Hunting Computer Hackers
TWO years ago, the United States Secret Service declared war on the computer-hacker underground. In a series of well-coordinated raids around the country, law-enforcement agents broke into suburban homes - guns drawn - and presented unsuspecting parents with search warrants for their teenagers' computers. When it was over, "Operation Sundevil" had seized more than 40 computer systems and 23,000 floppy disks.
Although most of the computers seized were never returned, few of the seizures actually resulted in arrests and prosecutions. The purpose of Operation Sundevil, asserts noted science-fiction author Bruce Sterling in his first nonfiction work, "The Hacker Crackdown: Law and Disorder on the Electronic Frontier," was to send a message to computer hackers everywhere.
The message: Law enforcement would no longer stand by while high-school students rerouted calls in the nation's phone system and stole reports from credit databanks. As an added benefit, Sundevil seized the instruments of these minors' crimes without forcing the federal bureaucracy to go through the formalities of trials and convictions.
What nobody in the law-enforcement community expected, Sterling writes, was that an organized group of well-financed adults would come to the rescue of these computer criminals.
An assembly of civil libertarians, founded by Lotus millionaire Mitch Kapor and Grateful Dead lyricist John Perry Barlow, is now known as the Electronic Frontiers Foundation. It is but one of many organizations whose birth and growth is chronicled by "The Hacker Crackdown."
In writing about the events leading up to Operation Sundevil and their aftermath, Sterling also tells interesting, although somewhat spotty, histories of the US telephone system, the US Secret Service, and a variety of state and federal agents who have devoted their careers to the prosecution of computer crime. With access that is rarely granted to journalists, Sterling takes readers on a tour of the US government's 1,500-acre Federal Law Enforcement Training Center in Glynco, Ga., and then to a meeting of the government's Federal Computer Investigations Committee.
But the bulk of the book is devoted to Sterling's account of the hacker underground - the real-life world of cyberpunks and cyberspace. He has a flair for writing about these genuinely curious youngsters whose principal joys in life seem to be exchanging information about building explosives, breaking into telephone company computers, and spreading the gospel of anarchy.
Sterling walks a careful line between police, who, he asserts, believe that all hackers are thieves, and the hackers, some of whom actually are thieves. He is generally unmoved, though, by law-enforcement claims that hacking will soon cost lives as these teenagers move on from mastering the emergency 911 system to rerouting Amtrak trains and playing with the national air-traffic-control system.
"Consider this," he writes. "If `hacking' is supposed to be so serious and real-life and dangerous, then how come nine-year-old kids have computers and modems? You wouldn't give a nine-year-old his own car, or his own rifle, or his own chainsaw."
Sterling spends nearly a quarter of his book providing solid technical background on the phone system and its vulnerabilities, both technical and administrative. He gives readers real-life examples of "trashing" (searching through trash cans for damaging information) and "social engineering" (ways that hackers convince telephone company officials to do their bidding). Ironically, the book is an excellent starting point for hackers in training.
Sadly, Sterling's work lacks accuracy on many details. For example, he gives the erroneous impression that after the hacker crackdown of 1990, law-enforcement officials learned their lesson and stopped seizing computer bulletin-board systems. He also fails to criticize his heroes, the civil libertarians, although finding such criticism in the law-enforcement community isn't difficult. "The Hacker Crackdown" is a good read, but a bad starting point for setting public policy.