Hacker Ethics

The true hacker doesn't have morals, and he would never censor information or ideas of any kind. An initiative of the Italian priest Don Fortunato di Noto, (fortunad@sistemia.it,) who in January of 1998 formed the "Committee of resistance against the Pedophiles", and who asked for the help of the hacker community to unmask, capture and close the sites of the pedophiles on the Internet, failed miserably as it was only supported by self-acclaimed hackers without any skill.
Besides, hackers are tolerant by nature, and rarely get angry, but they are irritated by people and tasks perceived to be wasting their time.
There are however, some things that hackers can be intolerant of. One of these is when lies are told, to, or about them, you can say that hackers are imbeciles (it's an opinion, after all), but you can not say that they steal chickens. And yet, it would still be unusual that hackers would hack a site to remove the lies propogated about them. It would be more typical that they would create another site, refuting the lies against them.
Hacking can be used like as a form of protest, breaking into and modifying the websites of very well known societies and government or military corporate entities, can be a way to make public certain injustices (especially attacks to the liberty of information or expression) or violations of human rights. The hacks, of the websites of the CIA (that became Central Stupidity Agency) and of the Department of Justice, are famous for being hacked with this intention in mind.
In the article "Hacking for Human Rights?" by Arik Hesseldahl (ahess@reporters.net) published on the online magazine Wired (http://www.wired.com) dated 14.Jul.98 9:15am, the hacker Bondie Wong, (a dissident Chinese astrophysicist who lives in Canada, that temporarily disabled a Chinese satellite in 1997), a member of the famous hacker crew, Cult of the Dead Cow (which in the beginning of 1999 released the Back Orifice trojan) threatened to attack the computer networks of foreign companies that did business with China, causing them serious damages and huge financial losses.
In an interview conducted by Oxblood Ruffin, a former United Nations consultant, and published on Wired, Blondie Wong says: "Human rights is an international issue, so I don't have a problem with businesses that profit from our suffering paying part of the bill".

Contrary to the complete lack of moral judgement (but, above all, of moralism) of hackers, lies a deep ethical sense, that is something allmost "religious" in most hackers.
About this point, we can go back to the Jargon File:

:hacker ethic, the: n.
1. The belief that information-sharing is a powerful positive good, and that it is an ethical duty of hackers to share their expertise by writing free software and facilitating access to information and to computing resources wherever possible.
2. The belief that system-cracking for fun and exploration is ethically OK as long as the cracker commits no theft, vandalism, or breach of confidentiality.

Both of these normative ethical principles are widely, but by no means universally) accepted among hackers. Most hackers subscribe to the hacker ethic in sense 1, and many act on it by writing and giving away free software. A few go further and assert that *all* information should be free and *any* proprietary control of it is bad [...]

Sense 2 is more controversial: some people consider the act of cracking itself to be unethical [...]
But this principle at least moderates the behavior of people who see themselves as `benign' crackers (see also {samurai}). On this view, it is one of the highest forms of hackerly courtesy to (a) break into a system, and then (b) explain to the sysop, preferably by email from a {superuser} account, exactly how it was done and how the hole can be plugged --- acting as an unpaid (and unsolicited) {tiger team} [The "tiger team" derives from the U.S. military jargon. These people are paid professionals who do hacker-type tricks, e.g., leave cardboard signs saying "bomb" in critical defense installations, hand-lettered notes saying "Your codebooks have been stolen" (they usually haven't been) inside safes, etc. Serious successes of tiger teams sometimes lead to early retirement for base commanders and security officers].

[...]

Breaking into a system is not seen by the hacker as a criminal action, but like a challenge. The idea is not to damage the "victim", but to find a way to penetrate its defenses. It's the intellectual challenge, the curiosity, the will to experiment and to explore, this is what moves the hacker, not the will to damage someone or something, and not even to obtain personal profit.

In another writing of The Mentor, "A Novice's Guide to Hacking- 1989 edition", dated December 1988, the author opens the essay with a call to the ethics of the category, to which follows a list of "suggestions for guidelines to follow to ensure that not only you stay out of trouble, but you pursue your craft without damaging the computers you hack into or the companies who own them":

As long as there have been computers, there have been hackers. In the 50's at the Massachusets Institute of Technology (MIT), students devoted much time and energy to ingenious exploration of the computers. Rules and the law were disregarded in their pursuit for the 'hack'. Just as they were enthralled with their pursuit of information, so are we. The thrill of the hack is not in breaking the law, it's in the pursuit and capture of knowledge.

In a file titled "The Hotmail Hack" written by Digital Assassin of the "United Underground" (or "U2", for short), in which a weakness of the HotMail system is illustrated, through which it is possible to enter into the mailbox of another person, the author, at a certain point interrupts the explanation with these words:

....but before I tell you how to use that line, I'm going to side track for a little theory behind this hack. Because there's NO point in a hack, if you don't know how it works. That is the whole idea of hacking, to find out how systems work.

These are clear examples of what the real intent of a hacker is when he breaks a system. It's very close to the idea of a child that opens a toy to see how it works. The difference is that the hacker tries not to destroy the toy (aside from the fact that the toy is not his own...).

Anyway, let's see the specific definition of the "cracker", according to the Jargon File:

:cracker: n. One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of {hacker} (q.v., sense 8). An earlier attempt to establish `worm' in this sense around 1981--82 on USENET was largely a failure.

Both these neologisms reflected a strong revulsion against the theft and vandalism perpetrated by cracking rings. While it is expected that any real hacker will have done some playful cracking and knows many of the basic techniques, anyone past {larval stage} is expected to have outgrown the desire to do so.

Thus, there is far less overlap between hackerdom and crackerdom than the {mundane} [the term "mundane" is taken from the Sci-Fi fandom and identifies everything outside the world of the computer science, or the hacking] reader misled by sensationalistic journalism might expect. Crackers tend to gather in small, tight-knit, very secretive groups that have little overlap with the huge, open poly-culture this lexicon describes; though crackers often like to describe *themselves* as hackers, most true hackers consider them a separate and lower form of life.

Ethical considerations aside, hackers figure that anyone who can't imagine a more interesting way to play with their computers than breaking into someone else's has to be pretty {losing} [on the other hand, they have the same consideration for the people who use the computer in an absolute conventional way, such as only to write documents or to play] [...]

Furthermore, about the "cracking" itself, the Jargon File says:

:cracking: n. The act of breaking into a computer system; what a {cracker} does. Contrary to widespread myth, this does not usually involve some mysterious leap of hackerly brilliance, but rather persistence and the dogged repetition of a handful of fairly well-known tricks that exploit common weaknesses in the security of target systems. Accordingly, most crackers are only mediocre hackers.

However, This is a superficial and reductive vision. In fact, as it is easily imaginable, there exist people, that are as experienced with computers and as thirsty of knowledge, that however don't have any respect of the hacker ethic and don't hesitate to perform actions meant to damage computer systems or other people.
They are the so-called Dark-side hackers. This term derives from George Lucas' "Star Wars". A Dark-side hacker, just like Darth Vader, is "seduced by the dark side of the Force". It has nothing to do with the common idea of "good" and "bad", but it's closer to the idea of "legal" and "chaotic" in Dungeons&Dragons: In substance, the dark-side hackers are accorded the same dignity and recognized as having the ability of a hacker, but their orientation makes them a dangerous element for the community.
A more common definition, reserved for those that damage someone else's computer systems without drawing any benefit from it, (therefore for pure stupidity or evilness), it is that of Malicious hackers.

More recent versions of the Jargon File (in which some most obsolete terms have been removed), as the version 4.0.0, 24 JUL 1996, makes clear, not only the distinction between hacker and cracker, but also between the entire hack scenes and other parallel realities, like piracy, and the "warez d00dz", who collect an impressive amount of software (games and applications, or better said "gamez" and "appz"), that they are never likely to use, and whose greatest pride is to get software, break its protections, and distribute it on their website before their rival crew, where possible, within the same day it was released ("0-day warez").

One could think that the Jargon File speaks only in theory, and that it describes the hacker ethic in a fantastic and utopian way. This is not so, hackers really are attached to their principles. The following is a practical example concerning one of the most famous hacker crews, the LOD (Legions Of Doom, that takes its name from the group of baddies in the series of cartoons of Superman and his Superfriends), of which The Mentor was also a member during the years 1988-89 (the already cited author of "The conscience of a Hacker").

In "The History of LOD/H", Revision #3 May 1990, written by Lex Luthor (founder of the crew, from the name of the baddie in the movie Superman I), and published on their e-zine "The LOD/H Technical Journal", Issue #4, released on May 20, 1990 (File 06 of 10), we can read:

Of all 38 members, only one was forcefully ejected. It was found out that Terminal Man [member dof the LOD/H in 1985] destroyed data that was not related to covering his tracks. This has always been unacceptable to us, regardless of what the media and law enforcement tries to get you to think.

Yet, not all agree upon the same principles, and there are some "grey areas": for example, taking possession of objects that allow you to access information, or pursuing a personal purpose, can be considered "ethical" by some. A specific example could be "grabbing": the theft of things like keys, magnetic cards, manuals or technical schemes, anyway this is a debatable activity, since a hacker prefers to copy rather to subtract, not only to not damage the "victim", but also to avoid leaving traces of his intrusion. A more acceptable and legal variant is "trashing", that consists in looking inside the garbage of the subject, searching for objects and/or useful information.

But breaking into computer systems is only a small activity amongst the many things that hackers are involved in, and the aversion against the virtual vandal actions are a small part of the hacker ethic.
The hacker ethic is something greater, almost mystic, and draws its origins from the first hackers, those that programmed the TX-0, using the first available computers in the big American universities like MIT or Stanford.
From the already cited "Hackers, Heroes of the Computer Revolution" by Steven Levy:

Something new was coalescing around the TX-0: a new way of life, with a philosophy, an ethic, and a dream.

There was no one moment when it started to dawn on the TX-0 hackers that by devoting their technical abilities to computing with a devotion rarely seen outside of monasteries they were the vanguard of a daring symbiosis between man and machine. With a fervor like that of young hot-rodders fixated on souping up engines, they came to take their almost unique surroundings for granted, Even as the elements of a culture were forming, as legends began to accrue, as their mastery of programming started to surpass any previous recorded levels of skill, the dozen or so hackers were reluctant to acknowledge that their tiny society, on intimate terms with the TX-0, had been slowly and implicitly piecing together a body of concepts, beliefs, and mores.

The precepts of this revolutionary Hacker Ethic were not so much debated and discussed as silently agreed upon. No manifestos were issued ["The Mentor"'s one, very polemic, was written only about twenty years later]. No missionaries tried to gather converts. The computer did the converting [...]

Shortly, Steven Levy sums up the "hacker ethic" this way:

Access to computers -- and anything which might teach you something about the way the world works -- should be unlimited and total. Always yield to the Hands-On imperative.

All information should be free.

Mistrust Authority. Promote Decentralization.

Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or position.

You can create art and beauty on a computer.

Computers can change your life for the better.

LIKE ALADDIN'S LAMP, YOU COULD GET IT [THE COMPUTER] TO DO YOUR BIDDING.


THE LAMER

From "The Hacker Crackdown - Law and Disorder on the Electronic Frontier" by Bruce Sterling, Bantam Books, 1992. (ISBN 0-553-08058-X, paperback: ISBN 0-553-56370-X, released as free electronic text for non-commercial purposes)

There are hackers today who fiercely and publicly resist any besmirching of the noble title of hacker. Naturally and understandably, they deeply resent the attack on their values implicit in using the word "hacker" as a synonym for computer-criminal.

[...]

The term "hacking" is used routinely today by almost all law enforcement officials with any professional interest in computer fraud and abuse. American police describe almost any crime committed with, by, through, or against a computer as hacking.

If the differentiation between hacker, cracker and dark-side hacker can result a very tiny distinction for the ones who live outside of the computer scene, nobody, especially a journalist, should confuse a hacker with the poor idiot that was locked up for using, with no thought to the consequences, programs that he found somewhere. (even if using the term "hacker" does sell more newspapers... The difference between hackers and journalists is that the aforementioned have ethics, the latter, not even a sense of modesty... but this is often simply mere ignorance).

Let's take as an example the following article published on the Italian newspaper "L'Unione Sarda" (http://www.unionesarda.it/), by Luigi Almiento (almiento@unionesarda.it).

POLICE.

The arrested hacker is a surveyor, aged 25

Files were stolen from the computers of internet "navigators", with the aid of a virus
spread on the Internet

Many people from different national service providers, recently learned to their own detriment, that it is better not to stay and chat to strangers on the chat-lines of the Internet. This occured when a hacker aged 25, obtained the user names and passwords of their dial up accounts, while they were on-line.

[...]

"Harris", explains the lieutenant Saverio Spoto, commander of the Police Station [actually they are "Carabinieri", not the normal Police, because in Italy there are two different polices, don't ask why], « contacted his victims through Icq, a "talking place", offered by many Internet providers». During these "written talks", using an access key he acquired that gives false information, G. F. sent the Netbus virus to the computers of his victims. This allowed him to "navigate" the hard drives of the computers of these people while they were connected to the internet. Harris also had a site, which offered pornographic pictures, pirate-programs and files of every kind, and whenever someone connected to his address, they were immediately infected by the computer virus.

[...]

In a few words, lieutenant Spoto succeeds in showing his complete ignorance of the subject: he gives an abominable definition of ICQ, defines Netbus as a virus rather than a trojan (which means he doesn't have any idea of how it works), and still not being satisfied with this, attributes it with a contagiousness similar to the Ebola virus: to be infected simply by connecting to an Internet address sounds like something supernatural. Then, he shamelessy concludes with the invitation "If anyone has had contact with Harris, and thinks that their files may have been forced, they can come to us at the Police Station". If everyone at the Police Station are as experienced as he is, it would be preferable to keep the Harris' "virus" rather than allowing them to put their hands anywhere near your computer.

Besides, these self-acclaimed hackers are almost never bust because of a police operation, (unless they caused a lot of trouble), but because they have the stupid habit of boasting of their actions in chatrooms or even in real life. Often in front of total strangers, that are often police officers or people close to the law enforcement environment, (such as the child or the girlfriend of a police officer).
In fact, the conclusive part of the article regarding "Harris" says: "The investigators did not explain how, but only that they had succeeded in identifying the surveyor": obviously the law officers would like people to think that they identified the guilty person by means of some complicated technique, pursuing the information packets or something in this line, rather than admitting that they only had to make a few enquiries on IRC channels.

The hacker is the one that develops the exploit, and eventually creates a program based on this expoit. People that blindly use these programs because they found them on the Internet, or even worse, because a friend passed them on to them, are merely lamers, that only have a vague idea of how to use the tool they have in their hands and they know nothing about computer systems, programming, or how to cover their tracks. Often these self-acclaimed hackers, self infect themselves with a virus or a trojan they just downloaded, due to their incapabilities.
Putting these programs in the hands of the average person is like giving a loaded gun to a five year-old.

The fact is, that up to the early '80s, computers were only intended for hackers, specialized personnel or students. Only later did they appear on the desks of offices and in houses. The first home computers replaced the primitive consoles of videogames like the Atari 2600, the Intellivision and the Colecovision (the revolution was lead by the Commodore 64 and the Sinclair ZX Spectrum), but still across the whole world there was a "computer culture" throughout the '80s, there were published magazines that taught programming (mainly BASIC, as well as Machine Code) and very advanced techniques worthy of the best hackers. Then during the '90s, Apple and Microsoft's dream started to come true, "a computer on every desk and in every home". The computer became a common appliance available to almost everybody, the general level of the magazines started to drop, and almost all were confined to publishing articles about the latest hardware and software, or advice on how to use commercial applications.
This change in the computer world that made computers not only the sole domain of the hackers, but for everyone, has certainly had some positive general effects, but it proved to be a double edged sword, especially with the advent of the Internet. These days anyone can have powerful tools that inflict damage on other people, real "digital weapons", without having a clue about how they work or how they should be "handled". The average guy can get locked up just for perpetrating what he thought was a "cool" joke, even if it was in bad taste.

All those lamers-wannabe-hackers should better satisfy their needs with APEX v1.00 r10/8/91, a nice program written by Ed T. Toton III (however the original idea is older) that simulates the connection to different US government and military computers (like those of NORAD, or of NASA), among other things it is also possible to pretend that you are the President of the United States of America, and enter the system that controls the nuclear weapons.
With a bit of ability and practice, it is possible to convince some friends that you are really trying to force the US computer systems, and pass the time having good clean fun, without hurting anybody, risking a jail sentence and/or offending the hackers by trying to pretend to be what you are not.

But besides this, outside of the "criminal" context, something that bothers hackers is the ever increasing mass of self-claimed computer "experts", that actually don't know much more than how to turn on a computer and launch a program, and they fill their mouthes with loads of technical words about which they know nothing.
At this point, it is very interesting to read this text from the already quoted home page of the KIN:

I remember [...] When writing software was closer to art and magic than to business and/or just coding. I miss that now. What happened after that? Well, tons of fast graduates appeared who could only do Basic or Clipper/DBase programming, who pretended to be the best. They could wear suites and had money and relatives... I called them nephews. How many times were you in the situation when you gave the best offer, and you simply feel you HAD to write this software - but in the end your client says something like: "I'm really sorry, but I just got a call from my wife and her nephew works for this company in Nebraska who are certified Basic engineers so we'll have to give the contract to them?" The nephews produced terrible software which led to terrible disappointments in the industry ('I've invested so much money in computers and it's not really working for me').

[...] The Net gives you a chance to be first creative and then think about business. Let's use it now - before nephews will get their certified degrees....

Sadly, a crowd of nephews are already working, with or without certified degrees, and armed with programs like Front Page or Publisher creating websites, filling their big mouths with words like FTP and client-server application, even if they don't know what they mean or what they are talking about.
Luckily, the Net is large and, - at least for the moment, - it generates its own rules by itself. There is room for everyone.