===================== What Is A Hacker ? ===================== In the last year or so there has been a virtual deluge of books on hackers and hacking. Even movies were based on the subject. The electronic hacker requires a greater knowledge base than a computer hacker. It requires a working knowledge of computing and a good knowledge of electronics. Indeed there has been an influx of computer hackers to the ranks of electronic hackers. My comments in the last volume are still applicable as they relate to the electronic hacker rather than the computer hacker. Many of the books on computer hacking seek to, and in some cases actually do, identify the main traits of hackers. Indeed some of them such as "The New Hacker's Dictionary" do an excellent job. Electronic hackers are more difficult to quantify. I do not think that anyone has actually tried to properly define what an electronic hacker is. As Electronic hackers are rarer than computer hackers, this is an exceedingly difficult thing to do. As an electronic hacker, I am in a better position to comment on the main traits required for this type of hacking. Much of the comments that follow apply equally to computer hackers. These comments may be offensive to some of the pseudo-intellectual sociologists reading this. There is no such thing as an average hacker. A hacker by nature will be above average intelligence. Out-thinking is a pastime that generally restricted to those with above average intelligence. Since the level of electronic knowledge required for hacking is high this would tend to restrict hacking as a hobby to technicians and engineers or at the least a person with a good knowledge of electronics. Another interesting aspect in hacking is that all of the top electronic hackers and most of the average electronic hackers in Europe are male. This is not a surprising thing. Advanced hacking requires phenomenal visio-spatial abilities and the ability to grasp complex and extremely abstract Concepts. These are specifically male traits. Any feminists reading this may be offended. Don't blame me, blame God. He designed the Human race. There appears to be one common factor in the background of electronic hackers - an interest in electronics prior to third Level education. Some hackers look down on engineers as blow-ins. The majority of engineers only decided to do engineering on entering third level education. Or in some cases their parents made the decision for them. For some of them engineering is only a job. They probably did well in exams all throughout their academic careers because they could memorise some fact or text and regurgitate it on an exam paper. An electronic hacker will have a fascination with electronics and it is this fascination with electronics that these paper engineers lack. Luckily these paper engineers do not last very long in electronics and find other positions that suit them. In the early eighties, one paper engineer told me that it was impossible for a mere mortal such as myself to design a satellite receiver system. He also said that satellite television was never going to be used on a widespread basis. The chap now sells shirts for a living! As the electronic hacker has had previous experience in electronics, they will not do well in third level education. Most will drop out of their course because they become bored with what they are being taught. In this respect, the above average intelligence of the hacker is a disadvantage. Most of the third level courses in electronics will be like a mental straight jacket to the hacker. Most non-hacker readers will automatically think that just because a hacker has above average intelligence he will just get on with the course. Unfortunately it is never as simple as this. The average academic year is thirty-six weeks long. If you could complete this course in three weeks would you hang around for the other thirty three weeks? There are probably readers who think that hacking is a crime in the sense that it is theft of service. The legislation varies from country to country. Some countries in Europe, such as France and Ireland have rather draconian laws against piracy. As the moral kind of reader regards hacking as a crime, he or she may not try to hack. The attitude of a hacker is totally different. A hacker would generally know that hacking is a form of theft of service but would not really be too concerned. The moral and ethical conditioning that society imposes has a greater effect on those with average intelligence, after all the morals and ethics are generally created by those of average intelligence. When one is of above average intelligence, there is often a feeling of not belonging. This feeling of not belonging results in a sort of intellectual arrogance where the individual concerned decides that the normal morals and ethics do not apply to him as he is not normal. This is of course an extreme example but a milder form of this decision would explain the attitude of most hackers to the moral aspect of hacking. The vast the moral and ethical aspects are suspended. All's fair in love, war and business. In my opinion, anyone involved in hacking for purely experimental reasons should not be prosecuted. It is disgusting that people who are often critical thinking addicts or at least are not involved anything creative, should decide to hassle experimenters. (This of Course excludes criminal lawyers who are among the most creative experimenters known.) These people do not apparently recognise that all of the major inventions were made by experimenters and if it wasn't for experimenters Humanity would still be swamp slime. On some of the computer bulletin boards, the good and evil of experimental hacking has been debated. The most often proposed argument on the evil of experimental hacking is that it is shop lifting in a different guise. I do not agree with this. It is, to use another analogy often quoted by anti-hackers, like saying that guns kill people. The logic is flawed. Incidentally guns do not kill people, bullets do. The whole objective of hacking is to hack the system and not to get the programming for free. That is piracy. The proponents of the argument do not differentiate between hacking and piracy. If there is one thing that really gets to me it is the high moral tone adopted by the anti-hacker campaigners. They make it sound like hackers are some kind of sub-human scum. It is almost as it these anti-hacker campaigners are jealous of hackers. To them hackers represent FUAD. This stands for Fear Uncertainty And Doubt. The anti-hackers fear what the hacker can get up to. They are uncertain just what the hacker can do and they are doubtful whether they can match up to the hacker's abilities and talents. Almost every hacker regards hacking as a game in which their mindpower is pitted against that of the system designers. It is a battle of intellects. That is the attraction. Some of the paper engineers mentioned earlier would like to think of themselves as hackers but they are not. It is often a paper engineer that claims that a system is invincible. There is nothing more satisfying to a hacker than smashing an "invincible" system that was designed by one of these paper engineers. The Hacking Hall Of Infamy ========================== The following is an examination of some of the mistakes and @ general screwups that have led to serious hacks. Many of them are due to non-technical people underestimating the risks that their systems faced. In some of the cases, it was not fault of the people involved. They either had not been properly briefed or had been briefed by JAFAs. Ignorance may not be a crime but it can be fatal. VideoCipher is Tamperproof And Undefeatable (sic) ================================================= Perhaps the stupidest and most ignorant statement ever made about a scrambling system was made in 1986 about VideoCipher. Specifically VideoCipher 11, the planet's most hacked system. The VideoCipher system is a very sophisticated system, tamper- proof and undefeatable." Naturally this quotation came from a marketing person. Now what was unbelievable about this quotation was that there was a confirmed hack on the system in June 1986. Apparently the news had not reached VideoCipher. BBC Vs Hi-Tech ============== In the UK, piracy has been highlighted by a number of cases, the most notable being the Hi-Tech XtraVision case. The BBC attempted to stop the UK descrambler manufacturer, Hi-Tech XtraVision manufacturing and selling descramblers for the BBC Europe service via Intelsat VA-F71 at 27.5 West. The original ruling an the case stated that the UK Copyright Patents And Designs Act 7988 was not usable in the case as it was badly framed. The end user of the descrambler was outside UK jurisdiction and so UK law was not applicable. It was overturned on appeal and Hi-Tech XtraVision decided not to defend. BBC Pressures Elektor Electronics ================================= A stupid event accrued earlier in 1990 involving the "Elektor Electronics" Magazine. In the February 1990 issue. this magazine published the first of a two part constructional article for a SAVE descrambler that did not use crystals. The decision to print was taken when the first ruling in the Hi-Tech XtraVision case was in force. The BBC lawyers then saw the magazine and got upset and threatened Elektor. Elektor pulled the March 1990 edition of the magazine. The full circuit diagram and theoretical description was already in the hands of those who wanted it. Any hacker worth his salt can design a printed circuit board. It makes the lawyers and the BBC look like utter idiots. They took action after the event occurred and thus drew the matter to the attention Of the media. It is not surprising that hackers consider some lawyers as being between rocks and bacteria on the evolutionary scale. FilmNet Bares All ================= The system owners almost always hold back at least two further scrambling levels until the system has been in use for at least six months. This is a good tactic as a lot of the inexperienced hackers will be caught out when the further level of scrambling is introduced. It is also an unwritten rule that the level will be introduced at a time that will cause maximum damage to the professional hackers. The best example of this tactic was Filmnet's introduction of a further level of scrambling three days before the 1987 Cable And Satellite Show. This left a lot of dealers with egg an their faces as they were selling pirate descramblers that did not work. Fortunately for some dealers, the three days were enough to update their demonstration decoders. FilmNet should have introduced the further level during the show for maximum effect. The show was, in counter-piracy terms, FilmNet's biggest disaster A business person representing FilmNet was boasting about how they had faked out the hackers. The fact that FilmNet had thirty one possible variations to play with was mentioned. Unfortunately one of the people who overheard was a hacker. The FilmNet. representative was unfamiliar with binary. In binary, 0 is also considered as it is a logical state whereas to the businessman it means nothing. In technical terms, FilmNet has five possible levels of encryption and thirty two combinations. Since level zero is clear this leaves thirty one possible variations. This effectively condemned FilmNet to four years of being totally hacked. All of the subsequent upgrades on the FilmNet system were limited. The SATPAC system was so crude that the upgrades were often more risky for the official descrambler. Sky Advertises Pirate Descramblers ================================== In late 1990, strange adverts started to appear in the UK satellite. television press about the fact that FilmNet decoders were illegal. Other scare tactics claimed that the decoders would soon be obsolete. There were rumours that Sky were tied in to this advertising campaign. On the Dealer Text teletext service on Sky News, (teletext page 830), the evils of pirate FilmNet decoder were proclaimed. On teletext page 441 on Eurosport, there was an actual advert for pirate FilmNet decoders. This was rather embarrassing far Sky. Once they found out about the advert, they quickly removed the FilmNet reference. Sky, at that time had control over Eurosport. The teletext magazine was not assembled by Sky. All Sky did was to transmit a prepared teletext magazine. Unfortunately they did not adequately screen the advertisements. Sky Markets Do It Yourself Piracy Kit ===================================== Perhaps the stupidest event in counter-piracy history was perpetra- ted by Sky's marketing people. Evidently Sky's counter-piracy people were not consulted on this. If they had been they would have stopped the system dead in its tracks. In 1990, Sky was locked in battle with BSB. Sky was trying to hook as many viewers as possible for the fledgling Sky Movies. Then some utter nutter of a marketing genius struck. The scheme was that Sky would give three months free viewing of Sky Movies to purchasers of IRDs. The fully active smart cards were bundled with the IRDs. Included in the packet was a subscription form for Sky Movies. The logic was that typical of business school text books. It totally ignored the real world. The smart cards never reached the purchasers of the IRDs. Instead, they were shipped to mainland Europe where they were sold for high profits. Often dealers would forget to mention the free viewing cards to purchasers of IRDs in the UK and Ireland. Many of the purchasers were ignorant of the scheme anyway. In European magazines, adverts appeared for decoders and smart cards. Sky had people trying to track down the sources of the companies advertising. This was an essentially futile operation. Sky had actually caused the piracy problem. What was unnerving was the sheer naivete of those Sky people involved. They actually believed that pirates and hackers would play by their rules. Of course Sky learnt a valuable lesson from this fiasco and now they try to control the distribution of their smart cards. Hacking And The Law =================== It should be made clear that hacking or intercepting services in Ireland is illegal. This info may also be illegal as it examines the security of scrambling systems. The Irish Broadcasting Act 1990 is intended to limit if not eliminate cable and MMDS piracy. It can be applied to satellite piracy but requires a ministerial order. To date there appears to have been no prosecutions for cable piracy as in actually hacking the scrambling system. The prosecutions that have occurred have been for patching into the cablenet without paying. The term used is "Self Connectors". You have got to wonder at the Freudian undertones in the mind that dreamt that one up. On my local cablenet it has the word "Pirates" in brackets. Apparently the term "Self Connectors" originated in Dublin and since there are two countries in Ireland, Dublin and the rest of Ireland, it was obviously felt that a translation was necessary. When a new descrambler, official or pirate, comes on the market the first thing that happens is that it is "examined". The case is opened, the board is extracted and the oscilloscopes, logic analysers and multimeters are attached. The first service diagrams for descramblers are not issued by the manufacturers. They are issued or rather sold by hackers. It is essential that those who design systems hack the systems designed by their competitors. This is the best and only way to learn how to make your system secure. The best system designers are also good hackers. . There are some people trying to bring in laws in Europe about computer program reverse engineering. The aim is to stop the reversing and analysis of computer programs. This has parallels with the Blackbox industry. It is unfortunate that those who try to make the laws that govern technology are those who are generally least suited to the task. The law is often a few hundred years out of date. Judges are, in some European countries, allowed to serve beyond their sell by date. To expect them to cope with extremely complex technological nuances is a bit much. However there are a few lawyers who originally started out as engineers. These people have a good understanding of the technology. It is generally their task to crush complex technological thoughts into mental baby food in the rare cases that actually come to trial. Where legislation exists to cover hacking, it is usually of the blunderbuss variety. It can be used to cover every eventuality. Often this legislation is introduced at the behest of interested parties. For example in Ireland, the Broadcasting Act of 1990 was intended to protect cable companies and MMDS operators. Now just who was the biggest cable company at that time? Cablelink of course. Cablelink was owned primarily by the state via a semi state operator or two. The state emphasis on the legislation can be seen in the structure of the act. The act does not cover satellite borne transmissions without a statutory instrument signed by the minister for communications. There is a trend nowadays to rely less on the law and more on secrecy. A company will not patent a new system because it supplies a ready source of information for hackers. This is perhaps a more sensible approach. There is an aspect of law where a system could be declared a trade secret. Some would argue that this offers enough protection. To someone abiding by ordinary rules it would. Hackers do not abide by such rules and the concept breaches one of the prime rules of secrecy - the fewer who know the better the secrecy. The use of the law in counter-piracy is like a loaded musket. It is useful against a single opponent, which by some accident could be you. In piracy, a system will be attacked from hundreds of directions. In some countries, the UK for instance, the relevant law provides for statutory conviction. It would not be feasible to prosecute all the attackers. Some may not have the' money to pay the fines. An indiscriminate approach would lose the battle for the hearts and minds of the users. Despite all of this there are still some channel executives who think that legal methods can be used to stop piracy and or hacking. These executives are not technical. Commonly they are products of a business or legalistic education. Generally they lose this attitude after actually having some hands-on real time experience. Hacking is an essential item in the evolution of technology. It stretches the technology to the limits and then goes one step beyond. Many of the advances have been made by hackers. Some top professional hackers were among those who were experimenting with satellite in its early days. It is stupid to claim that piracy will be eliminated, for if there was no crime then there would be no need for a police force and we'd all be vegetarian troglodytes. This is the real world - wake up and smell the coffee!