http://www.torontostar.com/cgi-bin/gx.cgi/AppLogic+FTContentServer?pagename=thestar/Layout/Article_Type1&c=Article&cid=988515142192&call_page=TS_@Biz&call_pageid=971794782442&call_pagepath=Business/@Biz&col=971886476975 Rachel Ross TECHNOLOGY REPORTER Apr. 30, 2001 DETROIT - It's a Saturday afternoon and a handful of teens have paid good money to learn math. Really hard math. The kind you learn in your final year of university. Fifteen, sixteen, seventeen year-olds - and a couple of adults too - are quietly taking notes. A very smart man in a white lab coat writes equations on large sheets of paper tacked to the wall at the front of the room. He's teaching them about elliptical curve cryptography, math used to obscure data into a code that can later be deciphered. It's used to encrypt information traveling over the Internet. Cryptography is one of many topics covered at the annual network security conference known as Rubi Con, where hackers - yes, those kids who try to break through security into computer systems - and security professionals give presentations, and learn from each other's adventures. These are keeners who understand the digital things that most people have no clue about. They read computer code, manuals for phone equipment and sometimes other people's e-mail. They find the weaknesses and flaws in the software and hardware we use everyday. But these guys - well, most are male, though not all - aren't usually after money or infamy. And they don't leave a trail of trouble wherever they go. ``Many hackers are actually just curious technophiles,'' said Denis A. Baldwin, network administrator for Michigan lighting firm CAE, Inc. who attended the conference. They ``choose to be civilized in their conquests to prove their efforts and skills. No need to break something to prove your point if you can leave it standing for generations to come to see and prove against as well, right?'' Says Nick Farr, one of the conference organizers: ``They are the Edisons, the Teslas . . . the kids who grew up immersed in the information age, and the generation that will probably make the strongest contributions to its fundamental infrastructure.'' There are hackers who want to use your credit card number - but most of them just want to prove that they can get it. It's difficult to generalize about a group of people whose defining quality is independent thinking. They don't all hate cats, take drugs and listen to punk music. There is no hacker uniform. The one guy at this conference with the green dreadlocks and chains hanging from his pants actually stands out from the rather average- looking crowd. The biggest thing they have in common is their curiosity. It's also their greatest gift, something the business world shouldn't overlook. They're brainy, brash, attracted to riddles, energized by a bit of risk. ``Hackers, by their fundamental nature, enjoy the exploration and creative manipulation of information systems,'' says Farr, who calls himself a ``hacker sociologist.'' He is completing his thesis at the University of Michigan on the work ethic of hackers and how they fit in with the current corporate culture. ``If an employer can channel a hacker's energy into a project, the hacker will work furiously and without additional reward to solve the problem or finish the project.'' About half a dozen teens drove down from Ontario for the annual conference, eager for knowledge. Some of them want to learn how to break into things - both physical and digital./ In contrast, others want be able to better secure their networks. The Canadian clan brought three cars' worth of computer equipment to the conference, including several desktop computers, a couple of laptops and a lot of wire to connect them all together. Most of them met for the first time just a few months ago at a meeting for hackers, an Ontario chapter of the popular hacker publication 2600. Such meetings are held all over the U.S. and Canada. 2600 - the trade magazine for hackers - takes its name from the early days of hacking, when the phone system was the primary target for inquiring minds. So-called ``phreakers'' would use a variety of techniques to make free long-distance calls. One popular technique used a whistle from the breakfast cereal, Captain Crunch, which happened to produce a tone of exactly 2600 hertz. Play that thing into a phone and voila, free long distance. Today's phone systems aren't vulnerable to the Captain's whistle, but 2600 lives on as the title of the magazine. The two young men who founded this particular 2600 chapter and led the rest of the gang down to the conference call themselves Flame0ut and PrussianSnow. Everybody's got a nickname here: Cyanosis, Prez, Asher, Carbon. It makes a lot sense given that much of what they do isn't legal. There's no magic naming system. It's usually based on something they like or something that just sounds cool. (Their nicknames will be used throughout this story to protect their identities.) PrussianSnow, a spindly guy in a long black trench coat with a mustache and long black hair, has opted for a fairly traditional career path. He's been accepted at two engineering schools, and plans to start next year. ``That's what I want to do, that's who I am. Analyzing systems, figuring stuff out. That's what I'm really interested in.'' Flame0ut looks like he's always thinking, but he's given up on the educational system - he dropped out of high school. He said he was failing all his classes. Now he works as a network administrator. But the job, like school, doesn't challenge him enough to keep him interested. Sara Housser is a spokesperson for Career Edge, which helps students without experience get a first job. While she recognizes their skills, she questions how well they will ultimately fit into the workplace. ``Are they going to be able to do the day-to-day stuff that's required, or will their attention span waver?'' said Housser. ``Will somebody else's agenda keep them interested?'' According to Farr, ``youthful hackers are being hired for jobs that bore them, or insult their intelligence.'' Flame0ut admits he isn't particularly interested in the agenda of his current employer. The job, installing software, is far below his skill level and doesn't pique his curiosity. ``It's not just that I like to disassemble things. Boring things are boring to take apart,'' said Flame0ut. ``It's only complex things that are things interesting to disassemble and they become increasingly interesting to disassemble when there is ingenuity involved in their design.'' Flame0ut and PrussianSnow's most talked-about exploit, The Millennium Phone Hack, gave them access to free long-distance calls from any payphone. But they never made any. They made a couple of local calls to test their equipment, but once they were satisfied that their solution worked, they went home. There were the same kinds of non-malicious adventures at the conference. The guys spend a lot of time ``packet sniffing,'' a hacker technique that involves reading packets of data sent to and from computers accessing the Internet. Do you know that box that pops up when you're surfing the Internet, asking if you really want to submit personal information? If the information being sent isn't encrypted, hackers can read it. Sometimes a hacker can spend hours reading data and it won't produce anything useful. But here in Detroit, their patience paid off when they found the username and password for a Hotmail e-mail account used by another person at the conference. Someone with evil intentions would keep that password a secret, and use it every so often to wait for a juicy piece of e-mail to show up. The kids from Ontario did the opposite, writing the username and password on a big piece of paper in the lobby of the hotel - basically notifying the Hotmail user they have his information and he should probably change it. Hackers' curiosity often reaches beyond the Internet. The hackers at Rubi Con had an affinity for physical infiltration - breaking into abandoned buildings, exploring drains, climbing onto rooftops where they're not supposed to be. The hotel where the conference was held was perfect for it. The fourth floor has been abandoned for decades and while the elevator doesn't stop there, people found their way in. In small groups they explored the eerie rooms. Sheets were pinned to the windows to keep outsiders from looking in at the smashed mirrors, rusted bicycles, hanging wires and broken ceiling tiles. It was an infiltrator's dream. Once you set aside the illegality of their techniques, it's easy to see that some of these hackers are basically good people. The kind who will experiment, invent, and quite possibly change the world. But it would be foolish to think that all hackers are saints. Farr thinks employers do their homework before hiring a hacker. ``The question employers need to ask themselves is where and when to hire these innately curious folk,`` said Farr. Most computer security companies, such as Guardent in Toronto, have a simple rule about hiring hackers. They won't hire anyone with a criminal past. That leaves most of the kids at Rubi-Con in the game. ``The work schedule and habits of the typical hacker are a sign of the workplace to come,'' said Farr. ``The best solutions come from people whose passion for their work drives them, not a pre-set schedule or some survival derivative function.'' ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERVat_private with a message body of "SIGNOFF ISN".
This archive was generated by hypermail 2b30 : Mon Apr 30 2001 - 23:48:01 PDT