Psychology in the Hacker World
by Condor Woodstein
We are all descended from a successful tribe of 15 to 30 hunter-gatherers, so it is no surprise that we fall into categories. Mythologists call them archetypes: the Orphan, the Warrior, the Wanderer, and so on. The Enforcer is an archetype, a genetic personality type that exists in every society.
At its most extreme, the enforcement personality is a paranoid schizophrenic, unable to distinguish friend from foe. In America, these types are (ideally) ferreted out by Internal Investigations. In other places, these crazies rule the nation.
First and foremost, Enforcers are convinced of the rightness of their ideas. Philosophical doubts are unheard of. If the legislature were to make hard-boiled eggs illegal, Enforcers would pursue people who sell and consume hard-boiled eggs with the same vigor now devoted to hackers. In this sense, the Enforcer actually shows an amazing elasticity of belief. The mere passage of a bill into law will re-organize the thinking of the Enforcer.
As a corollary, the Enforcer is incapable of learning from experience. No matter how often a belief is proved wrong by physical evidence, the Enforcer claims that better equipment or tougher laws will solve the problem.
William J. Cook is the federal prosecutor who busted Shadow Hawk and who stopped the presses at Phrack. He told the tale of how he nailed Shadow Hawk in a magazine called Security Management. Reading this periodical provides an insight into the mental mechanisms of the Enforcer.
"Uncovering the Mystery of Shadow Hawk," by William J. Cook appeared in the May 1990 issue. Cook explains how the hacker got into NATO, Air Force, and AT&T computers and then says, "Shadow Hawk's method of operation was based less on genius and more on using passwords, user tips, and hacking techniques learned from hacker bulletin boards."
The above is an example of denial of genius. As a programmer, you know that other programmers do things well that you do not and vice versa You have no problem admitting that someone else is smarter than you. This is impossible for the Enforcer. It is easy to take Cook's statement and make it into a Nazi refutation of Relativity: "Einstein's theories are based less on genius and more on Newton's calculus, Maxwell's physics, and tensor algebra learned from other mathematicians."
"Doing Time on the Telephone Line," by Langford Anderson was published in the February 1990 issue of Security Management. Anderson is the communications director of The Communications Fraud Control Association in McLean, Virginia. In outlining the many ways that telephone companies are cheated out of their revenues, he explains the "code calling" fraud, perpetrated on AT&T by trucking companies. "The caller would ask the operator to place a collect call for Fred P. Jones III. The call would be refused, but the name was a code that let the company know a driver has half a load in Nashville en route to Kansas City. This would go on 24-hours-a-day, seven-days-a-week, and the cost in AT&T operator time was incredible."
This is an example of denial of opportunity. AT&T defined its own system. Yet by taking advantage of that system, these trucking companies committed "fraud" in the eyes of the Enforcer.
It is also an example of tunnel vision. Trucking companies were not the only ones who benefited from this insight. Salesmen calling home, college kids, millions of people took advantage of this loophole in AT&T policies. The fact that AT&T survived suggests that these costs were already built into the phone rates. Perhaps we are to believe that this activity leapt into sudden existence in 1970 and only divestiture saved the company.
Yet another example of this tunnel vision comes from Brian D. Costley's "Cracking Down on the New Safecracker." No, it isn't a reincarnation of Richard P. Feynman, it's an autodialer that can spin 230,000 combinations in 30 hours. The article surrounds an ad for combination locks by Sargent & Greenleaf, the company that employs Costley. This blatant example of feathering one's own nest is lost on the Enforcer who passively accepts the offerings of any authority figure. Simple arithmetic would indicate that the S&G dual-dial combination locks are only a bigger, not impenetrable, barrier. It is almost humorous that the S&G ad relies on registered trademark phrases: "spy-proof" and "manipulation-proof." (Think of how cool it would be to nail a sign to your home that says "Windsor Castle®.")
Despite the image of the Enforcer who is dedicated to facts (promulgated by police procedural mysteries), the truth is that at some point, the belief structures of the enforcer can only be protected by vagueness.
An example of this denial of objective reality can be found in "Defending Against Virus Attacks," by Raymond G. Kammer, the deputy director of the National Institute of Standards and Technology. The article appeared in the May 1990 issue of Security Management.
How does one defend against viruses? No answer is given. The article alludes to private sector solutions, but none is named. The article describes committees, studies, and news releases. In response to the Internet Worm (he calls it a "virus"), the NIST worked with the Department of Defense and the National Security Agency. Rather than create computer programs, they created another committee which in turn warned computerists about the Columbus Day Virus of 1989 but failed to provide any products.
For many Enforcers, this divorce from reality eventually manifests itself as paranoia. A perfect example of the denial mechanisms involved comes from "Headache for the Host" by Darlene M. Tester, Security Management, January 1990. The article is a complaint against "a new protocol in data processing - file transfer from PC to host." The author also says, "A thorn in the side of the software industry has been public domain software... In the past,these software packages have been available through PC network bulletin boards and pirate data reproduction services... File transfer protocols are entering this sector of the software industry... Unlike other public domain packages, this software comes under the guise of a different name - 'nonpublic domain' software."
Tester's solutions to the threat of file transfer protocols are to forbid users from mounting such software. Failing that, if users are actually permitted to load programs, then the system administrator must "print a hardcopy of the protocol and review it for logic bombs or time bombs." If she can read hex code that well, I admit she is smarter than I'll ever be.
Projection and transference are psychological mechanisms that manifest themselves strongly in neurotic individuals. Tester uses the phrase "fairy tale existence" and accuses unnamed persons of claiming that unnamed security people are "paranoid."
Continuing not to name names, Tester alludes to "name-brand protocol systems" that are safe and reliable, but doesn't name any. Tester closes her article with the paranoiac's manifesto: "Host systems have a good safety record. That safety record must be maintained at all costs." Would Tester draw the line at executing one Eskimo in ten if it meant that mainframes would be safe from viruses? You can gauge the level of reality denial by considering that, as a woman, Tester is a "host." She fears "mounting," "penetration," and "infection" and in fact, "has a headache." If she would face these fears, they wouldn't appear in her technical essays.
You can see from these examples that the Enforcer is a terrible servant and a fearful master. Only the strongest judicial and constitutional restraints will protect America from these deluded individuals.