Nic Turner
Despite their potential to cause chaos in computer systems, the majority of South African hackers are driven, like their counterparts around the world, by a passion for programming rather than the desire to cause malicious damage.
The hacking scene in South Africa is disparate and fragmented, confined to white suburbia and small platteland towns where access to computers and boredom combine to create an ideal breeding ground for would-be hackers.
Koki, known to his parents as Kriek Jooste, grew up in Harrismith and built his first computer for around R150 when he was 15. Not long after that technicians in the Wits University electrical engineering department traced his electronic footprints through the systems of Unisa, Olivetti, the Weather Bureau, and their own computers.
The likeable youngster suffers from attention deficit disorder, which he claims is what stands between him and true hackdom. “I started hacking Beltel because I had no money and couldn’t afford the cost of dialling up to the Internet. You can get away with just about anything, especially in this country,” says Jooste, who did get away with it, and lived to tell the tale on national television.
“The ideal place for growing a hacker is a small town. You get kids from poor backgrounds who are fairly intelligent using the Internet as a way of getting over physical and social barriers,” Jooste claims.
Jooste, like many aspirant hackers, learned much of what he knows from system administrators in America. “It was very difficult getting into the scene, being a South African, but eventually I was accepted. The whole scene is about egos.”
The pinnacle of geekdom is the ability to write “exploits”, software capable of nudging open weaknesses in systems. Andre Thomas is a 22-year-old hacker who claims he is one of five in South Africa with that capacity. To the dismay of some of his supporters, Thomas supports moves to introduce legislation that will criminalise hacking.
“It is polite to call me a hacker,” Thomas says. “A hacker is someone who is capable of hacking something together, in other words fixing a system and making it better. Basically it is the ability to analyse a system and propose ways of making it better.”
Hacking sprung from the original culture of the computer in the 1960s where freedom of expression and disdain for authority were tempered by a concern for the common good.
In the United States, where hacking culture is considerably more advanced than South Africa, authorities take computer crime a tad more seriously. In January 1990, after hackers almost closed down the AT&T network in America, the FBI launched “the hacker crackdown”.
One of the victims of the crackdown was celebrity hacker Phiber Optik, who became the cause clbre of the Internet intelligentsia and supporters of freedom on the Internet.
When arrested Phiber maintained the classic hacker ethic: that computer intrusion is justified as long as the motive is pure. For hackers like Phiber, the systems that he can so easily penetrate and manipulate are things of intricate beauty, to be explored and mastered in the same way an architect would study a ground plan.
Other celebrity hackers, like Kevin Mitnick who was arrested in 1995 and found to have more than 20 000 credit-card numbers at his disposal, are more worrying to authorities. Mitnick faces more than 200 years in jail for a spree that had the Internet community spellbound.
Thomas spends a lot of time guarding his Unix-based system against malicious attacks from other hackers. The computer holds about 150 megs of exploits.
Exploits can simulate cellphone simcards, help with a bit of credit card fraud, or “phreak” the local phone company to make free long-distance calls. South Africa’s lack of legislation makes this perfectly legal. Even if this were not the case, Thomas says: “If you want an exploit, any exploit, you can find it on the Net.”
Reaching Thomas’s level of coding skill takes years of 18-hour stints behind the computer screen. “As you get better you develop a very real respect for computer systems and you learn how to protect, rather than break them,” he says.
The majority of aspirant hackers start out in the Demo scene, where talented programmers can show off their work. The next step up is to become a cracker, a term which originates with the Swiss Cracker Association, who were responsible for the first widespread computer virus.
Crackers focus on breaking copyrights as opposed to hackers, who explore, and often focus on protecting rather than breaking software.
A Johannesburg cracker who goes by the alias of Supreme explains how he downloads software from the Web, then cracks the copyright so that the programme thinks it is legally registered.
The majority of the hacking community are youngsters who spend hours each day hanging around websites like Cert and Bugtrack waiting for the real hackers to release their exploits. Thomas refers to them dismissively as “code kiddies”.
Thomas say code kiddies spend time trying to break into Internet service providers. “They do this to get free Internet access rather than to be malicious. Technically speaking, though, this is theft.”
The basic tool of the old-school hacker was the “blue box”, used to emulate telephone signals and take over exchanges mostly to make free international calls.Hackers also make use of speed-dialling equipment to break four-digit access codes to international lines.
But the basic tool of the hacker in low-tech South Africa has nothing to do with sophisticated technology: it is called “social engineering”, which means quite simply, pretending to be someone who you are not to get access to databases.
According to local hackers, Telkom is the easiest institution to socially engineer. Hackers call up pretending to be technicians or foreign exchange operators and with a little technical knowledge, they can take over exchanges or lines and use them for their own purposes.
Telkom has been slow to catch on, but it did set up a fraud department in 1996 and managed to catch six individuals who were running riot in Telkom exchanges with their blue boxes. No prosecutions were made.