AOH :: P25-08.TXT

Hacking: What's Legal And What's Not


                                ==Phrack Inc.==

                     Volume Three, Issue 25, File 8 of 11

        /*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%
        %*/                                                         %*/
        /*%          Hacking:  What's Legal And What's Not          /*%
        %*/              Written by Xandor SymmLeo Xet              %*/
        /*%         With Technical Assistance From The ICH          /*%
        %*/                                                         %*/
        /*%     Reviewed by HATCHET MOLLY (TK0GRM1@NIU.BITNET)      /*%
        %*/               Exclusively for Phrack Inc.               %*/
        /*%                                                         /*%
        %*/                      March 8, 1989                      %*/
        /*%                                                         /*%
        %*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/*%*/


"Hacking:  What's Legal And What's Not" was originally published in 1987 by
"HackTel Communications" of Crosby, Texas.  Reportedly the book is no longer
being published as the author, Xandor SymmLeo Xet, has joined the United States
Army.  E. Arthur Brown of Minnesota has bought out the remaining stock and is
selling it for $12.95 (plus postage and handling) which is about half off it's
"cover price" of $25.00.

We've always been taught not to judge a book by its' cover, and I suppose that
one should not expect beautiful binding and great illustrations in
self-published books, especially those that deal with hacking and phreaking.
But I can't help comment on the sheer ugliness of this volume.  To be fair, I
should preface these remarks by saying that E. Arthur Brown Company does
give fair warning about the packaging of this book in their advertisement.

The "book" consist of about 300 photocopied reproductions of non-NLQ dot matrix
pages.  However, this does not mean you get three hundred pages of information
as about half of the pages are single sided copies.  All in all I'd say it
could be reduced to about 200 pages if everything was copied back to back.
These pages come in a nice three ring binder, black in color, and it even has
the name of the book silk screened on the cover.  (I can't resist mentioning
that the title of the book is improperly punctuated on the cover, though it is
correct inside the manuscript.)

Presumably the author(s) intended to release follow up reports and addendum to
the book at later dates (and at additional cost).  So the three-ring binder
approach makes sense, and the author does explain that he has used single sided
copies in some places to allow for easy insertation of these "Hacker Reports."
So perhaps criticisms of the books packaging are a little unfair since it
appears these concessions were made with a purpose in mind.  This does not,
however, change what you do indeed get when you order this book.  All potential
buyers should be aware of what they are getting for their money.

Enough of what the book looks like, let's examine what it has to offer.
Generally speaking, it is a cross between a "how to" and a legal reference
guide.  Much of the book is dedicated to state and federal laws that deal with
hacking, phreaking, and pirating.  You'll find reprints of the state computer
crime laws for every state of the union, (current at the time the book was
written) and the Federal wire fraud and copyright laws.  It does not include
the Federal Electronic Communication Privacy Act (ECPA) perhaps because act was
not passed at the time the book was compiled.  The sections on state laws
appear complete enough, and the full source and appropriate references are
given if you want to check them for accuracy or changes.  Thoughtfully, the
author has even included the associated penalties each statute carries.  And
for those of you who aren't quite up on your Latin, there is even a (very)
short legal glossary so you can better understand the language of the law.

The crime laws make up the bulk of the book.  They are probably the most useful
section despite the fact that the information is at least three years old by
now.  The rest of the book is dedicated to various topics that are mundane to
anyone that is an active practitioner of phreaking and/or hacking.  Topics like
"what is a network" and "how does a war dialer work" really do little for the
accomplished hacker, and the public can get the same information in the better
written book by Bill Landreth.

One point that interested me is that Xet adheres more to the "computer
professional" definition of "hacker" than he does to the definition used by
most of the underground.   In other words, he maintains that people who gain
unauthorized access to systems are "crackers," not "hackers."  He, like many
phreak/hackers, gets upset when the media uses the term incorrectly, but his
reasoning is a little different from most.  Interestingly enough, despite an
entire chapter on software piracy, Xet does not realize that "cracker" already
refers to a specific type of activity and suggesting it as an alternative to
"hacker" only serves to further muddy the waters.  To some this may be a minor
point, but the indiscriminate and apparently uninformed use of terms and labels
is ill advised in a book that aspires to be a useful reference manual.

By way of illustration, I've excerpted his definitions (actually, they should
properly be called "descriptions") of various terms from the glossary:


     Hacker:  A non-business computer user who operates a computer in
              conjunction with a modem and who at least knows his (or her) way
              around a local bulletin board and has at least heard of
              CompuServe and The Source.  Can usually be found eating pizza or
              donuts, and has a working knowledge of the effects of long term
              exposure to great amounts of caffeine either from drinking
              several softdrinks (sic) or numerous cups of coffee.

     Cracker:  A hacker who has an adventurous streak which leads him into
               unknown computer menus and strange protocols of all benign.  He
               has the ability to crack access codes or passwords in order to
               illegally enter a computer over the telephone.  Usually a very
               good problem solver, quick to think, cautious to act.  Often
               thought of as clever or even sneaky.  Excellent chess players.

     Chrasher:  A cracker gone bad.  One who gets his jollies from terminating
                corporate systems and picking on helpless bulletin boards by
                destroying information or files or by rendering a system unable
                to communicate (usually referred to as "crashing" the system)
                until reset by a sysop.  Very clever, extremely dangerous.
                Smart, but hopelessly misdirected.  They deserve respect for
                their ability to destroy.

     Pirate:  Software pirate.  A hacker who concentrates his efforts toward
              cracking software copyright protection schemes which are placed
              on computer disks to prevent the illegal copying of factory
              produced programs.  Some pirates have a habit of collecting
              software that they have managed to crack either to trade with
              other pirates for software they don't have yet or just to collect
              it for the sake of building their egos.  Some of my best friends
              are pirates.  Usually, very easy going people, and sometimes
              politically minded as well.  And even more clever than crackers
              or crashers.

The problem with these definitions is that they are not mutually exclusive and
do little but reinforce the stereotypes that hackers, phreakers, and pirates
already face.  Any phreak/hacker that reads this book will give these
definitions little attention, if they read them at all, but if this manual is
used by the media as an "example of hacker literature" it will only further
perpetuate some of these assumptions.

A large amount of the book is dedicated to what Xet calls The Gray Pages.
Labeled as a "national hackers' phone book" it is primarily a list of dialups
for Telenet, Tymnet, Compuserve, and The Source.  This list is hardly "secret"
and the format hints that it may just be a capture of the "info" pages from
each of these networks.  These numbers may be helpful to the beginner, but it
would have been better if he included instructions on how to dial the toll free
access number (or call customer service and just ask them) and check for your
local number by yourself.  Not only would this have cut down on the number of
pages needed, but it would have at least given the beginner an excuse to
actually do something themselves.  (Not to mention that is the best way to get
the most accurate information.)

The rest of "The Gray Pages" is taken up by a list of 400 public BBS systems.
Although the list is titled "hacker bulletin boards" many of the systems listed
are quite legitimate and do not support phreak/hack or pirate activities.  Woe
to the beginner who calls CLAUG and starts asking for plans to a blue box.  Of
course the biggest draw back to this list is that it was probably fifty percent
out of date four months after it was printed.

Speaking of blue box plans, Xet does offer a short list of box colors and what
they do.  No plans for boxes are included, nor is there a discussion of DTMF
tones or other common phreak knowledge.  He does include simple schematics and
operating instructions for a tap indicator, wire recorder, and a data converter
(for use with the wire recorder).  The introduction to this section, called
"gray market equipment" says that future editions of the book will include box
schematics.

Finally, there is a short section called "helpful stuff" written by "The ICH."
This section is pretty informative but offers little clarifying information.
Basically it includes an ASCII table, DTMF frequencies, satellite and cellular
frequencies, and a short discussion of packet switching networks.

In summary, "Hacking:  What's Legal And What's Not" offers some very basic
information to the beginning hacker, a quite good (although potentially
outdated) review of relevant state and federal computer crime laws, and a few
tid-bits here and there that are worth knowing.  But it also wastes a lot of
space to bulletin boards and dialup numbers that are of little use to anyone.
Experienced phreak/hackers and pirates will find a few articles that are not
available elsewhere (like the section on "How Hackers Think" where Xet says
that since a San Diego BBS poll indicated that 79% of "hackers" had the
astrological sign of Leo all one has to do to understand hackers is read a
profile of Leo's!) but the vast majority of the information is old news in a
new format.

For someone who wants to get a broad overview of the computer underground I can
recommend this book.  But if someone is looking for information of any real
use, I suggest you contact your local phreak/hack BBS and use the G-philes they
have available.  You won't be missing anything this book has to offer.  E.
Arthur Brown's price of $12.95 offers a reasonable value, and if your looking
to develop a "hacker library" you might consider ordering a copy.
_______________________________________________________________________________


AOH Site layout & design copyright © 2006 AOH