Copy Link
Add to Bookmark
Report
SURFPUNK Technical Journal 018
Date: Thu, 17 Dec 92 17:23:08 PST
Reply-To: <cocot@osc.versant.com>
Message-ID: <surfpunk-0018@SURFPUNK.Technical.Journal>
Mime-Version: 1.0
Content-Type: text/plain
From: cocot@osc.versant.com (Captain COCOT)
To: surfpunk@osc.versant.com (SURFPUNK Technical Journal)
Subject: [surfpunk-0018] CuD: CuD's 1992 MEDIA HYPE award to FORBES MAGAZINE
Keywords: surfpunk, Forbes, hackers, media hype
I don't like copying large things from other mailing lists and
remailing them here. You likely already subscribe to CuD or read it on
netnews. I'd like rather to "index" them, "hyperlink" to them, or
"transclude" them, and have a way for people to chase the links if they
are interested. The old Xanalogical access idea. I think early next
year SURFPUNK will have this ability.
But for now, here's another cut and paste job.
Captain Cocot
________________________________________________________________________
________________________________________________________________________
Source: Computer underground Digest Wed Dec 16, 1992 Volume 4 : Issue 66
Date: 15 Dec 92 18:48:01 CST
From: Jim Thomas <cudigest@mindvox.phantom.com>
Subject: File 7--CuD's 1992 MEDIA HYPE award to FORBES MAGAZINE
In recent years, media depiction of "hackers" has been criticized for
inaccurate and slanted reporting that exaggerates the public dangers
of the dread "hacker menace." As a result, CuD annually recogizes the
year's most egregious example of media hype.
The 1992 annual CuD GERALDO RIVERA MEDIA HYPE award goes to WILLIAM G.
FLANAGAN AND BRIGID McMENAMIN for their article "The Playground
Bullies are Learning how to Type" in the 21 December issue of Forbes
(pp 184-189). The authors improved upon last year's winner, Geraldo
himself, in inflammatory rhetoric and distorted narrative that seems
more appropriate for a segment of "Inside Edition" during sweeps week
than for a mainstream conservative periodical.
The Forbes piece is the hands-down winner for two reasons.
First, one reporter of the story, Brigid McMenamin, was exceptionally
successful in creating for herself an image as clueless and obnoxious.
Second, the story itself was based on faulty logic, rumors, and some
impressive leaps of induction. Consider the following.
The Reporter: Brigid McMenamin
It's not only the story's gross errors, hyperbole, and irresponsible
distortion that deserve commendation/condemnation, but the way that
Forbes reporter Brigid McMenamin tried to sell herself to solicit
information.
One individual contacted by Brigid McM claimed she called him several
times "bugging" him for information, asking for names, and complaining
because "hackers" never called her back. He reports that she
explicitly stated that her interest was limited to the "illegal stuff"
and the "crime aspect" and was oblivious to facts or issues
that did not bear upon hackers-as-criminals.
Some persons present at the November 2600 meeting at Citicorp, which
she attended, suggested the possibility that she used another reporter
as a credibility prop, followed some of the participants to dinner
after the meeting, and was interested in talking only about illegal
activities. One observer indicated that those who were willing to talk
to her might not be the most credible informants. Perhaps this is one
reason for her curious language in describing the 2600 meeting.
Another person she contacted indicated that she called him wanting
names of people to talk to and indicated that because Forbes is a
business magazine, it only publishes the "truth." Yet, she seemed not
so much interested in "truth," but in finding "evidence" to fit a
story. He reports that he attempted to explain that hackers generally
are interested in Unix and she asked if she could make free phone
calls if she knew Unix. Although the reporter stated to me several
times that she had done her homework, my own conversation with her
contradicted her claims, and if the reports of others are accurate,
here claims of preparation seem disturbingly exaggerated.
I also had a rather unpleasant exchange with Ms. McM. She was rude,
abrasive, and was interested in obtaining the names of "hackers" who
worked for or as "criminals." Her "angle" was clearly the
hacker-as-demon. Her questions suggested that she did not understand
the culture about which she was writing. She would ask questions and
then argue about the answer, and was resistant to any "facts" or
responses that failed to focus on "the hacker criminal." She dropped
Emmanuel Goldstein's name in a way that I interpreted as indicating a
closer relationship than she had--an incidental sentence, but one not
without import--which I later discovered was either an inadvertently
misleading choice of words or a deliberate attempt to deceptively
establish credentials. She claimed she was an avowed civil
libertarian. I asked why, then, she didn't incorporate some of those
issues. She invoked publisher pressure. Forbes is a business magazine,
she said, and the story should be of interest to readers. She
indicated that civil liberties weren't related to "business." She
struck me as exceptionally ill-informed and not particularly good at
soliciting information. She also left a post on Mindvox inviting
"hackers" who had been contacted by "criminals" for services to
contact her.
>Post: 150 of 161
>Subject: Hacking for Profit?
>From: forbes (Forbes Reporter)
>Date: Tue, 17 Nov 92 13:17:34 EST
>
>Hacking for Profit? Has anyone ever offered to pay you (or
>a friend) to get into a certain system and alter, destroy or
>retrieve information? Can you earn money hacking credit
>card numbers, access codes or other information? Do you know
>where to sell it? Then I'd like to hear from you. I'm
>doing research for a magazine article. We don't need you
>name. But I do want to hear your story. Please contact me.
>Forbes@mindvox.phantom.com.
However, apparently she wasn't over-zealous about following up her
post or reading the Mindvox conferences. When I finally agreed to
send her some information about CuD, she insisted it be faxed rather
than sent to Mindvox because she was rarely on it. Logs indicate that
she made only six calls to the board, none of which occured after
November 24.
My own experience with the Forbes reporter was consistent with those
of others. She emphasized "truth" and "fact-checkers," but the story
seems short on both. She emphasized explicitly that her story would
*not* be sensationalistic. She implied that she wanted to focus on
criminals and that the story would have the effect of presenting the
distinction between "hackers" and real criminals. Another of her
contacts also appeared to have the same impression. After our
less-than-cordial discussion, she reported it to the contact, and he
attempted to intercede on her behalf in the belief that her intent was
to dispel many of the media inaccuracies about "hacking." If his
interpretation is correct, then she deceived him as well, because her
portrayal of him in the story was unfavorably misleading.
In CuD 4.45 (File #3), we ran Mike Godwin's article on "How to
Talk to the Press," which should be required reading.
His guidelines included:
1) TRY TO THINK LIKE THE REPORTER YOU'RE TALKING TO.
2) IF YOU'RE GOING TO MEET THE REPORTER IN PERSON, TRY TO
BRING SOMETHING ON PAPER.
3) GIVE THE REPORTER OTHER PEOPLE TO TALK TO, IF POSSIBLE.
4) DON'T ASSUME THAT THE REPORTER WILL COVER THE STORY THE WAY
YOU'D LIKE HER TO.
Other experienced observers contend that discussing "hacking" with the
press should be avoided unless one knows the reporter well or if the
reporter has established sufficient credentials as accurate and
non-sensationalist. Using these criteria, it will probably be a long
while before any competent cybernaught again speaks to Brigid
McMenamin.
The Story
Rather than present a coherent and factual story about the types of
computer crime, the authors instead make "hackers" the focal point and
use a narrative strategy that conflates all computer crime with
"hackers."
The story implies that Len Rose is part of the "hacker hood" crowd.
The lead reports Rose's prison experience and relates his feeling that
he was "made an example of" by federal prosecutors. But, asks the
narrative, if this is so, then why is the government cracking down?
Whatever else one might think of Len Rose, no one ever has implied
that he as a "playground bully" or "hacker hood." The story also
states that 2600 Magazine editor Emmanuel Goldstein "hands copies <of
2600> out free of charge to kids. Then they get arrested." (p. 188--a
quote attributed to Don Delaney), and distorts (or fabricates) facts
to fit the slant:
According to one knowledgeable source, another hacker brags
that he recently found a way to get into Citibank's
computers. For three months he says he quietly skimmed off a
penny or so from each account. Once he had $200,000, he quit.
Citibank says it has no evidence of this incident and we
cannot confirm the hacker's story. But, says computer crime
expert Donn Parker of consultants SRI International: "Such a
'salami attack' is definitely possible, especially for an
insider" (p. 186).
Has anybody calculated how many accounts one would have to "skim" a
few pennies from before obtaining $200,000? At a dime apiece, that's
over 2 million. If I'm figuring correctly, at one minute per account,
60 accounts per minute non-stop for 24 hours a day all year, it would
take nearly 4 straight years of on-line computer work for an
out-sider. According to the story, it took only 3 months. At 20
cents an account, that's over a million accounts.
Although no names or evidence are given, the story quotes Donn Parker
of SRI as saying that the story is a "definite possibility." Over the
years, there have been cases of skimming, but as I remember the
various incidents, all have been inside jobs and few, if any, involved
hackers. The story is suspiciously reminiscent of the infamous "bank
cracking" article published in Phrack as a spoof several years ago.
The basis for the claim that "hacker hoods" (former "playground
bullies") are now dangerous is based on a series of second and
third-hand rumors and myths. The authors then list from "generally
reliable press reports" a half-dozen or so non-hacker fraud cases
that, in context, would seem to the casual reader to be part of the
"hacker menace." I counted in the article at least 24 instances of
half-truths, inaccuracies, distortions, questionable/spurious links,
or misleading claims that are reminiscent of 80s media hype. For
example, the article attributes to Phiber Optik counts in the MOD
indictment that do not include him, misleads on the Len Rose
indictment and guilty plea, uses second and third hand information
as "fact" without checking the reliability, and presents facts out
of context (such as attributing the Morris Internet worm to
"hackers).
Featured as a key "hacker hood" is "Kimble," a German hacker said by
some to be sufficiently media-hungry and self-serving that he is
ostracized by other German hackers. His major crime reported in the
story is hacking into PBXes. While clearly wrong, his "crime" hardly
qualifies him for the "hacker hood/organized crime" danger that's the
focus of the story. Perhaps he is engaged in other activities
unreported by the authors, but it appears he is simply a
run-of-the-mill petty rip-off artist. In fact, the authors do not make
much of his crimes. Instead, they leap to the conclusion that
"hackers" do the same thing and sell the numbers "increasingly" to
criminals without a shred of evidence for the leap. To be sure the
reader understands the menace, the authors also invoke unsubstantiated
images of a hacker/Turkish Mafia connection and suggest that during
the Gulf war, one hacker was paid "millions" to invade a Pentagon
computer and retrieve information from a spy satellite (p. 186).
Criminals use computers for crime. Some criminals may purchase numbers
from others. But the story paints a broader picture, and equates all
computer crime with "hacking." The authors' logic seems to be that if
a crime is committed with a computer, it's a hacking crime, and
therefore computer crime and "hackers" are synonymous. The story
ignores the fact that most computer crime is an "inside job" and it
says nothing about the problem of security and how the greatest danger
to computer systems is careless users.
One short paragraph near the end mentions the concerns about civil
liberties, and the next paragraph mentions that EFF was formed to
address these concerns. However, nothing in the article articulates
the bases for these concerns. Instead, the piece promotes the "hacker
as demon" mystique quite creatively.
The use of terms such as "new hoods on the block," "playground
bullies," and "hacker hoods" suggests that the purpose of the story
was to find facts to fit a slant.
In one sense, the authors might be able to claim that some of their
"facts" were accurate. For example, the "playground bullies" phrase is
attributed to Chesire Catalyst. "Gee, *we* didn't say it!" But, they
don't identify whether it's the original CC or not. The phrase sounds
like a term used in recent internecine "hacker group" bickering, and
if this was the context, it hardly describes any new "hacker culture."
Even so, the use of the phrase would be akin to a critic of the Forbes
article refering to it as the product of "media whores who are now
getting paid for doing what they used to do for free," and then
applying the term "whores" to the authors because, hey, I didn't
make up the term, somebody else did, and I'm just reporting (and using
it as my central metaphor) just the way it was told to me. However, I
suspect that neither Forbes' author would take kindly to being called
a whore because of the perception that they prostituted journalistic
integrity for the pay-off of a sexy story. And this is what's wrong
with the article: The authors take rumors and catch-phrases, "merely
report" the phrases, but then construct premises around the phrases
*as if* they were true with little (if any) evidence. They take an
unconfirmed "truth" (where are fact checkers when you need them) or an
unrelated "fact" (such as an example of insider fraud) and generalize
from a discrete fact to a larger population. The article is an
excellent bit of creative writing.
Why Does It All Matter?
Computer crime is serious, costly, and must not be tolerated.
Rip-off is no joke. But, it helps to understand a problem before it
can be solved, and lack of understanding can lead to policies and laws
that are not only ineffective, but also a threat to civil liberties.
The public should be accurately informed of the dangers of computer
crime and how it can be prevented. However, little will be served by
creating demons and falsely attributing to them the sins of others. It
is bad enough that the meaning" of the term "hacker" has been used to
apply both to both computer delinquents and creative explorers without
also having the label extended to include all other forms of computer
criminals as well.
CPSR, the EFF, CuD, and many, many others have worked, with some
success, to educate the media about both dangers of computer crime and
the dangers of inaccurately reporting it and attributing it to
"hackers." Some, perhaps most, reporters take their work seriously,
let the facts speak to them, and at least make a good-faith effort not
to fit their "facts" into a narrative that--by one authors' indication
at least--seems to have been predetermined.
Contrary to billing, there was no evidence in the story, other than
questionable rumor, of "hacker" connection to organized crime. Yet,
this type of article has been used by legislators and some law
enforcement agents to justify a "crackdown" on conventional hackers as
if they were the ultimate menace to society. Forbes, with a paid
circulation of over 735,000 (compared to CuDs unpaid circulation of
only 40,000), reaches a significant and influential population.
Hysterical stories create hysterical images, and these create
hysteria-based laws that threaten the rights of law-abiding users.
When a problem is defined by irresponsibly produced images and then
fed to the public, it becomes more difficult to overcome policies and
laws that restrict rights in cyberspace.
The issue is not whether "hackers" are or are not portrayed favorably.
Rather, the issue is whether images re-inforce a witch-hunt mentality
that leads to the excesses of Operation Sun Devil, the Steve Jackson
Games fiasco, or excessive sentences for those who are either
law-abiding or are set up as scapegoats. The danger of the Forbes
article is that it contributes to the persecution of those who are
stigmatized not so much for their acts, but rather for the signs they
bear.
________________________________________________________________________
Cu-Digest is a weekly electronic journal/newsletter. Subscriptions are
available at no cost from tk0jut2@mvs.cso.niu.edu. The editors may be
contacted by voice (815-753-6430), fax (815-753-6302) or U.S. mail at:
Jim Thomas, Department of Sociology, NIU, DeKalb, IL 60115.
Issues of CuD can also be found in the Usenet comp.society.cu-digest
news group; on CompuServe in DL0 and DL4 of the IBMBBS SIG, DL1 of
LAWSIG, and DL0 and DL12 of TELECOM; on Genie in the PF*NPC RT
libraries; from America Online in the PC Telecom forum under
"computing newsletters;" on the PC-EXEC BBS at (414) 789-4210; in
Europe from the ComNet in Luxembourg BBS (++352) 466893; and using
anonymous FTP on the Internet from ftp.eff.org (192.88.144.4) in
/pub/cud, red.css.itd.umich.edu (141.211.182.91) in /cud, halcyon.com
(192.135.191.2) in /pub/mirror/cud, and ftp.ee.mu.oz.au (128.250.77.2)
in /pub/text/CuD.
European readers can access the ftp site at: nic.funet.fi pub/doc/cud.
Back issues also may be obtained from the mail
server at mailserv@batpad.lgb.ca.us.
COMPUTER UNDERGROUND DIGEST is an open forum dedicated to sharing
information among computerists and to the presentation and debate of
diverse views. CuD material may be reprinted for non-profit as long
as the source is cited. Some authors do copyright their material, and
they should be contacted for reprint permission. It is assumed that
non-personal mail to the moderators may be reprinted unless otherwise
specified. Readers are encouraged to submit reasoned articles
relating to computer culture and communication. Articles are
preferred to short responses. Please avoid quoting previous posts
unless absolutely necessary.
DISCLAIMER: The views represented herein do not necessarily represent
the views of the moderators. Digest contributors assume all
responsibility for ensuring that articles submitted do not
violate copyright protections.
________________________________________________________________________
________________________________________________________________________
The SURFPUNK Technical Journal is a dangerous multinational hacker zine
originating near BARRNET in the fashionable western arm of the northern
California matrix. Quantum Californians appear in one of two states,
spin surf or spin punk. Undetected, we are both, or might be neither.
________________________________________________________________________
Send postings to <surfpunk@osc.versant.com>, subscription requests
to <surfpunk-request@osc.versant.com>. MIME encouraged.
Xanalogical archive access soon. You have new mail.
________________________________________________________________________
________________________________________________________________________
