Hackers turned gatekeepers: Digital vigilantes with a moral code

Legions of tenacious computer savants are fighting to get at our personal data. But, argues Stephen Foley, these cybermen and women are actually helping to make the web a safer place

As a self-respecting citizen of the digital world, you doubtless pay plenty of attention to security.

You will have chosen a fiendishly clever password for your email. You are diligent in logging out of financial websites after you have dealt with your affairs. You have probably even upgraded the privacy settings on your Facebook profile, to keep every Tom and Dick and Harry from prying.

That's quaint. But against you is ranged a much more sophisticated army. Legions of tenacious computer savants are trying, at every passing minute, to fight their way to your personal data, through tunnels carved out of code. Through the websites you trust. Through the devices you use, so many more of them these days connected to the internet and therefore – potentially – to them, the hackers.

The worst security breaches just get bigger and scarier. Thousands of people's credit card details held by the retailer TK Maxx: hacked. Even the mighty Google, storing Gmail accounts used by human rights activists in China: hacked.

And there is also an increasing stream of low-level hacks, exposing numerous dangerous holes in even the most apparently trustworthy software and devices, from Citigroup's mobile banking app for the iPhone to the iPhone operating system itself. These sound like bad news.

But here is a curiosity. Most of the time, these holes become public not because a company fesses up after some important data has been stolen, but because the hacker reveals the hole without stealing anything. So you are under attack – but don't worry. Most hackers are trying to do you a favour.

The war for our data rages beyond our ken (or certainly beyond mine). I couldn't tell you what an "exit node" is, let alone put a "sniffer" on one. But there is a good place to start: Las Vegas. For 18 years, hackers have been congregating in the city around this time of the summer for an event called DefCon. First they came in their hundreds, fearing arrest; now they come in their thousands, to marvel at the professors of their dark arts. The latest was at the start of this month. Digital cameras were hacked. Two dozen phones from the crowd were lured to connect to a completely bogus phone network constructed out of $1,500-worth of ham radio equipment. A cash machine was installed with software so that it would spew money to anyone with the code. The face that DefCon presents to the uninitiated could not be more intimidating. Bring a "clean" computer, it urges, or else assume that you are going to be sharing the contents of your hard drive with thousands of strangers. As for journalists who might show up: "If you are a major network and plan on doing a two-minute piece showing all the people with blue hair, you probably shouldn't bother."

Most terrifying of all, a computer programmer friend gleefully pointed me to a YouTube video showing an undercover NBC reporter, with a camera hidden in her handbag, being drummed out of the event three years ago. But with a clean laptop in my carry case, and my heart in my throat, it was off to DefCon 18.

The sensation you get is of having been dropped into the middle of a computer game. Immediately it is obvious: there is no line between gaming and hacking. It is all about beating the competition, cracking the code, moving to the next level. It is about showing off. At DefCon the central challenge is Capture the Flag, a pure tap-tap-tap keyboard-based contest to see which team can break into a secure computer system. There was also a "social engineering" game which had attracted the interest of the FBI, in which hackers used a combination of internet searching, fake websites and old-fashioned phone calls to extract information from corporate employees.

It turns out that some dupes are extraordinarily willing to give up sensitive information about the IT infrastructure of multinational companies. And there are scores of less serious games. Every DefCon attendee gets an electronic badge with a USB port and an LCD screen, and is invited to hack into it – and into each other's.

For the dedicated hacker, life is lived as a computer game – except that they are not in a World of Warcraft, they are in the world of servers and data centres and telephone networks where your private information lives and travels. "Hacking is a skill set," says Jeff Moss, aka The Dark Tangent, the improbably youthful 40-year-old who created DefCon and now runs it alongside a more formal (and expensive) IT security conference called Black Hat.

"You might be a criminal hacker, a political hacker, a polite hacker, a humanitarian hacker, but most people don't want to destroy something, they want to make it better. They want to be able to say, 'I understand a little bit more about the way the world works than you do.'"

It is a tradition that has existed for as long as mechanical invention. And it is no coincidence that one of the attractions at DefCon is a lock-picking competition, where volunteer Houdinis must physically unchain themselves in front of an audience. It comes from the same human – or perhaps male – impulse to tinker that gives us the radio ham and souped-up cars. On my count, the ratio of men to women at the event was about 20 to one. The average age must be mid-twenties.

The term "hacking" can be traced back to the antics of the model railway club at the MIT university in Boston. Resident geniuses made rough-and-ready improvements to the signals and switches of their enormous train set, and then branched out into writing simple but groundbreaking programs on the university's first IBM.

The club still exists, and is upset at the direction the term "hacker" has taken in the popular imagination. At the club, "We use the term 'hacker' only in its original meaning, someone who applies ingenuity to create a clever result," it declares. "Here, where the words 'hack' and 'hacker' originated and have been used proudly since the late 1950s, we resent the misapplication of the word to mean the committing of illegal acts. People who do those things are better described by expressions such as 'thieves', 'password crackers' or 'computer vandals'. They are certainly not true hackers, as they do not understand the hacker ethic." Matt Lewis – aka BarKode – says the authorities appear to have learnt the difference. "I got busted after DefCon 4. Days later the Feds showed up at the windows of my house and pulled my mother naked out of the shower. It was a misunderstanding, but when I first came here I flew under an assumed name.

"Things changed later, when the Feds started showing up at DefCon with their badges on the outside. You will always have good hackers and bad hackers, but from the late Nineties they started to see us not as bad guys but as people they could work with." Now the Feds are at DefCon recruiting. Hackers are needed on both sides of the war for your personal data. People muttering dark claims about associations with the security services are also here, looking for volunteers. And perhaps a half of the almost 10,000 attendees work in IT security already. They are here to learn the tricks they must defend against.

Of course there are good hackers and bad hackers. There are even names for them. The "white hats" are purely and simply playing. They try to stay within the law, and are exposing security flaws for the public good. "Black hats" are out to seed mayhem and hack for their own benefit. Inevitably there are "grey hats" too.

The perennial debate is what constitutes responsible disclosure. Should a hacker who discovers a security flaw tell the company, or tell the world? A company might be more inclined to take legal action against the hacker than actually to address the problem. Publishing the flaw for all to see has the advantage of winning you plaudits from your peers, but it invites the black hats to take advantage before the company readies its fix.

Big corporations hate all this public embarrassment – which might be reason enough to celebrate it. Earlier this year, when hackers obtained the email addresses of thousands of AT&T customers who use the Apple iPad over its network, including the New York mayor, Michael Bloomberg, and the White House chief of staff, Rahm Emanuel, the telecoms company said that the perpetrators had "maliciously exploited a function designed to make your iPad log-in process faster," and added that it had called in the FBI. Escher Auernheimer of the group Goatse, which did the hack, took umbrage: "Get real. You fucked up, we helped you that figure out [sic] and informed the public. You should thank us."

But questions do multiply when money is involved. Now that hackers are rebranding themselves as security consultants, and selling their services to corporations, they are often advising on how to fix the very hacks they have perpetrated. There is an echo of the protection racket: "Pay up, or we'll wreck the store." Increasingly, there are shady organisations willing to pay for information from hackers. Computer whizzes who might not have the stomach for burglary themselves might sell the skeleton key, ask no questions, and still get to sleep at night.

So this is a world where moral ambiguity abounds. The reassuring consequence is that its players are constantly debating morality. Most recently, the actions of Wikileaks, which published tens of thousands of leaked military reports and other secret documents from the war in Afghanistan, has sparked ferocious debate among the thinkers of hackerdom (for which, read "all of hackerdom"). Most of the founders of Wikileaks come from the hacker community, so there was already more than enough bitching and rivalry. Some are put off by Wikileaks' overtly liberal agenda. Others fear it won't turn out well for the community.

Jake Appelbaum, Wikileaks' senior editor in the US, wraps his legs into a yoga position on the floor of the hotel lobby as he discusses these big issues with me. Earlier, The Dark Tangent had wondered aloud if the furore over the Afghanistan leaks might prompt a new crackdown on hacking in the US; he would have winced to hear Appelbaum tell me that "all governments exist on a continuum of tyranny". Then again, the Wikileaks volunteer had just been detained for hours when he flew back into the US, and had had his phones confiscated for the FBI investigation into the leaks.

At DefCon, he was giving a talk on how the Chinese government manages to block off the parts of the world wide web that it deems seditious – and how hackers inside and outside China are working to foil its efforts. His "day job" is the Tor Project, which hitches together a chain of computers belonging to volunteers around the world in order to obscure the internet addresses of people searching the web at the start of the chain. His aim is to free the people of China and Burma.

I say that Wikileaks, owned by the carefully named Sunshine Press, seems a polar opposite of the Tor Project, which is all about keeping one's identity in the shadows. Perhaps the Afghan informants whose names appear in Wikileaks reports will want to debate the irony.

Appelbaum marries the two by declaring that "anonymity is a progressive value" (and adding that the US military should never have written down its informants' names). Moss, meanwhile, talks of "a balance" between privacy and openness – as you would expect from someone recently co-opted as a homeland security adviser to the Obama administration.

He quotes veteran hacker Chris Coggans (aka Erik Bloodaxe), who once took against the old hacker cry "information wants to be free". Not my information, it doesn't, he says.

So these are the hackers, playing both sides in the war for your data and pushing forward what we know about what can be done with technology. These are the people who will – eventually, inevitably – tear down the Great Firewall of China. Among their number are those who would unleash terrible viruses for their own amusement, or purloin your financial details for their personal gain, or hand over your supposedly seditious communication to an authoritarian government.

But why would there be more wrong 'uns in the hacker community than in the broader population? On the evidence of DefCon, the opposite is true. About the worst characteristic you could ascribe to the speakers here is vanity. A round of applause at a demonstration at DefCon is about the best accolade a hacker could get. Besides, who really wants to go to jail?

"We are risk analysts, in the end," says one veteran of the event, an affirmed white hat, whose hacker name is Dead Addict. He has attended since the very first DefCon in 1993, though he has shorn off his long hair and eschewed the black trenchcoat that used to be his trademark, better to reflect his new status as a security expert in the smartphone industry. "Sure, you could find an employer really quickly as a black hat, but then you find you are working for the mafia – and what exactly is the risk analysis on that?"

My reassurance is qualified by one worry. Can hacking keep its allure if it doesn't stay underground? Is the Electronic Frontier Found-ation, which defends hackers, really doing us all a favour by rebranding them as "security and encryption researchers"? What can be worse than a piece in a mainstream newspaper saying how wonderful they all are?

So, long may the FBI raids and the corporate lawsuits continue, and long may hacking keep its allure. Without this volunteer army, probing, testing and pushing the boundaries of the technology we rely on, we would all be the poorer – and less secure.

Suggested Topics
Arts & Entertainment
Ricky Gervais at a screening of 'Muppets Most Wanted' in London last month
tvAs the second series of his divisive sitcom 'Derek' hits screens, the comedian on why he'll never bow to critics who habitually circle his work
Arts & Entertainment
Don (John Hamm) and Megan (Jessica Paré) Draper are going their separate ways in the final series of ‘Mad Men’
tvReview: The suits are still sharp, but Don Draper has lost his edge
Life & Style
Going down: Google's ambition to build an elevator into space isn't likely to be fulfilled any time soon
techTechnology giant’s scientists say there is no material strong enough for a cable from Earth into orbit
David Cameron sings a hymn during the enthronement service of The Most Rev Justin Welby as Archbishop of Canterbury, at Canterbury Cathedral last year
Life & Style
From long to Jong: Guy Pewsey outside Mo Nabbach’s M&M Hair Academy in west London before the haircut
fashionThe Independent heads to an Ealing hairdressers to try out the North Korean dictator's trademark do
Vito Mannone fails to keep out Samir Nasri's late strike
sportMan City 2 Sunderland 2: Keeper flaps at Nasri's late leveller, but Black Cat striker's two goals in 10 minutes had already done damage
indybest10 best smartphones
peopleRyan Gosling says yes, science says no. Take the A-list facial hair challenge
Arts & Entertainment
tvCreator Vince Gilligan sheds light on alternate endings
Paul Weller, aka the Modfather, performing at last year’s Isle of Wight Festival in Newport
Arts & Entertainment
Play It Forward: the DC Record Fair in Washington, US
musicIndependent music shops can offer a tempting alternative to downloads on Record Store Day
Supermarkets are running out of Easter Eggs
Deals make eggs cheaper than normal chocolate
Life & Style
Wasp factory: 1.3 million examples of the Vespa scooter have been sold in the last decade
motoringIconic Italian scooter still revving up millions of sales
Travel Shop
the manor
Up to 70% off luxury travel
on city breaks Find out more
Up to 70% off luxury travel
on chic beach resorts Find out more
sardina foodie
Up to 70% off luxury travel
on country retreats Find out more
Have you tried new the Independent Digital Edition iPad app?
Independent Dating

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech


    £18000 - £22000 Per Annum: Clearwater People Solutions Ltd: Resourcer Reports...

    B2B Bids and Tenders Pricing Specialist

    £35000 - £45000 per annum + excellent company benefits : Pro-Recruitment Group...

    Projects Financial Analyst - Global Technology firm

    £55000 - £62000 per annum + outstanding benefits and bonus: Pro-Recruitment Gr...

    SharePoint Administrator/Developer (C#, VB.NET, VISUAL STUDIO 2

    £35000 - £50000 per annum + benefits+bonus+package: Harrington Starr: SharePoi...

    Day In a Page

    Ricky Gervais: 'People are waiting for me to fail. If you think it's awful, then just don't watch it'

    Ricky Gervais: 'People are waiting for me to fail'

    As the second series of his divisive sitcom 'Derek' hits screens, the comedian tells James Rampton why he'll never bow to the critics who habitually circle his work
    Mad Men series 7, TV review: The suits are still sharp, but Don Draper has lost his edge

    Mad Men returns for a final fling

    The suits are still sharp, but Don Draper has lost his edge
    Google finds a lift into space will never get off the ground as there is no material strong enough for a cable from Earth into orbit

    Google finds a lift into space will never get off the ground

    Technology giant’s scientists say there is no material strong enough for a cable from Earth into orbit
    Westminster is awash with tales of young men being sexually harassed - but it's far from being just a problem in politics

    Is sexual harassment a fact of gay life?

    Westminster is awash with tales of young men being sexually harassed - but it's far from being just a problem in politics
    Kim Jong-un's haircut: The Independent heads to Ealing to try out the dictator's do

    Our journalist tries out Kim Jong-un's haircut

    The North Korean embassy in London complained when M&M Hair Academy used Kim Jong-un's image in the window. Curious, Guy Pewsey heads to the hair salon and surrenders to the clippers
    A History of the First World War in 100 moments: A forgotten naval victory in which even Nature played a part

    A History of the First World War in 100 moments

    A forgotten naval victory in which even Nature played a part
    Vespa rides on with launch of Primavera: Iconic Italian scooter still revving up millions of sales

    Vespa rides on with launch of the Primavera

    The Vespa has been a style icon since the 1950s and the release this month of its latest model confirms it has lost little of its lustre
    Record Store Day: Independent music shops can offer a tempting alternative to downloads

    Record Store Day celebrates independent music shops

    This Saturday sees a host of events around the country to champion the sellers of well-grooved wax
    10 best smartphones

    10 best smartphones

    With a number of new smartphones on the market, we round up the best around, including some more established models
    Mickey Arthur: Aussie tells ECB to stick with Ashley Giles

    Mickey Arthur: Aussie tells ECB to stick with Ashley Giles

    The former Australia coach on why England must keep to Plan A, about his shock at their collapse Down Under, why he sent players home from India and the agonies of losing his job
    Homelessness: Why is the supported lodgings lifeline under threat?

    Why is the supported lodgings lifeline under threat?

    Zubairi Sentongo swapped poverty in Uganda for homelessness in Britain. But a YMCA scheme connected him with a couple offering warmth and shelter
    A History of the First World War in 100 Moments: When the world’s biggest shed took over Regent’s Park

    A History of the First World War in 100 Moments

    When the world’s biggest shed took over Regent’s Park
    The pain of IVF

    The pain of IVF

    As an Italian woman vows to keep the babies from someone else’s eggs, Julian Baggini ponders how the reality of childbirth is often messier than the natural ideal
    Supersize art

    Is big better? Britain's latest super-sized art

    The Kelpies are the latest addition to a growing army of giant sculptures. But naysayers are asking what a pair of gigantic horse heads tells us about Falkirk?
    James Dean: Back on the big screen

    James Dean: Back on the big screen

    As 'Rebel without a Cause' is re-released, Geoffrey Macnab reveals how its star perfected his moody act