WikiLeaks case puts spotlight on Boston’s hacker culture

(Joe Raedle/ Getty Images)
By Carolyn Y. Johnson
Globe Staff / August 3, 2010

E-mail this article

Invalid E-mail address
Invalid E-mail address

Sending your article

Your article has been sent.

Text size +

It’s hardly the first time Boston-area hackers have been in the headlines. But it’s potentially the most serious.

The strong technology industry and universities here foster people with the right blend of technical expertise, audacity, and subversiveness to help feed a thriving and longstanding hacker community. In the 1990s, a group called L0pht Heavy Industries (pronounced loft) became well-known for publishing security flaws in computer software, eventually testifying before Congress that it could take the Internet down in a half-hour; more recently, a group of MIT students earned notoriety for finding a way to hack the MBTA’s CharlieCard.

But now that a recent MIT graduate has acknowledged trading multiple e-mails with the Army private who stands accused of giving the whistleblower website, WikiLeaks, thousands of pages of classified war records, the hacker community is in the spotlight.

Hackers are not one kind of person: Some take apart hardware, like teens who used to dismantle car engines.

Others try to find vulnerabilities in networks and software, burrowing through firewalls and other security features — often with the goal of exposing flaws so they can be fixed. At the extremes are those who are outright computer criminals, pirating company or government secrets or victims’ identities.

But a common thread is the idea that constraints and limits imposed on a system can be surmounted: “Information wants to be free’’ is their rallying cry.

As the mantra suggests, many hackers view their probing of computer systems as a social good — disclosing flaws in computer security, for example, so that millions of people who may be at risk can better protect themselves. But the law often has a less generous interpretation of their actions.

“I think there’s definitely some ambiguity around how far you can really go to make information free without violating the law,’’ said Zach Lanier, a hacker who lives in Allston and works as a consultant doing network security assessment.

While hacking may seem like a Wild West throwback, often vilified for criminals who use hacking as a means to do ill, it has its own ethos and traditions that buck the stereotype.

“One thing worth noting is that hacking, among hackers, doesn’t have this negative connotation. It doesn’t mean people who destroy things, deface things, and destroy your data,’’ said Jonathan Zittrain, a cofounder of the Berkman Center for Internet and Society at Harvard Law School. “It means people who play and have skillz — with a zed on the end.’’

But, he said, “the law is weighted not to give the benefit of doubt to the hacker.’’

The culture of hacking gadgets is older than the Internet. People known as “phreakers’’ once hacked the phone system, allowing them to make calls for free. And campus lockpicking clubs were motivated by opening locks, not by stealing.

But the ethos of hacking has largely grown up in the context of computers, with a focus on circumventing boundaries, to keep information free and available to the public.

A group of young computer geeks working out of a South End loft helped to shape that ethic in the 1990s.

Calling themselves L0pht Heavy Industries, members revealed software vulnerabilities in Microsoft Windows. Instead of hacking into other people’s computers, however, L0pht would set up its own systems and then crack them apart, publishing information about flaws it discovered.

“I used to call the L0pht midnight basketball for hackers,’’ said member Chris Wysopal, referring to the idea put forth during the early 1990s that midnight basketball would be a way to get youths off the street and stop crime. “It was a place, a hacker playground, where you didn’t have to hack other people’s systems; you could hack your own system. . . . All the thrill of breaking into things, doing real research on computer security, but you didn’t have to use somebody else’s systems.’’

Wysopal recalled that people would criticize L0pht because the information it released could be used for good or evil — to make sure a system wasn’t vulnerable, or to break into another system. But, he said, “You could use a baseball bat for good or evil; we don’t say baseball bat manufacturers are bad.’’

The disclosure of military documents on WikiLeaks is not a classic hacker activity, but hackers have been among the backers of Army Private Bradley Manning. They have sent the newly created Bradley Manning Support Fund more than $15,000 since the group began raising money on a website last Thursday, said Jeff Paterson, the fund’s cofounder. He said the site has received 283 donations, and some members of his group are from MIT and are potential witnesses in the case against Manning.

It’s unclear why Manning would have needed assistance from hackers in getting the files to WikiLeaks. Wysopal, now chief technology officer of Veracode Inc., an Internet security firm in Burlington, said Manning may have sought help in downloading so much data without detection. “You would need some way of extracting all of that information in bulk,’’ said Wysopal. “Having some computer security expertise would go a long way in getting it done.’’

Bruce Schneier, chief security technology officer for British phone company BT, said Manning might have been worried the files would contain “metadata,’’ embedded bits of information that could reveal when and where the files were downloaded.

Schneier said Manning might also have been worried about being detected when he uploaded the files to WikiLeaks. Even if he used a computer in a public place, Schneier said it might be possible to track him down. “There are a lot of different things to think about, and it’s really unlikely he’ll have expertise in all of them,’’ Schneier said. “He has to get everything right to win, and only one thing wrong to lose.’’

Hiawatha Bray and David Abel of the Globe staff contributed to this report. Carolyn Y. Johnson can be reached a

Connect with

Twitter Follow us on @BostonUpdate, other Twitter accounts