t byfield on Thu, 14 May 1998 02:01:24 +0200 (MET DST)


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

<nettime> disappearing journalists, digital-style


[<http://magazines.enews.com/magazines/tnr/archive/0598/051898/
 glass051898.html>. The New Republic, a US magazine, published
 this article in its 5/18/98 issue, but learned that the author
 had fabricated it. He was fired and TNR is busily removing any
 indication on its web site that the author ever wrote anything
 for them <http://magazines.enews.com/magazines/tnr/>--but only
 in the archive's "Complete Tables of Contents." The files them-
 selves are still there, but available only by backtracking URLs
 into directory trees. Here's the (very silly) article. Art Med-
 lar gets the credit for spotting these hijinks.-T]

May 18, 1998

WASHINGTON SCENE: HACK HEAVEN

By Stephen Glass

Ian Restil, a 15-year-old computer hacker who looks like an even
more adolescent version of Bill Gates, is throwing a tantrum. "I
want more money. I want a Miata. I want a trip to Disney World. I
want X-Man comic [book] number one. I want a lifetime subscription
to Playboy, and throw in Penthouse. Show me the money! Show me the
money!" Over and over again, the boy, who is wearing a frayed Cal
Ripken Jr. t-shirt, is shouting his demands. Across the table,
executives from a California software firm called Jukt Micronics
are listening--and trying ever so delicately to oblige. "Excuse
me, sir," one of the suits says, tentatively, to the pimply
teenager. "Excuse me. Pardon me for interrupting you, sir. We can
arrange more money for you. Then, you can buy the [comic] book,
and then, when you're of more, say, appropriate age, you can buy
the car and pornographic magazines on your own."

It's pretty amazing that a 15-year-old could get a big-time
software firm to grovel like that. What's more amazing, though, is
how Ian got Jukt's attention--by breaking into its databases. In
March, Restil--whose nom de plume is "Big Bad Bionic Boy"--used a
computer at his high school library to hack into Jukt. Once he got
past the company's online security system, he posted every
employee's salary on the company's website alongside more than a
dozen pictures of naked women, each with the caption: "the big bad
bionic boy has been here baby." After weeks of trying futilely to
figure out how Ian cracked the security program, Jukt's engineers
gave up. That's when the company came to Ian's Bethesda, Maryland,
home--to hire him.

And Ian, clever boy that he is, had been expecting them. "The
principal told us to hire a defense lawyer fast, because Ian was
in deep trouble," says his mother, Jamie Restil. "Ian laughed and
told us to get an agent. Our boy was definitely right." Ian says
he knew that Jukt would determine it was cheaper to hire him--and
pay him to fix their database--than it would be to have engineers
do it. And he knew this because the same thing had happened to
more than a dozen online friends.

Indeed, deals like Ian's are becoming common--so common, in fact,
that hacker agents now advertise their commissions on websites.
Computer Insider, a newsletter for hackers, estimates that about
900 recreational hackers were hired in the last four years by
companies they once targeted. Ian's agent, whose business card is
emblazoned with the slogan "super-agent to super-nerds," claims to
represent nearly 300 of them, ages nine to 68. A failed basketball
agent, Joe Hiert got into the industry when one of his son's
friends, 21-year-old Ty Harris, broke into an Internet security
firm three years ago and came to him for advice. The software
maker paid Harris $1 million, a monster truck, and promised "free
agency"--meaning he can quit and work for a competitor at any
time.

Of course, a cynic might say hacker schemes look an awful lot like
protection rackets. That's an awfully nice computer network you
got there. It'd be a shame if somebody broke into it....
Law-enforcement officials, in particular, complain that deals
between companies and their online predators have made prosecution
of online security breaches impossible. "We are basically
paralyzed right now," explains Jim Ghort, who directs the Center
for Interstate Online Investigations, a joint police project of 18
states. "We can't arrest or prosecute most hackers, because
corporate victims are refusing to come forward. This is a huge
problem."

In March, Nevada law-enforcement officials got so desperate they
ran the following radio advertisement: "Would you hire a
shoplifter to watch the cash register? Please don't deal with
hackers." The state took to the airwaves shortly after a hacker
broke into a regional department store's computer system and
instructed it to credit his Visa card about $500 per day.
According to Nevada officials, the boy racked up more than $32,000
in credit before he was caught--but the store wouldn't press
charges. It let him keep the money, then threw in a $1,500
shopping spree--all in exchange for showing them how to improve
their security.

Little wonder, then, that 21 states are now considering versions
of something called the Uniform Computer Security Act, which would
effectively criminalize immunity deals between hackers and
companies--while imposing stiff penalties on the corporations who
make such deals. "This is just like prostitution," says Julie
Farthwork of the anti-hacker Computer Security Center, which
helped draft the legislation. "As a society, we don't want people
making a career out of something that's simply immoral."

Not surprisingly, hackers hate the proposed legislation. They see
themselves as "freelance security investigators," and they even
have their own group--the National Assembly of Hackers--to lobby
against the new law. "Really, hackers have to put in a lot of sunk
costs before they find the one that's broken and get paid," says
Frank Juliet, the group's president. "So, it's definitely a large
community service that we are doing."

Less predictable, however, is the opposition of companies that
have been hacked. It seems they don't like the proposed law,
either, because they're worried they'll be stuck with no legal way
to patch holes in their security systems. The Association of
Internet-based Businesses has actually formed a task force with
the National Assembly of Hackers to lobby against the law.

It remains to be seen who will win, but, until new laws are
passed, hackers like Ian Restil will continue to enjoy a certain
exalted status--particularly among their peers. At a conference
sponsored by the National Assembly of Hackers last week, teenage
hackers and graying corporate executives flocked to Ian, patting
him on the back and giving him high-fives. "We're so proud of
him," said Ian's mother. "He's doing such good things, and he's so
smart and kind." At the formal dinner that followed, the emcee
explained that Ian had just signed a contract for $81,000 in
scholarship money--and a collection of rare comic books. The
audience applauded wildly. Then, Ian stood on his chair and took a
bow. He announced that he had hacked into a new company and frozen
their bank account temporarily. "And now they're going to show me
the money," he said, swirling his hips and shaking his fists. "I
want a Miata. I want a trip to Disney World...."

(Copyright 1998, The New Republic)

-----End of forwarded message-----
---
#  distributed via nettime-l : no commercial use without permission
#  <nettime> is a closed moderated mailinglist for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: majordomo@desk.nl and "info nettime-l" in the msg body
#  URL: http://www.desk.nl/~nettime/  contact: nettime-owner@desk.nl