Hacker/Pirate Interaction in the Computer Underground

Albert Lin


Paper for MIT 6.805/STS085: Ethics and Law on the Electronic Frontier, Fall 1995

The ``computer underground'' is a concept that has been acknowledged by the media for the last decade and a half, but with the explosive growth of the Internet, there have been more and more articles about the ``dark side of computing'' and ``hackers'' in particular. It is important, though, to make a distinction between the various segments of this so-called underground. Hackers, phreaks, pirates, and others each do their own thing, break different laws, and have their own place in the culture. The two largest distinct groups in the computer underground are pirates and hackers (which, for this paper, includes phreaks). They have different values, organizations, and behavior patterns, and the interactions between these two groups can reveal interesting things about the computer underground.

Broadly defined, the computer underground is the segment of the computer-using population that engages in illicit and/or illegal behavior--e.g., hacking, phreaking, credit card fraud, virus writing, pirating, and ``anarchy.'' Like other ``underground'' communities, it is a loose affiliation of different, and often conflicting, groups rather than a large cohesive community of individuals. My aim in this paper is to investigate the relationship between two of the largest distinct segments of this computer underworld, hackers/phreakers and software pirates.

The most popular definition of computer hackers characterizes them as people who gain unauthorized access to computer systems. Although a ``hacker'' was originally a person, usually from MIT or Berkeley, who spent many intense hours in front of a machine producing code, the term mutated in the early 1980s to mean someone who breaks into computer systems. Modern hackers are skilled at breaking into systems and concealing the fact that unauthorized entry has taken place. Phreakers are the telephone equivalent of hackers, making free long-distance calls, commandeering voice-mail boxes, and altering internal telephone system configurations. The phenomenon of phreaking is rooted in the 1960s counterculture, and it survives to this day. There is significant overlap in the hacking and phreaking worlds, enough so that they can be considered as a single group in the underground. In fact, one of the most famous journals in the computer underground is named ``Phrack,'' a combination of ``phreak'' and ``hack.''

Software pirates are those people who copy and distribute commercial software in violation of copyright laws. They are often well-organized, and distribution of ``warez'' is done mostly via Bulletin Board Systems (BBSs or boards), the Internet, and other wide-area networks (e.g., Fidonet). Pirates have been around since the first personal computers became available.

By examining the relationship between hackers and pirates, I hope to provide some insight into what kind of similarities and differences exist between different members of the underground. The history and demographics of these two groups will be examined in order to determine the various motivations behind hacking and pirate activity. Also, the media characterization of hackers and pirates--and how well it distinguishes between them--will be outlined.

HACKERS

``The most interesting thing about a system is the set of things it does that it was not intended to do.'' -- Brian Eno

Hackers and phreakers are difficult to characterize. They range from teenage kids to computer professionals, and they come from all parts of the United States and the world. They exploit weaknesses in computer or telephone systems in order to gain unauthorized access to these systems. Most of the time, they are not malicious--the most they will usually do is poke around for other security holes, examine parts of the system, and leave.

Judging from various written descriptions, the typical hacker/phreaker is a teenage male, living in a city or suburban area, who is very bright but not doing exceptionally well in school. He spends most of his free time in front of the computer hanging out on bulletin boards or trying to break into systems. Hacking activity seems to fall into four categories: searching for systems, attempting to gain entry into systems, exploring systems, and bragging about getting into systems. Most hackers spend their time trying to get in; the good hackers spend time exploring on the inside.

One trait that distinguishes hackers and phreakers from much of the rest of the computer underground is that they are, for the most part, non-malicious. The power of knowledge is the main draw, and destroying data or interfering with phone service is considered bad form. This is in contrast to virus writers or ``carders''--those who commit credit card fraud, and it is especially different from the ``anarchists'' who distribute files on homemade bombs and vandalism.

Hackers have been around for a very long time--today's hacker is evolved from the MIT hacker of the 60s and 70s. What used to be considered harmless poking around and fixing bugs in the system is now unauthorized access. Starting with the Apple II, the availability of affordable modems gave more and more people the opportunity to reach out and connect to another computer--and the only computers that would answer were BBSs and corporate/university computer systems. With the advent of the IBM PC, even more people acquired the means to access these systems. The average age of computer enthusiasts went down as high school students started becoming interested in computers, and the loss of a hacker ``ethic'' can partially be attributed to this.

Another significant factor in the development of the hacker ``scene'' is the number of high-profile cases which have landed people in jail and/or legal trouble. From the early busts of the 414s (named after the area code in which they operated), to Operation Sundevil, to Phiber Optik, the authorities have come down on what they perceive to be a growing hacker threat. As a result, hacking today is less open and blatant than it used to be. Also, as companies have gotten better at securing their systems, the spectacular computer incidents of the past (the Internet Worm, the Chaos Computer Club / KGB affair, etc) have given way to more individual and localized hacking efforts.

PIRATES

Pirates are far easier to define than hackers or phreakers. In fact, Pirate Magazine offers a fairly comprehensive definition (albeit with a self-justifying spin):

``What's a pirate? COMPUTER PIRACY is copying and distribution of copyright software (warez). Pirates are hobbyists who enjoy collecting and playing with the latest programs. Most pirates enjoy collecting warez, getting them running, and then generally archive them, or store them away.

... Pirates SHARE warez to learn, trade information, and have fun! But, being a pirate is more than swapping warez. It's a life style and a passion.

... Pirates are NOT freeloaders, and only lamerz think they get something for nothing.

... In fact, pirates may be one of the best forms of advertising for quality products, because sharing allows a shop-around method for buying warez.''

-- Pirate Magazine #1

Pirates have been around as long as personal computers have been on the market. Although copying and distributing of software had been going on since the mainframe age, it didn't really take off until about 1980, caused by the sudden rise in the amount of available software and the number of private computer owners. Not coincidentally, this is about the same time companies starting forming for the express purpose of selling software, and this is when the term ``computer piracy'' was coined.

In response to the pirates, software publishers started putting copy protection on their products (mostly games). This move gave rise to ``crackers,'' or people who specialized in removing copy protection from software. Soon thereafter, pirate groups formed in order to pool the talents of crackers and more efficiently distribute software. These groups featured colorful names such as FiRM (First in Releasing Most) and TDT (The Dream Team) and, over time, grew in size from localized groups to the international syndicates that exist today. Even though the days of copy protection are mostly past and gone, groups continue to exist today as a very high-efficiency distribution method for new software.

``First there are the suppliers who can get a program from a manufacturer well before it's released,'' Kidd says. ``Often the supplier works for the manufacturer. The game goes to the head person, who delivers it to the crackers. They're the ones who remove the copy protection. From there it goes to the couriers, and each has a list of pirate BBS's. The program then makes it all over the country in minutes.''

-- Bill Kidd, security consultant, quoted in Phrack #40

* * *

One of the trademarks of the computer underground is that almost everyone in it uses an alias rather than his/her real name. This is a necessity, as most of the activities done under these aliases are illegal under the law. There are all sorts of aliases, but they follow certain general themes:

``Handles are borrowed liberally from the anti-heroes of science fiction, adventure fantasy, and heavy metal rock lyrics, particularly among younger users, and from word plays on technology, nihilism, and violence. The handle reflects a stylistic identity heavily influenced by metaphors reflecting color (especially red and black), supernatural power (e.g., Ultimate Warrior, Dragon Lord), and chaos (Death Stalker, Black Avenger), or ironic twists on technology, fantasy, or symbols of mass culture (e.g., Epeios, Phelix the Hack, Rambo Pacifist, Hitch Hacker).''

-- Pirate Magazine #1

The use of aliases contributes to the veil of secrecy that surrounds the underground. Real names are closely guarded secrets, and often the phone numbers of exclusive bulletin boards are difficult to obtain unless you know the right people. The illegality of it all certainly necessitates some secrecy, but the thrill of exclusivity is one that is quite overplayed by hackers, phreakers, and pirates alike.

One big difference between the hacker and pirate worlds, though, is in what kind of data is considered valuable. Hackers value and trade forbidden knowledge, such as access codes and passwords. Respect is given to those who have the most codes and accounts, and these passwords/codes are valuable until too many people know about them or they become invalid. Thus, the value of such data is inversely proportional to how many people have it. Pirates, on the other hand, put a very time-dependent value on data. Programs that are new (``0-12 hour warez'' are considered new) are much more valuable than programs that have been on the market for a while. In contrast to hackers, pirates attempt to spread new programs as far and as widely as possible, while they are still new.

Pirates, eager as they are to spread programs quickly, are often on the cutting-edge of technology--they took advantage of high-speed modems and high-capacity hard disks long before they were in widespread use. This trait combined with the fact that they are always racing to get copies of the newest games results in a culture that is obsessed with the newest and fastest, where software is the coin of the realm.

Hackers, in contrast, are more interested in learning about systems, and they may often be found hacking on archaic operating systems such as VMS. There is no real rush to get the newest software because many of the systems they are hacking on are mostly owned by corporations, which tend to move slowly when it comes to upgrading. Similarly, phreakers don't worry about the telephone system changing overnight. It's the passwords and codes which are valuable in the hacker world, and speed usually has nothing to do with it.

HISTORY

In the early days of the computer underground, there were so few pirate and phreak bulletin boards that there was some overlap in their memberships. A ``pro-phile'' (an interview with a well-known hacker) of The Mentor in Phrack #23 mentions that he ``was involved in the pirate boards from about 1982 on, during which time many of them doubled as phreak boards.'' However, as the pirate and phreak scenes both grew, the sets of bulletin boards catering to these two groups eventually diverged.

Since then, hacking groups and pirate groups have evolved mostly separately over the years. The Legion of Doom and other hacking groups were made up of people who had spent enough time hacking to warrant their inclusion into the group. Similarly, large pirate groups consist mostly of dedicated couriers, sysops, and crackers. These specialized groups became quite large and powerful, but their memberships were quite a narrow elite. In general, there was no overlap in the memberships of most pirate and hacking groups--each one took quite enough time and dedication as it was. In fact, this is still apparently true, as a look at the memberships of some current pirate and hacking groups show no common members at all.

One big difference between hacking and pirate groups is in their size. Hacker groups tend to be much smaller and consist of people who know each other personally, because of the paranoia and suspicion that abounds. Federal agents have tried numerous times to infiltrate hacking groups, and as a result many hackers socialize only with the people they absolutely trust. Pirates, however, have formed sprawling worldwide groups consisting of many crackers, couriers, and other members. Because the focus is on wide distribution of product and because there is little risk involved (getting busted for pirating is much, much less likely than getting busted for hacking, which authorities presumably view as a larger threat), pirate groups have many members all over the country and the world who have probably never met in person.

There have been some notable attempts at cooperation between the hacking and pirate worlds. Probably the most visible of these was the group known as NAP/PA, the North American Phreak/Pirate Alliance. This group, as its name implies, stretched across North America, and its member bulletin boards included some of the largest in the country. However, it is difficult to tell what role phreaking played in the organization, since it appeared to just be a large network of pirate boards. It appears that NAP/PA was mostly a group of pirates who used long-distance codes to connect to their favorite boards free of charge. The group lasted only a few years and then disappeared.

The fact that many pirate organizations are national or multinational supports the theory that many pirates, especially couriers, also dabble in phreaking. Considering that most pirates are still legally minors, it's doubtful that these people can foot a large monthly phone bill resulting from calling across the country and the world. Although those rich enough to have the latest and fastest computer equipment may also be able to afford large phone bills, a recurring association in newsletters and journals between ``warez kids'' and ``codes kids'' suggests a significant overlap in these two groups.

Another more lasting association was TSAN, The Sysop's Association Network. This was a group of BBS sysops that decided to form a ``network'' in order to increase communication and cooperation. While originally designed just to facilitate communication amongst sysops, a number of dedicated hacking boards as well as some pirate boards were members of TSAN. TSAN also featured ``echoed'' conferences, which were discussion groups that included messages from remote sites (i.e., a baby USENET with large message propagation delays), and these conferences included both hacking and pirating areas. This was a more informal collaboration between hackers and pirates without any set agenda, but it seemed to get along quite well as one of the few groups that spanned these two different constituencies.

Overall, these groups did not seem to have any major effect on the relationship between hackers and pirates. It's interesting to note that an explicit attempt was made to form an ``alliance'' between phreaks and pirates, but the group didn't really do much other than give bulletin boards more letters to add to their list of organizational affiliations (a sign of exclusivity and quality).

There are also more subtle hints of cooperation between the two groups. Pirate Magazine lists Taran King and Knight Lightning (one-time editors of Phrack magazine) in their ``Special thanks for getting this issue out'' section. This shows that TK and KL had at least some involvement with pirates and that they probably helped by distributing Pirate Magazine on various BBSs that they were members of. Later issues of Pirate Magazine include various articles on hacking, and there is extensive coverage of the Knight Lightning court case. One reason Pirate Magazine only ran for five issues may be that they ran out of material to publish, diverging into hacking articles before finally giving up on trying to deliver pirate news.

Another sign of cooperation, or at least acknowledgment, is that later issues of Phrack magazine include a column called ``Pirate's Cove'' that has pirate news and game reviews. This is an interesting departure from previous issues of Phrack, which had covered mostly telephone and computer hacking (as well as explosives and ``anarchy'' in early issues). Phrack magazine also republished one of the hacking articles from Pirate Magazine.

IN THEIR OWN WORDS

By reading some of what hackers and pirates have to say about each other, other conclusions may be drawn about their relationship. Many hackers express annoyance at pirates for their immaturity and sheer numbers. Interestingly, it seems that many hackers were originally pirates that moved on to hacking. Also, the increased popularity of the Internet (especially certain aspects of the Internet such as Usenet and IRC) has made it easier for hackers and pirates to achieve their goals.

If the sampling of hackers interviewed in Phrack pro-philes is any indicator, many hackers entered the computer underground via piracy. It seems to be a very common progression, from trading games with friends to trading games on pirate boards to playing around with long-distance codes, to more involved hacking and phreaking. The background portions of many pro-philes include instances of hackers that started out as pirates and spent time pirating programs before moving on to actual hacking.

Another observation that supports this theory is that many hacking and phreaking journals mention pirates, albeit not in a very positive light, while pirate magazines and infofiles (informational files included with pirated software) don't ever mention hacking. Pirate Newsletter did run several articles on hacking, but it seems like the editors just included the information verbatim without actually understanding it.

For an explicit example of what hackers think of pirates, see ``A Tutorial On Being An Elite Hacker'' in Phrack #26, which is a sarcastic look at the life of a software pirate. In an interview with The Nightstalker in Phrack #9, a common hacker sentiment is expressed:

The Nightstalker is not fond of the current society that claims themselves as hackers or phreakers but don't learn the systems themselves. These aren't the real hackers that sit down and literally hack away at a system. Pirates aren't hackers. Just because you have a computer doesn't mean you're a hacker.

Similarly, Knight Lightning says, in Phrack #32:

``I would not consider most of the hackers or phone phreaks I have met to be computer geeks, however over the years I have run into people whose goal in life is to pirate every piece of software in existence and of those people I feel that a strong percentage are 'geeks'.''

The fact that many hackers are former pirates may account for the annoyance that they feel towards pirates (and, by extension, their former activities). Also contributing to this attitude may be the fact that software piracy requires little more than basic computer and telecommunication skills, while hacking and phreaking utilize specialized knowledge and large amounts of persistence. Yet another reason may be that there are so many pirates and that they are so young compared to hackers.

In short, pirates tend to be younger and focus exclusively (to the point of being annoying to non-pirates) on pirating games. Hackers tend to be older and more knowledgeable, with some experience in the pirate world. They are generally accorded a higher status level than pirates in the hierarchy of the computer underground.

THE MEDIA

The media portrayal of the computer underground has evolved over the years, mirroring public awareness. In the early 1980s, the general public knew relatively little about hackers and pirates, and the media reflected the ignorance of the times. Since then, the media has focused more attention on computers and online culture in general, and it has done a better job of characterizing and distinguishing hackers and pirates.

Early articles in major magazines did not make much distinction between hacking and piracy, with titles such as ``New Wave Computer Crime'' and ``Was it really WarGames?'' An Associated Press article reported in Phrack #6 typifies early media confusion when it reports that the then just-proposed Computer Fraud and Abuse Act outlawed ``pirate bulletin boards used by hackers to trade secret computer codes and passwords.''

Similarly, the movie ``WarGames,'' one of the first to deal with computer crime, featured a main character that changes his grades online and uses stolen access codes to call long-distance companies in an attempt to pirate the newest games. There is no distinction made between the hacking and pirating aspects of his actions. Since then, movies such as ``Sneakers'' and ``Hackers'' have focused more exclusively on hackers.

More recently, the print media has also started to ignore pirates (except the large-scale piracy houses in Asia) in favor of stories on hackers, especially after the much-publicized Operation Sundevil. Since 1992, the growing amount of attention heaped on the ``Information Superhighway'' has included stories about hackers and other underground types on the Internet, typically featuring the author being shocked at learning of the existence of newsgroups such as alt.2600 and alt.binaries.warez.ibm-pc. The growing acceptance of the term ``cyberpunk'' has also given the media a convenient label for the computer underground.

CONCLUSION

Hackers and pirates are the two largest groups in the ``computer underground'' or ``cyberpunk'' world. While both labeled as high-tech criminals, their activities are actually quite different, and there is little overlap between memberships in the two groups. Pirates specialize in the distribution of software, while hackers find passwords and access codes. The most similar feature of these two groups is their demographics--mostly middle- or middle-upper-class teenage males. The way these two groups interact reflects various characteristics about them, and online newsletters provide a revealing glimpse into how they think.

Hackers are on a perpetual quest for knowledge, in the form of passwords, accounts and access codes. The reward they are after is the feeling of having outwitted security and the privileges accorded to the cracked accounts, as well as bragging rights. Pirates are always trying to acquire and distribute the newest games as fast as possible. Their reward is increased access, credit towards future downloads on bulletin boards, free software, and bragging rights. A constant intense adversarial and competitive attitude is present in both the hacker and pirate worlds, as many of these people seem to measure their self-worth by their reputation in the underground.

The average degree of involvement also differs between the two groups. There are many casual pirates but not many casual hackers, as being a good hacker requires a lot of time and knowledge. Bruce Sterling wrote, in Details Magazine, that ``the world of computer hacking is a lot like Mexico. There's no middle class. There's a million little kids screwing around with their modems, trying to snitch long-distance phone-codes ... And then there's the heavy dudes.'' Copying programs requires little skill if their newness isn't important to you. The media reinforces the perception of hacking as a skilled art when it almost romanticizes hacking and demonizes large-scale pirating, even as it acknowledges the fact that most people have copied software at one time or another.

Hackers and pirates are quite aware of each other, though they aren't entirely friendly. Despite a number of hacker/pirate alliance groups, hackers still look down on most pirates as annoying little kids with no skills. Pirates, for their part, mostly ignore hackers unless they can provide long-distance codes for couriers to distribute software. A certain fraction of pirates later go on to become hackers, and most hackers seem to have once been pirates themselves.

Judging from various online newsletters and publications, hackers may not be the largest part of the computer underground, but they certainly publish the most material. Pirates generally concentrate on copying software instead of putting out newsletters, but what they do release is very revealing. From these documents it's only possible to approximate a thin slice of the ``computer underground,'' but what is there indicates that there is quite an interesting relationship between these two groups.

REFERENCES

alt.2600 FAQ. Available at http://www-personal.engin.umich.edu/~jgotts/underground/hack-faq.html and ftp://rtfm.mit.edu/pub/usenet-by-group/alt.2600/

Marbach, William D. ``New Wave Computer Crime.'' Newsweek, Auguest 29, 1983.

Marbach, William D. ``Was it really WarGames?'' Newsweek, July 29, 1985.

Phrack Magazine. 1985-1995: Issues 6, 9, 23, 26, 32, 40. Available at http://freeside.com/phrack.html

Pirate Magazine. 1989-1990: Issues 1-5. Available at gopher://gopher.etext.org/11/CuD/Pirate/

Various online magazines. Available at gopher://gopher.etext.org/11/CuD

Wood, Christopher. ``Crime in the Computer Age.'' Maclean's, January 25, 1988.