http://www.washingtonpost.com/wp-dyn/articles/A25357-2001Apr16.html By Ariana Eunjung Cha Washington Post Staff Writer Tuesday, April 17, 2001; Page E01 At age 3, Patrick Roanhouse got his first computer. At 7, he figured out how to construct a modem out of scrap parts. By 14, he was running around cyberspace under the alias "Anarchist" and working up all sorts of havoc. Then he met the 2600 Club. The group, which publishes a popular hacker magazine, has an almost mythical reputation. It has been investigated by the Secret Service and has inspired monthly gatherings in more than 100 cities around the world. In the early 1990s, one of those meetings, held at the Fashion Centre at Pentagon City's food court, was busted up in a highly publicized raid by police, who confiscated several bags of computer books and printouts. Most recently, it was sued by the entertainment industry for publishing code that lets users crack the supposedly impregnable DVD format. Patrick thought 2600 would teach him how to hack. Instead, it taught him about job hunting, stock options and business plans. "They have been a really good influence, and that's rather funny given their reputation," his mother, Terry Roanhouse, said in a recent interview. She and her husband, Michael, credit the elder 2600 members with motivating their son, now 16, to do better in school and try to start his own computer consulting company. Without 2600, Patrick says he would "probably be one of those pot-smoking, crack-sniffing guys who gave up on life a long time ago." Club members still draw the attention of authorities. But the perception that 2600 meetings are solely a place where hackers exchange trade secrets and plot electronic break-ins is exaggerated, or at least outdated, say technology experts such as Stuart McClure, author of "Hacking Exposed," a kind of textbook about how to secure a computer network. "They are mostly just kids who want to learn about technologies and push the boundaries of the law," he said. "But in general they are not the threat that everyone sees them as." Mike Godwin, former staff attorney of the Electronic Frontier Foundation, agrees: "There's no doubt in my mind that the clubs have done more good than harm, in that they've encouraged kids to develop their knowledge and computer skills." In many respects, the dot-com revolution of the past few years is responsible for the transformation. The explosion of e-commerce, e-banking and e-everything else in the past few years has elevated hackers from ragtag renegades to sought-after professionals. It has brought them new jobs, money and respect. It's also given them a different perspective on hacking, one that they're passing on to younger counterparts. Among the senior members of the 2600 group in Washington who have found themselves in this situation are Guy Montag, 39, an information systems analyst who works for a government contracting company; Paul Watson, 32, who used to work in the special investigations unit of the Air Force doing computer counterespionage projects; and Michael Shoupe (aka Roadie), 39, part of an elite systems security team at PSINet Inc. A member of a rogue motorcycle group, Shoupe used to make ends meet by working as a disc jockey in a strip bar, among other odd jobs. After being jailed for various computer crimes, Shoupe decided that he could do better for himself by putting his electronic skills to legal use. He started reading self-help books such as the "The 7 Habits of Highly Effective People" and became a devout follower of motivational speaker Anthony Robbins. He set up the Hackers Defense Foundation, an advocacy and education group, and landed several lucrative job offers from some of the world's most successful technology companies. Shoupe traded in his beat-up 1985 Honda, the one with duct tape on the fender, for a black BMW. His influence with the youngsters doesn't come from preaching or lecturing. He simply talks freely about his rough-and-tumble past and lets the teens make their own decisions about the consequences of the mischief he produced. A moral lesson during a recent 2600 meeting in Arlington is a case in point. Surrounded by five open-mouthed teens, Shoupe detailed how he would mess with the phone lines so he could get free calls, and then move on to other exploits. Many of the kids have memorized the epilogue of such cases -- jail time, a stiff fine, community service and a felony record. But the stories were fresh toa couple of teenage boys, one of whom mumbled, "I thought about doing that." Shoupe stared the boys down for a few seconds and said simply, "I wouldn't recommend it." Then, with a shake of his gray-streaked ponytail, he disappeared into the crowd. A Loyal Following The group takes its name from the 2,600-hertz tone some automated telephone networks once used to connect calls -- a frequency early hackers learned to repeat so they could make phone calls without paying for them. The club was founded in 1984 when the first edition of its quarterly magazine for hackers was published. It gained a loyal following of fans -- and law enforcement officials -- when it rallied behind Kevin Mitnick, who once was described as the FBI's "most wanted" cyber-criminal for his online exploits. Recently, a federal judge in New York ruled that the magazine was guilty of copyright infringement for posting on its Web site some computer code that allows people to copy encrypted DVD movies. The magazine's editor, Eric Corley, aka Emmanuel Goldstein, has said that the publication of the program is protected by the First Amendment and is appealing. The meetings, which take place at 5 p.m. on the first Friday of every month, are always informal, held in public places and open to all. You don't join 2600, you just show up. They're part party, part hobbyists club, part schools for the gifted and part programs for at-risk youth. The participants range in age from 12 to older than 60, from punkish teens to balding men in suits. Nearly all are male. When Patrick first showed up, he brought his father, a federal government official with a law degree who says he knows "absolutely nothing" about computers. He was there as a chaperon. At that time, Patrick describes himself as awkward. He says he was frequently "dogged" by his classmates because his family wasn't as rich as others in his neighborhood and because of he was large for his age (he now is 6 feet 5 inches tall). "I had a lot of pent-up anger when it came to school and I became malicious," he said. With what he says is only slight exaggeration, he summed up his daily activities back then: "My mom thought I was playing Sesame Street Grover's ABC, but instead I was hacking into the Chinese government." He says 2600 taught him the "hacker ethic," a value system that attempts to define what's acceptable and what's going over the top in the digital world. That is, probing systems to learn about their vulnerabilities is okay as long as no damage is done, but flooding sites such as Yahoo, Amazon and eBay with fake packets of data to block legitimate users out is just plain stupid, Patrick said. As the months passed, Patrick's parents said that finding older mentors and computer-savvy peers at 2600 made him mature quickly. Patrick, whose rosy cheeks make him look like he's always laughing and happy, is now considered one of the most outgoing and confident teens who show up at the meetings. "He's got Unix skills as well as an eye for Web design and this awesome curiosity. He's going to make some company really happy someday," said Shoupe, who has been advising Patrick about how to go about finding an internship. Another regular at 2600 meetings, 17-year-old Stephen, gives this reason for attending: "I try to talk to college and working people who do computer science. I try to get advice on what to study and focus so I can have a good job when I graduate. . . . I just try to leech information off wiser people so I know what to avoid and what to do." Club Talk At a recent Friday meeting, Patrick was busy trying to get some advice about his idea for a company. He and two friends have come up with a plan to sell their services of laying computer cable in new homes throughout Maryland. "Hey," he called to one in particular. "Anyone want to invest some money in some promising kids?" Most of the old-timers laughed, but Shoupe suggested that Patrick might start with an internship first. He once offered Patrick a job updating the Hackerz.org site for the defense foundation, but the teen had to pass because his online connection at home was so slow. Among the tidbits of wisdom Shoupe offered up: * Hacker friends are the best sources about openings. Use them often. * When negotiating a salary, "pick a number and hold your ground." More than a few 2600 members have received first-time offers of as high as $80,000. * Stock options are pretty useless nowadays given the stock market crash, but "go for it" if you're a big gambler. Dozens of other conversations are are taking place simultaneously among the 2600 members standing and sitting in the corner of the mall's food court. Some are gathered around a guy sporting a black vest with gadgets sticking out all over. A few feet away, Montag is joking about a woman who showed up to the 2600 meetings a couple of times and then disappeared. "I wonder what happened to FBI chick," he says, using the nickname he gave her because she claimed to work for the agency, a claim that many were skeptical of. The woman kept asking people to attack the computer systems at her former boyfriend's company. Perhaps 10 years ago, someone would have taken her up on the challenge. These days, such requests are met with laughter. But all is not innocent at 2600. In a corner removed from the rest of the group, Watson and another man were huddled together discussing what annoys them the most about the modern Internet -- the banner ads. They were trying to come up with a way to "solve" that problem. They talk about whether it would be possible to intercept the ads and replace them with the words "Free the Net!" Or maybe the easiest way to make them disappear would be would be just to bring down the server computers for DoubleClick, the company that manages much of the Internet's advertising. "If we could find a way to get rid of those ads for a week we'd be the heroes of the Internet," Watson said. These kinds of theoretical technical analyses are common at 2600, a mind exercise of sorts, even though most people say they would never consider carrying out the attacks. A few days after the 2600 meeting, however, DoubleClick officials said they had been a victim of break-ins that "minimally disrupted" its services. Watson and his friend say they weren't involved. Asked whether they figured out how a way to thwart online banner ads, Watson said yes, they've concluded it's feasible. But would they do it? "Of course not," he said after a pause. "That would be illegal." ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERVat_private with a message body of "SIGNOFF ISN".
This archive was generated by hypermail 2b30 : Tue Apr 17 2001 - 02:45:57 PDT