1 2 3 4 5 6 7 8

and our certainty about where the line should be drawn between exploration and crime. Can we assume that someone who has a copy of a file of 20,000 credit card numbers is automatically bent on theft of goods and services? Can we assume that someone who has the designs and $200 worth of electronic components, available at any Radio Shack store, necessary to counterfeit a cellular phone is automatically going to steal thousands of dollars worth of phone calls? Mitnick is alleged to have stashed a copy of just such a credit card file in a little-used directory on the WELL, although he is not thought to have ever used the information. Another hacker, Bernie S., was arrested for having such a set of components, and served jail time. Bernie S.'s career in jail, like those of Mitnick and other hackers, is tracked on the 2600 Web site,[4] with much the same flavor as Amnesty International's tracking of political prisoners. Uncannily so: the Web site noted in late 1996 that Bernie S. was beaten up in jail and denied the medical care he needed, and that Mitnick had been put in solitary confinement and his books taken away. However, over time a few companies such as IBM have come to accept the notion that hackers may offer a useful service in finding holes in their security systems and even employ them to do so.

As computer networks become the underpinnings of all our most vital services, what scares people is the thought that someone with no moral conscience could hack into a cancer hospital and tamper with patients' records, or tap into one of the nation's big repositories of credit information and change you at a stroke from a financially trustworthy citizen into a deadbeat. In a Harper's magazine forum held electronically on the WELL in 1990, John Perry Barlow wrote about the superstitious awe he felt when Phiber Optik, one of the young, visiting hackers, uploaded Barlow's credit history, retrieved from the major credit information database TRW, into the discussion: "I've been in redneck bars wearing shoulder-length curls, police custody while on acid, and Harlem after midnight, but no one has ever put the spook in me quite as Phiber Optik did at that moment." Later, when he'd gotten to know Phiber Optik a bit better by phone and in person, he mused, "His cracking impulses seemed purely exploratory, and I've begun to wonder if we wouldn't also regard spelunkers as desperate criminals if AT&T owned all the caves."[5]

In fact, it took me two hacker conferences a year apart and three hacker meetings before I saw anyone do anything illegal. When I did, they were "cloning a Mars bar," as they call it in hacker-speak, which means reprogramming a cellular phone so it works on a different phone number than the one it was originally assigned. That may not sound like much, but this kind of reprogramming is said to cost the world's mobile phone companies millions in stolen phone calls and lost air time every year.

It wasn't a very impressive procedure, and I only spotted it by accident when I turned around from my table at the McDonald's they'd chosen for their meeting. A guy had loaded his laptop with a piece of software downloaded from the Net that can send pulses down a cable to the cellphone, reprogramming the EEPROM[6] inside to a new phone number and ESN (the serial number that distinguishes phones). These numbers have to be paired correctly or the phones don't work. The phone had been acquired, legally I guess, second-hand; the cable was handmade. There was only one brief glitch, to check that he had the right area code, before he hit the button to send the numbers and the phone was tried and pronounced to be working at some poor schnook's expense.

The phone reprogrammer was young, with the roundness and not-quite-finished features of a movie-image schoolboy. He told us he got the numbers from "contacts." Retrieved from the garbage outside a company? Purchased on the street? Procured from the phone company by pretending to be a technical engineer? One of the others in the group told me if you're good at pretending to be one of their engineers on a job you can get them to read you matched pairs over the phone.

A brief discussion about morals and ethics followed: at a previous meeting, one of them kept insisting cloning phones wasn't illegal or wrong. Everyone had a shot at explaining to him why it was not only morally but legally wrong, but he was adamant: