By Erin Sherbert
By Erin Sherbert
By Leif Haven
By Erin Sherbert
By Chris Roberts
By Kate Conger
By Brian Rinker
By Rachel Swan
He's eaten now; he feels better. Darkness has fallen outside the Embarcadero Center; it's a few weeks after we met in Sacramento. He's been out of touch again, "regrouping personally," as he puts it, and preparing for the hack he's about to announce. "I need to make sure I have cash on hand, places to go," Lamo says, and his tone hardens. "I want to make sure that, if things go south, they won't be able to say, "Lamo was hopelessly naive, that he was just sitting around in his bedroom at his parents' house.'"
After a sleepless night and a long day, Lamo is about to head downstairs to a meeting of 2600: The Hacker Quarterly.He has occasionally contributed to the magazine, named after the 2600-hertz signal that enabled hackers in the 1970s to access AT&T's long-distance switching system and make free calls, and considers it his duty, when in San Francisco, to drop by the meeting and hobnob with his fellow hackers. Most of the dozen or so attendees tonight are males with backpacks, although one is a woman with gray hair, and the best T-shirt says: "I see dumb people." Before Lamo sidles up to the group, clustered in the plaza, he mutters, "My God, I started going to meetings in 1996 -- I feel old."
Actually, Hacker Quarterly began publishing its tips, trade secrets, and commentaries way back in 1984, about the time computer espionage exploded into the national consciousness. The previous year had brought the popular film War Games, which starred Matthew Broderick as a computer wiz kid who mistakenly cracks into the military's nuclear-combat simulator computer and saves the world by programming the machine to play tick-tack-toe. The first high-profile arrests of real hackers occurred around the same time, when the FBI busted six teenagers from Milwaukee known as the 414 Gang (named after the local area code), who broke into more than 60 computers, including those at the Los Alamos National Laboratory and Sloan-Kettering Memorial Institute.
But the hacking tradition didn't start with criminality -- it started with graduate students at the Massachusetts Institute of Technology in the early 1960s. Tapping into the mainframe computer in the artificial intelligence lab, they pushed the boundaries of programs and earned the complimentary nickname "hacker." The Internet, of course, remained largely unexplored until the personal-computer boom of the 1980s, and it only became a staple of American life with the advent of e-commerce in the 1990s. As capital entered the flow of the information highway, hackers began finding more and more pathways closed to them, and the relationship between companies and intruders grew increasingly bitter.
"Malicious hackers like to illustrate the impact of what happens when they're ignored," says Douglas Thomas, an associate professor at the University of Southern California and the author of Hacker Culture, which explores the history and psychology of the movement. "The benevolent hacker says, 'Your fly's open, here's how to close it.' The thing I find interesting [about Adrian] is the idea of a hacker as a kind of consumer reporter on the world. He's doing a public service, finding these holes, and that seems to have a noble spirit to it."
But it's still a felony under several federal laws, most notably the Computer Fraud and Abuse Act, which was passed in 1984 and has been amended several times since. After the terrorist attacks of Sept. 11, 2001, Attorney General John Ashcroft strengthened that law, and others, through the Patriot Act, which expanded the government's powers to pursue alleged criminals online, listen to wiretaps, and monitor Internet usage. Although many in government and industry have downplayed the threat of cyberattacks from terrorist groups like al Qaeda, regular hackers do plenty of damage. According to the San Francisco-based Computer Security Institute's seventh annual Computer Crime and Security Survey -- which polls more than 500 U.S. corporations, government agencies, financial and medical institutions, and universities -- 90 percent of the respondents reported computer security breaches in 2002, and 80 percent said they suffered financial losses. The 223 respondents who were willing or able to quantify the damage done by hackers reported a grand total of $455 million in losses; the institute estimates that hackers did well more than $1 billion of damage in the United States last year.
"I'm not a jurist, but I recognize that what I'm doing is illegal, and I don't think the way I'm doing it makes it any righter than how anyone else would do it," Lamo says. "I'm sure someone somewhere has gotten fired because of what I do. These things happen. I've run networks myself and I've been intruded upon, so no one can say I don't know how it is. But as long as I'm doing it, I feel it's important to set a precedent so companies say, 'You know, everything didn't go to hell after we let him go.'"
Although Lamo seeks a cordial relationship with the companies he hacks -- some have even offered him a job, though he turns them down because he doesn't want people to think he's profiting from his exploits -- and takes pride in showing corporations his points of access, he's not naive enough to think his relative benevolence will get him off the hook. In fact, Lamo -- who says with absolute sincerity, "I never assume I'm not being surveilled" -- even posted an anonymous screed to an Internet discussion board in defense of the Patriot Act. "Many of you armchair attorneys general out there might not be so quick to fault the measures being taken now if you suddenly found yourself saddled with the responsibility of securing the lives of millions of your fellow citizens," he wrote. "As someone who does things that are illegal, I'd rather not have increased scrutiny. ... However, it's a no-win for a decision maker like Ashcroft. I don't know what I'd do if I were him. Neither do any of you. You *don't know* what you'd do in someone else's shoes until you actually have to face their decisions. Moralization is easy. Making decisions that may save or cost lives is hard."