[ISN] From Teen Hackers to Job Hunters

From: InfoSec News (isnat_private)
Date: Mon Apr 16 2001 - 23:03:56 PDT

  • Next message: William Knowles: "[ISN] Internet security problems may be on the rise"

    http://www.washingtonpost.com/wp-dyn/articles/A25357-2001Apr16.html
    
    By Ariana Eunjung Cha
    Washington Post Staff Writer
    Tuesday, April 17, 2001; Page E01
    
    At age 3, Patrick Roanhouse got his first computer. At 7, he figured
    out how to construct a modem out of scrap parts. By 14, he was running
    around cyberspace under the alias "Anarchist" and working up all sorts
    of havoc.
    
    Then he met the 2600 Club.
    
    The group, which publishes a popular hacker magazine, has an almost
    mythical reputation. It has been investigated by the Secret Service
    and has inspired monthly gatherings in more than 100 cities around the
    world. In the early 1990s, one of those meetings, held at the Fashion
    Centre at Pentagon City's food court, was busted up in a highly
    publicized raid by police, who confiscated several bags of computer
    books and printouts. Most recently, it was sued by the entertainment
    industry for publishing code that lets users crack the supposedly
    impregnable DVD format.
    
    Patrick thought 2600 would teach him how to hack. Instead, it taught
    him about job hunting, stock options and business plans.
    
    "They have been a really good influence, and that's rather funny given
    their reputation," his mother, Terry Roanhouse, said in a recent
    interview. She and her husband, Michael, credit the elder 2600 members
    with motivating their son, now 16, to do better in school and try to
    start his own computer consulting company.
    
    Without 2600, Patrick says he would "probably be one of those
    pot-smoking, crack-sniffing guys who gave up on life a long time ago."
    
    Club members still draw the attention of authorities. But the
    perception that 2600 meetings are solely a place where hackers
    exchange trade secrets and plot electronic break-ins is exaggerated,
    or at least outdated, say technology experts such as Stuart McClure,
    author of "Hacking Exposed," a kind of textbook about how to secure a
    computer network.
    
    "They are mostly just kids who want to learn about technologies and
    push the boundaries of the law," he said. "But in general they are not
    the threat that everyone sees them as."
    
    Mike Godwin, former staff attorney of the Electronic Frontier
    Foundation, agrees: "There's no doubt in my mind that the clubs have
    done more good than harm, in that they've encouraged kids to develop
    their knowledge and computer skills."
    
    In many respects, the dot-com revolution of the past few years is
    responsible for the transformation.
    
    The explosion of e-commerce, e-banking and e-everything else in the
    past few years has elevated hackers from ragtag renegades to
    sought-after professionals. It has brought them new jobs, money and
    respect. It's also given them a different perspective on hacking, one
    that they're passing on to younger counterparts.
    
    Among the senior members of the 2600 group in Washington who have
    found themselves in this situation are Guy Montag, 39, an information
    systems analyst who works for a government contracting company; Paul
    Watson, 32, who used to work in the special investigations unit of the
    Air Force doing computer counterespionage projects; and Michael Shoupe
    (aka Roadie), 39, part of an elite systems security team at PSINet
    Inc.
    
    A member of a rogue motorcycle group, Shoupe used to make ends meet by
    working as a disc jockey in a strip bar, among other odd jobs. After
    being jailed for various computer crimes, Shoupe decided that he could
    do better for himself by putting his electronic skills to legal use.
    He started reading self-help books such as the "The 7 Habits of Highly
    Effective People" and became a devout follower of motivational speaker
    Anthony Robbins.
    
    He set up the Hackers Defense Foundation, an advocacy and education
    group, and landed several lucrative job offers from some of the
    world's most successful technology companies. Shoupe traded in his
    beat-up 1985 Honda, the one with duct tape on the fender, for a black
    BMW.
    
    His influence with the youngsters doesn't come from preaching or
    lecturing. He simply talks freely about his rough-and-tumble past and
    lets the teens make their own decisions about the consequences of the
    mischief he produced.
    
    A moral lesson during a recent 2600 meeting in Arlington is a case in
    point.
    
    Surrounded by five open-mouthed teens, Shoupe detailed how he would
    mess with the phone lines so he could get free calls, and then move on
    to other exploits. Many of the kids have memorized the epilogue of
    such cases -- jail time, a stiff fine, community service and a felony
    record. But the stories were fresh toa couple of teenage boys, one of
    whom mumbled, "I thought about doing that."
    
    Shoupe stared the boys down for a few seconds and said simply, "I
    wouldn't recommend it." Then, with a shake of his gray-streaked
    ponytail, he disappeared into the crowd.
    
    A Loyal Following The group takes its name from the 2,600-hertz tone
    some automated telephone networks once used to connect calls -- a
    frequency early hackers learned to repeat so they could make phone
    calls without paying for them. The club was founded in 1984 when the
    first edition of its quarterly magazine for hackers was published. It
    gained a loyal following of fans -- and law enforcement officials --
    when it rallied behind Kevin Mitnick, who once was described as the
    FBI's "most wanted" cyber-criminal for his online exploits.
    
    Recently, a federal judge in New York ruled that the magazine was
    guilty of copyright infringement for posting on its Web site some
    computer code that allows people to copy encrypted DVD movies. The
    magazine's editor, Eric Corley, aka Emmanuel Goldstein, has said that
    the publication of the program is protected by the First Amendment and
    is appealing.
    
    The meetings, which take place at 5 p.m. on the first Friday of every
    month, are always informal, held in public places and open to all. You
    don't join 2600, you just show up. They're part party, part hobbyists
    club, part schools for the gifted and part programs for at-risk youth.
    
    The participants range in age from 12 to older than 60, from punkish
    teens to balding men in suits. Nearly all are male.
    
    When Patrick first showed up, he brought his father, a federal
    government official with a law degree who says he knows "absolutely
    nothing" about computers. He was there as a chaperon.
    
    At that time, Patrick describes himself as awkward. He says he was
    frequently "dogged" by his classmates because his family wasn't as
    rich as others in his neighborhood and because of he was large for his
    age (he now is 6 feet 5 inches tall).
    
    "I had a lot of pent-up anger when it came to school and I became
    malicious," he said. With what he says is only slight exaggeration, he
    summed up his daily activities back then: "My mom thought I was
    playing Sesame Street Grover's ABC, but instead I was hacking into the
    Chinese government."
    
    He says 2600 taught him the "hacker ethic," a value system that
    attempts to define what's acceptable and what's going over the top in
    the digital world. That is, probing systems to learn about their
    vulnerabilities is okay as long as no damage is done, but flooding
    sites such as Yahoo, Amazon and eBay with fake packets of data to
    block legitimate users out is just plain stupid, Patrick said.
    
    As the months passed, Patrick's parents said that finding older
    mentors and computer-savvy peers at 2600 made him mature quickly.
    Patrick, whose rosy cheeks make him look like he's always laughing and
    happy, is now considered one of the most outgoing and confident teens
    who show up at the meetings.
    
    "He's got Unix skills as well as an eye for Web design and this
    awesome curiosity. He's going to make some company really happy
    someday," said Shoupe, who has been advising Patrick about how to go
    about finding an internship.
    
    Another regular at 2600 meetings, 17-year-old Stephen, gives this
    reason for attending: "I try to talk to college and working people who
    do computer science. I try to get advice on what to study and focus so
    I can have a good job when I graduate. . . . I just try to leech
    information off wiser people so I know what to avoid and what to do."
    
    Club Talk
    
    At a recent Friday meeting, Patrick was busy trying to get some advice
    about his idea for a company. He and two friends have come up with a
    plan to sell their services of laying computer cable in new homes
    throughout Maryland.
    
    "Hey," he called to one in particular. "Anyone want to invest some
    money in some promising kids?"
    
    Most of the old-timers laughed, but Shoupe suggested that Patrick
    might start with an internship first. He once offered Patrick a job
    updating the Hackerz.org site for the defense foundation, but the teen
    had to pass because his online connection at home was so slow.
    
    Among the tidbits of wisdom Shoupe offered up:
    
    * Hacker friends are the best sources about openings. Use them often.
    
    * When negotiating a salary, "pick a number and hold your
      ground." More than a few 2600 members have received first-time
      offers of as high as $80,000.
    
    * Stock options are pretty useless nowadays given the stock market
      crash, but "go for it" if you're a big gambler.
    
    Dozens of other conversations are are taking place simultaneously
    among the 2600 members standing and sitting in the corner of the
    mall's food court.
    
    Some are gathered around a guy sporting a black vest with gadgets
    sticking out all over.
    
    A few feet away, Montag is joking about a woman who showed up to the
    2600 meetings a couple of times and then disappeared. "I wonder what
    happened to FBI chick," he says, using the nickname he gave her
    because she claimed to work for the agency, a claim that many were
    skeptical of. The woman kept asking people to attack the computer
    systems at her former boyfriend's company. Perhaps 10 years ago,
    someone would have taken her up on the challenge. These days, such
    requests are met with laughter.
    
    But all is not innocent at 2600.
    
    In a corner removed from the rest of the group, Watson and another man
    were huddled together discussing what annoys them the most about the
    modern Internet -- the banner ads. They were trying to come up with a
    way to "solve" that problem. They talk about whether it would be
    possible to intercept the ads and replace them with the words "Free
    the Net!" Or maybe the easiest way to make them disappear would be
    would be just to bring down the server computers for DoubleClick, the
    company that manages much of the Internet's advertising.
    
    "If we could find a way to get rid of those ads for a week we'd be the
    heroes of the Internet," Watson said.
    
    These kinds of theoretical technical analyses are common at 2600, a
    mind exercise of sorts, even though most people say they would never
    consider carrying out the attacks.
    
    A few days after the 2600 meeting, however, DoubleClick officials said
    they had been a victim of break-ins that "minimally disrupted" its
    services.
    
    Watson and his friend say they weren't involved. Asked whether they
    figured out how a way to thwart online banner ads, Watson said yes,
    they've concluded it's feasible.
    
    But would they do it?
    
    "Of course not," he said after a pause. "That would be illegal."
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email LISTSERVat_private with a message body of
    "SIGNOFF ISN".
    



    This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 02:45:57 PDT