NOTES FROM UNDERGROUND
AN INTERVIEW WITH SE7EN BY RICHARD THIEME
At DefCon IV, the annual hackers' convention in Las Vegas this
July, they called him "se7en." He's twenty-eight years old, an
old man of the hacker scene, and he has just "come out" into the
public eye after seventeen years underground. It's the second day
of DefCon and Se7en has already given more than a dozen
interviews to television crews. The attention is wearing him
down.
"Don't call me se7en," he said as we entered Spago's, an
upscale restaurant in Caesar's Palace for dinner. "I don't want
to be hassled."
"What should we call you?" I said. "Nine?"
Before he could answer, a young waiter approached our table.
"Good evening. Are you all here for a convention?
Yes, we said, opening our menus.
The waiter leaned closer and said in a conspiratorial
whisper, "I understand the elevators at the Tropicana [site of
DefCon III] still don't stop at the right floor. The blueprints
for the Monte Carlo [this year's hotel] disappeared two weeks
ago. The management is in a panic."
So much for anonymity.
Waiters, taxi drivers, desk clerks -- everybody in Vegas
knew DefCon was back in town.
Why did se7en come out? Why did he leave the hacker
underground and tunnel up at the age of twenty-eight into the
bright lights of camera crews, the blank pitiless glare of the
desert sun?
"I'd been playing around with the idea of retiring for a long
time. I wanted to come out before I retired. There are a lot of
things I want to say, a lot of people I want to know -- I didn't
have a game plan, exactly, but I wanted to be above ground for
six months before I dropped out. At DefCon I wanted to meet a lot
of people whose email addresses I had seen for years."
? Does it weigh on you, being underground?
"It does, yes. It's very isolating. You don't quite know what
else is going on out there, you feel like you're in your own
little world, and as your world starts to fall apart, as mine did
-- people going above ground, people retiring -- my world was
getting a lot smaller. We needed new talent, more than the little
group we had left, and I was getting older. I wanted to mentor
some of the younger hackers. Help them the way others helped me."
[In the world of hacking, a generation lasts about a decade. Many
hackers go on to work as computer professionals in security,
intelligence, or business. Participating whole-heartedly in the
community of hackers, with its rigorous code of ethics, networks
of mentors, and accumulated expertise, is often the only way to
learn what no school knows how to teach.]
"There's a lot to be learned from people, not just in the hacking
underground, but life in general. In respect to the technology
and the knowledge I had, it was limiting to relate to so few
people. There were new things to learn, new perspectives - so
much to get being out there and I was missing that. It was
isolating."
? How old were you when you got into computers?
"I was eleven when I got my first computer, a TRS-80. Seventeen
years ago. First thing I did was play games. Remember, this was
new to the entire world, and all you could do was play games at
that point. I had no interest in programming then. The computer
was a fancy expensive toy. It wasn't something to use to balance
your checkbook or use as a communications device."
? When did you become aware of communications as a possibility?
"About 1982, using an Apple IIe. I heard of modems, that you
could use them to call up other computers and talk to them. That
was exciting.
I was into game cracking before bulletin boards. We were messing
around with Apples with machine language, just screwing around
with very little knowledge of what we were doing. We cracked our
first game by accident. We started playing with different call
registers, and next thing we knew, we had something. Copy
protection was very simple then so it was not very impressive as
a technical feat but when you're eleven years old and you cracked
your first game and it was an accident on top of that ..."
? It was a power rush, wasn't it?
"That's what it was. A power rush.
There was a big apple computer store that opened then in my home
town. It was mom-and-pop store, not a franchise or a chain. They
hosted Apple clubs. One group talked about new hardware, another
about software, arguing about language and coding, then there was
a little circle of warez kiddies copying games they had cracked.
We were a precursor to hacking groups, phreaking groups, 2600,
No one thought of it as crime then. It was a new technology that
was like a great big toy. The difference between cracking games,
cracking programs and cracking systems was very little. They were
all part of a big complex puzzle we wanted to solve. It was just
a question of how big a chunk of the puzzle did you want to
tackle? We wanted to break games, that's what was interesting to
us then, Engineers wanted to break the whole system. They wanted
to know everything about it. These were people that by every
definition of the word were hackers. They never called themselves
that, but they were going to get into that system, no matter
what.
The words that are feared today -- crackers, phreakers -- were
never brought up in the press back then. The TRS-80. the apple
IIe was still brand new to the world. Very few people had them,.
It was not like Nintendo today where everybody gets one. They
were expensive game machines. They were new and people didn't
know quite what to make of them. The only people who really knew
them were people who used them at work."
? When did you become conscious of yourself as a hacker or
phreaker?
"Not for many years. I had my own group of friends through
bulletin boards or school, we were just doing our own thing. We
never thought of ourselves as hackers or crackers or a conspiracy
or the underground or trying to be elite. We thought of ourselves
as friends. We kept to ourselves and didn't cause trouble. We
never consciously thought of ourselves as hackers or crackers but
in retrospect we fit the definition. We were our own little mini-
software piracy ring. No one ever questioned photocopying
something - obviously not defense secrets or corporate secrets,
of course. But what we meant by "information wants to be free"
is, we would email it to ourselves or send a friend a disk. In
seventeen years of hacking I never made a cent until I made a
speech this week."
? What kinds of speaking are you doing?
"I define the various types and sub-types that the media labels
hacker, cracker or phreaker. I describe the types of people in
each group, their motivations, how they differ from one another,
their ideologies."
? Do you discuss technique?
"No, these [his recent talk was for engineers in a space program]
are UNIX-heads. They know UNIX is inherently weak. One joke I
heard when I came in was, "UNIX and security are an oxymoron."
That made me feel good, because I knew I was talking to people
who knew that you can't fix security in UNIX. The public is
screaming, "Oh my god, hackers are getting in, they need to fix
security," but they're clueless! UNIX is insecure, period. End of
story.
The engineers' concerns about security were twofold: (1) Their
approach to security has been to be as obscure as possible. They
wanted to be invisible. They had very few problems because their
systems aren't even on the books. At this point, they don't
exist. Now their program is about to get a lot of press and they
will no longer enjoy obscurity, so they want to tighten their
system up as much as possible. They know that some people will
still get in, but if people are going to get in, it will only be
people who are talented enough to do it. Not someone who
accidentally got in or used a simple hole to get in. (2) When
they do catch a person inside the system, how do they know what
their intention is? The biggest fear of hackers and crackers
everywhere is, what is their intention? You find one, you don't
know what the hell they're doing and that scares the hell out of
you.
They felt a lot more comfortable after I told them the basic
types of hackers. Now, they see someone in their system, they're
more likely after a few minutes of tracking them to know who they
are, what they're after, whether to worry about them or not.
You can usually tell what a hacker's after from what they do when
they get in. They start to look for directories like "nuke" and
"secret" that might be a problem. But then again it might not.
These guys knew the concept of "trophy-grabbing." There might be
a kid who downloads the plans for a Stealth fighter to his
computer and puts them on a diskette and throws it up on the
wall. 'Hey, I got a trophy!' He isn't going to sell it to a spy.
He wouldn't know who to sell it to if his life depended on it. To
him, it's just, 'Hey, I got a copy of a stealth fighter sitting
on my bookshelf!'"
se7en was a well-known phreaker who knew his way around the
telephone system. I asked how he got into phreaking.
"My introduction to phreaking was being taken around by someone a
few years older than me who said, hey, we're going to go dig in
the trash of the telephone company. I was like, well what the
hell for? He goes, 'Trust me. This will blow your mind.' Well, it
did, it blew my mind for the next ten years.
We went through the trash, and in my eyes, all we had was a bunch
of paper. I was not impressed. But he was sorting them and
saying, OK, these are good, these are bad, these are good. He was
trying to get me interested in something I saw no interest in. I
was young,. I was about fifteen years old. To me it was basically
worthless, looking at a hunch of food and trash, and it wasn't
until I went over to the guy's house the next night, and he says,
remember these five or six pieces of paper I grabbed? He fires it
up and boom! there we are, we're in the phone company. 'We're in
the phone company?' Yeah, he said. I can do anything I want in
here. He had found a dialup. He already knew quite a bit about
the phone system. But he warned me, Don't be one of those punks
or lusers that makes free phone calls. Learn how it works. Be one
of the people who learns how it works.
That was our goal: to understand how things work.
The things we did used to be considered normal teenage behavior,
remember, teenage pranks, Now it's a felony. Now you're part of a
conspiracy. It's more complex today.
Even if they don't send you to jail, they'll confiscate your
equipment. They like to scare the hell out of you. You become an
annoyance, they'll take your computers and you'll never get them
back, no matter what you do. That's pretty good for knocking a
lot of kids out. But it can have the opposite effect. Some people
like the Legion of Doom or the other hackers that have gotten
busted, the government did that to shut them up, but they all
came back and they came back angry. The last thing the government
needs is someone they don't understand coming back with an
agenda.
There were a lot of great discoveries through the years, but for
me, the greatest was how I grew in knowledge and power in my own
eyes. The giant telephone company and many of the all-knowing
corporations really had very little clue as to what they were
doing. The government, the all-powerful government -- starting
wars, controlling your life -- did not have a clue as to what a
computer is or what it can do.
The realization that all these people that as a kid you're told
to respect and fear, in a lot of ways you have it more together
and are a lot smarter than many of these people....
It's a power rush, that's what it is. You find out there's
absolutely nothing special about these people. Here you are, some
little fifteen or sixteen year old kid, you can do things that
the phone company can't even do, or the government can't even do.
The phone company doesn't even know what you're talking about
when you tell them something you've been doing for years. That's
the greatest discovery.
? Today the real power belongs to people who have knowledge, who
know how to do things. The others are hiding behind an illusion
of power? Behind smoke and mirrors?
Exactly.
(c) Richard Thieme 1997. All Rights reserved
Se7en: The Sequel
Richard Thieme
Se7en is out in the light and air now, up from seventeen
years underground. He's one of the new variety of human being --
homo sapiens hackii -- who has learned from working with
computers at every level, from code language to point-and-click,
to think in ways that fit how computers organize information.
Se7en is on the road now, delivering seminars to technicians
about hackers -- how they think, how they behave. He works with
organizations that are favorite targets of hackers because of
their work or status.
He speaks to groups of 30-50 people at a time, cross-
disciplinary groups consisting of engineers, security personnel,
administrators -- people who deal with the Internet on a daily
basis. Naturally, they're concerned about security.
On his first round of talks, he discussed basic security,
making his clients aware of what's out there. He helped them
distinguish hackers in search of trophies from thieves working
for governments and businesses.
On his second round of seminars, Se7en is focused on the
details of security, the technical end. The technicians are set
up in networks and shown how to scan their own services,
searching their networks for security holes.
"Basically we set up our own network of fifteen machines and
taught them how to break root, showing them how easy it was with
UNIX. It was important for them to get hands on experience, get
the feel of it. We showed them how to grab a password file and
run it through Crack. We introduced them to SYN flooding and
explained the concept behind it. We showed them some of the
scripts that are NOT available out there. We didn't launch an
attack, because that would have been lethal, but we got them to
the point from which they could launch it."
They set up encrypted Internet sessions and ran them through
the whole gamut of hacker behaviors. It was all hands-on,
technical training.
The engineers are learning a lot. They return to work more
capable of securing their systems and also better equipped to
talk to the managers who make decisions.
Se7en believes as a result of his experience on the road
that the hands-on technical people who work on the front lines of
the Internet and understand it are seldom promoted into
management positions where decisions are made. So managers often
lack experience on the front lines. Because they don't deal with
the issues on a day to day basis, they often don't understand the
problems brought to them. Ironically that makes them hesitant to
promote technical experts into management positions. They would
leave no one to fix things when they break.
Se7en is seeing similar problems at all of the places he
visits. Most come from outsiders scanning the system, port-
sniffing, testing for vulnerabilities. It's a big inconvenience.
The systems operated by multi-national corporations or government
organizations are immense, incorporating numerous protocols and
computers. They're too complicated for fledgling hackers to
penetrate as a rule. Even more experienced ones have trouble
getting in. That means that the ones who do break through are
seriously talented hackers. The ones to watch are the ones you
never hear about.
Se7en thinks hackers in the "visible underground" make an
essential contribution to computing. He laughed at some of the
conversation among technicians about firewalls, because he knows
that systems always have holes.
Hacking organizations such as the LOpht, TNo, and the Guild
(the current publishers of Phrack Magazine) release UNIX security
vulnerability scripts to the public all the time. Their research
into SecurID's (a one-time password hardware product) and most
recently, the SYN flooder script, have been devastating. Now
they're looking into Windows NT. They promise results.
These genuinely "elite" groups have friendly script wars
with one another. They compete to see who can release the most
scripts the fastest. The LOpht in particular has promised to put
out five new vulnerability scripts per week. They accumulate
scripts, waiting until they have about a dozen, then drop them in
one big bombshell.
Companies like Microsoft know, of course, that there are
numerous holes in their operating systems, but don't know what
they are. As applications are developed, working versions are
periodically compiled for testers. The testers try to find as
many bugs as they can, but the testing environment can never
reveal the problems that will be found in the real world. A
million people using Windows NT for a year will turn up bugs that
a controlled environment will never find.
Mainstream hackers keep the global network as clean and
secure as it can be kept. It's a yin yang kind of thing.
If hackers didn't know that and wanted to keep
vulnerabilities from the companies themselves, they wouldn't
release scripts publically through so many different loops.
When the Guild discovered the SYN flood exploit and wrote
the corresponding script for it, for example, they published it
in Phrack, on the Internet, and in other magazines. That's not
something a hacker would do if he's looking for a way to exploit
the vulnerability.
The Network, then, including the Internet, is the REAL
testing environment, and that's where groups like the LOpht are
performing a valuable service. Either the holes will be found by
groups looking for them and making them public or they'll be
found by more dangerous crackers working behind the scenes.
Hard core crackers, engaging in serious crime and espionage,
will not publish articles in 2600 or Phrack. That's why, Se7en
says, you never hear of the people who do hard crime. When
someone is forced to the surface, he says, it's always someone
the underground has never heard of before. After years in the
business, he knows the rosters as well as anyone.
Se7en described an intrusion of a particular server in
detail, then went on to discuss the organizational response. He
was not surprised when they responded the way Se7en and his
friends responded when someone tried to mailbomb their list.
The organization asked them politely to stop their annoying
activity, and when they didn't, they cut them off.
The best way to respond to nuisance intrusions is the
legitimate way. Try to reason with the intruders, then talk to
the systems administrators in charge of the computers they're
using. Most often, the sysadmins don't know what's going on, and
once they find out, they shut them down.
Se7en lived and worked in South Africa when he was younger
and thinks the "official" (i.e. non-governmental) hacking scene
is just coming alive.
South Africans have not generally had wide access to the
Internet or hacking publications, Now everyone has access to
hacker web sites, but Se7en thinks most of those are a waste of
time -- links to other sites, doctrinal positioning, and a lot of
old warez for "warez puppies" to download and use without
creativity or insight. Contrary to the image of hackers as anti-
social, Se7en is keenly aware of the social systems that keep the
flow of information free and open -- frequent hacking
conventions, mailing lists, magazines, and the vast informal
network of contacts.
Some of the resources on the Net are useful, but the good
ones are harder and harder to find. Se7en finds five or six
useful web sites or mailing lists in a year, and he has to wade
through a lot of garbage to get there.
But that's no different, he acknowledges, than the hours he
spent sifting through trash in rubbish bins.
Persistence! he says, sounding like an experienced
businessman. "Honestly, that's what it takes: Persistence. Doing
it weekend after weekend after weekend, every Sunday night, going
through the trash knowing that if you miss a week, that's the
week when all the dial-ins for the switches are thrown away.
Eventually you'll find some gold that you can use. The same thing
goes for web searches. You have to wade through tons of garbage,
but if you're persistent and just keep at it and at it and at it,
eventually you'll find little gold nuggets here and there."
He has been impressed with the increasing number of South
Africans interfacing with the mailing lists. They're connecting
with people who have been hacking ten or fifteen years, he
cautions. Naturally, with only one or two years experience, they
have a lot of questions. He understands where they are -- he
remembers being there himself -- but has some advice for those
who encounter flames when they ask too many questions or the
wrong ones.
Basic netiquette requires that you research thoroughly
everything you can before you ask questions. RTFM. Read the
fucking manual. Learn everything you can FIRST, and only when
you're stuck, ask a question. Do your best to answer it yourself
before putting it on a mailing list going to fifteen hundred
people. Don't expect others to do your homework. Tell the list
you tried to find the answer and couldn't. Don't just go out
there saying, where can I find this or that? That's a sure way to
get flamed.
In the end, it comes down to people, not technology.
Ultimately, Se7en says with a laugh, computer security is a
hopeless pursuit. The Internet is just too big, too complicated,
too specialized, for every system to be secure. Security is
inconvenient, and inconvenience makes people uncomfortable. It's
always a trade off between convenience and security. The moment
you allow legitimate users onto a site from outside the system,
you're doomed. All someone has to do is duplicate what that
legitimate user is allowed to do.
The weakest link in any chain is and always has been people.
"You can have the most secure system in the world, and if I
call up and pretend to be from the help desk and ask for your
log-in password, and you give it to me, then the best security in
the world won't help you. "If you don't know anything about
computers, and don't know that the System Administrator never
needs to know your password, how can you know if someone's
conning you?"
It comes down, Se7en says, to awareness and accountability -
- managers who understand the real issues and insist on
accountability throughout the system for knowledge about the
network and procedures that must be followed. Without that, all
it takes is a little "social engineering" and the most expensive
firewall won't mean a thing.
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
