NORTHERN ILLINOIS UNIVERSITY THE SOCIAL ORGANIZATION OF THE COMPUTER UNDERGROUND A THESIS SUBMITTED TO THE GRADUATE SCHOOL IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE MASTER OF ARTS DEPARTMENT OF SOCIOLOGY BY GORDON R. MEYER %CompuServe: 72307,1502% %GEnie: GRMEYER% DEKALB, ILLINOIS AUGUST 1989 ^ ABSTRACT Name: Gordon R. Meyer Department: Sociology Title: The Social Organization of the Computer Underground Major: Criminology Degree: M.A. Approved by: Date: __________________________ ________________________ Thesis Director NORTHERN ILLINOIS UNIVERSITY ^ ABSTRACT This paper examines the social organization of the "computer underground" (CU). The CU is composed of actors in three roles, "computer hackers," "phone phreaks," and "software pirates." These roles have frequently been ignored or confused in media and other accounts of CU activity. By utilizing a data set culled from CU channels of communication this paper provides an ethnographic account of computer underground organization. It is concluded that despite the widespread social network of the computer underground, it is organized primarily on the level of colleagues, with only small groups approaching peer relationships. ^ Certification: In accordance with departmental and Graduate School policies, this thesis is accepted in partial fulfillment of degree requirements. _____________________________________ Thesis Director _____________________________________ Date ^ ACKNOWLEDGMENTS FOR CRITIQUE, ADVICE, AND COMMENTS: DR. JAMES L. MASSEY DR. JIM THOMAS DR. DAVID F. LUCKENBILL FOR SUPPORT AND ENCOURAGEMENT: GALE GREINKE SPECIAL THANKS TO: D.C., T.M., T.K., K.L., D.P., M.H., AND G.Z. THIS WORK IS DEDICATED TO: GEORGE HAYDUKE AND BARRY FREED ^ TABLE OF CONTENTS Introduction . . . . . . . . . . . . . . . . . . . 1 Methodology . . . . . . . . . . . . . . . . . . . 6 What is the Computer Underground? . . . . . . . . 11 Topography of the Computer Underground . . . . . . 20 Hacking . . . . . . . . . . . . . . . . . 20 Phreaking . . . . . . . . . . . . . . . . . . 21 Pirating . . . . . . . . . . . . . . . . . 24 Social Organization and Deviant Associations . . . 28 Mutual Association . . . . . . . . . . . . . . . . 31 The Structure of the Computer Underground . . . . 33 Bulletin Board Systems . . . . . . . . . . 33 Towards a BBS Culture . . . . . . . . . 37 Bridges, Loops, and Voice Mail Boxes . . . 53 Summary . . . . . . . . . . . . . . . . . . 57 Mutual Participation . . . . . . . . . . . . . . . 59 Pirate Groups . . . . . . . . . . . . . . . 63 Phreak/hack groups . . . . . . . . . . . . 64 Summary . . . . . . . . . . . . . . . . . . 67 Conclusion . . . . . . . . . . . . . . . . . . . . 69 REFERENCES . . . . . . . . . . . . . . . . . . . . 75 APPENDIX A. COMPUTER UNDERGROUND PSEUDONYMS . . . 76 APPENDIX B. NEW USER QUESTIONNAIRE FROM A PHREAK/HACK BBS . 77 ^ Introduction The proliferation of home computers has been accompanied by a corresponding social problem involving the activities of so-called "computer hackers." "Hackers" are computer aficionados who "break in" to corporate and government computer systems using their home computer and a telephone modem. The prevalence of the problem has been dramatized by the media and enforcement agents, and evidenced by the rise of specialized private security firms to confront the "hackers." But despite this flurry of attention, little research has examined the social world of the "computer hacker." Our current knowledge in this regard derives from hackers who have been caught, from enforcement agents, and from computer security specialists. The everyday world and activities of the "computer hacker" remain largely unknown. This study examines the way actors in the "computer underground" (CU) organize to perform their acts. The computer underground, as it is called by those who participate in it, is composed of actors adhering to one of three roles: "hackers," "phreakers," or "pirates." To further understanding this growing "social problem," this project will isolate and clarify ^ 8 these roles, and examine how each contributes to the culture as a whole. By doing so the sociological question of how the "underground" is organized will be answered, rather than the technical question of how CU participants perform their acts. Best and Luckenbill (1982) describe three basic approaches to the study of "deviant" groups. The first approach is from a social psychological level, where analysis focuses on the needs, motives, and individual characteristics of the actors involved. Secondly, deviant groups can be studied at a socio-structural level. Here the emphasis is on the distribution and consequences of deviance within the society as a whole. The third approach, the one adopted by this work, forms a middle ground between the former two by addressing the social organization of deviant groups. Focusing upon neither the individual nor societal structures entirely, social organization refers to the network of social relations between individuals involved in a common activity (pp. 13-14). Assessing the degree and manner in which the underground is organized provides the opportunity to also examine the culture, roles, and channels of communication used by the computer underground. The focus here is on the day to day experience of persons whose activities have been ^ 9 criminalized over the past several years. Hackers, and the "danger" that they present in our computer dependent society, have often received attention from the legal community and the media. Since 1980, every state and the federal government has criminalized "theft by browsing" of computerized information (Hollinger and Lanza-Kaduce, 1988, pp.101- 102). In the media, hackers have been portrayed as maladjusted losers, forming "high-tech street gangs" (Chicago Tribune, 1989) that are dangerous to society. My research will show that the computer underground consists of a more sophisticated level of social organization than has been generally recognized. The very fact that CU participants are to some extent "networked" has implications for social control policies that may have been implemented based on an in- complete understanding of the activity. This project not only offers sociological insight into the organ- ization of deviant associations, but may be helpful to policy makers as well. I begin with a discussion of the definitional problems that inhibit the sociological analysis of the computer underground. The emergence of the computer underground is a recent phenomenon, and the lack of empirical research on the topic has created an area ^ 10 where few "standard" definitions and categories exist. This work will show that terms such as "hacker," "phreaker," and "pirate" have different meanings for those who have written about the computer underground and those who participate in it. This work bridges these inconsistencies by providing definitions that focus on the intentions and goals of the participants, rather than the legality or morality of their actions. Following the definition of CU activities is a discussion of the structure of the underground. Utilizing a typology for understanding the social organization of deviant associations, developed by Best and Luckenbill (1982), the organization of the computer underground is examined in depth. The analysis begins by examining the structure of mutual association. This provides insight into how CU activity is organized, the ways in which information is obtained and disseminated, and explores the subcultural facets of the computer underground. More importantly, it clearly illustrates that the computer underground is primarily a social network of individuals that perform their acts separately, yet support each other by sharing information and other resources. After describing mutual association within the underground community, evidence of mutual participation ^ 11 is presented. Although the CU is a social network, the ties developed at the social level encourage the formation of small "work groups." At this level, some members of the CU work in cooperation to perform their acts. The organization and purposes of these groups are examined, as well as their relationship to the CU as a whole. However, because only limited numbers of individuals join these short-lived associations, it is concluded that the CU is organized as colleagues. Those who do join "work groups" display the characteristics of peers, but most CU activity takes place at a fairly low level of sophistication. ^ 12 Methodology Adopting an ethnographic approach, data have been gathered by participating in, monitoring, and cata- loging channels of communication used by active members of the computer underground. These channels, which will be examined in detail later, include electronic bulletin board systems (BBS), voice mail boxes, bridges, loops, e-mail, and telephone conversations. These sources provide a window through which to observe interactions, language, and cultural meanings without intruding upon the situation or violating the privacy of the participants. Because these communication centers are the "back stage" area of the computer underground, they provided insight into organizational (and other) issues that CU participants face, and the methods they use to resolve them. As with any ethnographic research, steps have been taken to protect the identity of informants. The culture of the computer underground aids the researcher in this task since phreakers, hackers, and pirates regularly adopt pseudonyms to mask their identity. However to further ensure confidentiality, all of the pseudonyms cited in this research have been changed by the author. Additionally, any information that is ^ 13 potentially incriminating has been removed or altered. The data set used for this study consists primarily of messages, or "logs," which are the primary form of communication between users. These logs were "captured" (recorded using the computer to save the messages) from several hundred computer bulletin boards1 located across the United States. The bulk of the data were gathered over a seventeen month period (12/87 to 4/89) and will reflect the characteristics of the computer underground during that time span. However, some data, provided to the researcher by cooperative subjects, dates as far back as 1984. The logged data were supplemented by referring to several CU "publications." The members of the computer underground produce and distribute several technical and tutorial newsletters and "journals." Since these "publications" are not widely available outside of CU circles I have given a brief description of each below. Legion of Doom/Hackers Technical Journal. This ____________________ 1 Computer Bulletin Boards (BBS) are personal computers that have been equipped with a telephone modem and special software. Users can connect with a BBS by dialing, with their own computer and modem, the phone number to which the BBS is connected. After "log