'What Colour is Your Hat? From Phone Phreaking to Political Hacktivism', by Chris White

Photograph by Melissa Toh, reproduced under the Creative Commons Attribution-NonCommercial-NoDerivs 2.0 Licence.

The world of hacking is a complicated one: a community of white hats and black hats, corporate and international espionage, commercial fraud, hacktivism and ‘ratters’, organised crime, and kids mucking around on their home computers. The definition of the word ‘hacker’ itself is much debated within the community. Many distinguish between hackers, or ‘white hats’—the good guys—and crackers, or ‘black hats’—the baddies. The distinction between white hats and black hats arises from the stark similarities between the internet and the Wild West, both domains in which law enforcement and politicians have struggled to come to terms with new techniques, technologies, and even brand new crimes.

The culture of phone phreaking arose among a group of dedicated engineers and curious teenagers who sought to crack the phone system.

Hacking got its start in the late 1950s, with the rise in the United States of phone phreaking. The culture of phone phreaking arose among a group of dedicated engineers and curious teenagers who sought to crack the phone system – either to make free phone calls, or just out of curiosity. By listening to the clicks and whirrs of the telephone system, they figured out how calls were routed. They raided the garbage bins of telephone companies to find discarded technical journals, then used them to build so-called blue-boxes: clever devices that allowed the phone phreaks to imitate the mechanism that telephone companies used to route long-distance phone calls. They even—illegally—installed their own telephones on switchboards to allow greater access to the network.

Famously, at the age of seven a phone phreak who went by the handle “Joybubbles”—real name Joe Engressia—whistled into a phone line and inadvertently discovered the signal to reset long-distance telephone lines. This 2600 Hz signal could also be simulated by canaries, or with the help of toy whistles distributed in Cap’n Crunch cereal packets. Originally, however, the phreaks would hammer the hook on rotary phones at between five and ten clicks per second to dial numbers, as though the phreaker was using an old-fashioned rotary phone. Even today, this technique still works occasionally.

The exploration and exploitation of phone networks was a critical part of phreak culture, and it led directly to the emergence of hacker culture. Although the system the phreaks developed was mainly used for prank calls, a prank caller was not necessarily a phone phreak, in the same way that someone who sends out a pre-developed computer virus today is not necessarily a hacker. Other uses that phone phreaks found for the telephone network included conference calling and ‘loop arounds’, which were practically untraceable with the technology of the time. Phone phreaks would also try to find unused or abandoned answering machines and leave messages for one another.

The ‘blue box’ was an electronic device invented to mimic the signals that the telephone companies used to reset their phone lines. Blue boxes were created according to plans discovered by phreaks in technical journals which had been released in the late 50s and early 60s by the American Telephone and Telegraph Company (AT&T). Although they were intended to be read only by telephone technicians, the phreaks rescued the manuals from AT&T’s rubbish bins and university technical libraries. Once the company realised how the frequency information they had published could be used, they sent representatives out to college campuses and physically removed the relevant pages from the journals. It was, however, a case of too little, too late. While blue boxes were mostly used by phreaks, the fact that they rendered calls untraceable meant they were frequently used by criminals as well.

In a way, the blue box is a more sophisticated version of two methods that were extensively used at my boarding school to get free phone calls. The first of these involved putting a two dollar coin into the phone, then sticking a coat-hanger down the coin slot, which triggered the coin’s release. The other method was using a code which had been spotted over the shoulder of a Telstra employee, then jotted down and passed around the school. A third method existed, which was even closer to the traditional blue-box: the phreaks’ classic ‘click-the-receiver’ technique, which was fortuitously discovered by a student and used successfully on the phones inside our dorms.

Wozniak once put the system to good use, phoning the Vatican and impersonating Henry Kissenger, although the Pope was asleep.

Famous phone phreaks include such tech luminaries as Steve Jobs (handle: Oaf Tobar) and Steve Wozniak (Berkeley Blue), the founders of Apple Computer. Wozniak once put the system to good use, phoning the Vatican and impersonating Henry Kissenger, although the Pope was asleep and his minders refused to wake him to take the call.

However, the world of the phone phreaks began to disappear with the birth of the cell phone and the internet, as well as falling prices for domestic long-distance calls and an increasing risk of being caught, due to technological advances. However, the phreaks soon discovered a new outlet for their curiosity and their technical skills: computer hacking.

In June 1989, the Australian government introduced a range of new laws aimed at curbing the growing culture of internet crime. Films like War Games (1983) were shown to have increased the popularity of ‘war dialling’, a process where a computer program automatically dials a huge list of telephone numbers. The aim of war dialling was usually to discover usernames in answering machine messages, or to locate unsecured modems which might provide a back door into computer networks. The film also increased concerns that cyber-security systems might not be able to compete with the curiosity of suburban kids, leading to further concerns about the systems’ abilities to deal with threats from foreign governments or militaries. We are now seeing these threats materialise in the real world, with Chinese incursions into American and European businesses and government departments, as well as the American introduction of the highly sophisticated Stuxnet worm to Iran’s nuclear centrifuges.

The first arrests under the new legislation were made during simultaneous raids across Australia. Members of hacker community The Realm were arrested for their attacks on servers belonging to United States government agencies and the United States Department of Defense, as well as nuclear weapons research networks and NASA. Three hackers, Electron (Richard Jones), Phoenix (Nahshon Even-Chaim), and Nom (David John Woodcock) were convicted: the world’s first successful convictions to use evidence acquired through the remote tapping of computers. In 1987, Julian Assange—going by the handle Mendax—joined two other Australians to form an ‘ethical’ hacking group, the International Subversives. In modern parlance, the International Subversives were ‘grey hats’, responsible for hacking into the Pentagon, Lockheed Martin, and the US Navy. Assange is also suspected of having been a member of the hacker community WANK (Worms Against Nuclear Killers), although he denies this. In 1994 he was charged with hacking into the Melbourne terminal of Nortel, a Canadian telecommunications company, and charged with thirty-one counts of hacking and related crimes. However, Assange also acted as a white hat from time to time, and in 1993 he gave technical advice to the Victoria Police Child Exploitation Unit and assisted them with prosecutions.

The Worms Against Nuclear Killers logo.

Since the 1990s, cyber-security and cyber-crime have quickly become important features of modern society. Officially sponsored hacking and cracking—also known as penetration testing—is now seen by the computer community as essential to the development of more robust systems, since your code is only as good as you are, and when you release it into the wild hitherto-hidden weaknesses often become apparent. It’s doubtful whether these precautions are reassuring to the victims of recent hacks carried out against Sony, Microsoft, and Citibank, since their customers’ personal details have already been sold to the highest bidders, with organised criminals from Nigeria to Russia paying up big for credit card details, bank account numbers and passport information.

To find this information, hackers use a group of malicious programs including rootkits, which hide malicious software from antivirus programs and allow continued access to computers, and keyloggers, which track exactly which keys are pressed on your keyboard in order to uncover passwords and personal information. These programs are why you shouldn’t open suspicious emails or attachments, and why you should flee from a website when your antivirus warns you about it.

‘Ratting’ is another of computer hackers’ favourite pastimes, although those who engage in it are disparaged within the broader hacking community as n00bs, ‘script kiddies’, or—rightfully—perverts. Ratting, named after the program used to gain control of someone else’s computer, the Remote Administration Tool, can involve a number of different activities: spying on women in the privacy of their own homes by remotely activating their webcams, pranking people by displaying ‘shock porn’ websites on their monitors (don’t Google that), opening CD drives, or messing with autocorrect to change commonly-used words (‘the’ or ‘be’ or ‘people’) into less-commonly-used ones (which are usually four letters long).

Ratters are disparaged within the broader hacking community as n00bs, ‘script kiddies’, or perverts.

Websites like Hack Forums encourage a sense of community among ratters, who feed off each other’s enthusiasm and build huge databases of private images and sensitive information. (Update your antivirus program regularly, everyone.) The reason most hackers cringe when people lump ratters in with them is the much lower level of skill involved: all you need to do to become a ratter is to download the right program and it does the work for you. That’s not hacking: it’s consumer culture and perversion.

The contrast between these ‘script kiddies’, and the world of genuine hacking is vast, especially when seen from the phone phreaks’ perspective – a group of people who were inspired not by perversion, but by curiosity and a love for the networks they were exploring. The phone phreaks and the hackers who have followed possess formidable engineering and computer programming skills; skills that didn’t just contribute to their activities as phone phreaks and hackers, but also helped create some of the world’s foremost computing companies, as well as a relatively modern phenomenon: hacktivism.

Hacktivism is where the world of computer hacking becomes exciting—rather than dangerous—for the general public. To be able to participate in political action without leaving the house or losing one’s anonymity, and to actually engender change, is a primary goal of hacktivists everywhere, and a particularly important one in states where protest is forbidden. The most prominent means by which hacktivists achieve their goals are DDoS (Distributed Denial of Service) attacks, which shut down access to websites through huge numbers of login attempts made by armies of ‘zombie’ computers, directed remotely by the hacktivists without their owners’ knowledge.

The recent media attention to groups like Anonymous and the Syrian Electronic Army—or the infamous LulzSec—may lead many to believe that hacktivism is a recent development in the world of computer hacking. However, many of the earliest computer hackers were dedicated to political concerns. These early groups included WANK, the anti-nuclear group discussed above, and the Cult of the Dead Cow, founded in 1984, which declared war on the Church of Scientology, as well as seeking to prevent online censorship and protect human rights online.

Groups such as LulzSec are often demonised, primarily because of the powerful voices of their targets—groups like News Corporation, the United States Senate, and the FBI. However, hacktivists have shown that they are at least partly white hats by revealing security vulnerabilities in the UK’s NHS systems, as well as by shutting down the CIA’s website though a DDoS attack (although this may in fact qualify them as black hats in the eyes of the American public). They are also responsible for other politically-motivated attacks, such as the release of a cache of documents relating to Arizonan law enforcement officials in response to the enactment of discriminatory laws aimed at immigrants, as well as attacks on society’s ills like Operation Safe Winter, an attempt to raise awareness of the difficulties of life for the homeless and distribute money and resources to get them through winter.

The LulzSec logo.

The expansion of online groups’ activities into the real world is seen as a logical next step. Encouragingly, the Reddit community—which is also demonised, often quite rightly, for some of its less savoury subreddits—has begun to step into this role. Reddit’s scale allows it to respond to requests for help with enormous generosity, like the crowds who swamped a little boy’s lemonade stand, the thousands who dressed as superheroes to help a little boy feel like Batman, or the recent response to another child’s dying wish to receive some birthday cards in the mail: he received forty on the first day. (I sent him one too). Other Redditors talk through the night to those who feel suicidal, the terminally ill, and those who are just lonely. The internet in general, and Reddit in particular, is often seen as a terrible place, where people do terrible things to each other – and it can be. But not always.

Perhaps unsurprisingly, the world of computer hacking and computer crime is just like the real world. Just as in the real world, its inhabitants act for a confusing array of reasons, from satisfying their curiosity or ‘doing it for the lulz’ to engaging in political activism, cyber-terrorism, or electronic warfare. Just adding the word ‘cyber’ to another activity does not necessarily create something new: cyber-war is just war, cyber-crime is just crime, and hacktivism is just activism.

The world we live in is one that is becoming ever more deeply entwined with the internet, so much so that we have already begun to live more and more of our lives inside it. Just as sometimes people march in the street, sometimes people hack the CIA and release confidential information. Just as some teenagers are peeping toms, others are ratting, and you can still be mugged more easily with a knife than with a malicious worm or virus. Ultimately, staying safe, whether online or off-, is as much a matter of taking precautions as it is a matter of luck.

Don’t be scared. The internet is a good place.

Sometimes.

Chris White is a writer from Brisbane.