the hotel there was no hopex wifi available and it would be nice if we could use the hotel wifi that was restricted to people staying in the hotel. He said, "its not a problem, I searched twitter to find someone staying at this hotel, and then its a no brainer to socially engineer a way to get the room number. All you need is the name and the room number to get on the wifi."
We can think of scam, sham or sting as social engineering, but there is an ethical side also in how a positive future can be derived from the creation of a plausible history. It is not exactly honest, but can be achieved positively by just not telling the whole truth but selectively revealing information that is true, but leads the receiver to a false conclusion that that promotes a better outcome for everyone. I suppose I am naive in that it took me 64 years to grok this but things in my life could be better if I did not always blurt out the naked truth. What it really is about is fighting fire with fire or being defeated. The ethics are dubious and it is too easy to overdo it where it may not be necessary but often it may be the right thing to do.
Ralph Waldo Emerson said that a mind once expanded can never go back to its original dimension. This was an mind expanding experience for me. I got my hair, shirt, socks, pants and brain hacked at Hopex, and I connected with folks very interested in WikiWorld. It was a great experience.
Jim
Jim an interesting read. From the small image, short hair may work for you. Looked OK by me.
ReplyDeleteLet me know if the next one.
Al