Thinkcorps

I forget when I wrote this one, a piece on hackers for the now-defunct P.O.V. magazine.

When you’re really good at hacking networks, you get fried in the media. Then you get a really good job.

By Tim Barkow

When Bruce Fancher was 14, he had a subversive little hobby: exploring the mysteries of that tiny little Northeast phone system known as NYNEX. He and his hacker buddies found themselves digging through dumpsters behind the NYNEX central office and making friends with the janitor, gathering booty in the forms of old manuals and discarded printouts. With this knowledge, Fancher and his friends gained control of the Bell computer, allowing them to make free calls and monitor conversations.

Fancher managed to avoid jail, in lieu of a much more lucrative future: Now, at 25, he is operations director of New York?based Evolution Online Systems, which handles software development and security consulting. Businesses from all over the world hire him to solve their problems.

Fancher isn’t alone. Throughout the tech community, these one-time computer rogues find themselves in very big demand. And why not? Those kicking ass in the wired world didn’t find their salvation in an eight-month course at the local technical institute. The winners really understand the the minutiae of computers, networks and software. And who understands all that better than hackers?

With the rise of the Internet and its shared systems that are extremely vulnerable to attack, security issues have assumed paramount importance. Who better to protect these systems than those who have spent their youth infiltrating them? Plus, contrary to popular belief, in the tech world, you must sometimes deal with humans. Hacking is more than simply knowing computers; it’s understanding the people who run them. Tricking employees into releasing information or having them perform certain “inside jobs” is known as “social engineering,” and it’s a critical part of hacking that happens to translate well to the real world. For those who want to walk into the information age fully armed, hacking is digital boot camp.

Not that this trend is without sticky ethical problems. “Many people-myself included-believe that ?reformed hackers’ are not good choices for security work,” says Purdue computer science professor Eugene Spafford. “It cheapens the overall image of our profession as one of including, or even being based on, scoundrels who have previously abused trust.” Then again, one man’s terrorist is another man’s freedom fighter. And corporate America has decided to let the inmates run the asylum. Even Mark Abene, the infamous “Phiber Optik” who was handed a harsh 12-month prison sentence for computer crimes in 1994, is now reportedly consulting for Sun Microsystems.

Fancher had his epiphany in college, where he found computer science courses downright pedestrian when compared with the knowledge he’d hacked out in his youth. In 1991, he dropped out to start a computer business with a friend-a bulletin-board service called Mindvox. The response was amazing. Fancher had effectively taken the power of the Net-and this was before the birth of the Web-to the people.

In doing so he had become something of an online celebrity. Members of Mindvox include Wil Wheaton (Wesley of Star Trek: The Next Generation), rock fossil Billy Idol, and a host of notable writers, hobbyists and, of course, hackers. Indeed, much of Fancher’s computer security experience came from spending time on the other side of the fence. “We were under constant attack by hackers, so we learned a lot,” he says.

Other hackers have taken different paths to success. “Phrank,” a computer security consultant employed by a Big Six accounting firm (because of his youthful misdeeds, he asked not to be identified), spent much of his youth, as Fancher did, tinkering with the phone system. Phrank later started a technical zine in college, which caught the eye of some local magazine editors.

For the next few years, Phrank wrote like mad-about technology and culture, about cutting-edge research and about mass-marketed programs. His keen eye for technological bullshit, an eye developed while hacking, got him into security consulting. This hacker’s eye often helps him identify risks in clients’ computer systems. “Knowing general hacking approaches helps give you a sense of reality,” he explains. “You have to remember that it doesn’t matter whether you’ve got 40- or 80-bit encryption if someone can call in, pretending to be an employee, and socially engineer a way in.” By the way, beside his high-paying full-time gig as a network policeman, Phrank pulls in $150 per hour on the side as a freelance technology analyst for several investment firms. Not too shabby.

As a 19-year-old developer at Evolution, Marc Powell is closer to the hacking scene than either Fancher or Phrank. And although he’s gone over to the side of good, you can hear the excitement in his voice when he explains some of the areas hackers are currently exploring. Admittedly, it’s a little disconcerting to listen while a kid who can’t drink legally runs technical circles around your head. You just have to try and hide your ignorance while nodding and re-peating, “Sure, go on.”

Powell even produced a hack for Windows 95 that he’d gotten online. He could probably hack your PC from his bedroom, but that’s not what interests him-at least not now. He prefers to wax on about hacking as research into the structure and the philosophy of computer networks like the Internet. But later, he admits, half-jokingly, that he used to think that “once I went to jail, my net worth would go up.”

Of course, this was before the police and government began cracking down on hackers. With billions of dollars being spent on digital tech and networking, hacking is seen in corporate circles as a serious threat. A common joke among hackers is that you hack, then you turn in all your friends and go to work for The Man-if, that is, you don’t get caught yourself.

Fancher never got caught: He got lucky, and he knows it. “There’s a reasonable case to say [that] we should be lenient with that 16-year-old, which is not the same as saying it’s OK,” he observes. “It should be a crime.” Then he quickly adds, “On the other hand, who is it more profitable to blame-the kid or the company that made the problem?” Once a hacker, always a hacker.
——————Tim Barkow is a section editor at Wired magazine. He last wrote for p.o.v. on the domain name?buying frenzy.