1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
|
<HTML>
<HEAD>
<TITLE>CDNE Chapter 10 - Computer Crime</TITLE>
</HEAD>
<BODY BGCOLOR="#c9e1fc" BACKGROUND="background.gif" LINK="#666666" ALINK="#ff0000" VLINK="#999999" LEFTMARGIN=24 TOPMARGIN=18>
<P ALIGN=CENTER><font size=2 face="Times New Roman"><a href="ch9web.htm"><img src="arrowleft.gif" width="45" height="54" align="absmiddle" name="ch1web.htm" border="0"></a><font face="Arial, Helvetica, sans-serif" size="+1" color="#999999">
<a href="mainindex.htm">INDEX</a> </font><a href="ch11web.htm"><img src="arrowright.gif" width="45" height="54" align="absmiddle" border="0"></a></font><font color=BLUE><b></b></font><font color=BLUE><b></b></font><FONT COLOR=BLUE><B></b></FONT></P>
<p align="center"><FONT SIZE=2 FACE="Times New Roman"><B></B></FONT> <FONT SIZE=3 FACE="Times New Roman"><B></B></FONT>
<FONT SIZE=2 FACE="Times New Roman"><B></B></FONT> <FONT SIZE=3 FACE="Times New Roman"><B><font size="+2">Chapter
10<br>
COMPUTER CRIME: TERMINAL SLAVES,<br>
CREDIT CARD FRAUD, AND CENSORSHIP</font></B></FONT> </p>
<table width="620" border="0" align="center">
<tr>
<td>
<p><font face="Times New Roman"><b>What really constitutes</b> a computer
crime? Where is the line between harmless exploration of a computer system
and real crimes?</font></p>
<p><font face="Times New Roman">In the eyes of the law, computer crime is
any type of crime involving a computer in some way. If I hit somebody
over the head with a computer, it could theoretically be viewed as a computer
crime. A more specific definition would be that computer crime is the
act of transferring or damaging information in cyberspace without permission.
This definition is accurate in most cases. In Sweden, the authorities
mostly concerned with computer crime are: </font> <font face="Times New Roman"><i>the
Police, the National Security Police (SÄPO), Military Intelligence
and Counter-espionage, the Crime Prevention Council (BRÅ), the Department
of the Interior, and Datainspektionen</i></font> <font face="Times New Roman">
(see the previous chapter for details on this authority).</font></p>
<p><font face="Times New Roman">Additionally, other involved parties include
the </font> <font face="Times New Roman"><i>security departments of the
large corporations, </i></font> <font face="Times New Roman">a few </font>
<font face="Times New Roman"><i>non-profit organizations</i></font> <font face="Times New Roman">,
</font> <font face="Times New Roman"><i>informal networks, </i></font>
<font face="Times New Roman">and (naturally) </font> <font face="Times New Roman"><i>criminal
organizations</i></font> <font face="Times New Roman">. It is not surprising
that all these people view the problem in totally different ways. </font></p>
<p><font face="Times New Roman">The National Police Board classify computer
crimes under the following categories:</font></p>
<blockquote>
<blockquote>
<p><font face="Times New Roman"><br>
</font> <font face="Times New Roman"> <br>
</font> <font face="Times New Roman"><b>1. Computers or software used
in the commission of a crime<br>
</b></font> <font face="Times New Roman"><b>2. Computers or software
subjected to criminal tampering<br>
</b></font> <font face="Times New Roman"><b>3. Software that has been
illegally copied or modified<br>
</b></font> <font face="Times New Roman"><b>4. Illegal entry into,
or use of, computers or computer networks</b></font> </p>
</blockquote>
</blockquote>
<p><font face="Times New Roman"><br>
</font> <font face="Times New Roman"><br>
</font> <font face="Times New Roman">Most computer crimes committed have
nothing to do with hackers. Mostly, it involves people at banks, the Postal
Service, governmental insurance agencies, or private corporations in charge
of billing and payments. Many succumb to temptation after seeing how </font>
<font face="Times New Roman"><i>easy</i></font> <font face="Times New Roman">
it is to transfer money back and forth between accounts, grant themselves
financial aid or welfare payments, falsifying invoices, etc. It is really
only an "improvement" (exacerbation?) in the old ways of economic
crime. An example is a Swedish social worker who gave himself 400,000
Swedish crowns (about $50,000) in welfare payments, and then went to Venezuela
to bail out a friend that had been jailed for political activities. He
was able to do this because he knew about some weakness in the disbursement
system: welfare payments were only reported every fortnight. This is typical
of the most extensive form of computer crime. Compared to this type of
crime, hacking and phreaking are a drop in the ocean. The worst computer
crimes are perpetrated by people in respectable positions, and are almost</font>
<font face="Times New Roman"><i> never</i></font> <font face="Times New Roman">
exposed. But of course, you already knew this.</font></p>
<p><font face="Times New Roman">The reason that these crimes do not receive
as much publicity as the hackers' pranks is that the former relates to
a very sensitive relationship: integrity and loyalty within the company
or the governmental institution is very important for protection against
external threats. It is, however, much more difficult to ensure that one's
employees are satisfied and loyal than blaming hackers working from the
outside. This principle has been used by entire countries to avoid having
to deal with internal problems. By shifting the blame to, for example,
Jews, communists, or Muslims, they can create a clear picture of the threat
and a target for aggression, while keeping attention away from one's own
problems.</font></p>
<p><font face="Times New Roman">The average age of the average computer
criminal is between 30 and 40 years. Half of the criminals have worked
for more than 10 years within the company. </font> <font face="Times New Roman"><i>45%
are women</i></font> <font face="Times New Roman">. Hackers? I don't think
so. (Source: Nätvärlden #8, 1994, p. 36 [a Swedish computer
networking magazine]).</font></p>
<p><font face="Times New Roman">So much for internal computer crime.</font></p>
<p><font face="Times New Roman">A more "hacker-like" crime is
defrauding ATMs (cash machines) or credit card companies. During the early
period of ATMs in Sweden (1960's), when the withdrawals were still logged
on punchcards inside the machines, someone went around and withdrew around
900,000 crowns (about $120,000) over Easter holiday, using fake ATM cards.
This is not as easy to do today. Perhaps. Many Swedish hackers have access
to the machines used to read and imprint the magnetic strips on the cards.
They have also ferreted out </font> <font face="Times New Roman"><i>a
lot</i></font> <font face="Times New Roman"> of knowledge about the nature
of the information stored on these strips, mostly of general interest
to the system. It is, however, difficult to enter an ATM using a "back
door". The banks have developed their own telecommunications network
which is inaccessible by regular telephones, and it is through this system
that ATM transactions take place.</font></p>
<p><font face="Times New Roman">As for myself, I am constantly fascinated
by people's trust in magnetic cards. All cards with a magnetic strip,
like ATM or credit cards, are standardized, and can be copied using appropriate
equipment. A friend of mine amused himself by withdrawing money using
his old credit card. He had simply copied the information from his ATM
card to the credit card. I was also not in the least surprised to learn
(in April 1995) that some youths in Helsingborg (a city in southern Sweden)
had reproduced local public transit cards and sold them at half price.
(Courtesy of the hacker named </font> <font face="Times New Roman"><i>Wolf</i></font>
<font face="Times New Roman">, mentioned in chapter 4). The telephone
company's own phone cards are frightfully insecure; this is also true
of the cards used for cellular phones and satellite decoders. Often, it
is the case of a totally unprotected standard format.</font></p>
<p><font face="Times New Roman">Apropos cards: </font> <font face="Times New Roman"><i>Credit
cards</i></font> <font face="Times New Roman"> are, unfortunately, very
popular among hackers. Let us take a look at some statistics from 1989,
when there was about six to seven million credit cards in Sweden. In this
year, revenues from credit card transactions reached a total of around
20-30 billion crowns (about $300 million), divided into about 50 million
transactions averaging about 400 crowns ($50) each. 18,000 fraud cases
were reported that year, in which each report would cover about 50 instances
of fraudulent use (i. e., somebody used someone else's card about 50 times
before it was reported). The police would rather not investigate any cases
involving less than 50,000 crowns ($6,000). I can't even begin to speculate
about today's figures. It is, however, unlikely that those 18,000 crimes
were committed solely by hackers.</font></p>
<p><font face="Times New Roman">It is often ridiculously simple to call
for free or shop using someone else's credit card. Previously, before
stricter verification measures, many hackers </font> <font face="Times New Roman"><i>"carded"</i></font>
<font face="Times New Roman"> merchandise from abroad. Especially computer
and other electronic equipment, of course. I have already discussed how
card numbers are obtained through social engineering, dumpster diving,
and other techniques. If a phreaker cleans out your credit card,
you will most likely never find out. The credit card companies do not
give out this information to their customers. The most common explanation
is </font> <font face="Times New Roman"><i>"a technical error".</i></font>
</p>
<p><font face="Times New Roman">With the exception of stealing credit card
numbers and their associated codes, hackers do not consider themselves
to be in the business of computer crime. A hacker considers computer crime
to be one in which computers are used for the purpose of acquiring anything
besides information. A criminal using hacker methods is therefore not
a hacker, but a computer criminal. Traditional hacking is about curiosity,
</font> <font face="Times New Roman"><i>not</i></font> <font face="Times New Roman">
greed.</font></p>
<p><font face="Times New Roman"><b>Sabotage</b></font> <font face="Times New Roman"><br>
</font> <font face="Times New Roman">Computer sabotage is a rare but venerable
form of computer crime. The word </font> <font face="Times New Roman"><i>sabotage</i></font>
<font face="Times New Roman"> is derived from the French word </font>
<font face="Times New Roman"><i>sabot</i></font> <font face="Times New Roman">,
which means "wooden shoe". It originally refers to the time
when French textile workers threw wooden shoes into automatic weaving
machines, because they were upset that machines had stolen their jobs.
An mechanized loom is in many ways similar to a computer, so you could
say that sabotage originally was computer sabotage. This type of activity
has been around since the English instigator </font> <font face="Times New Roman"><b>Ned
Ludd</b></font> <font face="Times New Roman"> (and his </font> <font face="Times New Roman"><i>luddists</i></font>
<font face="Times New Roman">) destroyed looms and Spinning Jennys in
the mid-18th century.</font></p>
<p><font face="Times New Roman">Swedish anarchists have often threatened
to sabotage computer centers. (Especially through the underground magazine
</font> <font face="Times New Roman"><i>Brand</i></font> <font face="Times New Roman">
["Fire"].) Like most anarchist threats, it's all talk. Swedish
anarchists seem to have a hard time finding and accessing computer centers,
so they stick to destroying Shell gas stations and other easily identified
targets. The IRA, however, has bombed some computers in Northern Ireland.
In the U.S., as early as 1969, a group of peace activists known as </font>
<font face="Times New Roman"><b>Beaver 55</b></font> <font face="Times New Roman">
entered a computer system in Michigan, erasing around 1,000 data tapes
that supposedly contained blueprints for chemical weapons. This was carried
out with the help of ordinary magnets.</font></p>
<p><font face="Times New Roman">There was also a French activist group called
</font> <font face="Times New Roman"><b>CLODO</b></font> <font face="Times New Roman">
(Comité de Liberation ou de Detournement des Ordinateurs). Between
1979 and 1983, these activists destroyed a number of computers in the
Toulouse region. They wanted to protest against a computer society in
which (in their opinion) computers were used to control people - direct
descendants of the original </font> <font face="Times New Roman"><i>saboteurs</i></font>
<font face="Times New Roman">, in good French tradition. Groups like this
make up the militant branch of the civil rights movements to which EFF
and Chaos Computer Club also belong.</font></p>
<p><font face="Times New Roman">The most frightening example of this type
of activity is perhaps the </font> <font face="Times New Roman"><i>Unabomber</i></font>
<font face="Times New Roman"> (Theodore Kaczynski), who carried out 16
bombings which, altogether, killed three people and injured 23. On Wednesday,
August 2, 1995, the </font> <font face="Times New Roman"><i>Washington
Post</i></font> <font face="Times New Roman"> and </font> <font face="Times New Roman"><i>The
New York Times</i></font> <font face="Times New Roman"> published excerpts
of a manifesto written by Kaczynski, and which turned out to be a well-written
argument against the explosive growth of technology in modern society.</font></p>
<p><font face="Times New Roman">It is not only the hardware that can be
subject to sabotage. Obviously, programs and other information that is
stored on a computer can be tampered with. An editor at the </font> <font face="Times New Roman"><i>Encyclopedia
Brittanica</i></font> <font face="Times New Roman">, in Chicago, became
so angry over being fired that he changed a great number of words in the
encyclopedia. Among others, he changed </font> <font face="Times New Roman"><i>Jesus
</i></font> <font face="Times New Roman">to </font> <font face="Times New Roman"><i>Allah</i></font>
<font face="Times New Roman">. There are innumerable examples of employees
exacting revenge on their employers in a similar manner. Another sabotage
took place in Israel. By accessing an Israeli newspaper's computers, a
19-year-old hacker managed to publish a false article about his computer
instructor being arrested and charged with drug-related crimes in the
U.S. (A rather amusing </font> <font face="Times New Roman"><i>hack</i></font>
<font face="Times New Roman">, in my opinion, but still rather serious
considering the importance of mass media in our society. Compare this
to </font> <font face="Times New Roman"><i>Captain Midnight</i></font>
<font face="Times New Roman">, in chapter 4.)</font></p>
<p><font face="Times New Roman"><b>Nazis</b></font> <font face="Times New Roman"><br>
</font> <font face="Times New Roman">Distributing (like the phreakers
did) stolen credit card numbers and codes, passwords for computer systems,
and similar information, is - obviously - illegal. Some BBSs, like </font>
<font face="Times New Roman"><i>Ausgebombt</i></font> <font face="Times New Roman">,
run classifieds for weapons, steroids, and items that might well be "hot".
They can also contain hard-core child or violent pornography, or racist
propaganda. Swedish nazis discovered technology at an early stage, and
frequently communicate electronically. At least one organization that
I know of, with ties to VAM (</font> <font face="Times New Roman"><b>Translator's
Note: </b></font> <font face="Times New Roman">VAM = Vitt Ariskt Motstånd
- "White Aryan Resistance", a Swedish white supremacist group,
and a bunch of freaking psychos. I just noticed that the English initials
for the organization would be "WAR"), have had guest speakers
on computer-related topics.</font></p>
<p><font face="Times New Roman">To be a racist, however, is not illegal.
However, incitement to violence and ethnic persecution are very illegal.
I personally don't find this relevant to a discussion about hackers. Most
hackers are not racists, nor in the least interested in steroids, stolen
firearms, or child pornography. When it comes to BBSs, you should follow
the same rules that apply to the rest of society: if you see something
suspicious on a Swedish BBS, which could constitute a prosecutable offense
- call the police. Also keep in mind that those heavily involved in a
political movement like neo-nazism usually don't waste time and effort
starting and running BBSs without good reason. Before letting your thoughts
and actions be guided by hate and disgust, you should consider that these
people have often thought long and hard about what they are doing. Have
you?</font></p>
<p><font face="Times New Roman">Incitements to criminal action or spreading
racist messages is equally illegal whether it is carried out through computers,
magazines, or leaflets. On the Internet, most system administrators have
enough of a sense of responsibility to remove such garbage when they come
across it. If you find something suspicious on the Internet, it is usually
simplest to find out who is responsible for the computer on which the
information is stored, and inform them. Calling the Swedish police is
usually pointless, since most of the Internet exists abroad (primarily
in the U.S.). In some countries, it isn't even criminal to distribute
racist information or similar stuff. In those cases, the Swedish government
is virtually powerless.</font></p>
<p><font face="Times New Roman">The only methods for an authority to contain
information stored in another country - with more lenient laws - are to
either cut off the nation's computer systems<sup><a href="#FTNT1">(1)</a></sup></font>
<font face="Times New Roman"> (which is neither easy nor desirable), or
through international legislation by the UN. But there is another way!
The Internet is built by people, for people, and functions through people.
</font> <font face="Times New Roman"><i>You can give your honest opinion
to those responsible for distributing the information. </i></font> <font face="Times New Roman">In
the worst cases, you can convince the person responsible for the computer
on which the information is stored to remove it. Before resorting to such
measures, however, you should think twice. Many view the Internet as a
gigantic library, and if you come up with ideas about "censoring"
this library, you should consider the fact that you are attacking free
speech, and be prepared to take responsibility for that. In such a case,
your actions are comparable to going into the nearest library, picking
some books out of the shelves, taking them out on the street and burning
them.</font></p>
<p><font face="Times New Roman">Information technology has thus brought
global problems to your desk at home. How ironic. Now it is no longer
possible to shut out world problems; you have to </font> <font face="Times New Roman"><i>get
involved</i></font> <font face="Times New Roman">. Dear God. Personally,
I think this type of discussion is so useful to ordinary Swedish society
that it outweighs any threat posed by this "dangerous" information.
The problems of Sri Lanka and the Ivory Coast are suddenly our problems
as well. As long as child porn is permitted somewhere in the world<sup><a href="#FTNT2">(2)</a></sup></font>
<font face="Times New Roman">, there will also be such material on our
own Internet. Such matters are </font> <font face="Times New Roman"><i>everyone</i></font>
<font face="Times New Roman">'s problem, like environmental problems.
The problem should be solved in its home court: the World. The UN, perhaps.<sup><a href="#FTNT3">(3)</a></sup></font>
</p>
<p> <font face="Times New Roman"><b>The Police</b></font> <font face="Times New Roman"><br>
</font> <font face="Times New Roman">The Swedish police - through the
National police Board - have a computer crime expert, superintendent </font>
<font face="Times New Roman"><b>Hans Wranghult</b></font> <font face="Times New Roman">
in Malmö. He took his studies, as did most European experts in this
field, in California. His most prominent work is a report called </font>
<font face="Times New Roman"><i>Datorkriminalitet - Hackers, insiders,
och datorstödd brottslighet </i></font> <font face="Times New Roman">("Computer
Crime - Hackers, Insiders, and Computer-Assisted Crime"), which seems
to be an edited version of his class notes from the States, slightly adjusted
to Swedish conditions. (I am holding my breath in anticipation of his
future creations.) Despite this report being a very detailed treatment
of computer crime and various perspectives relating to it, it relays a
very simplified picture of hackers. Apparently, Hans has listened mostly
to his teachers, and never asked any amateurs what they thought of hackers.
His section on hackers begins as follows:</font></p>
<p><font face="Times New Roman"><i>"Originally, the word hacker was
a label for the person who was responsible for testing computer systems
within the organization for which he worked. The method used was to subject
the system to all kinds of attacks, in order to spot errors or weaknesses
in the software or the security systems." </i></font></p>
<p><font face="Times New Roman">This statement is not true, since the first
hackers were students in charge of </font> <font face="Times New Roman"><i>developing</i></font>
<font face="Times New Roman"> computer systems, and the statement is indicative
of a basic view of hackers as always being busy testing or cracking security
systems. If you have read this book from the beginning, you know that
this is a fairly small aspect of hacking culture. Another possibility
is that Wranghult is simplifying intentionally, in order to motivate his
men. The police base their work on a dichotomous "us-against-them"
style of thinking, and if he had started talking about good hackers as
well as bad ones, the limits of the law's thinking (with regards to hackers)
would perhaps have become a little fuzzy.</font></p>
<p><font face="Times New Roman">He is especially critical of the image of
the hacker as a hero, which is blasphemy in his opinion. If he had known
how journalists employ hackers, as when Chaos Computer Club hacked into
information about the West German nuclear power program, or when the anonymous
hacker exposed the </font> <font face="Times New Roman"><i>Ausgebombt</i></font>
<font face="Times New Roman"> BBS, he would have been forced to reconsider
his vilification of hacker activities. Apparently the police have thought
twice about this, because in June of 1995, they announced that they would
be happy to enlist the help of hackers to combat computer crime.</font></p>
<p> <font face="Times New Roman">In regards to S</font> <font face="Times New Roman">Ä</font>
<font face="Times New Roman">PO's interest in hackers and computer culture,
there is not a lot of available information. This is not unusual, since
it's how things work. </font> <font face="Times New Roman"><b>Bengt Angerfelt</b></font>
<font face="Times New Roman"> and </font> <font face="Times New Roman"><b>Roland
Frenzell</b></font> <font face="Times New Roman"> are in charge of computer
security issues at SÄPO, and their work probably consists mostly
of gathering information and knowledge about computer crimes, so that
someone will know what to do if there is a threat to national security.
Hopefully, they know more about computer security than anyone else in
Sweden. Considering the fiasco with the encryption system, they should
have improved their expertise by now.</font></p>
<p><font face="Times New Roman">Military intelligence is also interested
(naturally) in computer security issues. I know even less about this -
but the only thing I know for sure is well-known among hackers: military
intelligence collects as much information as they can about system and
data security. This information is then used to, among other things, improve
</font> <font face="Times New Roman"><i>their own</i></font> <font face="Times New Roman">
security. No military person would ever have the urge to bring this knowledge
to the state or the business world. There are some obvious reasons for
this. Business in general, and especially the computer companies,
are concerned with the security of their equipment. For example, if the
American NSA (National Security Agency) informed a company that manufactured
a certain operating system of their system's security gaps, these would
immediately be fixed. </font> <font face="Times New Roman"><i>Why is this
not in the interest of military intelligence?</i></font> <font face="Times New Roman">
Very simple, really: since the software systems are exported, the military
can use the security weaknesses to attack foreign computer systems in
case of war. The military (at least in the U.S.) has its own hackers and
virus creators. I mean, why not? These weapons are hardly controversial,
and not limited by international agreements. Of course, they're armed
to the teeth with tools for electronic warfare. By being aware of security
glitches, one can protect oneself and attack others. For the same reason,
Swedish intelligence would never advise Ericsson about faults in the AXE
systems.</font></p>
<p><font face="Times New Roman">A number of Sweden's best hackers have been
hired as security experts by SÄPO as well as military intelligence
and counter-espionage agencies.<sup><a href="#FTNT4">(4)</a></sup></font>
<font face="Times New Roman"> Probably, this expertise is used in "bugging"
electronic communications (which is not illegal, in contrast to telephone
surveillance).</font></p>
<p><font face="Times New Roman"><b>Big Brother Wants to See You</b></font>
<font face="Times New Roman"><br>
</font> <font face="Times New Roman">But what about the distribution of
information that may be "dangerous to the public"? It is not
as intuitive to propose that information such as </font> <font face="Times New Roman"><i>The
Terrorist's Handbook, drug recipes, bomb blueprints, </i></font> <font face="Times New Roman">or
perhaps </font> <font face="Times New Roman"><i>technical information
about telephone cards</i></font> <font face="Times New Roman"> should
be illegal. A popular term for this is - strangely - </font> <font face="Times New Roman"><i>sociopathic
information</i></font> <font face="Times New Roman">. To be a sociopath
means to exhibit aggressively antisocial behavior, and belonging to a
group that does not accept current social norms</font></p>
<p><font face="Times New Roman">Therefore, hackers, ravers, anarchists,
Freemasons, and other subgroups can be viewed as sociopathic. So can Rotary.
Sociopathic information, therefore, is information that is written by
socially maladjusted people. For example, spreading liberal ideas in a
totalitarian communist country would have to be considered very sociopathic. It
is not against the law to be socially maladjusted. It isn't even prohibited
to distribute sociopathic information. However, there are a few authoritarian
elements in our society that would like this to be so. During my research
for this book, I have fortunately only found one example of this Big Brother
attitude:</font></p>
<p><font face="Times New Roman">In a funky report from </font> <font face="Times New Roman"><b>Institutet
för Rättsinformatik</b></font> <font face="Times New Roman">
("The Institute for Legal Information"), attorney </font> <font face="Times New Roman"><b>Anders
Wallin</b></font> <font face="Times New Roman"> tells us how </font> <font face="Times New Roman"><i>he</i></font>
<font face="Times New Roman"> thinks the law views sociopathic information.
In around 50 pages, he manages the feat of repeatedly condemning so-called
sociopathic information, while failing to mention even once that this
information is actually not illegal. Rather, he leans on a legal paradigm
that views anything that threatens society as it is today as dangerous,
by definition. Imposed on ideology, this would be called conservatism. Wallin
mentions, among other things, that he hasn't been able to find the sociopathic
</font> <font face="Times New Roman"><i>The Anarchist's Cookbook</i></font>
<font face="Times New Roman"> in any Swedish library, and goes on to lament
the fact that similar information </font> <font face="Times New Roman"><i>is</i></font>
<font face="Times New Roman"> available on several Swedish databases.
What he doesn't mention, however, is that this book has been </font> <font face="Times New Roman"><i>cleared</i></font>
<font face="Times New Roman"> for publication. If you want to read a really
sociopathic book, go find </font> <font face="Times New Roman"><b>Jerry
Rubin's</b></font> <font face="Times New Roman"><i>Do It!</i></font> <font face="Times New Roman">,
which is available at many Swedish libraries. It also happens to be published
by the respectable publisher Pan/Nordstedts. The list can be made longer.</font></p>
<p><font face="Times New Roman">Apparently, sociopathic information is a
term applied to books that normal people shouldn't read, because if they
do, they will become corrupt. Alternatively: books that youth shouldn't
read, or they will become corrupt. Or: books that not everyone should
read, for their judgment cannot be trusted (as for myself, I am rather
childishly fond of the freedom of the press). At the same time, I have
to say that I don't think that everything in Wallin's report is bad. What
I find erroneous is the implicit call for censorship that exists between
the lines of this report. Wallin thinks it's horrible that young boys
should be able to read hacker books and terrorism manuals. And I understand
him - there are those who have managed to cause great damage using knowledge
found in such material. Apparently, someone in the U.S. managed to blow
up their little sister. I am not blind to such things. But Wallin has
obviously </font> <font face="Times New Roman"><i>read this material himself...</i></font>
</p>
<p><font face="Times New Roman">This drives cyberpunks up the wall, and
is regarded - justifiably - as authoritarianism. The final responsibility
for prohibiting teenagers from building bombs at home should be with the
parents. And if the kids are old enough to have left the nest, I would
consider them worthy of our trust. Actually, I believe they can handle
reading these books, if they find it amusing. I happen to consider a person
that manufactures a bomb at home to have more than one loose screw, and
not at all a reason to abrogate the rights of normal people to free speech
and press. I willingly confess: I own oogles of sociopathic information.
Yep, it's true. I have, among other things, used them for research of
this book. Almost all of the information I possess is in a digital form,
and because I like to, I distribute it with abandon, which I consider
not at all irresponsible.</font></p>
<p> <font face="Times New Roman"><b>Making Computer Viruses Illegal??</b></font>
<font face="Times New Roman"><br>
</font> <font face="Times New Roman">Prohibiting the manufacture of computer
viruses is also questionable. Especially since there aren't any plans
to criminalize </font> <font face="Times New Roman"><i>possession</i></font>
<font face="Times New Roman"> of computer viruses - only their creation.
Can I not produce a computer virus and infect my own computer if I feel
like it? This seems strange, in my opinion. A relevant fact is that you
could make a computer virus with paper and pencil, if you wanted to. It
is not until it is fed into a computer and distributed that it can cause
damage.<sup><a href="#FTNT5">(5)</a></sup></font> </p>
<p> <font face="Times New Roman"><b>Big Brother:</b></font> <font face="Times New Roman"><i>What
do you want to make viruses for? There's no good in that. Don't
do it. Don't do it, I tell you. Why are you writing poems? Where's the
good in that? Don't. Go to the factory instead,
and do some work. Be of use, I tell you.</i></font> </p>
<p><font face="Times New Roman">On the other hand, I agree that the intentional
distribution of computer viruses should be criminal. The debate has been
going on in the U.S., where, for example, the well-known virus fighter
</font> <font face="Times New Roman"><b>Alan Solomon </b></font> <font face="Times New Roman">(known
as </font> <font face="Times New Roman"><b>Dr Solomon</b></font> <font face="Times New Roman">)
has clearly stated that he would consider a ban on virus manufacturing
as violating the rights and freedoms of the individual. Furthermore, a
virus can not be accurately compared to a bomb, since an isolated computer
with a virus on it poses no public threat. Especially if the user know
what he or she is doing, which is usually the case when it comes to virus
makers. Additionally, a virus does not consist of something tangible (like
chemicals or metal), but only of pure information. A computer virus </font>
<font face="Times New Roman"><i>can</i></font> <font face="Times New Roman">
be constructed through a series of commands written on a piece of paper;
it is simply a case of the same information in different forms. Thus,
a virus on paper would be legal since we have freedom of the press, while
a virus in machine-readable form would be illegal since we do not have
freedom of information? Aren't they the same thing?</font></p>
<p><font face="Times New Roman">Our modern Trojan horse, in the form of
a computer virus, will most likely meet the same end as </font> <font face="Times New Roman"><b>Karl
Gerhard</b></font> <font face="Times New Roman">'s play </font> <font face="Times New Roman"><i>Den
ökända hästen från Troja</i></font> <font face="Times New Roman">
("The Notorious Trojan Horse), which was quickly and definitively
banned as it criticized the Nazi infiltration of Sweden in the 1940's.
Unwanted art should not be exhibited (in the interest of the State), and
you do not at all know best what to do with your computer (sarcasm ;-).</font></p>
<p><font face="Times New Roman"><br>
</font> <font face="Times New Roman"><b>"Datainspektionen" and
Integrity</b></font> <font face="Times New Roman"><br>
</font> <font face="Times New Roman">The vanguard of the computer crime-fighting
forces in Sweden consists of </font> <font face="Times New Roman"><i>Datainspektionen</i></font>
<font face="Times New Roman">. This governmental agency's primary purpose
is ensuring that state institutions and corporations follow </font> <font face="Times New Roman"><b>Datalagen</b></font>
<font face="Times New Roman"> (the Swedish Data Code), which has been
constructed specifically to protect the individual from a totalitarian
information society. Datainspektionen was born in 1973 as a product of
an international public debate with its origins in San Francisco. In connection
with the Census of 1970, when for the first time all data was electronically
registered, many had begun drawing parallels to </font> <font face="Times New Roman"><b>George
Orwell's </b></font> <font face="Times New Roman"><i>1984</i></font> <font face="Times New Roman">,
and this gave birth to a debate about data integrity. The insinuation
was that government, to a certain extent, was collecting information that
they had no legitimate use for, and which could be used to control citizens
in every aspect.<sup><a href="#FTNT6">(6)</a></sup></font> </p>
<p><font face="Times New Roman">The former director of Datainspektionen,
</font> <font face="Times New Roman"><b>Jan Freese</b></font> <font face="Times New Roman">,
who still seems to exert considerable influence on the agency, is an important
philosopher in the field. In practice, it seems that much of what Jan
writes or speaks is adopted by Datainspektionen without further discussion.
This is not so bad, since the guy mostly displays common sense. He has
made several sound propositions for information legislation, and prepared
Swedish society for the information revolution to a great degree. Especially
good is his proposition of a </font> <font face="Times New Roman"><i>general
integrity law</i></font> <font face="Times New Roman">, covering databases
containing information on individuals and privacy violations, whether
or not computers and electronics are involved. This law should, according
to Freese, regulate (quoted from </font> <font face="Times New Roman"><i>Datateknik</i></font>
<font face="Times New Roman"> #8/1995):<br>
</font> <font face="Times New Roman"><br>
</font> <font face="Times New Roman"> </font> <font face="Times New Roman"><i>*
Access to and searches of private property<br>
</i></font> <font face="Times New Roman"><i> *
Physical searches of persons, medical check-ups, and psychological tests<br>
</i></font> <font face="Times New Roman"><i> *
Surveillance/espionage<br>
</i></font> <font face="Times New Roman"><i> *
Illegal photography/recordings<br>
</i></font> <font face="Times New Roman"><i> *
Electronic surveillance ("bugging")<br>
</i></font> <font face="Times New Roman"><i> *
Distribution of privileged information<br>
</i></font> <font face="Times New Roman"><i> *
Use of third parties' names, images, and similar information<br>
</i></font> <font face="Times New Roman"><i> *
Abuse of third parties' communications</i></font> <font face="Times New Roman"><br>
</font> <font face="Times New Roman"><br>
</font> <font face="Times New Roman">And this is also basically the kind
of record-keeping that the EFF, cypherpunks, and others are working against.
The difference, in the case of cypherpunks, is that they are of the opinion
that the regime (in the US) has totally failed to protect the integrity
of the individual. They even suggest that the government cannot handle
these matters without becoming totalitarian. </font> <font face="Times New Roman"><i>Thus</i></font>
<font face="Times New Roman">, the individual should protect him- or herself
through cryptography, anonymity measures, etc. The libertarian heritage
is apparent, based on the American pioneers, who had to protect their
farms and land with their own arms since the legal system was not fully
established. That time is so far back in Swedish history that it's become
foreign to us. We are used to government taking care of everything.</font></p>
<p><font face="Times New Roman"> The reason that more and more people
arm themselves with encryption is that the electronic parallel universe,
cyberspace, is barbaric and uncivilized, and that even government employees
appear to act instinctively and arbitrarily with regards to computers.
If an integrity protection law like the one proposed by Freese had existed
at an earlier stage, the problem would be absent.</font> <font face="Times New Roman"><i>However,
note the following:</i></font> <font face="Times New Roman"> Datainspektionen
is subordinate to the executive branch of the Swedish Congress. If the
government gets the urge to register all political dissidents, Datainspektionen
cannot do anything about it, despite it being written into law that the
executive should consult Datainspektionen before creating any database
on its own initiative. Datainspektionen is </font> <font face="Times New Roman"><i>in
no way</i></font> <font face="Times New Roman"> a safeguard against a
totalitarian society! Only those who blindly trust institutions and governments
would dare to rely on Datainspektionen for this purpose.</font></p>
<p><font face="Times New Roman"><b>From hacking to computer crime</b><br>
</font> <font face="Times New Roman">Can hacking lead to crime? The answer
is a clear YES. Hacker groups, like any other, have their share of psychopaths
and deviant followers. Social engineering in itself must be considered
a giant step away from social norms. It </font> <font face="Times New Roman"><i>is</i></font>
<font face="Times New Roman"> dishonest to deceive other people, and viewing
the person at the other end of the phone line as an object is frighteningly
cold-blooded. Some phreakers have constructed blue boxes that they've
sold for around $1500, and this activity is clearly not rooted in ideology.</font></p>
<p><font face="Times New Roman">Phreakers defend their criminal activity
in the classical manner: first of all, only large corporations are victimized.
Losses from credit card fraud against private individuals are usually
absorbed by the issuing banks. At the same time, they nonchalantly ignore
the fact that they create a hell of a hassle for the individuals who have
to prove to the credit card companies that they didn't use their cards
themselves. The elitist attitude often becomes an excuse to do whatever
one feels like. At the same time, it should be noted that media as well
as credit card companies exaggerate the consequences of being subject
to credit card fraud. Even credit card company investigators can think,
and generally understand that a well-educated father of two doesn't make
repeated conference calls across half the world just for the hell of it.
Many investigations are dismissed at an early stage.</font></p>
<p><font face="Times New Roman">Second, hackers often point to the fact
that they don't derive any </font> <font face="Times New Roman"><i>material
gain</i></font> <font face="Times New Roman"> from hacking. Hackers are
known for breaking into phone companies and stealing </font> <font face="Times New Roman"><i>only</i></font>
<font face="Times New Roman"> manuals. This, of course, confuses prosecutors.
A hacker does not fit tour stereotype of a criminal who absconds with
other people's property for their own gain. For an hacker hungry for information,
the crime </font> <font face="Times New Roman"><i>itself</i></font> <font face="Times New Roman">
is the reward, which may seem a little odd.</font></p>
<p><font face="Times New Roman">Manufacturing a computer virus, or spraying
graffiti on a concrete wall, does not offer much in the way of profit.
Possibly it could be sabotage or vandalism, but it is not a matter of
organized crime. Perhaps virus manufacturing is, like graffiti, best viewed
as an unpopular form of art; a product of our time, in which everything
artistic must be sanctioned, planned, and spontaneity virtually extinguished.</font></p>
<p><font face="Times New Roman">Hacking a network is more a matter of </font>
<font face="Times New Roman"><i>exploring </i></font> <font face="Times New Roman">the
system than </font> <font face="Times New Roman"><i>stealing</i></font>
<font face="Times New Roman"> system time. In some countries, like Canada,
it is permitted to walk into another persons house, look around, and leave,
as long as nothing is stolen or damaged. From an ethical perspective,
it is a tricky problem. In the Netherlands it was, until 1987, completely
legal to enter a computer as long as nothing was destroyed or modified.<sup><a href="#FTNT7">(7)</a></sup></font>
</p>
<p><font face="Times New Roman">Third, they defend their acts on ideological
grounds - by which society is described as generally corrupt, and the
real crooks are the large corporations and currency traders, who manipulate
all of humanity to run their errands through their speculation. The opposite
is the beauty of established society, as </font> <font face="Times New Roman"><b>Oscar
Wilde</b></font> <font face="Times New Roman"> once expressed it:</font>
<font face="Times New Roman"><i>It is better to live unjustly, than without
justice.</i></font></p>
<p><font face="Times New Roman">In this view, it is permissible to speak
and theorize about making society more just, while direct action must
be regarded as illegal, from a social perspective. It is the same principle
that covers all undemocratic actions - whether it concerns those of hackers,
environmentalists, or peace activists. If you break the law, you commit
a crime. Period. Personally, I think that any activists who break
the law, be it hackers or cyberpunks as well as tree-huggers, peace activists,
or anti-abortionists who blow up abortion clinics, </font> <font face="Times New Roman"><i>should</i></font>
<font face="Times New Roman"> be sentenced and jailed if society deems
it necessary. It is not the responsibility of society to decide which
values serve to justify illegal acts. My opinion, on the other hand, is
due to the fact that I firmly believe in humankind's ability to achieve
results in a representative democracy.<sup><a href="#FTNT8">(8)</a></sup></font>
<font face="Times New Roman"> Anarchists, on the other hand, conclude
that there should be no laws at all. (Which </font> <font face="Times New Roman"><i>I</i></font>
<font face="Times New Roman"> can't really agree with). It's a question
of values, and in our present society, un-legitimized actions are considered
criminal. If those actions victimize individuals, they're misdirected.</font></p>
<p><font face="Times New Roman">It's been submitted that hackers could form
entire underground syndicates and cooperate with the Mafia. This is, so
far, mere speculation. In my opinion, the hacker mentality is not really
fit for organized crime. The hacker immediately retreats when he/she feels
physically threatened, and removed from his/her protected existence behind
the screen. This doesn't mean that he or she is </font> <font face="Times New Roman"><i>chicken</i></font>
<font face="Times New Roman">, but rather that the whole thing is "for
fun".</font></p>
<p><font face="Times New Roman">Many hackers receive strange requests like
</font> <font face="Times New Roman"><i>"you who are so technically
skilled, couldn't you build a pirate decoder... ", "couldn't
you (whatever)"</i></font> <font face="Times New Roman">, The fact
is that even though the hackers definitely </font> <font face="Times New Roman"><i>can</i></font>
<font face="Times New Roman"> do this, they very seldom do. Hackers are
anti-authoritarian and detest being bossed around. </font> <font face="Times New Roman"><i>"Figure
it out on your own!"</i></font> <font face="Times New Roman"> is
the most frequent answer. The hacker doesn't want some subordinate role
as technical genius in some criminal organization. Why should he? He could
make a lot more money in a </font> <font face="Times New Roman"><i>low-paid</i></font>
<font face="Times New Roman"> computer job than any criminal organization
could offer, with the possible exception of the Mafia or foreign intelligence
agencies. However, they are often willing to give advice, tips, and ideas:</font>
<font face="Times New Roman"><i> "Are you stuck?", "Have
you found anything interesting?"</i></font> <font face="Times New Roman">
- but as far as economic motivation (not curiosity) is concerned - forget
it.</font></p>
<p><font face="Times New Roman">I would go so far as to say that we should
be grateful that the little annoying hackers discovered security glitches
in the computer systems, rather than the </font> <font face="Times New Roman"><i>big
fish</i></font> <font face="Times New Roman">.</font> <font face="Times New Roman">During
the golden age of phreakers (in the 70s), several large gambling syndicates
used blue boxes, which they manufactured on a near-industrial scale and
sold at usurious rates. You can hold any opinion you want about this,
but no one can deny that the hackers' activities have been </font> <font face="Times New Roman"><i>important</i></font>
<font face="Times New Roman"> to industry, if not always </font> <font face="Times New Roman"><i>beneficial</i></font>
<font face="Times New Roman">. (Otherwise they wouldn't have become such
a popular topic). When Bob in Springfield makes his own phone cards
and sells them for $20-$100, this is hardly to be considered industrial-scale
production or even production for his own gain. Considering the simple
equipment used in the process, and the time spent on constructing it,
it would more closely resemble a total loss. It would, therefore, seem
to exist an ideological reason for constructing the phone cards. Freedom
of information? Anarchy?</font></p>
<p><font face="Times New Roman">Personally, I would have to say that the
"hardware viruses" in the form of an electronic device called
</font> <font face="Times New Roman"><i>Big Red</i></font> <font face="Times New Roman">,
found in some American and Australian banking computers, are much more
frightening than anything </font> <font face="Times New Roman"><i>any
</i></font> <font face="Times New Roman">hacker has </font> <font face="Times New Roman"><i>ever</i></font>
<font face="Times New Roman"> invented. This thing copies, encrypts, and
hides important information on a computer's hard drive so that some informed
people can easily access it. Big Red could very well be constructed by
the Mafia or some international intelligence agency. These must have been
deliberately installed from the </font> <font face="Times New Roman"><i>inside</i></font>
<font face="Times New Roman"> of an organization, as opposed to the hacker's
curiosity-driven exploits.</font></p>
<p><font face="Times New Roman">As of July 1995, an unusually sophisticated
computer theft ring was still operating in Sweden. They entered offices
and only stole computers, not monitors or keyboards (these were cut off).
From some older models, only memory chips and hard drives were taken.
In order to work undisturbed, the gang cut the telephone company's alarm
cables by gong through access boxes on the street, in the way the hackers
of the film </font> <font face="Times New Roman"><i>Sneakers</i></font>
<font face="Times New Roman"> did it. The gang communicated via radio,
and the police even succeeded in taping their communications. Still, they
weren't caught.</font></p>
<p><font face="Times New Roman">There's no doubt as to the origin of these
thieves. Some of them are definitely some type of hacker, others are more
hardened techno-criminals. The similarity to Gibson's characters is striking:
the only loot is information technology, memory is worth its weight in
gold, and the criminals possess fantastic technical skills. I will not
for one second deny that these offenders have learned many of their skills
used in their ventures through different hacker magazines: Rolig Teknik,
Phrack, any number of books from small, obscure publishers. (And certainly,
from common textbooks). But this is actually not the problem.</font></p>
<p><font face="Times New Roman">The problem is </font> <font face="Times New Roman"><i>us.</i></font>
<font face="Times New Roman"> The problem is that we watch movies like
</font> <font face="Times New Roman"><i>Sneakers, The Saint, Why Me?</i></font>
<font face="Times New Roman"> etc., in which we can identify with the
romantic or comical criminal, despite the fact that we objectively judge
such a person to be the enemy of society and scum deserving of all that
is coming to them. We need the criminal, or in this case, the </font>
<font face="Times New Roman"><i>technologically advanced criminal</i></font>
<font face="Times New Roman">, to know that it's still possible to circumvent
all electronic security systems. Because - if we can't escape technological
supervision, well, then we </font> <font face="Times New Roman"><i>can't</i></font>
<font face="Times New Roman"> become lawless, and then being lawful is
no longer a free choice. There is no longer any anti-career that we can
look down upon in our eternal quest to jet upwards through the social
hierarchy. There is no honor to preserve, because if no one can be dishonorable,
one cannot know what it means to be honorable. Crime exists in the form
of an engine that drives us to act straight, warns us if we approach the
edge of propriety, and makes us feel content with our successful lives.
We, of course, do not run around at night, cutting cables, and stealing
computers, do we? We work during the days and </font> <font face="Times New Roman"><i>sleep</i></font>
<font face="Times New Roman"> at night. Each day needs its night. Every
society's glowing, law-abiding segment needs its photophobic underground
movement. </font></p>
<p><font face="Times New Roman">We award our geniuses two types of careers.
Either they go through twelve years of high school and four years of college
to become engineers and continue their careers upwards or sideways in
the chase for </font> <font face="Times New Roman"><i>more </i></font>
<font face="Times New Roman">status, </font> <font face="Times New Roman"><i>more
</i></font> <font face="Times New Roman">money, and </font> <font face="Times New Roman"><i>more</i></font>
<font face="Times New Roman"> exciting work projects. (Imagine, I could
be CEO one day... I'll have to read up on some finance too... make the
right contacts, hold the right opinions...). But what if you don't
like school? What if the awfully long education bores you, but your interest
is still burning for electronic devices and computers? No problem. Society
has something for you too: </font> <font face="Times New Roman"><i>vocational</i></font>
<font face="Times New Roman"> education, </font> <font face="Times New Roman"><i>no</i></font>
<font face="Times New Roman"> status,</font> <font face="Times New Roman"><i>
no </i></font> <font face="Times New Roman">money, and </font> <font face="Times New Roman"><i>no</i></font>
<font face="Times New Roman"> exciting work projects like PLEX programming
or control system construction. You will never go to the right schools,
know the right people, or read the right books. You won't have the correct
social heritage. </font> <font face="Times New Roman"><i>This is despite
the fact that you are perhaps intelligent and capable and would be more
suitable for Ericsson's training programs than anyone else!</i></font>
<font face="Times New Roman"> The hiring practices at high-tech companies
are tastefully oriented towards turning non-degreed applicants back to
the slums they came from.</font></p>
<p><font face="Times New Roman">Remaining option: anti-career. Use your
knowledge to break down society's security systems so that the poor citizens
will know it's not invulnerable. Give them something to fight and live
for. Give them an external threat so that they won't have to take a look
in the mirror. Be an outlaw to set the parameters for the lawful. Don't
think that crime doesn't pay - sometimes it does. Just as long as a few
get caught now and then so that the good people will have something to
abhor. </font></p>
<p><font face="Times New Roman">Your criminals are the devils that let you
see the angels within yourselves. I'll be damned if they're any worse
than you!<sup><a href="#FTNT9">(9)</a></sup></font> </p>
<p> <font face="Times New Roman"><b>Corporate Security Forces</b></font>
<font face="Times New Roman"><br>
</font> <font face="Times New Roman">One of the most unpleasant computer
crimes I know of was committed (and perhaps is still being committed)
by </font> <font face="Times New Roman"><b>Telia</b></font> <font face="Times New Roman">.
In April 1995, the electronic magazine </font> <font face="Times New Roman"><b>Z
Central</b></font> <font face="Times New Roman"> (a subsidiary of Z-mag@zine)
made public that Telia possessed its own net surveillance unit, which
had as its mission to gather information about subscribers suspected of
being phreakers or hackers. Using phone-switch computers, they could easily
record who made what calls and where. It seems that Telia systematically
traced and surveilled some hackers, which really is something that only
the cops have a right to do. This information was further distributed
to other companies which Telia suspected of having been infiltrated by
these hackers. These procedures are illegal, according to the fourth
section of the Data Code, which prohibits registering information concerning
possible criminality without the prior permission of Datainspektionen.
Permission is almost never granted - in order to prevent totalitarian
social control.</font></p>
<p><font face="Times New Roman">It should be added that this discussion
about Telia's phone usage registration is not a new one. As early as 1981,
Telia had an electronic surveillance machine named </font> <font face="Times New Roman"><b>TAL-T
M80</b></font> <font face="Times New Roman">, which permitted the logging
of all usage on a particular line, and could send the log to a central
computer for storage. Since then, Telia has introduced this type of surveillance
to virtually any phone in Sweden, since this function is built into every
AXE switch. In reality, anything you do using a phone is recorded by the
AXE switch. If you pick up the phone and then dial </font> <font face="Times New Roman"><i>one</i></font>
<font face="Times New Roman"> digit before hanging up, this action is
registered as a time and a button-press in a computer. Telia is then able
to retrieve a complete listing of all calls and non-calls performed -
</font> <font face="Times New Roman"><i>anything</i></font> <font face="Times New Roman">
that has taken place on the line. The information, according to Telia,
is used to assess and improve existing systems, and to resolve disputes
with subscribers. The info is stored on computer tape for about six months.<sup><a href="#FTNT10">(10)</a></sup></font>
</p>
<p><font face="Times New Roman">Anyone that has worked for a large corporation
will understand why Telia can't resist registering and analyzing its business.
However, distributing such information is against telecommunications as
well as privacy laws. Telia, of course, acted in "good faith"
in its attempt to "help" the victimized companies, but that
doesn't excuse the breach of privacy involved. I've even seen indications
that Telia use their databases for various purposes within the company.
The information is ruthlessly consulted by Telia's security departments
when they suspect hacker activity, in order to extract information from
hackers about their possible transgressions. (In many cases, Telia's own
computers suffer from inadequate security.<sup><a href="#FTNT11">(11)</a></sup></font>
<font face="Times New Roman">) This takes place despite the fact that
this information is not even supposed to be available to the police...</font></p>
<p><font face="Times New Roman">To facilitate computer crime-fighting, they've
begun to investigate the possibility of constructing a so-called </font>
<font face="Times New Roman"><i>expert system</i></font> <font face="Times New Roman">,
an artificially intelligent agent instructed to analyze the bands in which
all Swedish phone calls are registered, in the search for </font> <font face="Times New Roman"><i>behavior
patterns</i></font> <font face="Times New Roman"> that seem suspect. This
involves checking out people that make long and frequent calls without
interruptions, call a lot of toll-free numbers, etc., in order to compile
a database of "suspicious" subscribers. Hopefully, Telia does
not intend to use the system, since this would imply a completely illegal
data-handling procedure. But what price is too high to maintain security?</font></p>
<p><font face="Times New Roman">Telia serves as an example for large corporations'
views on computer crime. Of those crimes committed against Telia's technological
installations, 87% consist of theft and vandalism, while computer intrusion
and technical manipulation makes up about 10%. The latter category includes
hackers' and phreakers' activities, but also a great deal of other activity
that has nothing to do with those underground groups. (</font> <font face="Times New Roman"><i>But,
</i></font> <font face="Times New Roman">since hackers have a definable
culture and system of ethics, they're easier to point out and condemn). In
addition, Telia is a company that suffers from an almost paranoid fear
that someone will understand how their systems work. All communications
companies feel this way. Since the technological safeguards at Telia's
switches are inadequate, they rely on a </font> <font face="Times New Roman"><i>psychological</i></font>
<font face="Times New Roman"> form of protection, which simply means that
information is kept secret so that a possible attacker cannot know how
the systems work. In the same manner, it protects its own organization,
its own internal phone numbers, etc. Even </font> <font face="Times New Roman"><i>within</i></font>
<font face="Times New Roman"> the organization, safeguards are in place.
They are diligent about not giving any more information than necessary
to operators. There is no comprehensive understanding of Telia's systems
except among CEOs, high-level engineers, and system developers. The only
road to those positions lies in internal advancement. Knowledge in regards
to Telia's systems is therefore only supposed to exist within the organization,
and no one outside Telia should know anything about how the switches really
work. </font> <font face="Times New Roman"><i>Hands-off</i></font> <font face="Times New Roman">,
as opposed to "hands-on", that is. Just use the system. Don't
ever try to figure out how it works, even if you're interested. Do not
examine, do not rummage among the cables, just </font> <font face="Times New Roman"><i>call,
pay,</i></font> <font face="Times New Roman"> and </font> <font face="Times New Roman"><i>be
happy!</i></font> </p>
<p><font face="Times New Roman">The reason that Telia has its own security
organization is that the police has neither the time nor the funding to
investigate Telia's problems. (As I mentioned earlier, they are reluctant
to investigate fraud amounting to less than $8000 or so). Telia has officially
said that the company needs about 30 security managers plus about 10 or
so specialists within the areas of physical security, system security,
data processing, secrecy, and information security. The last category
is the one that is supposed to make sure that I, among others, should
not know the information contained in the previous sentence. (These figures,
however, originate in the time when Telia was still called Televerket,
and had to release information because of the freedom of information laws).
Presumably, the information security officials now have a structured organization
which ensures that potentially dangerous information does not leave the
company or end up in public records.</font></p>
<p><font face="Times New Roman">Another thing, which should be completely
made clear, is that large corporations like Telia cannot afford morals.
Once they have discovered fraud affecting the company, they first have
to decide whether it pays off to go after the criminals and improve security
before taking any action. If improving security poses too much of an inconvenience
for legitimate users, resulting in loss of customers, it is more cost-effective
to let the hackers be. This has led to many hackers raising their eyebrows
and wondering whether the communications companies are laid back, stupid,
or just plain moronic. In reality, their only concern is money. That's
why it's still so easy to call using fake credit card numbers - it is
simply too expensive to effectively address the problem.</font></p>
<p><font face="Times New Roman">At this point, allow me to make a connection.
When I spoke of cyberpunk, I mentioned that William Gibson et. al. chronicle
a future in which all finance and development is handled by large corporations,
with a strictly hierarchical organization and a ridiculously strenuous
work ethic. In the R&D labs, new technological innovations are pushed
out by bored engineers with their fingers constantly on the fast-forward
button. Everything in the organization of these companies is designed
to make the people inside the hierarchy feel as important as possible,
so that they will work as effectively as possible and push their underlings
to work even harder. The result is a frighteningly effective but psychopathic
organization, which can push social development beyond any imaginable
limits.</font></p>
<p><font face="Times New Roman">Those hackers that have been forced to enter
Telia's regional offices in the capacity of informers, have - with awe
- described the rigorous security procedures. They have passed many doors,
all with flashing diodes and demanding access cards to prevent the wrong
person from being in the wrong place at the wrong time. At the very top
of the building, there are the offices of the highest executives, after
a total of perhaps five doors that all require pass codes. The hierarchy
demands that the offices gain size as they gain altitude. At the top,
they are posh. This is the final goal of all the residents of the building.
The denizens of the lower levels of this tower of power are not allowed
to pass through as much as half the doors leading to the top level. In
this manner, the eternal desire to climb to the top is preserved.</font></p>
<p><font face="Times New Roman">The hacker is called to this place. The
man on the other side of the desk is not evil. He is not inhuman, psychopathic,
or simply cruel. He is diligent. He believes in the ten stories of concrete
through which the hacker has just been transported. He has been, for his
entire life since leaving the university, a part of this hierarchy. Since
he is a CEO, he has been among those displaying the greatest loyalty and
faithfulness to the company and the entire social system which has enabled
it to exist. He can not, for the life of him, imagine that any of this
could be based on an incorrect assumption - that there could be anything
wrong with the market economy system, a giant wheel in which he himself
is but a tiny, tiny cog. Somewhere deep inside, he retains a small illusion
of freedom and independence which he nurtures tenderly.</font></p>
<p><font face="Times New Roman">He has a lot of respect for the hacker.
The 20-year-old on the other side of the table managed, after all, to
breach all the walls he has built. And the hacker didn't accomplish this
through violence, but through intelligence. He manipulated Telia's computers.
He was one step ahead of Telia's own security teams. The boss is impressed.
But at the same time he knows, based on his fundamental appreciation of
the society which lets him live in a plush two-story house with a housewife,
two kids, and two cars, that this kid is wrong. The boy is a criminal,
and should be treated like one. He knows that he is dealing with a dangerous
individual. He has completely swallowed the myth of the hacker as a cold-blooded,
anarchistic antagonist. It his </font> <font face="Times New Roman"><i>him</i></font>
<font face="Times New Roman">, the Chief of Security, who is right. The
concrete, the desk, the condo, the market, the school system... all of
these back him up. Of course he's right. How else are things supposed
to work?</font></p>
<p><font face="Times New Roman">Of course, he has to know how the kid did
it. Since he knows that he's right, he feels entitled to use any means
available. In the concrete chambers in Göteborg, Farsta, and Kalmar,
his devoted servants stand at attention - </font> <font face="Times New Roman"><b>IBM
3081 d, AS/9000, Sperry 1100/92 - </b></font> <font face="Times New Roman">computers
that obey his every command. Even before the hacker was brought to the
office, he had lists printed of all the calls that this individual had
made during the last six months. An exhaustive list, with dates and times
down to the second. </font> <font face="Times New Roman"><i>So he called
his girlfriend in the middle of the night after a two-hour call to a toll-free
number in the States? Why? Is she involved as well?</i></font> <font face="Times New Roman">
It'll be a long interrogation. The hacker on the other side of the desk
doesn't know that the list that is about to be put in front of his nose
by Telia's security chief is totally useless from a legal point of view.
Nothing is witnessed or signed; only five calls have been traced. These
calls constitute the only binding evidence.</font></p>
<p><font face="Times New Roman">The hacker, with his boring middle-class
background, looks across the table and straight into the eyes of the impressive
boss. He locks gazes with Gibson's psychopathic Tessier-Ashpool concern.
He sees the enormous company's pulsating brain sitting in front of him,
dressed in Lacoste pants and a white shirt. The question is whether he
understands this.</font></p>
<p><font face="Times New Roman"><b>The BBS that Vanished</b></font> <font face="Times New Roman"><br>
</font> <font face="Times New Roman">Let's imagine that a group of cyberpunks,
in the near future, create a BBS named </font> <font face="Times New Roman"><i>Pheliks</i></font>
<font face="Times New Roman"> to spread information using a powerful personal
computer with several telecommunications lines. Stored on this BBS is
pirated software, drug recipes, anarchist pamphlets, in-depth descriptions
of Telia's AXE switches, documentation for smart credit cards, and much
more. The software industry, spearheaded by Microsoft, are pissed. The
credit card companies, spearheaded by Visa and Mastercard, are pissed.
The police, wishing to maintain order, knows that this is against the
law and feels compelled to act. Unfortunately, the cyberpunks are aware
of the possible countermeasures of the police and other authorities, and
have implemented their own counter-countermeasures. When the authorities
call up the BBS they are greeted by the following message:</font></p>
<blockquote>
<p><font face="Times New Roman"><b>Pheliks BBS - open 24 hours at 28.800
bps.</b></font></p>
<p><font face="Times New Roman"><b>NOTE: Pheliks BBS is open to amateurs.
Police, journalists, researchers, or other persons in an official capacity,
as well as business persons or representatives of non-profit organizations,
are NOT WELCOME. If you belong to any of these categories, we humbly
but firmly ask you to terminate your connection to Pheliks BBS. Press
ENTER to confirm that you do not belong to any of the above categories.
Press +++ath0 to terminate the connection.</b></font> </p>
</blockquote>
<p><font face="Times New Roman">Through this messages, paragraph 21 of the
data code is invoked, with the result that anyone not complying with the
request is guilty of a computer crime. In this way, every form of electronic
search is made impossible, and the BBS is not threatened by governmental
agencies or research institutes, which are bound to stay within the law. </font>
<font face="Times New Roman"><i>Journalists</i></font> <font face="Times New Roman">
could in this case appeal to their moral right, as a third power of the
State, to breach the data code in the public interest. The software companies,
in the form of Business Software Alliance, would also (most likely) not
give a shit about the data code and proceed despite the message. After
a scoop in the papers, combined with repeated anonymous tips (read: lobbying)
from the BSA, and combined with some sort of surveillance indicating that
there might even be illegal drugs in the same location as the BBS, the
police could raid the BBS after all.</font></p>
<p><font face="Times New Roman">However, the cyberpunks have predicted this
scenario as well. When the cops bring the BBS computer to the station,
they find that the part of the hard drive containing the BBS's information
has been encrypted with the </font> <font face="Times New Roman"><i>Securedrive</i></font>
<font face="Times New Roman"> program. This software uses 128-bit DES
encryption, known to be uncrackable. To encrypt your hard drive is perfectly
legal - businesses do it to protect confidential information from theft,
and as opposed to everyday locks, encryption cannot be opened by force.
At the same time the police turned the computer off, it became useless
as evidence. For investigative reasons, of course, the cops could keep
the computer for a century or so, and in this manner prevent the suspicious
activity from recurring. Unfortunately, computers are not that expensive.
Even before the investigation has begun, the well-organized cyberpunks
have gotten a new computer and restored the entire BBS from tape backups
stored in a totally separate location. Companies use the same method to
protect valuable information from theft, fire, or hardware malfunction.
</font></p>
<p><font face="Times New Roman">The police can then, given reasonable cause,
install surveillance equipment and record the traffic to and from the
BBS, record cyberpunks keystrokes, etc., in order to make a successful
bust. But this is very expensive, and there has to be a good reason for
such measures. It is also probably that the software companies resort
to illegitimate measures. Perhaps they retain a samurai hacker, like the
computer cowboy Case in Gibson's novels, to enter the BBS and crash it
on the orders of the company. Perhaps some company manages to convince
Telia to shut down the BBS's phone lines. In this way, established society
can protect itself against the cyberpunks, and maintain the ideals that
have been threatened.</font></p>
<p><font face="Times New Roman">The real danger occurs when too many groups
like that appear, hiding from governments and companies, or form an organized,
nationwide base. The worst thing that can happen is that the BBS moves
to an unknown address on the Internet, possibly in Taiwan or Chile. If
you can afford to rent space on a computer on the other side of the world
(which probably is cheaper than having your own), there are no problems
with maintaining such an operation from Sweden. This is when the cyberpunks
can go from information syndicate to broad, underground, political movement.
And this is the real threat to established society. It is not certain
that it is a threat to society from a historical perspective. I will return
to this question.<sup><a href="#FTNT12">(12)</a></sup></font> </p>
<hr>
<br>
<font color="#666666"><a name="FTNT1"></a> 1. </font> <font face="Times New Roman" color="#666666">
German authorities took this approach in trying to shut down </font> <font face="Times New Roman" color="#666666"><i>Radikal</i></font>
<font face="Times New Roman" color="#666666">, an extreme-leftist magazine,
which - intelligently enough - has stored their files on a computer in Holland.
The endeavor became a fiasco: about thirty supporters copied the documents
to their own computers, with the result that Germany would have to disconnect
the entire world to get rid of </font> <font face="Times New Roman" color="#666666"><i>Radikal</i></font>
<font face="Times New Roman" color="#666666">.</font> <font face="Times New Roman" color="#666666"><br>
<br>
<a name="FTNT2"></a> 2. Japan, for example, has a very liberal view of material
that people in Sweden would most likely put in the category of child pornography.
<br>
<br>
<a name="FTNT3"></a> 3. I am not fond of international governmental organizations
except as forums for discussion. As such, they excel. On the question of
international retaliations and such, I am undecided. <br>
<br>
<a name="FTNT4"></a> 4. I. e., computer crime sometimes pays - if you're
the baddest. <br>
<br>
<a name="FTNT5"></a> 5. Some may object to me defining this in my own terms.
This is because there is no legal framework within which to discuss the
issue. <br>
<br>
<a name="FTNT6"></a> 6. I am greatly indebted to Anders R Olsson for many
of the details regarding the origins of the Data Code and the inception
of Datainspectionen. <br>
<br>
<a name="FTNT7"></a> 7. This is probably the reason that Europe's largest
hacking magazine, <i>Hacktic</i> , is based in Holland. The hackers later
started an Internet company called XS4ALL, which is one of the largest and
most controversial Dutch internet providers. <br>
<br>
<a name="FTNT8"></a> 8. On the other hand, I don't think that this type
of government is ideal, nor that it will last in the future. <br>
<br>
<a name="FTNT9"></a> 9. In case you are wondering: yes, I've studied social
psychology as well. <br>
<br>
<a name="FTNT10"></a> 10. I have obtained this information from an anonymous
technician at Telia. Ronnie Bjarnfält, at Telia National Security,
claims that the logs are normally only kept for 24 hours. I have personally
seen logs comprising three months of telephone traffic. <br>
<br>
<a name="FTNT11"></a> 11. Anonymous hacker in october 1996: <i>"I am
inside Telia's firewall again... they installed a new one that was much
better, but I got around it..."</i> <br>
<br>
<a name="FTNT12"></a> 12. All "fictional" events in this episode
have occured in reality.</font></td>
</tr>
</table>
<p align="center"><font size=2 face="Times New Roman"><a href="ch9web.htm"><img src="arrowleft.gif" width="45" height="54" align="absmiddle" name="ch1web.htm" border="0"></a><font face="Arial, Helvetica, sans-serif" size="+1" color="#999999">
<a href="mainindex.htm">INDEX</a> </font><a href="ch11web.htm"><img src="arrowright.gif" width="45" height="54" align="absmiddle" border="0"></a></font><font color=BLUE><b></b></font><font color=BLUE><b></b></font></p>
<p align=center> </p>
<p align=center><font size="1">Design and formatting by <a href="mailto:nirgendwo@usa.net">Daniel
Arnrup</a>/<a href="http://www.voodoosystems.nu">Voodoo Systems</a></font></p>
<FONT SIZE=2 FACE="Times New Roman"><FONT SIZE=2 FACE="Times New Roman"><FONT SIZE=2 FACE="Times New Roman"><FONT SIZE=2 FACE="Times New Roman"><FONT SIZE=2 FACE="Times New Roman"><FONT SIZE=2 FACE="Times New Roman"><FONT SIZE=2 FACE="Times New Roman"><FONT SIZE=2 FACE="Times New Roman"><FONT SIZE=2 FACE="Times New Roman"><FONT SIZE=2 FACE="Times New Roman">
</font></font></font></font></font></font></font></font></font></font>
</BODY></HTML>
|
