(A "hack," it should be emphasized, is any unauthorized intrusion into a computer's innards, whether that intrusion is carried out by a lone hacker or agents of a hostile government. The one flaw in the New York Times' enterprising recent investigation of Stuxnet's origins is that it seems to deny Stuxnet was the product of "hackers," because the hack may have been created by a government, by U.S. and/or Israeli teams of hackers. A hacker is a hacker is a hacker, government-employed or not. It is common knowledge, for instance, that the Chinese military has an entire division of its army devoted to cyber warfare—which is no less hackery for being government sponsored.)
And the recent triumphs of hackerdom range beyond Stuxnet. We also saw the more crude but voluminous Wikileaks, the Gawker hack, the Facebook worm that spammed and phished people last fall. It began to seem as if no one, no system, was invulnerable. An ominous piece on the front page of USA Today on Jan. 11 claimed "Experts fear cyberspammers are plotting new attack modes," citing the sharp drop-off of traditional criminal botnet hacker networks, the ones that infect thousands of PCs and turn them into "zombie" computers to serve their ends. The sudden abandonment of this profitable mode of computer crime, the story claimed, might presage a sinister new twist in hacker tactics.
Which makes it particularly ironic that at this best of times for hackers and their worms and "weaponized malware," the legendary godfather of hackerdom, the "epic iconic figure" (as Computerworld* calls him), the real-life mythic ghost in the machine, superhero to generations of nerds and geeks including the founders of Apple, the man known as "Captain Crunch," suffered a sudden mysterious debilitating injury that left him with excruciating pain and nerve damage, incapacitated and fighting for the use of the hands that—almost singlehandedly—created hacker culture. This news comes just at the moment when we might well need a hacker superhero, someone to deal with the unknown new challenges the super-cyber-worms represent. Because just as the Oppenheimer moment at Los Alamos was a scientific triumph and a human tragedy, Stuxnet and its analogs may have a profoundly unsettling dark side.
I'm not alone in thinking this. I've written here of the 50 nuclear missiles that went rogue in Wyoming for an hour back in late October. The 50 Minutemen nukes stopped responding to communications from their launch control center at F.E. Warren AF Base*. It was reported that their communications link had been disrupted after some malfunction had caused their missile-to-missile pinging to speed up and slow down out of phase, causing them to cut themselves off from what might be an outside intrusion.
Probably just an accident, but accounts of Stuxnet's disabling of the Iranian centrifuges spoke of the way it seized control of their operating controls and sped up and slowed down the centrifuge speed cycles, leading to jamming and crashing. While doing some background research for this column, I came across a comment about the Wyoming incident on the extremely well-informed Armscontrolwonk.com* blog that simply said: "Why not stuxnet?"
The implications are vastly unsettling. If a Stuxnet-like worm can disable Iranian nuclear manufacturing controls, there is reason to be concerned that a similar or more highly evolved worm (devised by the much-feared Chinese military cyber corps, perhaps) could seize control of our nuclear missile launch-control capacity. Maybe not yet. But the potential can't be ruled out.
The possibility may remind some of what was once a futuristic fantasy in the Terminator movies: a nuclear weapons control program called "Skynet" that turned on its masters and sought to use its power to destroy humanity.
No one really believes machines are capable of such apocalyptic mischief on their own. But human beings...It seems not only prudent but urgent that we mobilize all the best hackers in the nation to devise defenses against the malicious use of Stuxnet worms to start cataclysmic wars. Or would you rather depend on Pentagon bureaucrats?
And first among such a team of supergeek recruits would be Captain Crunch, who may have started it all.
I first got to know the Captain when I was writing "Secrets of the Little Blue Box," a 1971 Esquire story that began with a focus on proto-hacker "phone phreaks"—among them blind electronic teenage geniuses who devised ways of hacking into the long-distance circuits of then-monopoly AT&T. Into which the Captain (real name John Draper) inserted himself because he was making a key transition from phone phreaking (using "blue boxes" which replicated the internal signal cycles of the phone company) to modem-based hacking into computer circuitry.
He was known for cruising around what was later to be called Silicon Valley in a Volkswagen van equipped with his "computerized unit" as he called it, stopping by isolated phone booths and hooking himself into circuitry all over the world. The first hacker superhero, complete with phone booth.
After my story came out, both good and bad things happened for the Captain. The good thing was that the Steves—Jobs and Wozniak—reached out to him. First for help in their own attempts to manufacture blue boxes in their parents' garage. Then, after they formed the Apple partnership, they took him on as a skilled techie who helped them devise Apple's early word processing program, EZ Writer. It's also said he had key input in designing the first PCs as well. The bad things were that he talked too much about his nonlegal hacking exploits and the feds locked him up for a time.
Nonetheless he was never what has come to be called a "black hat hacker"—one who uses his skills for criminal ends. He was more of what has been called a "look-at-me" hacker. One of those superadept wizards who liked to show off by showing up, virtually, behind the firewalls, the anti-virus immunizations, and all the defenses that the most super-secure sophisticated computer security people could devise.
Not just to show off, such hackers would maintain, but to perform a public service, by "demonstrating vulnerabilities" in the computer systems around them. Even more culturally significant, Captain Crunch made hacking "cool" to a subculture of supersmart geeks who were not content with their code-and-cubicle life but wanted a dimension of James Bond-like daring in their lives. (I am of the opinion that the relative immunity of Apple and Macs from hacker attacks has something to do with the coolness factor that their association with Captain Crunch gave them in the hacker subculture.)