Hernandez 1

Cesar Hernandez Prof. Martinez English 1101 April 3, 2013 A Club of Hackers; Because Everyone is a Hacker An Ethnographic Study of a Club of Hackers Discourse Community Breaking News: Hackers credit theft creates financial headache, Hackers steal US government corporate data from PCs, Hackers Called Truth Seekers, Hackers for good: Uncle Sam is looking for patriotic computer geeks. Headlines like these nowadays come up so often on major newspapers and news channels that the term hacker has come connote criminal activities and anyone associated with it is automatically deemed to be nothing more than a low life exploiting the hard work of others. However, this is not the case, and it is my intention with this paper to demonstrate that not all hackers are the evil-minded individuals that popular media portrays them to be. What is a Hacker? Knowing that I had the same predisposition that most people have towards hackers I decided to adopt an unprejudiced frame of mind and conduct a study on a club of hackers discourse community. For this study I chose the University of Central Floridas Collegiate Cyber Defense Club because after being around for only one semester they had managed to place first at the regional Southeast Collegiate Cyber Defense Competition. This therefore showed that the members of this club were at the very least able to adopt James Paul Gees idea of discourse as

Hernandez 2

sort of an identity kit which comes complete with the appropriate costume and instructions on how to act, talk, and often write, so as to take on a particular role that others will recognize, in this case that of a hacker (Gee 481). Upon arrival at the clubs meeting room for the first time on a Friday afternoon I was prompted to sign an Ethics Statement without which I would have been prohibited to partake in this and future meetings (Appendix A). This ethics statement simply told me the rules that are enforced by the club and the university, as well as commons dos and donts. What stroked out to me the most about this contract was the last paragraph which simply read I am joining this organization to enhance my computer security skills and acquire knowledge. I vow to use my skills and knowledge for non-criminal enterprises in keeping with UCF policy. At first glance this could have simply been written off as a precautionary measure on the clubs part, but what it really shows is that they are aware that the knowledge theyre sharing can be dangerous if used for the wrong intentions. At the meetings I sat at the back with a notebook and took notes on what went on. The meetings always began with the co-captain Jonathan Singer going through the clubs agenda which included the speakers and the topics they will be covering as well as announcements on future events. Halfway through my first presentation I realized the need for the Ethics Statement, one of the speakers staged a phone call to another person in the audience, then using his computer he was able to intercept the phone call, decode it, and play it back to the audience. I also conducted an interview with Gaelen Adams who founded the club and currently also holds the position of co-captain (Appendix B). In it, I asked him questions that ranged from the goals of the club to the skills, or literacies, they need in order to participate in competitions to his views on cybercrime.

Hernandez 3

On the latter question, Gaelen states that a hacker is just somebody who knows more about a system than the person who developed it. He goes on to saying that hackers are neither good nor bad. Once you have acquired some sort of knowledge that you shouldnt have it is what you do with it that can make you an asshole. He also makes the point hacking is not something thats new he says I dont believe that there is more cybercrime per say I just think that it is more public now. I view computers like a modern hammer, in the old days they used a hammer to break locks on doors; computers are the new hammers. This is not a new problem it just has evolved into something different. Once I had conducted this interview and had collected enough data on this clubs meeting procedures I analyzed this data and applied John Swales six characteristic of a discourse community (Swales 466). I chose to focus specifically on the clubs common goals, genres, and lexis used by the members, as well as literacies, as define by Tony Mirabelli, they must master (Mirabelli 538). Characteristics of a Discourse Community Goals. During the interview with Gaelen I asked him what the clubs goals were and he responded by saying I want to foster a learning environment, where anyone regardless of their knowledge can come in and participate in our meetings. We want people to see the good side of cyber security and not what is portrayed on the media. Here Gaelen talks about how we wants the club to be seen; at the beginning of one of the meetings he started talking about how they had made their first public appearance on the second page of the Central Florida Future newspaper for winning first place at the regional competition (Appendix C). There is also the obvious goal of winning as many competitions as possible. When I walked into the meeting room for the

Hernandez 4

second time the first thing I noticed was a countdown with large red numbers and a leaderboard on the side being projected onto the front of the room. After looking around the room I realized that the members of the UCF CCDC team were gathered in one corner of the room working on the competition and soon after Jonathan made an announcement that this competition was one of the ones that was open to the public and that we could all join in compete as a team. However, one goal that was barely mentioned by the club was the fact that those teams that go on to the national completion usually get hired by large corporations. This I view as the ultimate goal of the members of this club because hackers usually work alone and therefore getting a job is extremely difficult, however when they are allowed to exhibit their skills without causing any real damage they can be easily recruited into high paying jobs. Lexis. One of the major characteristics of a discourse community is the lexis they use, or the set of terms that they have appropriated themselves with in order to convey certain meaning. This being a discourse community of internet savvy members, plenty of terms can be found to be used outside of their normal speech context. Most people with some sort of computer fluency will understand terms like URL, cookies, viruses, and perhaps even certain internet protocols like HTTP. These terms however are commonly used through the club where it is expected of the members to know their meaning. Then there are those terms that even people like myself, who work with computers on a very technical level, have a hard time understanding. Some of these terms range from sending fake data over the internet with some purpose only know by the person performing the action like packet spoofing, IP address spoofing, and ftp fuzzing to checking for vulnerabilities that a computer on the web may have like port scanning and packet sniffing. Lexis like these are very important during presentations and competitions when someone wants to convey an action in as few words as possible such as Hey use

Hernandez 5

Wireshark instead of Nmap on this network. The reason why someone would say something like this is because not only do they want this person to sniff some packets traveling through a certain network, they also want the person to use Wireshark, the industry standard for such task, instead of the other tool. Genres. Whenever language is used to get something done whether spoken or written this can be considered a genre. In this discourse community the most important genre is the website that is currently maintain by team members and servers two main purposes (Singer). The first is an open invitation to any member of the club to hack the website, for educational purposes only of course, and in turn learn from experience how to defend from such attacks in the future. The second purpose of the website is to hold news about the club, information about future events, an archive of presentations from previous meetings, and most importantly a page dedicated to resources that new comers might find useful such as tutorials and tools to familiarize themselves with. Having familiarized ourselves with this club of hackers discourse community and understanding its constituents we can now focus on the literacies that they must gain fluency in if they want to be successful at what they do. Multiple Literacies Tony Mirabelli defines literacy as not only be able to read and write but also to be able to read people and that being literate means to have control of a socially accepted association among ways of using language, of thinking, and of acting that can be used to identify oneself as a member of a socially meaningful group or social network (Mirabelli 542). In other words, for the members of this club to be considered members they must behave in certain ways, or like

Hernandez 6

James Paul Gee says either you are part of the discourse community or you are not, there is no in between, and the only way to be part of it is to be fluent in it. One of the most essential literacies that every member of this club or at least those who participate in competitions must have complete fluency over is the shell. The shell is the most direct way to speak to a computer, before computers gained the ability to display graphical interfaces the only way to talk to a computer was through shell using text. This text consists of countless of commands each of which can take numerous operands and in turn result in the execution of different actions. Another literacy critical for successful competing is knowing the basic of networking, or in simple terms knowing how the internet works along with its countless of protocols and how they interact with each other. Along with this it is essential for participants to understand the Open System Interconnection (OSI) model works, which is divided into seven layers, each of which is responsible for passing control, of information travelling from one computer to another, to the layer above and below it starting from the application layer and working its way down to the machine level and then back up. If one were to not be fluent in either of these they wouldnt be prepare to analyze a system for vulnerabilities. Lastly and most importantly the contestants need to know how to read people. However, this is much more difficult when one is simply sitting behind a computer and all the information they have is how the system works and how a regular user would interact with this system. Therefore these contestants must develop a skill called social engineering. Lets say for example, that one of the contestants wants to analyze a foreign system for vulnerabilities and that this person knows some of the safety measures that this system has in place. In order to not be

Hernandez 7

detected they could use a program called SNORT which will send an array of fake attacks of numerous kinds along with the real one in hope that the system not knowing which one is the real one will be unable to deal with the situation. Another form of social engineering is when a contestant knows that a user must type some sort of information in simple text and send it to a server and therefore intersects these packets specifically looking for Hyper Text Transfer Protocol (HTTP) packets which contain that simple text. Conclusion In the end we must come to the realization that not all hackers al evil. What I have shown here is a club of hackers, not a hackers club. The main distinction between the two is that a hackers club implies that there is only one type of hacker and therefore all of its members fall under the same generalization whether good or bad. However, a club of hackers is a more flexible term in that its members can be anyone regardless of expertise with all sorts of different convictions and ethics. As Gaelen told me a hacker is simply just somebody who knows more about a system than the person who developed it. Therefore if we extend this definition to all aspects of life, than we can see why he chose to end our interview by simply saying So yea, if I am a hacker than everyone is a hacker. What he is really saying with this is that if you are told to believe something but instead choose to do something else out of your own convictions than you have become a hacker. It is where those convictions lie that determines if you are that low life exploiting the hard work of others. He knows this, now I do too, but so do the governments around the world, hence why they are trying to recruit as many patriotic computer geeks as possible to defend our country.

Hernandez 8

Works Cited: Gee, James Paul. Literacy, Discourse, and Linguistics: Introduction. Wardle and Downs 481-95 Swales, John. The Concept of Discourse Community. Wardle and Downs 466-79 Mirabelli, Tony. Learning to Serve: The Language and Literacy of Food Service Workers. Wardle and Downs 538-55 Singer, Jonathan. "UCF Collegiate Cyber Defense Club." UCF Collegiate Cyber Defense Club. N.p., n.d. Web. 03 Apr. 2013.

Hernandez 9

Appendix A:

Hernandez 10

Appendix B:
Interview Questions: 1. What is your name? a. Gaelan Adams 2. What is your major? a. IT/ Super Senior 3. How long have you been a member of this club? a. I founded the club. 4. What made you want to join this club and what are you trying to get out of it? a. I am trying to build a community for people to learn about computer security and inspire good ethics in them. I want them to know right from wrong. 5. In your own words, how would you describe the goals of this club? a. To foster a learning environment, where anyone regardless of their knowledge can come in and participate in our meetings. We want people to see the good side of cyber security not what is portrayed on the media. 6. How hard do you believe it is to join this club? Are there any prerequisites? a. Everyone is welcome to come to our meetings; anyone can come in and hopefully learn something new. Even if they walk in knowing nothing about computers but walk out of here knowing something new then we have done our job. 7. What methods of communication does this club use? a. IRC, Facebook posts, and email. 8. What methods of feedback does the club use? a. Verbal communication, anonymous emails, we take suggestions from the members: they wanted to learn about Metasploit so we had someone make a presentation on it. 9. Who do you believe has power in this club? How does one gain power in the club? a. We like to keep it flat, board members have certain privileges like the right to reserve rooms for meeting and events but for the most part we like everyone to have an equal voice. 10. Did you try to join the competing team KnightSec? Did you get in? a. The team is actually called: CCDC Team, I am part of it as co-captain with Jonathan Singer. 11. What is the selection process for members of this team? a. This is our first year so we mostly looked for people with previous experience and who had shown participation within the club. This will probably change in the future where we will be having tryouts. 12. Are competitions only for the KnightSec team or can anyone participate in them? a. There are two types of competitions. There is the Cyber Collegiate Defense Competitions which are sponsored by the NSA and it is only for the members of the competing club. These competitions are very rigorous because our team is given a machine and we must defend them from a red team hired to break everything and

Hernandez 11 stomp on us. The other competitions are called Capture the Flag, these competitions are similar to Jeopardy games where there are categories of questions which range from reverse engineering to looking up someone on Google, and they are open to anyone. How did you do in these competitions? a. On average we are usually on the top 20% of the leaderboards. What kind of skills do you believe are important to have? As a professional? For competitions? a. Good communication, need to have original thinking, very logical thinking. Technical skills range from knowing how to program in Python, to being able to use tools like ADA, WireShark, Netcap and Snort. What are your views on cybercrime in the past couple of years? Do you believe anything needs to change? a. I dont believe that there is more cybercrime per say I just think that it is more public now. I view computers like a modern hammer, in the old days they used hammer to break locks on doors; computers are the new hammers. This is not a new problem its just has evolved into something different. In your own words, how do you define a hacker? Can hackers be good? Based on your definition of hackers do you consider yourself to be a hacker? If so what kind? a. A hacker is just somebody who knows more about a system than the person who developed it. Do you believe everything you are told? If you do you are nothing more than someones bitch, if you dont and choose to mess with that than you are a hacker. However, hackers are neither good nor bad. Once you have acquired some sort of knowledge that you shouldnt have it is what you do with it that can make you an asshole, and thats what gives hackers the stigma they get from society. We are all hackers, hacking is not something that is just related to computers. There two types of hackers, white hat hackers which are the ones that make the decision to inform companies about vulnerabilities and then there are black hat hackers who decide to make a profit those vulnerably. So yea, if I am a hacker than everyone is a hacker.

13. 14.

15.

16.

Hernandez 12 Appendix C: