iruses are the current crimoid champ, a lot less dangerous than most people let on, but the novelty is fading and there's a crimoid vacuum at the moment, the press is visibly hungering for something more outrageous.... The Great Man shares with us a few speculations on the coming crimoids.... Desktop Forgery! Wow.... Computers stolen just for the sake of the information within them -- data- napping! Happened in Britain a while ago, could be the coming thing.... Phantom nodes in the Internet! Parker handles his overhead projector sheets with an ecclesiastical air... He wears a grey double-breasted suit, a light blue shirt, and a very quiet tie of understated maroon and blue paisley... Aphorisms emerge from him with slow, leaden emphasis... There is no such thing as an adequately secure computer when one faces a sufficiently powerful adversary.... Deterrence is the most socially useful aspect of security... People are the primary weakness in all information systems... The entire baseline of computer security must be shifted upward.... Don't ever violate your security by publicly describing your security measures... People in the audience are beginning to squirm, and yet there is something about the elemental purity of this guy's philosophy that compels uneasy respect.... Parker sounds like the only sane guy left in the lifeboat, sometimes. The guy who can prove rigorously, from deep moral principles, that Harvey there, the one with the broken leg and the checkered past, is the one who has to be, err.... that is, Mr. Harvey is best placed to make the necessary sacrifice for the security and indeed the very survival of the rest of this lifeboat's crew.... Computer security, Parker informs us mournfully, is a nasty topic, and we wish we didn't have to have it... The security expert, armed with method and logic, must think -- imagine -- everything that the adversary might do before the adversary might actually do it. It is as if the criminal's dark brain were an extensive subprogram within the shining cranium of Donn Parker. He is a Holmes whose Moriarty does not quite yet exist and so must be perfectly simulated. CFP is a stellar gathering, with the giddiness of a wedding. It is a happy time, a happy ending, they know their world is changing forever tonight, and they're proud to have been there to see it happen, to talk, to think, to help. And yet as night falls, a certain elegiac quality manifests itself, as the crowd gathers beneath the chandeliers with their wineglasses and dessert plates. Something is ending here, gone forever, and it takes a while to pinpoint it. It is the End of the Amateurs. *********** Afterword: The Hacker Crackdown Three Years Later Three years in cyberspace is like thirty years anyplace real. It feels as if a generation has passed since I wrote this book. In terms of the generations of computing machinery involved, that's pretty much the case. The basic shape of cyberspace has changed drastically since 1990. A new U.S. Administration is in power whose personnel are, if anything, only too aware of the nature and potential of electronic networks. It's now clear to all players concerned that the status quo is dead-and-gone in American media and telecommunications, and almost any territory on the electronic frontier is up for grabs. Interactive multimedia, cable-phone alliances, the Information Superhighway, fiber- to-the-curb, laptops and palmtops, the explosive growth of cellular and the Internet -- the earth trembles visibly. The year 1990 was not a pleasant one for AT&T. By 1993, however, AT&T had successfully devoured the computer company NCR in an unfriendly takeover, finally giving the pole-climbers a major piece of the digital action. AT&T managed to rid itself of ownership of the troublesome UNIX operating system, selling it to Novell, a netware company, which was itself preparing for a savage market dust-up with operating-system titan Microsoft. Furthermore, AT&T acquired McCaw Cellular in a gigantic merger, giving AT&T a potential wireless whip-hand over its former progeny, the RBOCs. The RBOCs themselves were now AT&T's clearest potential rivals, as the Chinese firewalls between regulated monopoly and frenzied digital entrepreneurism began to melt and collapse headlong. AT&T, mocked by industry analysts in 1990, was reaping awestruck praise by commentators in 1993. AT&T had managed to avoid any more major software crashes in its switching stations. AT&T's newfound reputation as "the nimble giant" was all the sweeter, since AT&T's traditional rival giant in the world of multinational computing, IBM, was almost prostrate by 1993. IBM's vision of the commercial computer-network of the future, "Prodigy," had managed to spend $900 million without a whole heck of a lot to show for it, while AT&T, by contrast, was boldly speculating on the possibilities of personal communicators and hedging its bets with investments in handwritten interfaces. In 1990 AT&T had looked bad; but in 1993 AT&T looked like the future. At least, AT&T's *advertising* looked like the future. Similar public attention was riveted on the massive $22 billion megamerger between RBOC Bell Atlantic and cable-TV giant Tele-Communications Inc. Nynex was buying into cable company Viacom International. BellSouth was buying stock in Prime Management, Southwestern Bell acquiring a cable company in Washington DC, and so forth. By stark contrast, the Internet, a noncommercial entity which officially did not even exist, had no advertising budget at all. And yet, almost below the level of governmental and corporate awareness, the Internet was stealthily devouring everything in its path, growing at a rate that defied comprehension. Kids who might have been eager computer-intruders a mere five years earlier were now surfing the Internet, where their natural urge to explore led them into cyberspace landscapes of such mindboggling vastness that the very idea of hacking passwords seemed rather a waste of time. By 1993, there had not been a solid, knock 'em down, panic-striking, teenage-hacker computer-intrusion scandal in many long months. There had, of course, been some striking and well-publicized acts of illicit computer access, but they had been committed by adult white-collar industry insiders in clear pursuit of personal or commercial advantage. The kids, by contrast, all seemed to be on IRC, Internet Relay Chat. Or, perhaps, frolicking out in the endless glass-roots network of personal bulletin board systems. In 1993, there were an estimated 60,000 boards in America; the population of boards had fully doubled since Operation Sundevil in 1990. The hobby was transmuting fitfully into a genuine industry. The board community were no longer obscure hobbyists; many were still hobbyists and proud of it, but board sysops and advanced board users had become a far more cohesive and politically aware community, no longer allowing themselves to be obscure. The specter of cyberspace in the late 1980s, of outwitted authorities trembling in fear before teenage hacker whiz- kids, seemed downright antiquated by 1993. Law enforcement emphasis had changed, and the favorite electronic villain of 1993 was not the vandal child, but the victimizer of children, the digital child pornographer. "Operation Longarm," a child- pornography computer raid carried out by the previously little- known cyberspace rangers of the U.S. Customs Service, was almost the size of Operation Sundevil, but received very little notice by comparison. The huge and well-organized "Operation Disconnect," an FBI strike against telephone rip-off con-artists, was actually larger than Sundevil. "Operation Disconnect" had its brief moment in the sun of publicity, and then vanished utterly. It was unfortunate that a law-enforcement affair as apparently well-conducted as Operation Disconnect, which pursued telecom adult career criminals a hundred times more morally repugnant than teenage hackers, should have received so little attention and fanfare, especially compared to the abortive Sundevil and the basically disastrous efforts of the Chicago Computer Fraud and Abuse Task Force. But the life of an electronic policeman is seldom easy. If any law enforcement event truly deserved full-scale press coverage (while somehow managing to escape it), it was the amazing saga of New York State Police Senior Investigator Don Delaney Versus the Orchard Street Finger- Hackers. This story probably represents the real future of professional telecommunications crime in America. The finger- hackers sold, and still sell, stolen long-distance phone service to a captive clientele of illegal aliens in New York City. This clientele is desperate to call home, yet as a group, illegal aliens have few legal means of obtaining standard phone service, since their very presence in the United States is against the law. The finger-hackers of Orchard Street were very unusual "hackers," with an astonishing lack of any kind of genuine technological knowledge. And yet these New York call-sell thieves showed a street-level ingenuity appalling in its single- minded sense of larceny. There was no dissident-hacker rhetoric about freedom- of-information among the finger-hackers. Most of them came out of the cocaine-dealing fraternity, and they retailed stolen calls with the same street-crime techniques of lookouts and bagholders that a crack gang would employ. This was down- and-dirty, urban, ethnic, organized crime, carried out by crime families every day, for cash on the barrelhead, in the harsh world of the streets. The finger-hackers dominated certain payphones in certain strikingly unsavory neighborhoods. They provided a service no one else would give to a clientele with little to lose. With such a vast supply of electronic crime at hand, Don Delaney rocketed from a background in homicide to teaching telecom crime at FLETC in less than three years. Few can rival Delaney's hands-on, street-level experience in phone fraud. Anyone in 1993 who still believes telecommunications crime to be something rare and arcane should have a few words with Mr Delaney. Don Delaney has also written two fine essays, on telecom fraud and computer crime, in Joseph Grau's *Criminal and Civil Investigations Handbook* (McGraw Hill 1993). *Phrack* was still publishing in 1993, now under the able editorship of Erik Bloodaxe. Bloodaxe made a determined attempt to get law enforcement and corporate security to pay real money for their electronic copies of *Phrack,* but, as usual, these stalwart defenders of intellectual property preferred to pirate the magazine. Bloodaxe has still not gotten back any of his property from the seizure raids of March 1, 1990. Neither has the Mentor, who is still the managing editor of Steve Jackson Games. Nor has Robert Izenberg, who has suspended his court struggle to get his machinery back. Mr Izenberg has calculated that his $20,000 of equipment seized in 1990 is, in 1993, worth $4,000 at most. The missing software, also gone out his door, was long ago replaced. He might, he says, sue for the sake of principle, but he feels that the people who seized his machinery have already been discredited, and won't be doing any more seizures. And even if his machinery were returned -- and in good repair, which is doubtful -- it will be essentially worthless by 1995. Robert Izenberg no longer works for IBM, but has a job programming for a major telecommunications company in Austin. Steve Jackson won his case against the Secret Service on March 12, 1993, just over three years after the federal raid on his enterprise. Thanks to the delaying tactics available through the legal doctrine of "qualified immunity," Jackson was tactically forced to drop his suit against the individuals William Cook, Tim Foley, Barbara Golden and Henry Kluepfel. (Cook, Foley, Golden and Kluepfel did, however, testify during the trial.) The Secret Service fought vigorously in the case, battling Jackson's lawyers right down the line, on the (mostly previously untried) legal turf of the Electronic Communications Privacy Act and the Privacy Protection Act of 1980. The Secret Service denied they were legally or morally responsible for seizing the work of a publisher. They claimed that (1) Jackson's gaming "books" weren't real books anyhow, and (2) the Secret Service didn't realize SJG Inc was a "publisher" when they raided his offices, and (3) the books only vanished by accident because they merely happened to be inside the computers the agents were appropriating. The Secret Service also denied any wrongdoing in reading and erasing all the supposedly "private" e-mail inside Jackson's seized board, Illuminati. The USSS attorneys claimed the seizure did not violate the Electronic Communications Privacy Act, because they weren't actually "intercepting" electronic mail that was moving on a wire, but only electronic mail that was quietly sitting on a disk inside Jackson's computer. They also claimed that USSS agents hadn't read any of the private mail on Illuminati; and anyway, even supposing that they had, they were allowed to do that by the subpoena. The Jackson case became even more peculiar when the Secret Service attorneys went so far as to allege that the federal raid against the gaming company had actually *improved Jackson's business* thanks to the ensuing nationwide publicity. It was a long and rather involved trial. The judge seemed most perturbed, not by the arcane matters of electronic law, but by the fact that the Secret Service could have avoided almost all the consequent trouble simply by giving Jackson his computers back in short order. The Secret Service easily could have looked at everything in Jackson's computers, recorded everything, and given the machinery back, and there would have been no major scandal or federal court suit. On the contrary, everybody simply would have had a good laugh. Unfortunately, it appeared that this idea had never entered the heads of the Chicago-based investigators. They seemed to have concluded unilaterally, and without due course of law, that the world would be better off if Steve Jackson didn't have computers. Golden and Foley claimed that they had both never even heard of the Privacy Protection Act. Cook had heard of the Act, but he'd decided on his own that the Privacy Protection Act had nothing to do with Steve Jackson. The Jackson case was also a very politicized trial, both sides deliberately angling for a long-term legal precedent that would stake-out big claims for their interests in cyberspace. Jackson and his EFF advisors tried hard to establish that the least e-mail remark of the lonely electronic pamphleteer deserves the same somber civil-rights protection as that afforded *The New York Times.* By stark contrast, the Secret Service's attorneys argued boldly that the contents of an electronic bulletin board have no more expectation of privacy than a heap of postcards. In the final analysis, very little was firmly nailed down. Formally, the legal rulings in the Jackson case apply only in the federal Western District of Texas. It was, however, established that these were real civil- liberties issues that powerful people were prepared to go to the courthouse over; the seizure of bulletin board systems, though it still goes on, can be a perilous act for the seizer. The Secret Service owes Steve Jackson $50,000 in damages, and a thousand dollars each to three of Jackson's angry and offended board users. And Steve Jackson, rather than owning the single-line bulletin board system "Illuminati" seized in 1990, now rejoices in possession of a huge privately-owned Internet node, "io.com," with dozens of phone-lines on its own T-1 trunk. Jackson has made the entire blow-by-blow narrative of his case available electronically, for interested parties. And yet, the Jackson case may still not be over; a Secret Service appeal seems likely and the EFF is also gravely dissatisfied with the ruling on electronic interception. The WELL, home of the American electronic civil libertarian movement, added two thousand more users and dropped its aging Sequent computer in favor of a snappy new Sun Sparcstation. Search-and-seizure discussions on the WELL are now taking a decided back-seat to the current hot topic in digital civil liberties, unbreakable public-key encryption for private citizens. The Electronic Frontier Foundation left its modest home in Boston to move inside the Washington Beltway of the Clinton Administration. Its new executive director, ECPA pioneer and longtime ACLU activist Jerry Berman, gained a reputation of a man adept as dining with tigers, as the EFF devoted its attention to networking at the highest levels of the computer and telecommunications industry. EFF's pro- encryption lobby and anti-wiretapping initiative were especially impressive, successfully assembling a herd of highly variegated industry camels under the same EFF tent, in open and powerful opposition to the electronic ambitions of the FBI and the NSA. EFF had transmuted at light-speed from an insurrection to an institution. EFF Co-Founder Mitch Kapor once again sidestepped the bureaucratic consequences of his own success, by remaining in Boston and adapting the role of EFF guru and gray eminence. John Perry Barlow, for his part, left Wyoming, quit the Republican Party, and moved to New York City, accompanied by his swarm of cellular phones. Mike Godwin left Boston for Washington as EFF's official legal adviser to the electronically afflicted. After the Neidorf trial, Dorothy Denning further proved her firm scholastic independence-of-mind by speaking up boldly on the usefulness and social value of federal wiretapping. Many civil libertarians, who regarded the practice of wiretapping with deep occult horror, were crestfallen to the point of comedy when nationally known "hacker sympathizer" Dorothy Denning sternly defended police and public interests in official eavesdropping. However, no amount of public uproar seemed to swerve the "quaint" Dr. Denning in the slightest. She not only made up her own mind, she made it up in public and then stuck to her guns. In 1993, the stalwarts of the Masters of Deception, Phiber Optik, Acid Phreak and Scorpion, finally fell afoul of the machineries of legal prosecution. Acid Phreak and Scorpion were sent to prison for six months, six months of home detention, 750 hours of community service, and, oddly, a $50 fine for conspiracy to commit computer crime. Phiber Optik, the computer intruder with perhaps the highest public profile in the entire world, took the longest to plead guilty, but, facing the possibility of ten years in jail, he finally did so. He was sentenced to a year and a day in prison. As for the Atlanta wing of the Legion of Doom, Prophet, Leftist and Urvile... Urvile now works for a software company in Atlanta. He is still on probation and still repaying his enormous fine. In fifteen months, he will once again be allowed to own a personal computer. He is still a convicted federal felon, but has not had any legal difficulties since leaving prison. He has lost contact with Prophet and Leftist. Unfortunately, so have I, though not through lack of honest effort. Knight Lightning, now 24, is a technical writer for the federal government in Washington DC. He has still not been accepted into law school, but having spent more than his share of time in the company of attorneys, he's come to think that maybe an MBA would be more to the point. He still owes his attorneys $30,000, but the sum is dwindling steadily since he is manfully working two jobs. Knight Lightning customarily wears a suit and tie and carries a valise. He has a federal security clearance. Unindicted *Phrack* co-editor Taran King is also a technical writer in Washington DC, and recently got married. Terminus did his time, got out of prison, and currently lives in Silicon Valley where he is running a full-scale Internet node, "netsys.com." He programs professionally for a company specializing in satellite links for the Internet. Carlton Fitzpatrick still teaches at the Federal Law Enforcement Training Center, but FLETC found that the issues involved in sponsoring and running a bulletin board system are rather more complex than they at first appear to be. Gail Thackeray briefly considered going into private security, but then changed tack, and joined the Maricopa County District Attorney's Office (with a salary). She is still vigorously prosecuting electronic racketeering in Phoenix, Arizona. The fourth consecutive Computers, Freedom and Privacy Conference will take place in March 1994 in Chicago. As for Bruce Sterling... well *8-). I thankfully abandoned my brief career as a true-crime journalist and wrote a new science fiction novel, *Heavy Weather,* and assembled a new collection of short stories, *Globalhead.* I also write nonfiction regularly, for the popular-science column in *The Magazine of Fantasy and Science Fiction.* I like life better on the far side of the boundary between fantasy and reality; but I've come to recognize that reality has an unfortunate way of annexing fantasy for its own purposes. That's why I'm on the Police Liaison Committee for EFF- Austin, a local electronic civil liberties group (eff- austin@tic.com). I don't think I will ever get over my experience of the Hacker Crackdown, and I expect to be involved in electronic civil liberties activism for the rest of my life. It wouldn't be hard to find material for another book on computer crime and civil liberties issues. I truly believe that I could write another book much like this one, every year. Cyberspace is very big. There's a lot going on out there, far more than can be adequately covered by the tiny, though growing, cadre of network-literate reporters. I do wish I could do more work on this topic, because the various people of cyberspace are an element of our society that definitely requires sustained study and attention. But there's only one of me, and I have a lot on my mind, and, like most science fiction writers, I have a lot more imagination than discipline. Having done my stint as an electronic-frontier reporter, my hat is off to those stalwart few who do it every day. I may return to this topic some day, but I have no real plans to do so. However, I didn't have any real plans to write "Hacker Crackdown," either. Things happen, nowadays. There are landslides in cyberspace. I'll just have to try and stay alert and on my feet. The electronic landscape changes with astounding speed. We are living through the fastest technological transformation in human history. I was glad to have a chance to document cyberspace during one moment in its long mutation; a kind of strobe-flash of the maelstrom. This book is already out-of- date, though, and it will be quite obsolete in another five years. It seems a pity. However, in about fifty years, I think this book might seem quite interesting. And in a hundred years, this book should seem mind-bogglingly archaic and bizarre, and will probably seem far weirder to an audience in 2092 than it ever seemed to the contemporary readership. Keeping up in cyberspace requires a great deal of sustained attention. Personally, I keep tabs with the milieu by reading the invaluable electronic magazine Computer underground Digest (tk0jut2@mvs.cso.niu.edu with the subject header: SUB CuD and a message that says: SUB CuD your name your.full.internet@address). I also read Jack Rickard's bracingly iconoclastic *Boardwatch Magazine* for print news of the BBS and online community. And, needless to say, I read *Wired,* the first magazine of the 1990s that actually looks and acts like it really belongs in this decade. There are other ways to learn, of course, but these three outlets will guide your efforts very well. When I myself want to publish something electronically, which I'm doing with increasing frequency, I generally put it on the gopher at Texas Internet Consulting, who are my, well, Texan Internet consultants (tic.com). This book can be found there. I think it is a worthwhile act to let this work go free. From thence, one's bread floats out onto the dark waters of cyberspace, only to return someday, tenfold. And of course, thoroughly soggy, and riddled with an entire amazing ecosystem of bizarre and gnawingly hungry cybermarine life- forms. For this author at least, that's all that really counts. Thanks for your attention *8-) Bruce Sterling bruces@well.sf.ca.us -- New Years' Day 1994, Austin Texas