NORTHERN ILLINOIS UNIVERSITY








                 THE SOCIAL ORGANIZATION OF THE COMPUTER UNDERGROUND








                      A THESIS SUBMITTED TO THE GRADUATE SCHOOL

                     IN PARTIAL FULFILLMENT OF THE REQUIREMENTS

                                   FOR THE DEGREE

                                   MASTER OF ARTS








                               DEPARTMENT OF SOCIOLOGY







                                         BY

                                   GORDON R. MEYER

                                   %CompuServe: 72307,1502%
                                   %GEnie: GRMEYER%


                                  DEKALB, ILLINOIS

                                     AUGUST 1989

^





                                      ABSTRACT







             Name: Gordon R. Meyer            Department: Sociology









             Title: The Social Organization of the Computer Underground









             Major: Criminology               Degree: M.A.











             Approved by:                     Date:



             __________________________       ________________________
             Thesis Director





                          NORTHERN ILLINOIS UNIVERSITY

^









                                      ABSTRACT



               This paper examines the social organization of the

               "computer underground" (CU).  The CU is composed of

               actors in three roles, "computer hackers," "phone

               phreaks," and "software pirates."  These roles have

               frequently been ignored or confused in media and other

               accounts of CU activity. By utilizing a data set culled

               from CU channels of communication this paper provides

               an ethnographic account of computer underground

               organization. It is concluded that despite the

               widespread social network of the computer underground,

               it is organized primarily on the level of colleagues,

               with only small groups approaching peer relationships.


^

























               Certification: In accordance with departmental and

                              Graduate School policies, this thesis

                              is accepted in partial fulfillment

                              of degree requirements.



                              _____________________________________
                              Thesis Director

                              _____________________________________
                              Date


^









                                   ACKNOWLEDGMENTS



                         FOR CRITIQUE, ADVICE, AND COMMENTS:

                                 DR. JAMES L. MASSEY

                                   DR. JIM THOMAS

                               DR. DAVID F. LUCKENBILL



                           FOR SUPPORT AND ENCOURAGEMENT:

                                    GALE GREINKE



                                 SPECIAL THANKS TO:

                            D.C., T.M., T.K., K.L., D.P.,

                                   M.H., AND G.Z.



                             THIS WORK IS DEDICATED TO:

                                   GEORGE HAYDUKE

                                         AND

                                     BARRY FREED






^














                                  TABLE OF CONTENTS

               Introduction . . . . . . . . . . . . . . . . . . .    1

               Methodology  . . . . . . . . . . . . . . . . . . .    6

               What is the Computer Underground?  . . . . . . . .   11

               Topography of the Computer Underground . . . . . .   20
                    Hacking     . . . . . . . . . . . . . . . . .   20
                    Phreaking . . . . . . . . . . . . . . . . . .   21
                    Pirating    . . . . . . . . . . . . . . . . .   24

               Social Organization and Deviant Associations . . .   28

               Mutual Association . . . . . . . . . . . . . . . .   31

               The Structure of the Computer Underground  . . . .   33
                    Bulletin Board Systems    . . . . . . . . . .   33
                         Towards a BBS Culture  . . . . . . . . .   37
                    Bridges, Loops, and Voice Mail Boxes    . . .   53
                    Summary   . . . . . . . . . . . . . . . . . .   57

               Mutual Participation . . . . . . . . . . . . . . .   59
                    Pirate Groups   . . . . . . . . . . . . . . .   63
                    Phreak/hack groups    . . . . . . . . . . . .   64
                    Summary   . . . . . . . . . . . . . . . . . .   67

               Conclusion . . . . . . . . . . . . . . . . . . . .   69

               REFERENCES . . . . . . . . . . . . . . . . . . . .   75

               APPENDIX A. COMPUTER UNDERGROUND PSEUDONYMS  . . .   76

               APPENDIX B.
                 NEW USER QUESTIONNAIRE FROM A PHREAK/HACK BBS  .   77

^









                                    Introduction

                    The proliferation of home computers has been

               accompanied by a corresponding social problem involving

               the activities of so-called "computer hackers."

               "Hackers" are computer aficionados who "break in" to

               corporate and government computer systems using their

               home computer and a telephone modem.  The prevalence of

               the problem has been dramatized by the media and

               enforcement agents, and evidenced by the rise of

               specialized private security firms to confront the

               "hackers."  But despite this flurry of attention,

               little research has examined the social world of the

               "computer hacker." Our current knowledge in this regard

               derives from hackers who have been caught, from

               enforcement agents, and from computer security

               specialists.  The everyday world and activities of the

               "computer hacker" remain largely unknown.

                    This study examines the way actors in the

               "computer underground" (CU) organize to perform their

               acts. The computer underground, as it is called by

               those who participate in it, is composed of actors

               adhering to one of three roles: "hackers," "phreakers,"

               or "pirates." To further understanding this growing

               "social problem," this project will isolate and clarify
^



                                                                     8

               these roles, and examine how each contributes to the

               culture as a whole. By doing so the sociological

               question of how the "underground" is organized will be

               answered, rather than the technical question of how CU

               participants perform their acts.

                    Best and Luckenbill (1982) describe three basic

               approaches to the study of "deviant" groups.  The first

               approach is from a social psychological level, where

               analysis focuses on the needs, motives, and individual

               characteristics of the actors involved.  Secondly,

               deviant groups can be studied at a socio-structural

               level.  Here the emphasis is on the distribution and

               consequences of deviance within the society as a whole.

               The third approach, the one adopted by this work, forms

               a middle ground between the former two by addressing

               the social organization of deviant groups.   Focusing

               upon neither the individual nor societal structures

               entirely, social organization refers to the network of

               social relations between individuals involved in a

               common activity (pp. 13-14).  Assessing the degree and

               manner in which the underground is organized provides

               the opportunity to also examine the culture, roles, and

               channels of communication used by the computer

               underground. The focus here is on the day to day

               experience of persons whose activities have been
^



                                                                     9

               criminalized over the past several years.

                    Hackers, and the "danger" that they present in our

               computer dependent society, have often received

               attention from the legal community and the media. Since

               1980, every state and the federal government has

               criminalized  "theft by browsing" of computerized

               information (Hollinger and Lanza-Kaduce, 1988, pp.101-

               102). In the media, hackers have been portrayed as

               maladjusted losers, forming "high-tech street gangs"

               (Chicago Tribune, 1989) that are dangerous to society.

               My research will show that the computer underground

               consists of a more sophisticated level of social

               organization than has been generally recognized. The

               very fact that CU participants are to some extent

               "networked" has implications for social control

               policies that may have been implemented based on an in-

               complete understanding of the activity. This project

               not only offers sociological insight into the organ-

               ization of deviant associations, but may be helpful to

               policy makers as well.

                    I begin with a discussion of the definitional

               problems that inhibit the sociological analysis of the

               computer underground. The emergence of the computer

               underground is a recent phenomenon, and the lack of

               empirical research on the topic has created an area
^



                                                                    10

               where few "standard" definitions and categories exist.

               This work will show that terms such as "hacker,"

               "phreaker," and "pirate" have different meanings for

               those who have written about the computer underground

               and those who participate in it. This work bridges

               these inconsistencies by providing definitions that

               focus on the intentions and goals of the participants,

               rather than the legality or morality of their actions.

                    Following the definition of CU activities is a

               discussion of the structure of the underground.

               Utilizing a typology for understanding the social

               organization of deviant associations, developed by Best

               and Luckenbill (1982), the organization of the

               computer underground is examined in depth.

                    The analysis begins by examining the structure of

               mutual association. This provides insight into how CU

               activity is organized, the ways in which information is

               obtained and disseminated, and explores the subcultural

               facets of the computer underground.  More importantly,

               it clearly illustrates that the computer underground is

               primarily a social network of individuals that perform

               their acts separately, yet support each other by

               sharing information and other resources.

                    After describing mutual association within the

               underground community, evidence of mutual participation
^



                                                                    11

               is presented. Although the CU is a social network, the

               ties developed at the social level encourage the

               formation of small "work groups." At this level, some

               members of the CU work in cooperation to perform their

               acts. The organization and purposes of these groups are

               examined, as well as their relationship to the CU as a

               whole. However, because only limited numbers of

               individuals join these short-lived associations, it is

               concluded that the CU is organized as colleagues. Those

               who do join "work groups" display the characteristics

               of peers, but most CU activity takes place at a fairly

               low level of sophistication.
^



                                                                    12





                                    Methodology

                    Adopting an ethnographic approach, data have been

               gathered by participating in, monitoring, and cata-

               loging channels of communication used by active members

               of the computer underground. These channels, which will

               be examined in detail later,  include electronic

               bulletin board systems (BBS), voice mail boxes,

               bridges, loops, e-mail, and telephone conversations.

               These sources provide a window through which to observe

               interactions, language, and cultural meanings without

               intruding upon the situation or violating the privacy

               of the participants.  Because these communication

               centers are the "back stage" area of the computer

               underground, they provided insight into organizational

               (and other) issues that CU participants face, and the

               methods they use to resolve them.

                    As with any ethnographic research, steps have been

               taken to protect the identity of informants.  The

               culture of the computer underground aids the researcher

               in this task since phreakers, hackers, and pirates

               regularly adopt pseudonyms to mask their identity.

               However to further ensure confidentiality, all of the

               pseudonyms cited in this research have been changed by

               the author. Additionally, any information that is
^



                                                                    13

               potentially incriminating has been removed or altered.

                    The data set used for this study consists

               primarily of messages, or "logs," which are the primary

               form of communication between users.  These logs were

               "captured" (recorded using the computer to save the

               messages) from several hundred computer bulletin

               boards1 located across the United States.  The bulk of

               the data were gathered over a seventeen month period

               (12/87 to 4/89) and will reflect the characteristics of

               the computer underground during that time span.

               However, some data, provided to the researcher by

               cooperative subjects, dates as far back as 1984.

                    The logged data were supplemented by referring to

               several CU "publications."  The members of the computer

               underground produce and distribute several technical

               and tutorial newsletters and "journals."  Since these

               "publications" are not widely available outside of CU

               circles I have given a brief description of each below.

                    Legion of Doom/Hackers Technical Journal.  This

               ____________________

                    1 Computer Bulletin Boards (BBS) are personal
               computers that have been equipped with a telephone
               modem and special software. Users can connect with a
               BBS by dialing, with their own computer and modem, the
               phone number to which the BBS is connected. After
               "logging in" by supplying a valid user name and pass-
               word, the user can leave messages to other users of the
               system.  These messages are not private and anyone
               calling the BBS can freely read and respond to them.

^



                                                                    14

               publication is written and distributed by a group known

               as "The Legion of Doom/Legion of Hackers" (LoD/H).  It

               is available in electronic format (a computer text

               file) and contains highly technical information on

               computer operating systems. As of this writing, three

               issues have been published.

                    PHRACK Inc.:  Phrack Inc is a newsletter that

               contains various articles, written by different

               authors, and "published" under one banner.  Phrack

               Inc's first issue was released in 1985, making it the

               oldest of the electronically distributed underground

               publications.  CU participants are invited to submit

               articles to the editors, who release a new issue when a

               sufficient number (about nine) of acceptable pieces

               have been gathered. Phrack also features a lengthy

               "World News" with stories about hackers who have been

               apprehended and interviews with various members of the

               underground. As of this writing twenty-seven issues of

               Phrack, have been published.

                    Phreakers/Hackers Underground Network (P/Hun):

               Like Phrack, P/Hun collects articles from various

               authors and releases them as one issue.  Three issues

               have been published to date.

                    Activist Times, Incorporated (ATI): Unlike the

               other electronically distributed publications, ATI does
^



                                                                    15

               not limit itself to strictly computer/telephone news.

               Articles normally include commentary on world and

               government events, and other "general interest" topics.

               ATI issues are generally small and consist of articles

               written by a core group of four to seven people.

               Unlike the publications discussed thus far, ATI is

               available in printed "hard copy" form by sending

               postage reimbursement to the editor.  ATI is currently

               on their 38th issue.

                    2600 Magazine:  Published in a traditional

               (printed) magazine format, 2600 (named for the

               frequency tone used to make free long distance phone

               calls) is arguably an "underground" publication as it

               is available on some newsstands and at some libraries.

               Begun in 1987 as a monthly magazine, it is now

               published quarterly. Subscription rates are $25.00 a

               year with a complete back-issue selection available.

               The magazine specializes in publishing technical

               information on telephone switching systems, satellite

               descrambling codes, and news about the computer

               underground.

                    TAP/YIPL: First established in 1972 as YIPL (Youth

               International Party Line), this publication soon

               changed its name to TAP (Technical Assistance Party).

               Co-founded by Abbie Hoffman, it is generally recognized
^



                                                                    16

               as the grandfather of computer underground

               publications.  Publication of the 2-4 page newsletter

               has been very sporadic over the years, and currently

               two different versions of TAP, each published in

               different areas of the country, are in circulation.

                    Utilizing a data set that consists of current

               message logs, old messages logs, and various CU

               publications yields a reasonably rich collection from

               which to draw the analysis.  Examination of the older

               logs and publications shows that while the actors have

               changed over the years, cultural norms and

               characteristics have remained consistent over time.
^



                                                                    17





                          What is the Computer Underground?

                    Defining the "computer underground" can be

               difficult. The sociologist soon finds that there are

               several competing definitions of computer underground

               activity.  Those who have written on the subject, the

               media, criminologists, computer programmers, social

               control agents, and CU participants themselves, have

               adopted definitions consistent with their own social

               positions and perspectives. Not surprisingly, these

               definitions rarely correspond. Therefore, before

               discussing the organization of the computer

               underground, it is necessary to discuss and compare the

               various definitions.  This will illustrate the range of

               beliefs about CU activity, and provide a springboard

               for the discussion of types of roles and activities

               found in the underground.

                    We begin with a discussion of the media image of

               computer hackers. The media's concept of "hackers" is

               important because the criminalization of the activity

               has largely occurred as the result of media drama-

               tization of the "problem" (Hollinger and Lanza-Kaduce,

               1988). In fact, it was a collection of newspaper and

               film clips that was presented to the United States

               Congress during legislative debates as evidence of the
^



                                                                    18

               computer hacking problem (Hollinger and Lanza-Kaduce,

               1988, p.107).  Unfortunately, the media assessment of

               the computer underground displays a naive understanding

               of CU activity.

                    The media generally makes little distinction

               between different types of CU activity. Most any

               computer-related crime activity can be attributed to

               "hackers."  Everything from embezzlement to computer

               viruses have, at one time or another, been attributed

               to them. Additionally, hackers are often described as

               being sociopathic or malicious, creating a media image

               of the computer underground that may exaggerate their

               propensity for doing damage.

                    The labeling of hackers as being "evil" is well

               illustrated by two recent media examples. The first is

               from Eddie Schwartz, a WGN-Radio talk show host. Here

               Schwartz is addressing "Anna," a self-identified hacker

               that has phoned into the show:

                    You know what Anna, you know what disturbs
                    me? You don't sound like a stupid person but
                    you represent a . . . a . . . a . . . lack of
                    morality that disturbs me greatly. You really
                    do. I think you represent a certain way of
                    thinking that is morally bankrupt. And I'm
                    not trying to offend you, but I . . . I'm
                    offended by you! (WGN Radio, 1988)

                    Just two months later, NBC-TV's "Hour Magazine"

               featured a segment on "computer crime."  In this

               example, Jay Bloombecker, director of the National
^



                                                                    19

               Center for Computer Crime Data, discusses the "hacker

               problem" with the host of the show, Gary Collins.

                    Collins: . . . are they %hackers% malicious
                    in intent, or are they simply out to prove,
                    ah, a certain machismo amongst their peers?

                    Bloombecker: I think so. I've talked about
                    "modem macho" as one explanation for what's
                    being done. And a lot of the cases seem to
                    involve %proving% %sic% that he . . . can do
                    something really spiffy with computers. But,
                    some of the cases are so evil, like causing
                    so many computers to break, they can't look
                    at that as just trying to prove that you're
                    better than other people.

                    GC: So that's just some of it, some kind of
                    "bet" against the computer industry, or
                    against the company.

                    JB: No, I think it's more than just
                    rottenness. And like someone who uses
                    graffiti doesn't care too much whose building
                    it is, they just want to be destructive.

                    GC: You're talking about a sociopath in
                    control of a computer!

                    JB: Ah, lots of computers, because there's
                    thousands, or tens of thousands %of hackers%
                    (NBC-TV, 1988).


                    The media image of computer hackers, and thus all

               members of the computer underground, is burdened with

               value-laden assumptions about their psychological

               makeup, and focuses almost entirely upon the morality

               of their actions.  Additionally, since media stories

               are taken from the accounts of police blotters,

               security personnel, and hackers who have been caught,

               each of whom have different perspectives and
^



                                                                    20

               definitions of their own, the media definition, if not

               inherently biased, is at best inconsistent.

                    Criminologists, by way of contrast, have done

               little to define the computer underground from a

               sociological perspective.  Those criminological

               definitions that do exist are less judgmental than the

               media image, but no more precise. Labels of

               "electronic trespassers" (Parker, 1983), and

               "electronic vandals" (Bequai, 1987) have both been

               applied to hackers.  Both terms, while acknowledging

               that "hacking" is deviant, shy away from labeling it as

               "criminal" or sociopathic behavior.  Yet despite this

               seemingly non-judgmental approach to the computer

               underground, both Parker and Bequai have testified

               before Congress, on behalf of the computer security in-

               dustry, on the "danger" of computer hackers.

               Unfortunately, their "expert" testimony was largely

               based on information culled from newspaper stories, the

               objectiveness of which has been seriously questioned

               (Hollinger and Lanza-Kaduce 1988 p.105).

                    Computer security specialists, on the other hand,

               are often quick to identify CU participants as part of

               the criminal element. Correspondingly, some reject the

               notion that there are different roles and motivations

               among computer underground participants and thereby
^



                                                                    21

               refuse to define just what it is that a "hacker" or

               "phreaker" does.  John Maxfield, a "hacker expert,"

               suggests that differentiating between "hackers" and

               "phone phreaks" is a moot point, preferring instead

               that they all just be called "criminals" (WGN-Radio.

               Sept 28, 1988).

                    The reluctance or inability to differentiate

               between roles and activities in the computer

               underground, as exhibited in the media and computer

               security firms, creates an ambiguous definition of

               "hacker" that possesses  two extremes: the modern-day

               bank robber at one end, the trespassing teenager at the

               other.  Thus, most any criminal or mischievous act that

               involves computers can be attributed to "hackers,"2

               regardless of the nature of the crime.

                    Further compounding the inconsistent use of

               "hacker" is the evolution of meaning that the word has

               undergone.   "Hacker" was first  applied to computer

               related activities when it was used by programmers in

               the late 1950's.  At that time it referred to the

               pioneering researchers, such as those at M.I.T., who
               ____________________

                    2 During the WGN-Radio show on computer crime one
               caller, who was experiencing a malfunctioning phone
               that would "chirp" occasionally while hung up, believed
               that "computer hackers" were responsible for the
               problem.  The panel assured her that it was unrelated
               to CU activity.

^



                                                                    22

               were constantly adjusting and experimenting with the

               new technology (Levy, 1984. p.7).  A "hacker" in this

               context refers to an unorthodox, yet talented,

               professional programmer. This use of the term still

               exits today, though it is largely limited to

               professional computing circles.

                    Another definition of "hacker" refers to one who

               obtains unauthorized, if not illegal, access to

               computer systems and networks.  This definition was

               popularized by the movie War Games and, generally

               speaking, is the one used by the media.3 It is also the

               definition favored by the computer underground.

                    Both the members of the computer underground and

               computer programmers claim ownership of "hacker," and

               each defend the "proper" use of term.  The computer

               professionals maintain that using "hackers" (or

               "hacking") to refer to any illegal or illicit activity

               is a corruption of the "true" meaning of the word.  Bob

               Bickford, a professional programmer who has organized

               several programmer conferences, explains:
               ____________________

                    3 This is not always true of course.  The AP
               Stylebook has yet to specify how "hacker" should be
               used.  A recent  Associated Press story featured a
               computer professional explaining that a "real hacker"
               would never do anything illegal.  Yet just a few weeks
               later Associated Press distributed stories proclaiming
               that West German "hackers" had broken into US Defense
               Department computer systems.

^



                                                                    23

                    At the most recent conference %called
                    "Hackers 4.0"% we had 200 of the most
                    brilliant computer professionals in the world
                    together for one weekend; this crowd included
                    several PhD's, several presidents of
                    companies (including large companies, such as
                    Pixar), and various artists, writers,
                    engineers, and programmers.  These people all
                    consider themselves Hackers: all derive great
                    joy from their work, from finding ways around
                    problems and limits, from creating rather
                    than destroying.  It would be a great
                    disservice to these people, and the thousands
                    of professionals like them, to let some
                    pathetic teenaged criminals destroy the one
                    word which captures their style of
                    interaction with the universe: Hackers
                    (Bickford, 1988).

                    Participants in the computer underground also

               object to the "misuse" of the term. Their objection

               centers around the indiscriminate use of the word to

               refer to computer related crime in general and not,

               specifically, the activities of the computer

               underground:

                    Whenever the slightest little thing happens
                    involving computer security, or the breach
                    thereof, the media goes fucking bat shit and
                    points all their fingers at us 'nasty
                    hackers.' They're so damned ignorant it's
                    sick (EN, message log, 1988).

                    . . . whenever the media happens upon
                    anything that involves malicious computer use
                    it's the "HACKERS."  The word is a catch
                    phrase it makes mom drop the dishes and watch
                    the TV.  They use the word because not only
                    they don't really know the meaning but they
                    have lack of a word to describe the
                    perpetrator.  That's why hacker has such a
                    bad name, its always associated with evil
                    things and such (PA, message log, 1988).

                    I never seen a phreaker called a phreaker
^



                                                                    24

                    when caught and he's printed in the
                    newspaper. You always see them "Hacker caught
                    in telephone fraud."  "Hacker defrauds old
                    man with phone calling card." What someone
                    should do is tell the fucken (sic) media to
                    get it straight (TP2, message log, 1988).


                    Obviously the CU and computer professional

               definitions of "hacker" refer to different social

               groups.  As Best and Luckenbill (1982, p. 39) observe:

               "Every social group modifies the basic language to fit

               its own circumstance, creating new words or using

               ordinary words in special ways."  Which definition, if

               either, will come into widespread use remains to be

               seen.  However, since computer break-ins are likely to

               receive more media attention than clever feats of

               programming, the CU definition is likely to dominate

               simply by being used more often.4  But as long as the

               two definitions do exist there will be confusion unless

               writers and researchers adequately specify the group

               under discussion.  For this reason, I suggest that

               sociologists, and criminologists in particular, adopt

               the "underground" definition for consistency and
               ____________________

                    4 Another factor may be the adoption  of a close
               proximity to the underground definition being included
               in the 1986 edition of Webster's New World dictionary:
                    hack.er n. 1. a person who hacks 2. an unskilled
               golfer, tennis player, etc. 3. a talented amateur user
               of computers, specif. one who attempts to gain
               unauthorized access to files.

^



                                                                    25

               accuracy when speaking of the actions of CU

               participants.

                    While it is recognized that computer hacking is a

               relatively new phenomenon, the indiscriminant use of

               the term to refer to many different forms of unorthodox

               computer use has been counterproductive to

               understanding the extent of the activity. To avoid this

               a "computer hacker" should be defined as an individual,

               associated with the computer underground, who

               specializes in obtaining unauthorized access to

               computer systems.  A "phone phreak" in an individual,

               associated with the computer underground, who

               specializes in obtaining unauthorized information about

               the phone system.  A "software pirate" is an

               individual, associated with the computer underground,

               who distributes or collects copyrighted computer

               software. These definitions have been derived from the

               data, instead of relying upon those who defend the

               "integrity" of the original meanings, or those who are

               unfamiliar with the culture.
^



                                                                    26





                       Topography of the Computer Underground

                    Having defined the three main roles in the

               computer underground, it is necessary to examine each

               activity separately in order to provide a general

               typology of the computer underground.  In doing so, the

               ways in which each contributes to the culture as a

               whole will be illustrated, and the divisions between

               them that affect the overall organization will be

               developed. Analysis of these roles and divisions is

               crucial to understanding identity, access, and mobility

               within the culture.



               Hacking

                    In the vernacular of the computer underground,

               "hacking" refers to gaining access and exploring

               computer systems and networks. "Hacking" encompasses

               both the act and the methods used to obtain valid user

               accounts on computer systems.

                      "Hacking" also refers to the activity that

               occurs once access to another computer has been

               obtained. Since the system is being used without

               authorization, the hacker does not, generally speaking,

               have access to the usual operating manuals and other

               resources that are available to legitimate users.
^



                                                                    27

               Therefore, the hacker must experiment with commands and

               explore various files in order to understand and

               effectively use the system.  The goal here is to

               explore and experiment with the system that has been

               entered. By examining files and, perhaps, by a little

               clever programming, the hacker may be able to obtain

               protected information or more powerful access

               privileges.5



               Phreaking

                    Another role in the computer underground is that

               of the "phone phreak."  Phone phreaking, usually called

               just "phreaking," was widely publicized when the

               exploits of John "Cap'n Crunch" Draper, the "father of

               phreaking," were publicized in a 1971 Esquire magazine

               article.

                    The term "phreaking" encompasses several different

               means of circumventing  the billing mechanisms of

               telephone companies.  By using these methods, long-
               ____________________

                    5 Contrary to the image sometimes perpetuated by
               computer security consultants, the data indicate that
               hackers refrain from deliberately destroying data or
               otherwise damaging the system.  Doing so would conflict
               with their instrumental goal of blending in with the
               average user so as not to attract undue attention to
               their presence and cause the account to be deleted.
               After spending what may be a substantial amount of time
               obtaining a high access  account, the hacker places a
               high priority on not being discovered using it.

^



                                                                    28

               distance phone calls can be placed without cost. In

               many cases the methods also prevent, or at least

               inhibit, the possibility of calls being traced to their

               source thereby helping the phreaker to avoid being

               caught.

                    Early phreaking methods involved electro-

               mechanical devices that generated key tones, or altered

               line voltages in certain ways as to trick the

               mechanical switches of the phone company into

               connecting calls without charging.  However the advent

               of computerized telephone-switching systems largely

               made these devices obsolete.  In order to continue

               their practice the phreaks have had to learn hacking

               skills:6

                    Phreaking and hacking have just recently
                    merged, because now, the telephone companies
                    are using computers to operate their network.
                    So, in order to learn more about these
                    computers in relation to the network, phreaks
                    have learned hacking skills, and can now
                    program, and get around inside the machines
                    (AF, message log, 1988).

                    For most members of the computer underground,

               phreaking is simply a tool that allows them to call

               long distance without amassing enormous phone bills.
               ____________________

                    6 Because the two activities are so closely
               related, with phreakers learning hacking skills and
               hackers breaking into "telco" computers, reference is
               usually made to phreak/hacking or "p/hackers."  This
               paper follows this convention.

^



                                                                    29

               Those who have a deeper and more technically oriented

               interest in the "telco" (telephone company) are known

               as phreakers. They, like the hackers discussed earlier,

               desire to master and explore a system that few

               outsiders really understand:

                    The phone system is the most interesting,
                    fascinating thing that I know of. There is so
                    much to know. Even phreaks have their own
                    areas of knowledge.  There is so much to know
                    that  one phreak could know something fairly
                    important and the next  phreak not.  The next
                    phreak might know ten things that the  first
                    phreak doesn't though. It all depends upon
                    where and  how they get their info.  I myself
                    %sic% would like to work for the telco, doing
                    something interesting, like programming a
                    switch. Something that isn't slave labor
                    bullshit. Something that you enjoy, but have
                    to take risks in order to participate unless
                    you are lucky enough to work for the telco.
                    To have access to telco things, manuals, etc
                    would be great (DP, message log, 1988).

                    Phreaking involves having the dedication to
                    commit yourself to learning as much about the
                    phone system/network as possible. Since most
                    of this information is not made public,
                    phreaks have to resort to legally
                    questionable means to obtain the knowledge
                    they want (TP2, message log, 1988).



                    Most members of the underground do not approach

               the telephone system with such passion. Many hackers

               are interested in the phone system solely to the extent

               that they can exploit its weaknesses and pursue other

               goals.  In this case, phreaking becomes a means and not

               a pursuit unto itself. Another individual, one who
^



                                                                    30

               identifies himself as a hacker, explains:

                    I know very little about phones . . . I just
                    hack. See, I can't exactly call these numbers
                    direct.  A lot of people are in the same
                    boat.  In my case, phreaking is a tool, an
                    often used one, but nonetheless a tool (TU,
                    message log, 1988).


                    In the world of the computer underground, the

               ability to "phreak a call" is taken for granted.  The

               invention of the telephone credit card has opened the

               door to wide-scale phreaking.  With these cards, no

               special knowledge or equipment is required to phreak a

               call, only valid credit card numbers, known as "codez,"

               are needed to call any location in the world.  This

               easy access to free long-distance service is

               instrumental for maintaining contact with CU

               participants scattered across the nation.



               Pirating

                    The third major role in the computer underground

               is that of the software pirate.  Software piracy refers

               to the unauthorized copying and distribution of copy-

               righted software.  This activity centers around

               computer bulletin board systems that specialize in

               "warez."7   There pirates can contribute and share
               ____________________

                    7 "Warez" is a common underground term that refers
               to pirated software.

^



                                                                    31

               copies of commercial software. Having access to these

               systems (usually obtained by contributing a copyrighted

               program via a telephone modem) allows the pirate to

               copy, or "download," between two to six programs that

               others have contributed.

                    Software piracy is a growing concern among

               software publishing companies. Some contend that the

               illegal copying of software programs costs the industry

               billions of dollars in lost revenues. Pirates challenge

               this, and claim that in many ways pirating is a hobby,

               much like collecting stamps or baseball cards, and

               their participation actually induces them to spend more

               on software than they would otherwise, even to the

               point of buying software they don't truly need:

                    There's a certain sense of, ahh, satisfaction
                    in having the latest program, or being the
                    first to upload a program on the "want list."
                    I just like to play around with them, see
                    what they can do. If I like something, I'll
                    buy it, or try out several programs like it,
                    then buy one. In fact, if I wasn't pirating,
                    I wouldn't buy any warez, because some of
                    these I buy I do for uploading or just for
                    the fun of it. So I figure the software
                    companies are making money off me, and this
                    is pretty much the same for all the really
                    elite boards, the ones that have the best and
                    most programs. . . . I just bought a $117.
                    program, an accounting program, and I have
                    absolutely no use for it. It's for small
                    businesses.  I thought maybe it would auto-
                    write checks, but it's really a bit too high
                    powered for me. I thought it would be fun to
                    trade to some other boards, but I learned a
                    lot from just looking at it (JX, field notes,
                    1989).
^



                                                                    32


                    Pirates and phreak/hackers do not necessarily

               support the activities of each other, and there is

               distrust and misunderstanding between the two groups.

               At least part of this distrust lies in the

               phreak/hacker perception that piracy is an unskilled

               activity.8  While p/hackers probably don't disapprove

               of piracy as an activity, they nevertheless tend to

               avoid pirate bulletin board systems --partly because

               there is little pertinent phreak/hack information

               contained on them, and partly because of the belief

               that pirates indiscriminately abuse the telephone

               network in pursuit of the latest computer game.  One

               hacker illustrates this belief by theorizing that

               pirates are responsible for a large part of telephone

               credit card fraud.

                    The media claims that it is solely hackers
                    who are responsible for losses pertaining to
                    large telecommunication companies and long
                    distance services.  This is not the case.  We
                    are %hackers% but a small portion of these
                    losses.  The rest are caused by pirates and
                    thieves who sell these codes to people on the
                    street (AF, message log, 1988).

                    Other hackers complained that uploading large
               ____________________

                    8 A possible exception to this are those pirates
               that have the programming skills needed to remove copy
               protection from software.  By removing the program code
               that inhibits duplicate copies from being made these
               individuals, known as "crackers," contribute greatly to
               the easy distribution of "warez."

^



                                                                    33

               programs frequently takes several hours to complete,

               and it is pirate calls, not the ones placed by "tele-

               communications enthusiasts" (a popular euphemism for

               phreakers and hackers) that cost the telephone industry

               large sums of money. However, the data do not support

               the assertation that all pirates phreak their calls.

               Phreaking is considered "very tacky" among elite

               pirates, and system operators (Sysops) of pirate

               bulletin boards discourage phreaked calls because it

               draws attention to the system when the call is

               discovered by the telephone company.

                    Regardless of whether it is the lack of phreak/

               hack skills, the reputation for abusing the network, or

               some other reason, there is indeed a certain amount of

               division between the world of phreakers and hackers and

               that of pirates. The two communities co-exist and share

               resources and methods, but function separately.


^



                                                                    34





                    Social Organization and Deviant Associations

                    Having outlined and defined the activities of the

               computer underground, the question of social

               organization can be addressed.  Joel Best and David

               Luckenbill (1982) have developed a typology for

               identifying the social organization of deviant

               associations.  Essentially they state that deviant

               organizations, regardless of their actual type of

               deviance, will vary in the complexity of their division

               of labor, coordination among organization roles, and

               the purposiveness with which they attempt to achieve

               their goals.  Those organizations which display high

               levels in each of these categories are more

               sophisticated than those with lower levels.

                    Deviants relations with one another can be
                    arrayed along the dimension of organizational
                    sophistication. Beginning with the least
                    sophisticated form, %we% discuss five forms
                    of the social organization of deviants:
                    loners, colleagues, peers, mobs, and formal
                    organizations.  These organization forms are
                    defined in terms of four variables: whether
                    the deviants associate with one another;
                    whether they participate in deviance
                    together; whether their deviance requires an
                    elaborate division of labor; and whether
                    their organization's activities extend over
                    time and space (Best and Luckenbill, 1982,
                    p.24).

               These four variables, also known as mutual association,

               mutual participation, elaborate division of labor, and
^



                                                                    35

               extended organization, are indicators of the social

               organization of deviant groups. The following, taken

               from Best and Luckenbill, illustrates:

               FORM OF       MUTUAL    MUTUAL      DIVISION  EXTENDED
               ORGAN-        ASSOCIA-  PARTICIPA-  OF        ORGAN-
               IZATION       TION      TION        LABOR     IZATION
               -----------------------------------------------------
               Loners         no        no          no        no
               Colleagues     yes       no          no        no
               Peers          yes       yes         no        no
               Mobs           yes       yes         yes       no
               Formal
               Organizations  yes       yes         yes       yes
               _____________________________________________________
                                                       (1982, p.25)


                    Loners do not associate with other deviants,
                    participate in shared deviance, have a
                    division of labor, or maintain their deviance
                    over extended time and space.  Colleagues
                    differ from loners because they associate
                    with fellow deviants. Peers not only
                    associate with one another, but also
                    participate in deviance together.  In mobs,
                    this shared participation requires an
                    elaborate division of labor.  Finally, formal
                    organizations involve mutual association,
                    mutual participation, an elaborate division
                    of labor, and deviant activities extended
                    over time and space (Best and Luckenbill,
                    1982, pp.24-25).

                    The five forms of organizations are presented as

               ideal types, and "organizational sophistication" should

               be regarded as forming a continuum with groups located

               at various points along the range (Best and Luckenbill,

               1982, p.25).  With these two caveats in mind, we begin

               to examine the computer underground in terms of each of
^



                                                                    36

               the four organizational variables. The first level,

               mutual association, is addressed in the following

               section.


^



                                                                    37





                                 Mutual Association

                    Mutual association is an indicator of

               organizational sophistication in deviant associations.

               Its presence in the computer underground indicates that

               on a social organization level phreak/hackers act as

               "colleagues."  Best and Luckenbill discuss the

               advantages of mutual association for unconventional

               groups:

                    The more sophisticated the form of
                    organization, the more likely the deviants
                    can help one another with their problems.
                    Deviants help one another in many ways: by
                    teaching each other deviant skills and a
                    deviant ideology; by working together to
                    carry out complicated tasks; by giving each
                    other sociable contacts and moral support; by
                    supplying one another with deviant equipment;
                    by protecting each other from the
                    authorities; and so forth.  Just as  %others%
                    rely on one another in the course of everyday
                    life, deviants find it easier to cope with
                    practical problems when they have the help of
                    deviant associates (1982,pp.27-28).


                    Hackers, phreakers, and pirates face practical

               problems. For example, in order to pursue their

               activities they require  equipment9 and knowledge.  The
               ____________________

                    9 The basic equipment consists of a modem, phone
               line, and a computer -- all items that are available
               through legitimate channels.  It is the way the
               equipment is used, and the associated knowledge that is
               required, that distinguishes hackers from other
               computer users.

^



                                                                    38

               problem of acquiring the latter must be solved and,

               additionally, they must devise ways to prevent

               discovery , apprehension and sanctioning by social

               control agents.10

                    One method of solving these problems is to turn to

               other CU members for help and support.  Various means

               of communication have been established that allow

               individuals to interact regardless of their location.

               As might be expected, the communication channels used

               by the CU reflect their interest and ability in high-

               technology, but the technical aspects of these methods

               should not overshadow the mutual association that they

               support.  This section examines the structure  of

               mutual association within the computer underground.














               ____________________



                    10 Telephone company security personnel, local law
               enforcement, FBI, and Secret Service agents have all
               been involved in apprehending hackers.

^



                                                                    39





                      The Structure of the Computer Underground

                    Both computer underground communities, the

               p/hackers and the pirates, depend on communications

               technology to provide meeting places for social and

               "occupational" exchanges.  However, phreakers, hackers,

               and pirates are widely dispersed across the country

               and, in many cases, the globe.  In order for the

               communication to be organized and available to

               participants in many time zones and "working" under

               different schedules, centralized points of information

               distribution are required.  Several existing

               technologies --computer bulletin boards, voice mail

               boxes, "chat" lines, and telephone bridges/loops --

               have been adopted by the CU for use as communication

               points. Each of these technologies will be addressed in

               turn, giving cultural insight into CU activities, and

               illustrating mutual association among CU participants.



               Bulletin Board Systems

                    Communication in the computer underground takes

               place largely at night, and primarily through Bulletin

               Board Systems (BBS).  By calling these systems and

               "logging on" with an account and password individuals

               can leave messages to each other, download files and
^



                                                                    40

               programs, and, depending on the number of phone lines

               into the system, type messages to other users that may

               be logged on at the same time.

                    Computer Bulletin Board Systems, or "boards,"  are

               quite common in this computerized age.  Nearly every

               medium-sized city or town has at least one. But not all

               BBS are part of the computer underground culture.  In

               fact, many systems prohibit users from discussing CU

               related activity.  However, since all bulletin boards

               systems essentially function alike it is only the

               content, users, and CU culture that distinguish an

               "underground" from a "legitimate" bulletin board.

                    Computer Underground BBS are generally owned and

               operated by a single person (known as the "system

               operator" or "sysop"). Typically setup in a spare

               bedroom, the costs of running the system are paid by

               the sysop, though some boards solicit donations from

               users. The sysop maintains the board and allocates

               accounts to people who call the system.

                    It is difficult to assess the number of

               underground bulletin boards in operation at any one

               time. BBS in general are transitory in nature, and CU

               boards are no exception to this. Since they are

               operated by private individuals, they are often set up

               and closed down at the whim of the operator. A week
^



                                                                    41

               that sees two new boards come online may also see

               another close down.  A "lifetime" of anywhere from 1

               month to 1-1/2 years is common for pirate and

               phreak/hack boards.11   One BBS, claimed to be the

               "busiest phreak/hack board in the country" at the

               time,12 operated for less than one year and was

               suddenly closed when the operator was laid off work.

                    Further compounding the difficulty of estimating

               the number of CU boards is their "underground" status.

               CU systems do not typically publicize their existence.

               However, once access to one has been achieved, it is

               easy to learn of other systems by asking users for the

               phone numbers.  Additionally, most BBS maintain lists

               of other boards that users can download or read. So it

               is possible, despite the difficulties, to get a feel

               for the number of CU boards in operation.    Pirate

               boards are the most common of "underground" BBS.  While

               there is no national "directory" of pirate boards,

               there are several listings of numbers for specific
               ____________________

                    11 While some non-CU BBS' have been operating
               since 1981, the longest operating phreak/hack board has
               only been in operation since 1984.


                    12 At it's peak this p/h board was receiving 1000
               calls a month and supported a community of 167 users
               (TP BBS, message log, 1989).

^



                                                                    42

               computer brands.13  One list of Apple pirate boards has

               700 entries. Another, for IBM boards, lists just over

               500.  While there is no way of determining if these

               lists are comprehensive, they provide a minimum

               estimate. Pirate boards for systems other than IBM or

               Apple seem to exhibit similar numbers. David Small, a

               software developer that has taken an aggressive stance

               in closing down pirate boards, estimates that there are

               two thousand in existence at any one time (1988).

               Based on the boards discovered in the course of this

               research, and working from an assumption that each of

               the four major brands of microcomputers have equal

               numbers of pirate boards, two thousand is a reasonable

               estimate.

                    The phreak/hack BBS community is not divided by

               differing brands of micro-computers.  The applicability

               of phreak/hack information to a wide range of systems

               does not require the specialization that pirate boards

               exhibit.  This makes it easier to estimate the number

               of systems in this category.

                    John Maxfield, a computer security consultant, has

               asserted that there are "thousands" of phreak/hack
               ____________________

                    13 Pirate boards are normally "system specific" in
               that they only support one brand or model of
               microcomputer.

^



                                                                    43

               boards in existence (WGN-Radio, November 1988).  The

               data, however, do not confirm this.  A list of

               phreak/hack boards compiled by asking active p/hackers

               and downloading BBS lists from known phreak/hack

               boards, indicates that there are probably no more than

               one hundred.  Experienced phreak/hackers say that the

               quality of these boards varies greatly, and of those

               that are in operation today only a few (less than ten)

               attract the active and knowledgeable user.

                    Right after "War Games" came out there must
                    have been hundreds of hacker bulletin boards
                    spring up. But 99% of those were lame. Just a
                    bunch of dumb kids that saw the movie and
                    spent all there %sic% time asking "anyone got
                    any k00l numberz?" instead of actually
                    hacking on anything. But for a while there
                    was %sic% maybe ten systems worth calling . .
                    . where you could actually learn something
                    and talk to people who knew what was going
                    Nowadays %sic% there are maybe three that I
                    consider good . . . and about four or five
                    others that are okay.  The problem is that
                    anybody can set up a board with a k-rad name
                    and call it a hacker board and the media/feds
                    will consider it one if it gets busted. But
                    it never really was worth a shit from the
                    beginning.(TP2, field notes, 1989)


                    Towards a BBS Culture.  Defining and identifying

               CU boards can be problematic.  The lack of an ideal

               type undoubtedly contributes to the varying estimates

               of the number of CU bulletin board systems. While

               developing such a typology is not the intent of this

               work, it is appropriate to examine the activities and
^



                                                                    44

               characteristics exhibited by BBS supporting the pirate

               and phreak/hack communities.  While much of the culture

               of pirate and phreak/hack worlds overlap, there are

               some differences in terms of how the BBS medium is used

               to serve their interests. We begin with a short

               discussion of the differences between the two

               communities, then discuss cultural characteristics

               common to all CU BBS systems.

                    All BBS feature a "files area" where programs and

               text files are available for downloading by users.

               Initially these programs/files are supplied by the

               system operator, but as the board grows they are

               contributed (called "uploading") by callers. The

               content and size of the files area differs according to

               whether the board supports the pirate or phreak/hack

               community.

                    The files area on a pirate board consists

               primarily of programs and program documentation.

               Normally these programs are for only one brand of

               micro-computer (usually the same as the system is being

               run on). Text files on general or non-computer topics

               are uncommon.  A "files area" menu from a pirate BBS

               illustrates the emphasis on software:

                    %1% Documentation        %2% Telecommunications
                    %3% Misc Applications    %4% Word Processing
                    %5% Graphics             %6% Utilities
                    %7% Games 1              %8% Games 2
^



                                                                    45

                    %9% XXX Rated            %10% Elite_1
                    %11% Elite_2             %12% Super_Elite
                                      (IN BBS, message log, 1988)

                    The "files area" on a phreak/hack BBS is

               noticeably smaller than it is on pirate systems.  It

               consists primarily of instructional files (known as "g-

               files" for "general files") and copies of phreak/hack

               newsletters and journals.  Pirated commercial software

               is very rare; any programs that are available are

               usually non-copyrighted specialized programs used to

               automate the more mundane aspects of phreaking or

               hacking. It is not uncommon to find them in forms

               usable by different brands of computers.  A "files

               area" list from a phreak/hack BBS is listed here

               (edited for size):

                      Misc Stuff
                    -------------
                    BRR2    .TXT: Bell Research Report Volume II
                    BRR1    .TXT: Bell Research Report Volume I
                    CONFIDE .ARC: Confide v1.0 DES
                                  EnCryption/DeCryption
                    CNA     .TXT: A bunch of CNA numbers
                    CLIPS   .ARC: newsclippings/articles on hackers
                                  and busts
                    ESS1    .TXT: FILE DESCRIBING THE ESS1 CHIP
                    TELEPHON.TXT: NY Times Article on hackers/phreaks
                    HP-3000 .TXT: This tells a little info about hp
                    VIRUS   .TXT: Digest of PC anti-viral programs.

                    Hack/Phreak Programs
                    -----------------------
                    THIEF   .ARC: Code Thief for IBM!
                    PC-LOK11.ARC: IBM Hard Disk Lock Utility- fairly
                                  good.
                    PHONELIS.COM: Do a PHONE DIR command on VAX from
                                  DCL.
                    XMO     .FOR: VAX Xmodem Package in FORTRAN
^



                                                                    46

                    PASSWORD.ARC: IBM Password on bootup.  Not too
                                  bad.

                    Archived Gfiles
                    ----------------------
                    PHRACK15.ARC: Phrack #15
                    PHRACK10.ARC: Phrack #10
                    PHRACK20.ARC: Phrack #20
                    ATI1_6.ARC  : ATI issues one thru six
                    PHRACK5.ARC : Phrack #5
                    PHRACK25.ARC: Phrack #25
                    PHUN1.ARC   : P/Hun first issue
                    TCSJ.ARC    : Telecom Security Journal
                    ATI31.ARC   : Activist Times Inc number 31
                    LODTECH3.ARC: LoD Tech Journal three
                                         (TPP BBS, message log, 1988)

                    The difference in files area size is consistent

               with the activities of pirates and phreak/hackers.  The

               main commodity of exchange between pirates is, as

               discussed earlier, copyrighted software thus accounting

               for the heavy use of that area of the board that

               permits exchange of programs.  The phreak/hackers, on

               the other hand, primarily exchange information about

               outside systems and techniques.  Their interests are

               better served by the "message bases" of BBS.

                    The "message bases" (areas where callers leave

               messages to other users) are heavily used on

               phreak/hack systems. The  messages are not specific to

               one brand of micro-computer due to the fact that not

               all users own the same equipment. Rather than focus on

               the equipment owned by the phreak/hacker, the messages

               deal with their "targets."  Everything from

               phreak/hacking techniques to CU gossip is discussed. On
^



                                                                    47

               some boards all the messages, regardless of topic, are

               strung together in one area.  But on others there are

               separate areas dealing with specific networks and

               mainframe computers:

                    Message Boards available:

                     1 : General
                     2 : Telecommunications
                     3 : Electronics
                     4 : Packet Switched Nets
                     5 : VAX/DEC
                     6 : Unix
                     7 : Primos
                     8 : HP-x000
                     9 : Engineering
                    10 : Programming & Theory
                    11 : Phrack Inc.
                    12 : Sociological Inquiries
                    13 : Security Personnel & Discussion
                    14 : Upper Deck
                    15 : Instructors
                                       (TPP BBS, message log, 1988)


                    The pirate community, on the other hand, makes

               little use of the "message bases." Most users prefer to

               spend their time (which may be limited by the system

               operator on a per day or per call basis) uploading

               and/or downloading files rather than leaving messages

               for others.  Those messages that do exist are usually

               specific to the pirating enterprise such as help with

               programs on the board, requests for specific programs

               ("want lists"), and notices about other pirate bulletin

               boards that users may want to call. Occasional

               discussion of phreaking may occur, but the emphasis is
^



                                                                    48

               on techniques used to make free calls, not technical

               network discussions as often occurs on phreak/hack

               systems.  A list of message areas from a large pirate

               BBS illustrates the emphasis on the pirating

               enterprise.  A message area for general discussions has

               been created, but those areas devoted to pirating

               display more use:

                    Area %1% General Discussion      15 messages
                    Area %2% Pirating Only!!         75 messages
                    Area %3% Warez Wants             31 messages
                    Area %4% **private messages**    10 messages
                                     (TL BBS, message log, 1988)


                    In addition to the differences between files and

               message use on pirate and phreak/hack boards, they

               differ in degree of community cohesiveness.  Every BBS

               has a group of "users" --the people who have accounts

               on the system. The group of users that call a specific

               BBS can be considered to be a "community" of loosely

               associated individuals by virtue of their "membership"

               in the BBS.

                    Additionally, the system itself, serving either

               pirates or phreak/hackers, exists within a loose

               network of other bulletin boards that serve these same

               interests. It is within this larger community where

               pirate and phreak/hack boards seem to differ.

                    Due to the brand-specific nature of pirate boards,

               there is not a strong network between pirate BBS that
^



                                                                    49

               operate on other systems.  This is understandable as a

               pirate that owned an Apple computer would have little

               use for the programs found on an IBM board.  However,

               this creates separate communities of active pirates,

               each loosely associated with other users of their

               computer type, but with little or no contact with

               pirate communities on other systems.

                    There is, however, a degree of cohesiveness among

               pirate boards that support the same micro-computers.

               While the users may be different on systems, the data

               shows that some pirate boards are "networked" with each

               other via special software that allows messages and

               files to be automatically shared between different

               boards.  Thus a message posted on a west coast pirate

               board will be automatically copied on an east coast BBS

               later that night. In a like manner, software programs

               can be sent between "networked" boards.  The extent of

               this network is unknown.

                    The pirate BBS community also exhibits

               cohesiveness in the form of "co-sysops."  As discussed

               earlier, sysops are the system operators and usually

               owners of BBS.  On some pirate boards, "co-sysop"

               distinction is given to an operator of another board,

               often located in another state. This forms a loose

               network of "sister boards" where the sysop of one has
^



                                                                    50

               co-sysop privileges on the other.   However, this

               cooperative effort appears to be limited mainly to the

               system operators as comparing user lists from sister

               boards shows little overlap between the regular

               callers. How co-sysop positions are utilized is

               unknown, and it is suspected that they are largely

               honorary.  But nonetheless it is indicative of mutual

               association between a small number of boards.

                     The phreak/hack board community does not exhibit

               the same brand-specific division as the pirate

               community.  Unlike the divided community of pirates,

               phreak/hackers appear to maintain contacts throughout

               the country.  Obtaining and comparing user lists from

               several phreak/hack BBS reveals largely the same group

               of people using several different boards across the

               country.14 While phreak/hack boards have yet to adopt

               the "networking" software used by pirate boards, an

               active group of phreak/hackers is known to use the

               sophisticated university mainframe computer network,

               called Bitnet, to exchange phreak/hack newsletters and

               gossip.

                    Despite the operational differences between pirate
               ____________________

                    14 In fact, users lists from phreak/hack BBSs
               located in Europe and Australia show that many U.S.
               p/hackers utilize these systems as well.

^



                                                                    51

               and phreak/hack boards, their cultures are remarkably

               similar. Any discussion of the computer underground

               must include both communities.  Additionally, a

               formulation of the culture of CU BBS must address the

               means in which access to the board, and thus deviant

               associates, is obtained.

                    For a caller to successfully enter the CU BBS

               community, he must display an awareness of CU culture

               and technical skill in the CU enterprise. If the caller

               fails to exhibit cultural knowledge, then access to the

               board is unlikely to be granted.  The ways in which

               this cultural knowledge is obtained and displayed

               illustrates the social nature of the CU and further

               displays some of the subcultural norms of behavior.

                    On most "licit" (non-underground) boards,

               obtaining permission to use the system is accomplished

               by logging on and providing a name and home phone

               number to the system operator (sysop).  Sysop's

               normally do not check the validity of the information,

               and once a caller has provided it he or she is granted

               full access to the system.  There is normally one level

               of access for all users, with only the sysop having

               more "powerful" access.

                    Obtaining access to underground bulletin boards is

               more complicated and requires more steps to complete.
^



                                                                    52

               In an attempt to prevent law enforcement agents

               ("feds") from obtaining accounts on systems where

               pirates or p/hackers are vulnerable, if not to actual

               arrest, then at least to exposing their latest act-

               ivities and methods, sysop's of illicit boards attempt

               to limit access to the system.

                    One method of doing this is to restrict

               publicizing the existence of the board.  Computer

               underground BBS are not normally included in BBS

               listings found in computer books and magazines, and

               there is a norm, particularly strong on p/hack systems,

               that the boards are not to be mentioned on non-CU

               systems.  There are, however, some "entry-level" CU BBS

               that are fairly well known.  These systems are known as

               "anarchist" boards.

                    "Anarchist" boards, while exhibiting many of the

               same characteristics as pirate and phreak/hack boards,

               are really a cross between the two and serve primarily

               as social outlets for both pirates and phreak/hackers.

               The message areas on "anarchist" boards are quite

               active, "chatty" messages are not discouraged. Indeed

               there are normally  several different message areas

               devoted to a wide range of topics including everything

               from "skipping school" to "punk rock." The files area

               contains both warez (but normally only the newest
^



                                                                    53

               games, and specific to the computer system that the

               board runs on) and phreak/hack text files.  Neither

               collection is as extensive as it would be on pirate-

               only or p/hack-only systems.

                    The data suggest that one function of "anarchist"

               boards is to introduce newcomers to the culture of the

               computer underground. By acting as "feeder boards,"

               they can provide preliminary socialization and

               instruction for CU behavior and techniques.

               Additionally, "anarchist" boards frequently provide

               areas where phone numbers to pirate and p/hack systems

               can be traded, thus providing systems where more in-

               depth information, and other contacts, can be found.  A

               phreak/hacker describes how an "anarchist" board was

               instrumental in introducing him to the computer

               underground:

                    I've been phreaking and hacking for about
                    four years now.  I discovered phreaking on my
                    own at this place I used to work.  We had
                    this small LD %long distance% provider that
                    used codez so I started hacking them out and
                    calling places myself . . . but I didn't know
                    no other phreaks at that time.  Then I
                    started using the codez to call boards from
                    home on my computer. Somebody gave me the
                    number to Jack Black's Whore House %an
                    "anarchy board"% and I started learning about
                    hacking and shit from the people and philes
                    they had there. Then one day this guy, King
                    Hammer, sent me some e-mail %a private
                    message% and told me to call his system.
                    That's where I really learned my way around
                    the nets and shit.  You could ask questions
                    and people would help you out and stuff. If I
^



                                                                    54

                    hadn't found out some of the tricks that I
                    did I probably would have got busted by now.
                    (TP2, field notes, 1989)

                    Once an individual has obtained the telephone

               number to a CU BBS, through whatever channels, callers

               follow essentially the same procedure as they do on

               licit systems . . . that of calling and logging on.

               However, since "underground" boards are not truly

               underground (that is, totally secret) first-time

               callers are not given access to the board itself. When

               a user is unable to provide an already valid

               username/password, the system will automatically begin

               its registration procedure.   First, the caller is

               asked to enter a "username" (the name used by the

               system to distinguish between callers) and "phone

               number."  These first system requests, normally seen

               only as "Enter Your Name and Phone Number," serve as

               partial screens to keep out non-underground callers

               that may have happened across the board.  The way that

               a user responds to these questions indicates if they

               have cultural knowledge of the CU. The  norm is to

               enter a pseudonym and a fake phone number.15 If a
               ____________________

                    15 A functional reason for this norm is that
               usernames and telephone numbers are stored on the
               computer as part of the BBS system files.  Should the
               BBS ever be seized in legal proceedings, this list of
               names and numbers (and on some systems addresses . . .
               which are also normally false) could be used to
               identify the users of the system.

^



                                                                    55

               caller enters his or her real name (or at least a name

               that does not appear to be a pseudonym) the system

               operator will be put on guard that the caller may not

               be aware of the type of board that he has called, for

               the pseudonym is the most visible of CU cultural

               traits.

                    All members of the underground adopt "handles" to

               protect their identity.  The pseudonyms become second

               identities and are used to log onto bulletin boards,

               and as  "signatures" on messages and instructional text

               files.16  They are not unlike those adopted by

               citizens-band radio users, and reflect both the humor

               and technical orientation of computer underground

               participants.  A review of handles used by phreakers,

               hackers, and pirates finds that they fall into three

               broad categories: figures from literature, films, and

               entertainment (often science fiction); names that play

               upon computers and related technologies; and

               nouns/descriptive names.  (See Appendix A for fictional

               examples of each.)

                    After providing a user name and entering a

               ____________________



                    16 The data suggest that, on the whole,
               individuals retain their handles over time.

^



                                                                    56

               password to be used for future calls, the caller is

               asked several more questions designed to screen users

               and determine initial access privileges.  Unlike licit

               boards, underground BBS may have several different

               levels of access with only the most trusted users being

               able to read messages and get files in "elite" or "high

               access" areas that are unknown and unavailable to other

               callers.  In many cases, pirate boards are able to

               operate "above ground"  and appear to be open-public

               access systems unless callers have the proper

               privileges to access the areas where the "good stuff"

               is located.  The answers given to access questionnaires

               determine whether a caller will receive access to some,

               all, or none of the higher levels.

                    These questionnaires frequently ask for "personal

               references" and a list of other boards the caller has

               "high access" on.  The question is vague, and random

               callers are unlikely to answer it correctly.  However,

               if the caller lists pseudonyms of other CU members that

               are known and trustworthy to the sysop, as well as some

               other boards that are known to have "good users" and

               "good security" access will usually be granted.17  If

               all the answers are relevant and indicative of CU
               ____________________

                    17 The data suggest that personal references are
               only checked if something seems unusual or suspicious.

^



                                                                    57

               knowledge, then initial access is normally granted.

                    Other methods of controlling access include

               presenting a "quiz" to determine if the technical

               knowledge of the user is up to par with the expertise

               expected on the boards.18  Some systems, instead of a

               quiz, ask the user to write a short statement (100

               words or less) about why they want access, where they

               got the phone number to the system, and what they can

               provide to other users. Some pirate boards come right

               out and ask the user to supply a list of the good

               "warez" that they can upload and what they are looking

               to download. If the caller fails to list recent

               copyrighted programs then it is evident that they are

               unaware of the nature of the BBS:

                    I had this one dude call up and he told me in
                    his message that he was looking for some
                    "good games."  So instead of giving him
                    access I just left him some e-mail %a private
                    message%.  I asked what kind of games he was
                    looking for. Next time he called he wrote
                    back and said "a public domain Asteroids
                    game."  I couldn't believe it. Not only is
                    Asteroids so damn old it's lame, but this guy
                    is looking for pd %public domain% shit.  No
                    way was he going to get access. He didn't
                    even know what this board is. I left him a
                    message telling him that I didn't have one.
                    He never called back after that (CH, sysop of
                    a pirate BBS, field notes, 1988).

               ____________________

                    18 One such quiz, from a p/h board, can be found
               in Appendix B.

^



                                                                    58

                    Ironically, the pseudo-elaborate security methods

               of underground boards, while they may be effective in

               keeping off random non-CU callers, are not effective in

               screening out "feds." Data and media accounts show that

               boards are regularly infiltrated by telephone security

               personnel and software companies. Also, the adoption of

               handles to protect identities is defeated by the

               consistent use of the same handle over time. But in

               order to obtain and maintain status and prestige in the

               CU one must keep the same pseudonym in order to

               (literally) "make a name for oneself." The fact that CU

               communication is not face-to-face requires a consistent

               means of identifying oneself to others.  The handle

               fulfills this purpose but at the same time becomes as

               attached to a single individual as a real name would.

               The access rituals of the computer underground, which

               are contingent on being a "known" pirate or

               phreak/hacker, make changing handles unproductive.

                    The life blood and center of the computer under-

               ground is the bulletin board network.  Acting as both

               the main trade center of performance related tools and

               innovations and as a means of socialization, the

               underground could not exist without the BBS network.

               They serve to "recruit" and educate newcomers and

               provide a way to traffic in information and software.
^



                                                                    59

               The pirating enterprise in particular is very dependent

               upon the BBS as they are the very means by which

               "warez" are traded.  For the phreak/hacker community,

               BBS provide a means of trading the resources of system

               numbers and passwords, as well as instructional texts

               on techniques.  The access process serves as evidence

               of mutual association amongst phreakers, hackers, and

               pirates as cultural knowledge is needed as well as

               personal references (evidence of acceptance and access

               to others).

                    The CU bulletin board systems are unique in that

               they provide a way to exchange information with a large

               number of others.  The other methods of CU commun-

               ication are based on conversations rather than written

               texts and thus are much less permanent.  These methods,

               discussed next, are telephone bridges/loops, voice mail

               boxes, and computer "chat" systems.



               Bridges, Loops, and Voice Mail Boxes

                    Of the additional means of communication used by

               the CU, telephone "bridges" and "loops" are most

               common.  Unlike BBS, which require data links provided

               by a computer and modem, bridges and loops are "old

               fashioned" voice connections.  Since they can not

               accommodate the transfer of programs or files they are

               used primarily by phreakers and hackers, and most often
^



                                                                    60

               as a social/recreational outlet.

                    A "bridge" is a technical name for what is

               commonly known as a "chat line" or "conference system."

               They are familiar to the  public as the pay-

               per-minute group conversation systems advertised on

               late night television.  Many bridge systems are owned

               by large corporations who maintain them for business

               use during the day.  While the numbers to these systems

               is not public knowledge, many of them have been

               discovered by phreaks who then utilize the systems

               during the night.

                    In addition to these pre-existing conference

               systems, phreakers have become skilled at  arranging

               for a temporary, private bridge to be created via

               AT&T's conference calling facilities.  This allows for

               conversations to be held among a self-selected group of

               phreak/hackers:19

                    Bridges can be %sic% extremely useful means
                    of distributing information as long as the
                    %phone% number is not known, and you don't
                    have a bunch of children online testing out
               ____________________

                    19 The data indicates that these private
               conference calls aren't "scheduled" in any real sense.
               One p/hacker will initiate the conference and call
               others at home to add them to the conference.  As more
               people join they suggest others to add. The initiator
               can temporarily jump out of the conference, call the
               new person and solicit their attendance. If they don't
               want to join or aren't home, the initiator simply
               returns to the conference without adding them in.

^



                                                                    61

                    their DTMF.20  The last great discussion I
                    participated with over a bridge occurred
                    about 2 months ago on an AT&T Quorum where
                    all we did was engineer 3/way %calls% and
                    restrict ourselves to purely technical infor-
                    mation. We could have convinced the Quorum
                    operators that we were AT&T technicians had
                    the need occurred. Don't let the kids ruin
                    all the fun and convenience of bridges.
                    Lameness is one thing, practicality is
                    another (DC, message log, 1988).


                    In addition to setting up "private" bridges,

               p/hackers can utilize "loop lines" in a further attempt

               to limit the number of eavesdroppers on their

               conversations. Unlike bridges, which connect a

               virtually unlimited number of callers at once, "loops"

               are limited to just two people at a time.

                    "Loop lines" are actually telephone company test

               lines installed for internal use.21  A loop consists of

               two separate telephone numbers that connect only to

               each other. Each end has a separate phone number, and

               when each person calls one end, they are connected to

               each other automatically.  This allows for individuals
               ____________________

                    20 "Dual Tone Multi Frequency" or in laymen terms,
               the touch tone sounds used to dial phone numbers.


                    21 These test lines are discovered by phreaks and
               hackers by programming their home computer to dial
               numbers at random and "listen" for the distinctive tone
               that an answering loop makes, by asking sympathetic
               telephone company employees, or through information
               contained on internal company computers.

^



                                                                    62

               to hold private conversations without divulging their

               location or identity by exchanging telephone numbers.

                    Finally, voice mail boxes ("VMB") are another

               means of communicating with individual actors. There

               are several commercial voice mail box systems located

               throughout the country.  They function similar to a

               telephone answering machine in that callers can call

               in, listen to a recorded message, and then leave a

               message for the box owner. Many of these systems are

               accessible via toll-free telephone numbers. The

               security of some VMB systems is notoriously poor. Many

               phreaks have expertise in "creating" boxes for

               themselves that are unknown (until discovered) by the

               owner of the system. However, these boxes are usually

               short lived since discovery by the system operator, and

               closure of the box, is only a matter of time. But as

               long as the box is functioning, it can serve as a means

               of communicating with others.  VMB numbers are

               frequently posted on bulletin boards with invitations

               to "call if you have any good stuff."  They are often

               used by pirates to exchange messages about new releases

               of software, and by phreak/hackers to trade account and

               access numbers.  Additionally, some of the underground

               newsletters and journals obtain boxes so users can call

               in news of arrests and other gossip.
^



                                                                    63

                    Like bulletin boards, VMBs are systems that allow

               information to be disseminated to a large number of

               associates, and unlike the live telephone conversations

               of bridges and loops, they are available at any time of

               the day.  Additionally, VMB's don't require use of a

               computer and modem, only a touch tone phone is needed

               to call the box.  Their usefulness is limited somewhat

               because they play only one "outgoing" message at a

               time, and their transitory nature limits their

               reliability.



               Summary

                    Phreakers, hackers and pirates do not act as

               loners.  They have adopted existing methods of

               communication, consistent with their skills in high

               technology, to form a social network that allows for

               the exchange of information, the socialization of new

               members, socializing with others, and in the case of

               pirates, performing the "deviant" act itself via these

               means.

                    These communication points create and foster

               groups of loosely associated individuals, with specific

               interests, coming together to exchange information

               and/or software. It is impossible to be a part of the

               social network of the computer underground and be a

               loner.   Based upon the Best and Luckenbill measure,
^



                                                                    64

               actors in the computer underground, by displaying

               mutual association, organize as colleagues.

                    The social network of the computer underground

               provides the opportunity for colleagues to form

               cooperative working relationships with others, thus

               moving the CU towards a more sophisticated form of

               social organization.  These "hacker groups" are

               addressed in the next section.
^



                                                                    65





                                Mutual Participation

                    In the previous chapter the ways in which the

               structure of the computer underground fosters mutual

               association  were discussed. Their social outlets and

               means for informational exchange bring the CU community

               together as deviant colleagues.  Their relationships

               fit quite well into the Best and Luckenbill (1982)

               typology of collegial associations:

                    The relationship between deviant colleagues
                    involves limited contact.  Like loners,
                    colleagues perform their deviant acts alone.
                    But unlike loners colleagues associate with
                    one another when they are not engaged in
                    deviance . . . In effect, there is a division
                    between two settings; onstage where
                    individual performs alone; and backstage,
                    where colleagues meet (cf Goffman).  In their
                    backstage meetings, colleagues discuss
                    matters of common interest, including
                    techniques for performing effectively, common
                    problems and how to deal with them, and ways
                    of coping with the outside world (1982 p.37).

                    However, despite the advantages of collegial

               association, ties between CU participants are weak.

               Loyalty between individuals seems rare, as the CU is

               replete with tales of phreak/hackers who, when

               apprehended, expose identities or "trade secrets" in

               order to avoid prosecution.  These weak collegial ties

               may be fostered by the anonymity of CU communication

               methods, and the fact that all CU actors are, to some
^



                                                                    66

               extent, in competition with each other. There are only

               so many systems with weak security and once such a

               system is found, sharing it with others will virtually

               ensure that the hole will be sealed when the increased

               activity is noticed.  Thus while p/hackers will share

               general knowledge with each other, specific information

               is not disseminated publicly.

                    As Best and Luckenbill have observed, in order to

               remain in a collegial relationship individuals must be

               able to successfully carry out operations alone (1982

               p.45). In order to sustain a career in p/hacking one

               must pursue and collect information independent of what

               is shared on the communication channels.  Despite the

               association with other phreakers and hackers, the

               actual performance of the phreak/hacking act is a

               solitary activity.22

                    That is not to say, however, that p/hackers never

               share specific information with others.  As discussed

               earlier, p/hack bulletin board systems frequently have

               differentiated levels of access where only highly

               regarded individuals are able to leave and read

               messages. These areas are frequently used to keep
               ____________________

                    22 This does not hold true for pirates. By
               definition they must trade programs with other
               individuals.

^



                                                                    67

               information from "unskilled" users at the lower levels.

               There are strong social norms that some information

               should not be shared too widely, as it may be either

               "abused" or fall into the hands of enforcement agents.

               For example, when one p/hacker announced that he was

               going to release a tutorial on how to infiltrate a new

               telephone company computer, he received the following

               messages in reply:

                    Not smart, DT. %That computer% is a system
                    which can be quite powerful if used to its
                    potential. I don't think that information on
                    programming the switches should be released
                    to anyone. Do you realize how destructive
                    %that computer% could really be if used by
                    someone who is irresponsible and intends on
                    destroying things? Don't even think about
                    releasing that file. If you do release that
                    file, it will disappear and will no longer
                    remain in circulation. Believe me. Not many
                    have the right to know about %that computer%,
                    or any other delicate telco computers for
                    that matter. Why do you think the fucking New
                    York Times published that big article on
                    hackers screwing around with telco machines?
                    Not only will you get into a lot of trouble
                    by releasing that file on %computer%, you
                    will be making telcos more aware of what is
                    actually happening, and soon no one will be
                    able to learn about their systems. Just think
                    twice (EP, message log, 1988).

                    Why would you want normal people to have such
                    knowledge? Any why would you post about it?
                    If you have knowledge that's fine but DON'T
                    spread that knowledge among others that may
                    abuse it. It's not impressive! I don't know
                    why anyone would want to disperse that
                    knowledge. Please don't release any "in
                    depth" files on such systems of great power.
                    Keep that to yourself it will just mess it up
                    for others (UU, message log, 1988).

^



                                                                    68


                    The desire to share information with selected

               colleagues often leads to the formation of cooperative

               "working groups." These partnerships are easily formed,

               as the structure of mutual association in the CU

               creates a means where "talent" can be judged on the

               basis of past interactions, longevity in the field, and

               mutual interests. When allegiances are formed, the CU

               actors begin "mutual participating" in their acts, thus

               becoming "peers" in terms of social organization.

                    Mutual participation, as defined in the Best and

               Luckenbill typology, is exhibited by actors sharing in

               the same deviant act, in the physical presence of one

               another (1982 p.45).  However, the measurement was

               "grounded" in studies of traditional deviant

               associations (eg:  street gangs, prostitutes, etc.)

               where "real-time" interaction is common. The technology

               used by the CU negates this requirement as actors can

               be located in different parts of the country.

               Additionally, "hacking" on a system, by a group of

               peers, does not require simultaneous participation by

               all members.  However Best and Luckenbill's typology is

               an ideal type, and the activities of peers in the

               computer underground do not fall outside of the spirit

               or intention of their concept of mutual participation.

               Their description of deviant peer associations is
^



                                                                    69

               presented here:

                    Deviant peers are distinguished from
                    colleagues by their shared participation in
                    deviance.  While colleagues carry out their
                    deviant operations alone, peers commit
                    deviant acts in one another's presence.
                    Peers cooperate in carrying out deviant
                    operations, but they have a minimal division
                    of labor, with each individual making roughly
                    comparable contribution.  Peer relationships
                    also tend to be egalitarian and informal;
                    some peers may be acknowledged leaders or
                    admired for their skill, but there is no set
                    division of authority.  Like colleagues,
                    peers share subcultural knowledge, but peer
                    groups typically provide their members with
                    more support.  In addition to cooperating in
                    deviant operations, peers may recruit and
                    socialize newcomers and supply one another
                    with deviant equipment and social support.
                    Thus, the bonds between peers are stronger
                    than those linking colleagues (1982, p.45).

                    Peer associations in the CU are largely limited to

               small groups23 working on a specified goal.  Both

               pirates and p/hackers organize themselves in this

               regard, though their characteristics differ.  We begin

               with a discussion of mutual participation among

               pirates.



               Pirate Groups

                    Pirate groups are composed of less than ten
               ____________________

                    23 In terms of the ideal type for deviant peers
               any two individuals working in cooperation exhibit
               mutual participation. The discussion here addresses
               groups that consist of three or more people that
               identify themselves as a sort of "club." Short-lived
               interaction between two people is not considered a
               "group" in the CU culture.

^



                                                                    70

               members.  Their primary purpose is to obtain the latest

               software, remove any copy-protection from it, and then

               distribute it to the pirate community.  Often the

               "warez" that they distribute will be adorned with the

               group name, so subsequent users will be aware of the

               source of the software.  Many pirate groups have "home"

               BBS systems that act as key distribution points, and as

               places where outsiders can communicate with members of

               the association. This researcher was unable to obtain

               data about the internal organization of pirate groups,

               but it appears that they are leaderless, with

               individual members working alone but giving credit to

               the group as a whole.



               Phreak/hack groups

               The existence of phreak/hacker groups is well

               documented in the data, and has been heavily reported

               in the media.  Two hacker groups in particular, The

               414's (named for the Wisconsin area code in which they

               lived), and The Inner Circle, received a large amount

               of press after being apprehended for various computer

               break-ins.  However, the "threat" that such groups

               represent has probably been overstated as the data

               indicate that "hacker gangs" vary greatly in

               organization and dedication to the CU enterprise.

                    Many hacker groups are short-lived associations of
^



                                                                    71

               convenience, much like the "no girls allowed!" clubs

               formed by young boys.  They often consist of four to

               nine beginning phreak/hackers who will assist each

               other in obtaining telephone credit-card numbers. By

               pooling their resources, a large number of illicit

               "codez" can be obtained and shared with others.

               Distribution of the account numbers is not limited to

               the group, they are often shared with the community at

               large, "courtesy of Codez Kidz Ltd." Groups of this

               type are looked at with disdain by "elite"

               phreak/hackers and are often criticized as being more

               interested in self-promotion then they are with

               actually phreaking or hacking.

                    Some hacker groups are very proficient and

               dedicated to their craft, however. These groups are

               characterized by smaller memberships, less visibility

               to non-members, and commitment to the CU enterprise.

               They are loosely organized, yet some have managed to

               exist six or more years despite members dropping out or

               being arrested. These "elite" groups are selective

               about membership, and cite trust and talent as the two

               leading requirements for joining:

                    The group exists mainly for information
                    trading. If you trust everyone else in the
                    group, it is very profitable to pool
                    information on systems . . . also it is nice
                    to know someone that you can call if you need
                    help on operating system X and to have people
^



                                                                    72

                    feel free to call you if they need help on
                    operating system Y (AN, message log, 1988).

                    Trust is a very important part of a group. I
                    think that's blatantly obvious. You have to
                    be able to trust the other members of the
                    group with the information you are providing
                    in order to be productive, and have a secure
                    situation (UU, message log, 1988).

                    . . . all groups serve the same purpose: to
                    make their members feel better about
                    themselves (like, wow, I'm in a group) and to
                    trade things, whether it's wares, codes, or
                    whatever. But the thing is that being in a
                    group is like saying "I trust you, so like,
                    what can we do together?" (NN, message log,
                    1988)

                    Indeed, hacker groups are formed primarily for the

               purpose of information exchange.  To this end, groups

               attempt to recruit members with a wide variety of

               "specializations" in order to have a better support

               network to turn to:

                    %Our group% has always been very selective
                    about members (took me six years to get in).
                    The only reason the group exists is to bring
                    together a diverse group of talents. There is
                    very little overlap in %the group% these
                    days.  Everyone has one thing that they are
                    the best in the country at, and are
                    conversant with just about any other form of
                    hacking.  As an example, I got into a Primos
                    computer this morning around 9 am. Once I got
                    in, I know enough about Primos to get around,
                    but that's it. So I call %PS% in New York,
                    give him the info, and when I get home
                    tonight, he has gotten in and decrypted the
                    entire username/password file and uploaded it
                    to me.  But two weeks ago he got into a VAX.
                    He got the account to me, I called it up and
                    set up three backdoors into the system that
                    we can get in if the account is detected or
                    deleted.  Simple matter of communism.  From
                    each according to his ability . . . etc. Also
^



                                                                    73

                    it helps that everyone in the group is
                    experienced enough that they don't fuck up
                    accounts you spend all day getting (TM, field
                    notes, 1989).

                    Consistent with the Best and Luckenbill ideal

               type, hacker groups do not exhibit a set division of

               authority or labor. Most groups are leaderless, and

               every member is free to pursue their own interests,

               involving other members of the group only when desired:

                    We just got our group together.  We've got a
                    guy that does VMB's and a Sprinter %obtains
                    "codez" from U.S. Sprint% and a couple of
                    hackers.  Everybody's free to pursue whatever
                    system they want but if they want or need
                    some help they can call on any of the other
                    members if they want to. Like if one guy is
                    scanning and finds a VAX he might call and
                    give me the dialup.  Then I might have to
                    call our Sprinter to get some codez so I can
                    start hacking on it.  Once I get through I'll
                    give the account to the other members.  But
                    if I found it myself I wouldn't have to give
                    it out but I probably would anyway 'cuz
                    keeping it would be bullshit (DC, field
                    notes, 1988).

                    There isn't a leader really.  The guy who
                    starts the group sort of acts like a contact
                    point but everyone else has everyones' phone
                    number and you can call whoever you want to
                    anytime.  Usually when you're putting a group
                    together you just get everyone you want and
                    you all decide on a name. (DC, field notes,
                    1988).



               Summary

                    By virtue of the extensive social network found in

               the CU, some participants form work groups.  The

               sophistication of these groups varies, but in all cases
^



                                                                    74

               it is evident that the groups exist to support what are

               primarily individually performed activities.  The

               groups exhibit many of the ideal-type characteristics

               of peer associations, and it is clear that in some

               cases the computer underground is socially organized as

               peers.


^



                                                                    75





                                     Conclusion

                    Phreakers, hackers, and pirates do not act as

               loners.  Loners do not associate with others, and are

               on their own in coping with the practical problems

               presented by their activities (Best and Luckenbill

               1982, p.28).  From the data presented here, it is

               evident that the computer underground has established

               an extensive social network for the exchange of

               resources and mutual support.  The characteristics of

               the CU varies according to the goals of the

               participants, but the presence of mutual association is

               consistent. Contact between individuals is limited,

               with the acts of phreaking or hacking being committed

               alone.  Computer underground participants do associate

               with one another in order to discuss matters of common

               interest, such as performance techniques, news, and

               problem solving.  To facilitate this informational

               exchange, they have established a technologically

               sophisticated network that utilizes computer bulletin

               boards, voice mail boxes, telephone bridges, and

               telephone loops.

                    The collegial organization of the computer

               underground is further evidenced by the establishment

               of a CU culture. The subcultural adaptation of
^



                                                                    76

               language, expectations of normative conduct, and status

               stratification based on mastery of cultural knowledge

               and skill, all indicate that the computer underground

               is, at the very least, a social organization of

               colleagues (see Best and Luckenbill, 1982, p.37).

                    The very structure that permits mutual association

               among CU participants also encourages some to form

               working relationships, thus acting as peers by mutually

               participating in CU activities. Peers organized in this

               manner share in their deviance, organizing informally

               with little division of labor or set division of

               authority (Best and Luckenbill, 1982, p.45).  These

               peer associations provide support to members, and can

               provide socialization and recruitment functions for

               newcomers. The establishment of work groups, through

               mutual participation, indicates that though the

               computer underground is largely organized as a network

               of colleagues, it is also, to some degree, a social

               organization of peers.

                    Best and Luckenbill (1982) describe two additional

               forms of deviant associations that are more

               organizationally sophisticated than peers: "mobs" and

               "formal organizations." The computer underground,

               however, does not display the requisite characteristics

               of these organizational types.  The primary
^



                                                                    77

               characteristic of "mobs" is an elaborate division of

               labor (Best and Luckenbill, 1982, p.25).  While some CU

               groups do exhibit a rudimentary division of labor based

               on individual members' specialization, it is not by any

               means "elaborate."  Any division of labor that does

               exist is voluntary and arises on the basis of

               specialized knowledge, not a specialized organizational

               role.

                    In much the same manner the lack of a designated

               leader or leadership hierarchy prevents CU groups from

               being categorized as "formal organizations" in the Best

               and Luckenbill typology.  Deviant organizations at this

               level are quite sophisticated and there is no empirical

               evidence that the computer underground is organized in

               this manner.

                    This study of the computer underground has been a

               test of the Best and Luckenbill typology of the social

               organization of deviants.  As a test of their

               organizational indicators, the CU has shown that the

               categories are well constructed, with the possible

               exception of limiting "mutual participation" to acts

               carried out in the presence of others.  However, if we

               modify this to include non-simultaneous, but

               cooperative, acts as found in phreak/hacker groups, the

               category is otherwise robust.  The flexibility of the
^



                                                                    78

               typology, which explicitly recognizes that not all

               deviant associations will display all of the character-

               istics (Best and Luckenbill, 1982, p.25), is a strength

               that allowed it to be easily used in terms of the

               computer underground.

                    By addressing the CU from a social organizational

               viewpoint we have seen that despite the high technology

               trappings of their craft, pirates, phreakers, and

               hackers display organizational characteristics found in

               other groups that have been criminalized.  This may

               suggest that the development of sophisticated tools to

               commit "crime" does not necessarily affect the ways in

               which individuals organize their activities.

                    The implications of peer and collegial

               organization for the members of the computer

               underground are vast.  The level of sophistication has

               a direct relationship to the types of resources on

               which individuals can draw (Best and Luckenbill, 1982,

               p.54).  Because CU members are mutually associated,

               they are able to turn to colleagues for advice and

               support with various problems.  However, at the

               collegial level they are left to enact the solutions

               independently.  Whether or not they are successful in

               doing so will determine if they choose to remain active

               in the computer underground.  The data show that
^



                                                                    79

               involvement in the CU is short in duration, unless

               success in early phreak/hack attempts is obtained.  As

               long as the CU remains organized as a collection of

               colleagues, this trend will continue.  Additionally, as

               the computer and telephone industries become more

               sophisticated in preventing the unauthorized use of

               their facilities, new phreak/hackers are unlikely to

               succeed in their initial attempts at the act, thus

               dropping away from the activity and never becoming

               acculturated to the point where peer relationships can

               be developed.

                    At the peer level, a dimension of sophistication

               that some members of the CU do display, the knowledge

               and resources to solve problems and obtain resources is

               greater.  However, even at this level the ties between

               peers remain weak at best.  Although their cooperative

               ties allow for more sophisticated operations, and

               somewhat reduce the CU's vulnerability to social

               control agents (Best and Luckenbill, 1982, p.53), it

               still does not completely eliminate the need for

               individual success in order to sustain a CU career.  As

               long as the CU remains at the current level of

               organizational sophistication, with weak ties and

               somewhat limited means of support and resource

               attainment, it will continue to be a transitory and
^



                                                                    80

               limited "criminal" enterprise.

                    This realization should be considered by policy

               makers who desire to further criminalize computer

               underground activities. Given the current organization

               of the CU, the future social costs of their actions are

               not likely to expand beyond the current level.  There

               is no evidence to support assertions that the CU is

               expanding, and the insight provided here shows that it

               is not likely to do so on a large scale.

                    For sociologists, the computer underground is a

               field rich for insight into several areas of concern.

               Future research into the career path of CU members, and

               the relationships between individuals, could prove

               helpful to those interested in applying theories of

               differential association and career deviance.

               Additionally, the computer underground provides a

               unique opportunity to study the process of

               criminalization, and its effect on those who are

               engaged in the behavior.






^







                                     REFERENCES

               Best, Joel and David F. Luckenbill. 1982. Organizing
               Deviance. Englewood Cliff, New Jersey: Prentice-Hall.

               Bequai, August. 1987. Technocrimes. Lexington,
               Mass.:Lexington Books.

               Bickford, Robert. 1988. Personal communication to
               Gordon Meyer.

               Chicago Tribune. 1989. "Computer hacker, 18, gets
               prison for fraud."  Feb. 15:2,1.

               Field Notes. Interviews with phreakers, hackers, and
               pirates. Conducted from 7/88 to 4/89 (confidential
               material in authors files).

               Hollinger, Richard C. and Lonn Lanza-Kaduce. 1988. "The
               Process of  Criminalization: The Case of Computer Crime
               Laws." Criminology 26:101-126.

               Levy, Steven. 1984. Hackers: Heroes of the Computer
               Revolution. New York: Dell Publishing.

               Message Logs from a variety of computer underground
               bulletin board systems, (confidential material), 1988-
               1989.

               NBC-TV. 1988. Hour Magazine. November 23, 1988.

               Parker, Donn B. 1983. Fighting Computer Crime. New
               York: Charles Scribner's Sons.

               Rosenbaum, Ron. 1971. "Secrets of the Little Blue Box."
               Esquire October, pp. 116-125.

               Small, David. 1988. Personal communication to Gordon
               Meyer.

               WGN-Radio. 1988. Ed Schwartz Show. September 27, 1988.



^



                                                                    82






                                     APPENDIX A
                           COMPUTER UNDERGROUND PSEUDONYMS

              _________________________________________________________
              |Literature, films,|Computers &        |Nouns, titles &  |
              |and Entertainment |related technology |Descriptive names|
              ---------------------------------------------------------
              | Pink Floyd       | Mrs. Teletype     | The Professor   |
              | Hatchet Molly    | Baudy Bastard     | Perfect Asshole |
              | Jedi Knight      | Doctor Phreak     | The Messiah     |
              | King Richard     | Lord FAX          | Right Wing Fool |
              | Captain Hoga     | CNA Office        | Bed Bug         |
              | Al Crowley       | Sir Mac           | Sleepy Head     |
              | Doc Holiday      | Busy Signal       | Mean  Underwear |
              | Mr. Big Dog      | Silicon Student   | Cockroach       |
              | Robin Williams   | Fiber Cables      | Primo Bomber    |
              | Big Bird         | Phone Crasher     | The Prisoner    |
              | Cross-eyed Mary  | Doc Cryptic       | Night Lighting  |
              | Capt. America    | Apple Maniac      | No Regrets      |
              | Uncle Sam        | Fuzzy Sector      | Grounded Zero   |
              | Thumpr           | Cntrl. Alt. Del.  | Spit Wad        |
              | Little John      | Byte Ripper       | Shadow Dove     |
              ----------------------------------------------------------


^



                                                                    83





                                     APPENDIX B
                    NEW USER QUESTIONNAIRE FROM A PHREAK/HACK BBS


                    Welcome to Analog Electronics Datum System.
               Please take this time to fill out a one-time
               questionnaire that will allow us to determine your
               level of access on Analog Electronics Datum System.

                    If any question is too difficult for you to
               answer, just answer with your best guess or a simple "I
               don't know."

                    We basically have two different divisions or types
               of users on this system:

                       (1) Apple (%%,Mac), and IBM software traders
                       (2) Telecommunication hobbyists - any/all
                           computers (networks, mainframes,
                           engineering)

                    Your answers will help us decide which category
               you belong to and what access you should get on our
               system.

               * What type of computer & modem are you using to call
               this system?

               * Where did you get the phone number to Analog
               Electronics Datum System?

               * We'll need your first name and real phone # where you
               can be reached for validation purposes only, this
               information is kept in a password encoded file, on
               another computer (critical for higher validation):

               First for the FILE TRANSFER AREA ACCESS questions:

               (1) How many bits are in a nibble? (Assume 6502 micro
                   processor)

               (2) Define WORM, RAM, ROM, VDT, CRT, BPS? (Pick any 3)

               (3) What does 2400 baud mean in terms of bit transfer
                   speed?

^



                                                                    84

               (4) What is PT,MT,AE,BIN2,Ymodem Batch,BLU? (Pick any
                   4)

               (5) How many Megahertz does a standard Apple %%+ run
                   at? (rounding OK)


               Now for the TeleCommunication Questions:

               (1) Describe the Voice Transmission Use of a Loop:

               (2) If I gave you my phone #, how would you find my
                   name and address?!

               (3) Can you name any networking software operating
                   systems or protocols?

               (4) What is the highest frequency a twisted two wire
                   pair can transmit at?

               (5) We believe Phones and Computers Belong Together,
                   what do you BELIEVE?


               Ok, thanks for that info.


                  A MESSAGE FROM AL CAPONE (LOCAL) AND THE TRADER (LD)
                                      SYSTEM VALIDATORS

               -----------------------------------------------------


                    Welcome  to  ALDS!  As a new  user you have  made
               a  change  for the better in choosing this system as
               one of your places of telecommunication exchange.   In
               my  opinion, this  is one, if  not  the  best, system
               in telecommunications today as most of the good  boards
               such as Shadowspawn, Metal  Shop  Private, etc. do not
               exist anymore.  Quality users exist on this system that
               have established a reputation for themselves so
               questions you ask will be answered thoroughly and
               precisely.  We are a sponsor board of the  LOD/H
               Technical  Journal,  and  accounts  have  been
               established representing  Phrack,  Inc.  and 2600
               Magazine.  (For our software trading people, we also
               have an excellent file transfer area . . . consistent
               with the rest of the nation . . . )

                    Due to the high quality of our system, we will
^



                                                                    85

               need some additional information about you.
               Maintenance  of a high  quality system requires high
               quality users, so the first step in  this  process is
               keeping the low quality users off of the system . . .
               so please cooperate with us . . . this is for your
               benefit as well as ours.   The information you give us
               will be cross referenced with other systems for
               accuracy, and if you leave false information, you may
               suffer low access or deletion.

                    All phone number information is stored outside of
               the housing of this system inside of an encrypted,
               password locked file for your security. So if you have
               left an invalid phone #, please leave one where you can
               be reached, or someone's name and number (if possible)
               that will vouch for you.  Keep in mind this validation
               can take up to 1 week to complete due to the high
               volume of new callers to our system.

               Note: Limited system access will be granted within 24
               Hrs if all of your  info seems correct.


               Thanks in advance . . .            Bugsy Malone
                                                  The Swapper
                                               SYSOP/SYSTEM VALIDATORS


               % Bugsy Malone needs the following info: %

               (1) Your references (sysops, other users on this
                   system, other BBS).
               (2) Your interests in having access to our system.
               (3) How do you feel you can contribute to our system?
               (4) How many years of telecommunication experience do
                   you have?
               (5) Do you have any special talents in programming, or
                   operating systems?
                   If yes, then name the language(s) or operating
                   system(s).



               Enter message now, answering these questions:



               %after entering the message the BBS hangs up and the
               caller will  call back in 24 hours to see if access has
               been granted.%
^


!