[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] 'Hackers' skirt security in late-night MIT treks
From:       William Knowles <wk () C4I ! ORG>
Date:       2000-03-31 7:20:07
[Download RAW message or body]

http://www.boston.com/dailyglobe2/090/metro/_Hackers_skirt_security_in_late_night_MIT_treks+.shtml

By David Abel, Globe Correspondent, 3/30/2000

CAMBRIDGE - Like shadows they scurry through the night, dressed in
black, armed with head-mounted flashlights, walkie-talkies, ropes,
pocketknives, lock -picking tools - and their student ID cards.

They call themselves ''hackers.'' But these Massachusetts Institute of
Technology students shouldn't be confused with those who sabotage
computers. They have a more lofty goal: to bypass locked doors, slide
through off-limits shafts and tunnels, and explore the bowels of
campus buildings.

Most Saturday nights, groups of less than a dozen students seek
adventure by searching for anything from the fabled bricked-in shower
to the Tomb of the Unknown Ladder.

''It's a lot like rock climbing or caving,'' said Jeremy Brown, 27, a
computer science graduate student and veteran hacker. ''For us, it's
about interrogating the environment, and learning from it.''

But there's another, less appealing side of hacking: the danger. Last
November a student was seriously injured after falling through a roof.

Many of the hundreds of hackers are reluctant to talk about their
underground pastime. They fear news reports will only push college
officials to clamp down. ''You see, the more detail we give,'' Brown
said, ''the more we're shooting ourselves in the foot.''

Still, hacking is anything but a secret at MIT. If they haven't done
it themselves, almost any student on campus could name a friend who
has. In fact, during freshman orientation week every year,
upperclassmen take large groups to tour the innards of MIT's
infrastructure.

But college officials insist that they don't turn a blind eye to what
is known as ''roof and tunnel hacking,'' a variation or sometime
precursor to another form of hacking: practical jokes. MIT students
are famous for inventive pranks that require engineering finesse and
are often done to coincide with April Fools' Day, such as placing a
replica of a campus police cruiser atop the school's Great Dome.

''We definitely don't encourage it,'' said Lawrence S. Bacow,
chancellor of MIT. ''We lock the roofs, we alarm doors, and we have
fined students when they're where they shouldn't be. It's certainly
not like we say, `Here's a roof; come climb on it.' Far from it.''

With students routinely ignoring ''no entrance'' signs, groping their
way through unlit pipe rooms, boiler tunnels, and high-voltage areas
meant only for specially trained maintenance crews, safety has long
concerned administrators.

But the culture of hacking recently has come under increased scrutiny.
About 3 a.m. on a Sunday morning in November, an 18-year-old woman
plunged 96 feet down a chimney. The freshman from Pennsylvania, whose
name MIT won't release, is recovering from major spinal cord injuries
after falling off the roof of the Sloan School of Management building.

While administrators say the student's injury is the worst hacking
accident in memory, they know the college was very close to having a
fatality - and they say they're doing everything in their power to
stop it.

''One injury is one injury too many,'' Bacow said. ''We took this very
seriously. She could have died - easily. She was lucky.''

Even with fines of up to $500 for trespassing, improved locks and
alarm systems, and constant admonishing by administrators, MIT hackers
are not daunted. If anything, they say, they see the obstacles as a
challenge to be overcome.

''A lot of hacking is about creativity, finding a way around a locked
door or something,'' said a 22-year-old senior majoring in biology,
who used to hack and asked that she not be identified. ''Hackers are
generally students who question authority and don't pay attention to
rules.''

Yet hackers insist they consider safety paramount. Before taking out
novices, usually recently recruited freshmen, they pass out laminated
yellow cards titled, ''Hacking Ethics.'' The cards are also used as a
way to open doors.

The pithy precepts include: ''Don't drink and hack;'' ''Don't hack
alone;'' ''Leave no permanent damage;'' ''Be subtle - leave no
evidence that you were there;'' and contrarily, ''Don't steal
anything, but if you must borrow something, remember to return it -
perhaps leave a note saying when it will be returned.''

But risks rise when hackers obey their 11th Commandment: Don't Get
Caught. According to ''A Brief Guide to Hacking,'' part of a pamphlet
published by MIT's Technology Communication Association and circulated
to incoming freshmen, hackers ''shalt honor [the commandment] and keep
it wholly.''

After detailing specific evasion tactics - such as, ''always have two
ways to run,'' or when fleeing, ''change floors often'' - the guide
offers up these alibis if caught: ''Is this the way to Baker House?''
or ''Where's the nearest bathroom?''

Rarely, however, do students get caught in such a bind. According to
MIT campus police, fewer than a dozen students a year are cited for
hacking. Yet on any given night, as many hackers may be trolling
through the Earth, Atmospheric, and Planetary Sciences building or the
domes towering above the Infinite Corridor.

''It's a difficult thing to prevent,'' said Anne Glavin, chief of
MIT's police force. ''First, this subculture is made up of secret
associations, and they're not exactly inviting us in as guest
speakers. The other thing is these are some of the brightest students.
Staying ahead of them is a challenge. I mean, they are the ones who
are going to be building the security systems in the future.''

The phenomenon of students scoping steam tunnels or climbing through
air ducts for fun reveals the peculiar environment of grouping some of
the nation's smartest science-oriented students, administrators and
alumni say.

At the elite institution, where many of the students grow up taking
pleasure more from solving a quadratic equation than in things like
watching Sunday football, students often are eager to craft their own
brand of entertainment.

Throw in a dollop of curiosity and a bent toward ingenuity and you
come up with students interested in hacking, according to Jeff Bigler,
the former president of MIT Spelunkers club and now an alumnus who
helps chronicle hackers' practical jokes.

''Really, what it comes down to is it's a way to hang out, and beats
drinking beer and bad music,'' Bigler said. ''It's just exploring,
hanging out together and having fun. It's like an outing club.''


*-------------------------------------------------*
"Communications without intelligence is noise;
Intelligence without communications is irrelevant."
Gen. Alfred. M. Gray, USMC
---------------------------------------------------
C4I Secure Solutions             http://www.c4i.org
*-------------------------------------------------*

ISN is sponsored by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".

[prev in list] [next in list] [prev in thread] [next in thread]