Permanent Record(17)
What all of those numbers told me was that if I didn’t do any homework but aced everything else, I’d wind up with a cumulative grade of 85, a B. If I didn’t do any homework or write any term papers but aced everything else, I’d wind up with a cumulative grade of 70, a C-minus. The 10 percent that was class participation would be my buffer. Even if the teacher gave me a zero in that—if they interpreted my participation as disruption—I could still manage a 65, a D-minus. I’d still pass.
My teachers’ systems were terminally flawed. Their instructions for how to achieve the highest grade could be used as instructions for how to achieve the highest freedom—a key to how to avoid doing what I didn’t like to do and still slide by.
The moment I figured that out, I stopped doing homework completely. Every day was bliss, the kind of bliss forbidden to anybody old enough to work and pay taxes, until Mr. Stockton asked me in front of the entire class why I hadn’t handed in the past half-dozen or so homework assignments. Untouched as I was by the guile of age—and forgetting for a moment that by giving away my hack, I was depriving myself of an advantage—I cheerfully offered my equation to the math teacher. My classmates’ laughter lasted just a moment before they set about scribbling, calculating whether they, too, could afford to adopt a post-homework life.
“Pretty clever, Eddie,” Mr. Stockton said, moving on to the next lesson with a smile.
I was the smartest kid in school—until about twenty-four hours later, when Mr. Stockton passed out the new syllabus. This stated that any student who failed to turn in more than six homeworks by the end of the semester would get an automatic F.
Pretty clever, Mr. Stockton.
Then, he took me aside after class and said, “You should be using that brain of yours not to figure out how to avoid work, but how to do the best work you can. You have so much potential, Ed. But I don’t think you realize that the grades you get here will follow you for the rest of your life. You have to start thinking about your permanent record.”
* * *
UNSHACKLED FROM HOMEWORK, at least for a while, and so with more time to spare, I also did some more conventional—computer-based—hacking. As I did, my abilities improved. At the bookstore, I’d page through tiny, blurrily photocopied, stapled-together hacker zines with names like 2600 and Phrack, absorbing their techniques, and in the process absorbing their antiauthoritarian politics.
I was at the bottom of the technical totem pole, a script kiddie n00b working with tools I didn’t understand that functioned according to principles that were beyond me. People still ask me why, when I finally did gain some proficiency, I didn’t race out to empty bank accounts or steal credit card numbers. The honest answer is that I was too young and dumb to even know that this was an option, let alone to know what I’d do with the stolen loot. All I wanted, all I needed, I already had for free. Instead, I figured out simple ways to hack some games, giving myself extra lives and letting me do things like see through walls. Also, there wasn’t a lot of money on the Internet back then, at least not by today’s standards. The closest that anyone I knew or anything I read ever came to theft was “phreaking,” or making free phone calls.
If you asked some of the big-shot hackers of the day why, for example, they’d hacked into a major news site only to do nothing more meaningful than replace the headlines with a trippy GIF proclaiming the skills of Baron von Hackerface that would be taken down in less than half an hour, the reply would’ve been a version of the answer given by the mountaineer who was asked his reason for climbing Mount Everest: “Because it’s there.” Most hackers, particularly young ones, set out to search not for lucre or power, but for the limits of their talent and any opportunity to prove the impossible possible.
I was young, and while my curiosity was pure, it was also, in retrospect, pretty psychologically revealing, in that some of my earliest hacking attempts were directed toward allaying my neuroses. The more I came to know about the fragility of computer security, the more I worried over the consequences of trusting the wrong machine. As a teenager, my first hack that ever courted trouble dealt with a fear that suddenly became all I could think about: the threat of a full-on, scorched-earth nuclear holocaust.
I’d been reading some article about the history of the American nuclear program, and before I knew it, with just a couple of clicks, I was at the website of the Los Alamos National Laboratory, the country’s nuclear research facility. That’s just the way the Internet works: you get curious, and your fingers do the thinking for you. But suddenly I was legitimately freaked out: the website of America’s largest and most significant scientific research and weapons development institution, I noticed, had a glaring security hole. Its vulnerability was basically the virtual version of an unlocked door: an open directory structure.
I’ll explain. Imagine I sent you a link to download a .pdf file that’s kept on its own page of a multipage website. The URL for this file would typically be something like website.com/files/pdfs/filename.pdf. Now, as the structure of a URL derives directly from directory structure, each part of this URL represents a distinct “branch” of the directory “tree.” In this instance, within the directory of website.com is a folder of files, within which is a subfolder of pdfs, within which is the specific filename.pdf that you’re seeking to download. Today, most websites will confine your visit to that specific file, keeping their directory structures closed and private. But back in those dinosaur days, even major websites were created and run by folks who were new to the technology, and they often left their directory structures wide open, which meant that if you truncated your file’s URL—if you simply changed it to something like website.com/files—you’d be able to access every file on the site, pdf or otherwise, including those that weren’t necessarily meant for visitors. This was the case with the Los Alamos site.