2600: Where The Hackers Hang Out

Currently, a highly controversial quarterly publication (and companion web site) does not deal directly with drugs, sex, or rock and roll. Its focus is hacking. Within a small cyber-community, the reputation of www.2600.com is known far and wide.

Essentially the site functions as a gathering spot where hackers (and hacker wannabees) can congregate, exchange ideas and boast about cyber-exploits. In the minds of some, it provides a space where nefarious cyber-criminals can thumnail business cards to the corkboard.

Detractors often want much of 2600’s published material (and hyperlinks) removed. For non-hackers, it provides a scary glimpse into the abyss of network security and telephone networks. 2600 enjoys a cult following.

On Sunday, May 21, 60 Minutes rebroadcast the January episide with Ed Bradley’s interview with Kevin Mitnick. Once the FBI’s most wanted computer criminal, Mr Mitnick, now free after five years in a California prison, has attained rock-star status within the 2600 community. His activities have been chronicled in the publication. A “Free Kevin” movement spearheaded by 2600 “positively influenced media treatment,” reported Mr Mitnick in the Spring 2000 issue of the magazine. In fact, on March 2, Mr Mitnick appeared before a US Senate committee presenting verbal and written testimony. Hacking is a hot on the Hill.

The 2600 Position

What exactly is hacking? The magazine promotes the controversial concept that if someone can gain access to a computer (or network), sneak past security barriers (if any are encountered), and snoop around (without taking any files/data) the behavior is considered acceptable.

The magazine/web site fosters these types of activities. Theft of information/services is considered “cracking,” an activity 2600 finds patently illegal and strongly discourages. As one might suspect, the line of demarcation often grows fuzzy quickly.

A major weapon used by hackers (raised to an art form by Mr Mitnick) carries the label “social engineering” (SE). A concrete example of this technique was offered by Mr Mitnick during the Ed Bradley interview. Mr Mitnick telephoned a Motorola supervisor, whom he then connived into sending the latest telephone source code (the blueprint of the software instructions) to a computer that Mr Mitnick accessed and controlled.

Is this theft? Well, obviously, it depends on one’s point of view. Hackers take the position that if the owner does not take steps to secure his hardware, it is fair game to walk in and roam around.

Herein lies the dilemma. In an advanced technological culture, security issues by computer/network users (and supervisors in the workplace) are often taken casually. Hackers jump into the breach by pointing out if they can find easy access, people intent on serious crime can do serious damage. This offbeat logic finds resonance whenever an ILOVEYOU worm appears or a government web site is defaced.

Real Scary

At almost any given time, the 2600 magazine finds itself embroiled in a lawsuit. Currently, the Motion Picture Association of America (MPAA) is suing 2600 because the web site contains links to servers that publish software that breaks the DVD encryption. Next month, it may be something else.

A major source of hacking pranks come from disgruntled employees. In the Winter ‘99 issue, for example, a former employee revealed in an article “Messing with Staples” some of the passwords (and procedures) that allow access to some of the many computers (some in kiosks) found in a Staples store.

The writer took special delight in pointing out that one computer had both the user ID and password as “password.”  (With high turnover in many chain operations, computer security is seen as an impediment, especially during times of crushing seasonal sales activity). The article contained a remarkable (and chilling) profile on security areas within the Staples retail operation.

In Spring 2000 issue, 2600 published an angry letter from the Staples Senior Vice President, General Counsel.  After four paragraphs stating the present Staples’ position, the letter reads: “Under all these circumstances, we have no choice but to insist that you remove from any material that you continue to publish any of our trade secrets concerning our security system. In addition, we hereby demand that you identify the author of the article ‘Messing with Staples’ so that we may pursue our legal remedies and take appropriate action against that individual....”

The 2600 reply in part: “...But one thing we’re really curious about is what the so-called ‘trade secrets’ are that you wish to keep quiet. The fact that one of your stores used a password of ‘password’ on a publicly accessible machine?  (You do use different passwords at different stores, don’t you?)...”

Loaded With Controversy

Both the magazine and web site contain information and comments many will find outrageous yet often thought-provoking. It becomes almost immediately clear that many segments of our technology-driven society have fallen woefully short in securing computers and networks.

Frankly, 2600 has become a “must read” to network systems administrators in companies and institutions large and small. Should you find a copy on the newsstand, after thumbing through the small pages, you may not be able to put it down. It is unlikely any copies will be found at the local library. It is far too controversial and potentially dangerous.

URLs (Uniform Resource Locators) of interest:

http://www.2600.com

Previous issues of  Internet Info for Real People can be found at http://www.thebee.com. Please e-mail comments and suggestions to rbrand@JUNO.com or editor@thebee.com.)