Women Hackers__________________________ Cornelia Sollfrank _____
Introduction First Woman Hacker
|Do women hackers exist? If the answer is no, then it certainly would be worth examining that fact at our conference, and if the answer is yes, then what are they working on and what are the crossover issues with cyberfeminism? These were the kinds of questions from which I started with for the discussion on Women Hackers".
I began by taking a closer look at the meaning of the term hacking". Who can be called a hacker? If you follow the jargon of Eric S. Raymond, you will find explanations like: A hacker is a person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary" or, a hacker is one who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorising about programming". These definitions refer directly to computers and computer networks. But there are also other explanations given, like a hacker is an expert or enthusiast of any kind. One might be an astronomy hacker, for example", or, one who enjoys the intellectual challenge of creatively over-coming or circumventing limitations."
In any case it becomes clear that hacking is not just about compe-tence and certain skills, but also about the attitude you have towards what you are doing. It is about curiosity, learning and free inquiry. But this attitude does not only have just a positive connotation. It is also equated with poking your nose where it doesnt belong, and asking awkward questions at the wrong time and place.
Going back to the initial question, I would say, based on the definitions above, that there are in fact many women hackers around, but for the cyberfeminist conference I was especially interested to find women who are/were hacking computer systems and technical networks or are working with technology with a hacker's attitude. My research on hackers-lists, in newsgroups, in private e-mail exchange and on the web brought forth some amazing results, but only a few women hackers.
One of these was the fascinating story of the enigmatic Susan Thunders, a member of the Roscoe gang in L.A. in the early 80s. I highly recommend you to read her story in the book Cyberpunk" by Katie Hafner and John Markoff. Apart from stories like that, I found almost no trace of the woman hacker. Obviously the kind of hacker myth which was born in the 80s was a typical male" thing. I was quite stunned by this result of my research, as I hadnt imagined that such a 99.5% male domain still existed. It certainly is a phenomenon worth exploring by a cyberfeminist artist ...
To get deeper into the question I asked some experts" their opinion. For example, Bruce Sterling wrote: It's true that there are no women hackers, but it no longer amazes me. Hacking is a teenage-male voyeur-thrill power-trip activity. You don't find female computer intruders, any more than you find female voyeurs who are obsessed with catching glimpses of men's underwear... It's not that women are physically or mentally unable to do it. It's just that there is no motive.... . I don't know of any such women, personally. And I've never even *heard* of a woman who did it on her own, without some boyfriend at her shoulder eagerly telling her how exciting it was."
Another, but similar explanation comes from well-known American hacker prosecutor Gail Thackeray, Special Counsel for Technology Crimes at the Arizona Attorney General's Office, and currently building a new computer crime unit. She said "No, there are no serious technical women hackers. It's still largely a white male thing, at least here in the U.S. [She only knew of one black hacker in AZ (retired), and one in New York] ...There were a lot of women phone phreaks, though for the most part they were merely "finger hackers" and more interested in the social aspects than the technical..."
Of course these are just individual voices, and Ive only been doing this research for two months so far, which means that there is a slight chance I will find other female hackers. Nevertheless, the reality/image of the hacker as male and white cannot easily be dismissed (but it can be hacked!).
I had found a few women who are called hackers" by other hackers (you are a hacker when other hackers call you hacker). Although these women would technically be able to crack computer systems, their main focus is on current topics like privacy and free software -- the issues most hackers of the 90s seem to be interested in.
So, why did I bring these women to the cyberfeminist conference? What do these issues have to do with cyberfeminist strategies? Generally speaking and generalising, I would say that within cyberfeminism there is a huge predominance of women who are cultural workers, and only very few who get their hands dirty with technology. Talking about new technolo-gies and cyberspace is widely spread, whereas deep knowledge about hard- and software issues -- and the political dimensions behind these -- is not a big part of current cyber-feminist dis-course. I am not proclaiming that all cyberfeminists have to become programmers, but cooperative work on cyber-feminism between technicians/programmers and cultural workers needs to be intensified, and more practice-inspired issues should be included in our discussions.
Furthermore, knowledge of issues such as privacy and free soft-ware should become part of every computer users daily life, not just of women who have a critical attitude towards technology and its inherent power structures.
Towards the close of my talk I described a potential near future, when the world will be populated by women hackers, and no-one will know how to handle them. To be prepared for that situation please study the Guide to Geek Girls" .
How to become a Hacker
|Rena Tangens, media artist from Bielefeld, Germany, reported on her diverse activities and gave an introduction to "hacking as a way of life".
Rena is not just an artist, she is also a gallery manager and a consultant. Back in the early 80s she founded the gallery "Art d'Ameublement" with her friend padeluun. This name refers to the composer Erik Satie, and his idea behind the musique d'ameublement. This music was not meant to be passively consumed, but to create a pleasant atmosphere in which people could meet, communicate or work. This idea became the basis of her work.
From 1984 on, the computer became an important part of the galleries' life. Rena hosted the Chaos Computer Club, founded a mailbox system (BIONIC), and initiated a club to foster public data traffic. Rena was sure that the new technologies would bring a profound change to society and wanted to contribute her ideas. The new spaces would require social and political competence, and would also be spaces for new art.
Since 1987, Rena has organized PUBLIC DOMAIN, a monthly series of presentations and lectures on current cultural and political issues. The issue of privacy was always an important aspect of her work, and in 1995 BIONIC published the German translation of the manual for PGP (Pretty Good Privacy), an encryption program. "As more and more people go online they do not just become easily accessible, but easy to control also. That's why cryptography is a must." Rena explained the principle of the electronic envelope, of the private and the public key.
A special focus of her work has always been "women and the net". She organized a women-only area at the annual hacker's meeting CCC, and published a book on "women and nets" (together with Gabriele Hooffacker, "Frauen und Netze", Rowohlt Verlag) for which she wrote the text "Androcentrism on the Net". In this text Rena picks up different aspects of feminist science-critique and applies it to new technologies and the net. The text ends with the insight, that it is not enough for women to show up on the net, to surf or use it for e-mail, not even to con-tribute and publish their own content, but that it is imperative to take part in the development of the technology itself, because technology, so far, has an inherent androcentrism.
When Rena is talking about hacking, she points out, that for her it is not a matter of technology, but a way of life. To enjoy intellectual challenges, to understand (whatever) a system and find it's limits, to be persistent, but also to help and support each other characterizes a hacker. Without that attitude you can be-come a computer specialist, but never become a hacker. Hackers are convinced that the world is full of fascinating problems, which are waiting to be solved.
Meanwhile Rena makes her living by giving workshops and lectures, and she is a consultant for governmental and non-governmental organisations. But her utopia of small streets instead of (information super-) highways, and of real places, where people meet to chat, to work, to read the newspapers, discuss current politics and take part in designing society together, keep her going as a hacker.
Linux and the Free Software Philosophy
|Barbara Thoens gave an overview over the history, development and the terminology of the "Free Software" movement.
In 1984 computer programmer Richard Stallman, who had been at the MIT since the early 70s, along with others in the so-called MIT-hackers-group, decided to quit the MIT.
The MIT community had used free software exclusively for a long time, and although the term Free Software had not really come into being, the attitude to share software was predominant. Around 1982 commercial software was introduced at the MIT, as in the 80s almost all software became proprietary. Stallman felt the necessity to develop a free operating system--one without any institutional connection which could prevent it from being distributed as Free Software.
Stallman refers to proprietary software as anti-social, unethical and simply wrong. He believes that cooperation is more impor-tant than copyright. In his opinion copyright is not a natural right, but an artificially imposed monopoly that limits the users right to copy. Digital information technology makes it easier to copy and modify information, but the system of copyright restricts free exchange. As Stallman says, Society also needs freedom. When a program has an owner, the users lose the freedom to control part of their lives."
He had the basic wish that--with a free operating system--there could be again a community of cooperating hackers. So, in 1984, along with others, he started the GNU-project--a free unix-compatible software system. (another free unix-like operating system is the BSD, developed at UC Berkeley).
In 1985, the people who had been involved in the GNU-project created the Free Software Foundation, dedicated to eliminating restrictions on copying, redistribution, understanding and modi-fication of computer programs. The Foundation rejects such familiar business practices, however it is not anti-commercial.
By 1991 all major components of the GNU operating system had been written or found, except one, a free kernel. In 1993/94 the cap was closed by Linus Thorvalds, a student from Helsinki, who had developed the kernel (Linux). The operating system GNU/Linux was completed.
Although the use of the GNU/Linux system is wide-spread, and accelerating (estimated 10 million users), there are many challenges for free software developers and distributors. Some of these are: secret hardware (missing specifications make it impossible to write software), software patents, non-free libraries and lack of free documentation. Stallman also em-phasised that the interest in free software is growing faster than the awareness of the philosophy it is based on, which certainly would lead to trouble.
In the last section of her lecture Barbara gave us an introduction to the terminology. Definitions of free software, GNU software, open source software, copyleft software, non-copyleft software, freeware, shareware, public domain software, semi-free soft-ware, proprietary software and commercial software were given. She also pointed out that the wide-spread use of the term Linux for the operating system is not correct, as Linux is just the kernel of the Linux-based GNU system" or GNU/ Linux".
Privacy and Anonymity on the Net
|Stephanie gave an overview of threats to net privacy, current methods for protecting privacy and how to stay anonymous while accessing the net or publishing on it.
Most people browse the web, send email or take part in online chats or irc without realizing how easily their data can be accessed by a third party. In order to understand the need for privacy on the net, its best to first take a look at how privacy is compromised.
As data travels across the net, many people theoretically could gain access to it. This might happen by tapping the actual lines, (e.g. telecommunication companies, government agencies, in case of cable internet maybe your neighbours), or by (illegally) accessing hosts/routers (e.g. your isps sysadmin, the sysadmins at the isp where the webserver is hosted, the admin of the webserver itself). If you access a webserver, the system operator can easily find out which computer you're coming from and what you're trying to access by reading the logfiles of his or her system. Visiting websites includes special dangers to your privacy, because your browser usually transmits a lot of information to the website, e.g. the URL of the website you come from, the operating system you are running, the name and version of your browser, and sometimes even your name and e-mail address. And some websites even will transfer information to your computer, by so-called cookies, which contain a variable, a value and the name of the website it goes with.
|Although most sysadmins wont touch e-mails, it iswise to protect your material and take some precautions. Tapping a line doesnt make sense, if data traffic is encrypted. The most common methods include SSL (mainly used to protect webtraffic) and PGP (for e-mail). And the browsers configuration should not give out real name or email address, as well as generating a warning before receiving a cookie.
To send anonymous email it is possible to use different kinds of remailers, which offer different grades of anonymity: Old style remailers simply match your own email address to a pseudonym, and the other way round when you get a reply. Problem: The same server stores all information. If it gets compromised or forced to give out this information, anonymity is gone. Cypherpunks and Mixmaster Remailers work with a chained remailer system. Email is passed along serveral servers and is encrypted several times to ensure that noone knows how to match the real email address to the pseudonym.
Perhaps the most commonly used way to ftp or browse the web anonymously it the use of an anonymizing proxy. This works in a similar way as the simple remailer service who just matches your email to a pseudonym. The anonymizing proxyS IP and portnumber have to be used as a proxy in the browser. If it gets compromised or the admins are forced to give out information to authorities, anonymity is void.
Crowds is a more complex system developed by AT&T, which again works like multiple anon proxies chained together. Drawbacks: things will get very slow, and it does not completely prevent traffic analysis (original server can be located by following traffic through the Crowds net). Yet Onion Routing is a more complex approach to gain anonymity. It also works with a chain of proxies, but also employs 'mixing' as described in the remailer section and encrypts the data (both directions) in a similar way.
PipeNet works in a similar way except that there is constant traffic between the servers. This is to prevent traffic analysis. It has never actually been implemented. And Freedom is a commercial product developed by ZKS in Montreal. It works similar to Onion-Routing, but also includes elements of PipeNet, since it puts additional cover traffic on the line.
Perhaps its not enough to just access content anonymously. In some cases it might be interesting to publish information anonymously. Of course the possibility for abuse is rather high in this case, but, for example should a polical group, risking prosecution, be able to publish their information safely and anonymously? In the future, certain content such as drug information, uncensored news, etc might become illegal. In this case there has to be a possibility to retain free information by protecting the authors.
Janus is a very simple system to provide anonymity for webauthors. It works similary to an anonymous webproxy, just the other way around. Janus provides an encrypted url which can be published. If this url is typed in a browser, Janus translates the request and retrieves the real webpage. Drawback: All security lies in the Janus server.If it get compromised or the admins get forced by an authority to surrender their data, the webpage is no longer anonymous. Another danger is that search engines index almost everything, some of them don't even pay attention to a robots.txt, telling them not to index. If there's any other link to this site it will probably get indexed, so that once the page has been retrieved via Janus the orignal url could be found with the help of a search engine.
The Rewebber Network is another chained form of proxies, similar to the remailer network. The advantage of this is that there is no single point of failure anymore. In order to access a webpage via the Rewebber Network long urls need to be specified, since there are multiple layers of encryption. And TAZ (Temporary Anonymous Zone) acts as some form of information server which provides the long encrypted url via a shorted identifier.
For more detailed information about the ideas mentioned follow the links given in the complete documentation which is linked from the obn-website. (http://www.r4k.net/cyfem/)
Corrine Petrus & Marieke van Santen
Hacking from a technical point of view
|Finally the last session of the hackers block, brought us closer to the technical secrets of hacking. Corrine Petrus and Marieke van Santen, both programmers, described different categories of hacking and gave a little demonstration of the technical know-how and basic skills (in very short) one should have as a hacker. But they also reflected on the fact, that it actually had never been a big challenge for them to hack...
The technical basis of hacking is a knowledge in network technology and the operating systems of web-servers and hosts, which are mostly UNIX/Linux or also Windows NT. The protocol that glues all different computers and networks together is called TCP/IP (Transmission Control Protocol/Internet Protocol). Data is transmitted between two hosts; since hosts often transmit and receive different kinds of data at the same time, using different protocols (HTTP for the web, SMTP or POP for mail, etc.), data "streams" are assigned to different "ports"; a port in this case is a virtual port, software based, and not an actual hardware port like a serial or SCSI cable. Ports are numbered; certain numbers are usually reserved for certain protocols (e.g., SMTP = 25, telnet = 23, NNTP (news) = 119). To see which ports are open on any given host, one can use a "port scanner"--a program that sends various kinds of data to common (or even uncommon) ports.
|Each host has a unique address, the IP-number, which contains the number assigned to the network as well as the number assigned to a particular host. To find out an IP-address, one can query at a nameserver (there are different ways to do this); to follow the path that two communicationg computers are taking (often there are many different ways to get from point A to point B), one can do a traceroute, which asks each host on the way to respond. The ping command allows you to find out if a server is running (if response is enabled on the target host), and the finger command (which is also often disabled) can sometimes give information about the users of a system and who is currently working on it.
To hack a server means to get unauthorized acces to it. Before one makes an effort to do so, its wise to cover ones tracks; there are many ways to do this, but a common one is to use an indirect route to access the computer--sometimes a very indirect route. One common way to obtain access is by cracking someone's login--that is, guessing or 'brute forcing' (trying hundreds, thousand, or millions) login and password combinations. Obviously, this takes a lot of patience, luck and/or programmming skills (or cracker tools, which are mostly problematic)--or dynamite the vault. To get access just to one area of a system is not very interesting; that's
why a hacker's main concern is often to obtain passwords with the sole intention of becoming a 'superuser' or 'root,' someone with total control over the server ('root access').
But there is also a completely different way of hacking, which is software hacking. These hackers are mainly specialists in a specific programming language.Software hacking means to make changes to software after it has been compiled, after it is finished and ready for use or long in use already. Reasons to do that might be to hack password protected software, to remove the copy protection, to make different programs intercompatible or to use parts of the hacked program to extend the possibilities of ones own program, or just for fun and to find out all secrets of a program before it.
Other terms like cracking, phreaking, spoofing, sniffing, and nuking had been explained as well as how viruses work.
At the end of the session the question was raised if one could be safe on the net. But facts already Stephanie Wehner has pointed out in her presentation show that a clear no has to be the answer. And a private user can get hacked when he/she is using IRC or ICQ, or a virus can be implemented on your system when you download a file from the net.
The idea of the presentation of Corrine and Marieke was to demystify hacking. And I would agree that hacking is not so difficult as one might think, IF you are familiar with the skills mentioned in the beginning. But until you get there, you certainly have to spend a lot of your life in front of your computer.