#75. JAMES - "A computer hacker."

Wednesday, June 8, 2011

#75. JAMES - “A computer hacker.”

The servers for all of the middle school and high school computers in James’ town were centrally located at one data center in the high school. It was more convenient for the school board, but, perhaps unbeknownst to them, way less safe. The school district’s IT people had also failed to secure the servers.

James was having a shitty week. Middle school angst abounded. He wanted to do something to make himself feel better and to cause a little chaos in his restless, monotonous life. Hacking into both schools’ servers (something he’d done since the second grade) he decided to change the background image on every single computer.

“It was a picture of two horses, you know…” he says, ducking his head under his shaggy brown hair and smirking. “Yeah. I have a terrible sense of humor.”

James used a random group of seven students’ accounts that he’d taken over to pull off the job. There was no tie to him and those students didn’t get in trouble; it was as important to James not to pin the blame on someone else, as it was to not get caught. The school sent out a letter saying the incident was under investigation with the tagline, “We will find out who did this.” They never did.

“There was nothing better than coming into school that morning and seeing people wide-eyed and laughing and confused,” James snickers. “The teachers didn’t know what to do because everyone was seeing it. It was the best.”

This is the type of stuff the 22-year-old New York native got into as a kid. We meet up at a Starbucks in Union Square after a few months of James following me on Twitter and Tumblr under a name he wishes to remain secret. Then, he emailed me using a completely different first and last name and then replied using another. For the interview, he wants to be called James. I have no idea what his real name is. He later tells me he has 10 different GMail accounts.

The first computer he really remembers working on was an Apple II, used for (we say simultaneously) ‘Mavis Beacon’ and ‘Oregon Trail’ in the second grade. He also had piles of VCRs in his bedroom and at least 45 old computers for parts. His parents used a room in their house as James’ workshop nicknaming it “The Lab.”

The computer teacher at PS 14, his elementary school in the Bronx, Mr. Joe, would let James hang out after school and mess around with the computers. More than once, his parents would come to the school, angry that James, then just eight years old, had failed to come right home.

“I wish I could explain it,” he says when I ask what attracted him to computers, and more specifically, to hacking. He tells me in elementary schools, he was banned from the school’s lab because he cracked the codes to the system files and moved them, shutting everything down. He guessed the password based on things that were in Mr. Joe’s classroom: “cactus.” He had two near his desk.

Then, James was accepted to a science and technology magnet school. His computer teacher there was named Lou. Lou let James stay late with his best friend because he recognize the duo had talent. James realized the school’s administration was all on one network and that he could remotely control every teacher’s computer.

“My mistake was showing the other students,” he says. One of them deleted a teacher’s work while she working on it. They all got caught and the after-school tech program was shut down. James was barred from his grade’s end-of-the-year party.

“I remember the look Lou gave me when he realized what I’d done,” he says. The school board and James’ parents were flabbergasted at why he’d do what he did.

The problem, we flesh out, seems to be that people are not as safe about their use of technology as they absolutely should be. James is shy about what he’s capable of, but eventually he relents, qualifying that his parents were getting divorced and he’d just moved to a place where he had no friends. He hacked to pass the time.

Using equipment hidden in his backpack, James could gain access to anyone around him’s cell phone. From there, he could dump their contacts, read their text messages and make calls. If the phone has blue tooth or wireless capabilities, it is particularly vulnerable.

“I’d walk around with my laptop in my bag, modules going, gathering information like, ‘How many vulnerable phones are in this area?’” he says. “Biggest was in Grand Central Station, I think there were 137 nearby.”

Hypothetically, I ask him, could he go to the Oscars or to the White House and collect phone numbers and texts from celebrities and politicians? James says yes, but that he never did that. His targets were random people, as a learning experience. He never wanted to use his powers for any real evil.

“I think every young hacker goes through the teenager, angst-y, misanthropic phase,” he says. “I never do anything to truly hurt another person. It’s more like minor inconveniences.”

For instance, he’d hack into a friend’s phone and send confusing text messages. Prank calls were his favorite. He doesn’t do it anymore though after friends started blaming him for every technical glitch.

“People not trusting me is a really big problem,” he says like it pains him. “I stick to my guns about not hurting people. The only things I’ll do are funny things where all you have to do is go in and change it.”

Though James’ hacking is innocuous, there have been lasting consequences; He was fired from his long-time job because of suspicions he was hacking. He was a projectionist at a movie theater and his boss caught wind of his hobby. Worried James would yoink credit card information from customers, he was let go for being “untrustworthy.” James swears he didn’t do anything to the theater’s computers.

“The definition of a hacker is in a bad sense and a good sense,” he says. “For me it’s about learning, I don’t want to just run the program, I want to gain access, I want to see why I can, why it’s vulnerable,” he pauses. “But I know that misanthropic viewpoint is more common. It’s a very social activity and you run into the same people over and over and you get an understanding of how they view the world, which is that some people don’t care how hard you worked to get the money in your savings account, they’ll just take it.”

I ask him what the biggest security risk is for the average person. “Leaving technologies active on your phone,” he says, meaning WiFi, which he says should be turned off when not being used. (“I can read anything,” he says.) He also recommends having multiple email accounts and passwords. He changes all of his passwords on a strict six month rotation. “That way if they get access to one account, they can’t break into everything,” he says. His passwords are also incredibly long (sometimes full sentences from his favorite books) and therefore mostly impossible to crack.

This interview took place before Representative Anthony Weiner admitted that he accidentally tweeted the inappropriate photos that surfaced on his Twitter. Back when he was still claiming he was hacked. I ask James what the odds are that Anthony Weiner was actually a hacking victim. James laughs, holding up his fingers in a circle: Zero.

“It’s the most common excuse because to the world, hackers equal assholes. They’re always fucking things up and they’re good scapegoats,” James says. He says, for example, that it’s insulting to call waiters who steal credit card information “hackers” when all they did was take a photo of the card on their cell phone. “A hacker is someone who used known security vulnerabilities to obtain control of the system or account that isn’t theirs,” James says when I ask for a full-on definition.

But it’s more complicated than that. There’s a branch of anarchist hackers who hate Microsoft and Google and Apple and there are the life-ruiners at 4Chan and there are those who are “activist” hackers, believing they’re doing the revolutionary thing by taking down anyone who speaks out against Wikileaks, for example. Some just hate everyone and don’t care.

James tells me he carries on his parents’ “The Lab” tradition in his home, but that he now has a day job as a lead systems engineer at a start-up. He still gets pleasure out of scheming and revels in the social aspect of hacking. It’s not the exaggerated idea of a fat guy sitting in his basement all day but nor is it Lisbeth Salander from ‘Girl With the Dragon Tattoo’ where every move is calculated out of vengeance and anger.

For someone working in computers, James says being labeled a “hacker” can be slightly detrimental, because it creates the trust problems he mentioned earlier. He’d prefer now to err on the ethical side of hacking; security. He wants to find the holes before “the bad guys” do and then get companies to pay him to fix it.

“I just grew morals,” he shrugs. “I don’t need to get into a system to mess stuff up anymore. Now, I want to protect the system because I don’t like people being exploited,” he pauses, “Well, unless there’s a real purpose and it’s really deserved.”

Later, he emails me asking if I’d want to learn how to hack on a small scale. I tell him I’d be interested. I also joke that since he didn’t want me to take his picture, that I’m going to use a photo of Jesse Eisenberg from ‘The Social Network.’ The two have a similar shaggy-haired, quiet-guy look and demeanor.

“As a hacker, there’s this God and power complex that’s very easy to fall into,” he tells me during the interview. “I think it’s better to spread awareness. There’s a bad attitude in the field that, ‘You should know this because you use the stuff,’ but ordinary people have lives to deal with and they don’t have time to understand every technology.”

“What would you say they do?” I ask.

“Be prudent,” he says. “About where you use your credit card, about what networks you connect to, about your phone,” he leans forward on his elbows. “That’s the thing with technology; so many people have it, but far fewer understand it.”