Hernandez 1

Cesar Hernandez

Prof. Martinez

English 1101

April 3, 2013

A Club of Hackers; Because Everyone is a Hacker

An Ethnographic Study of a Club of Hackers’ Discourse Community

Breaking News: “Hackers’ credit theft creates financial headache”, “Hackers steal US

government corporate data from PCs”, “Hackers Called Truth Seekers”, “Hackers’ for good:

Uncle Sam is looking for patriotic computer geeks.” Headlines like these nowadays come up so

often on major newspapers and news channels that the term hacker has come connote criminal

activities and anyone associated with it is automatically deemed to be nothing more than a low

life exploiting the hard work of others. However, this is not the case, and it is my intention with

this paper to demonstrate that not all hackers are the evil-minded individuals that popular media

portrays them to be.

What is a Hacker?

Knowing that I had the same predisposition that most people have towards hackers I

decided to adopt an unprejudiced frame of mind and conduct a study on a club of hackers’

discourse community. For this study I chose the University of Central Florida’s Collegiate Cyber

Defense Club because after being around for only one semester they had managed to place first

at the regional Southeast Collegiate Cyber Defense Competition. This therefore showed that the

members of this club were at the very least able to adopt James Paul Gee’s idea of “discourse as

Hernandez 2

sort of an identity kit which comes complete with the appropriate costume and instructions on

how to act, talk, and often write, so as to take on a particular role that others will recognize”, in

this case that of a hacker (Gee 481).

Upon arrival at the club’s meeting room for the first time on a Friday afternoon I was

prompted to sign an “Ethics Statement” without which I would have been prohibited to partake

in this and future meetings (Appendix A). This ethics statement simply told me the rules that are

enforced by the club and the university, as well as commons do’s and don’ts. What stroked out to

me the most about this contract was the last paragraph which simply read “I am joining this

organization to enhance my computer security skills and acquire knowledge. I vow to use my

skills and knowledge for non-criminal enterprises in keeping with UCF policy.” At first glance

this could have simply been written off as a precautionary measure on the club’s part, but what it

really shows is that they are aware that the knowledge they’re sharing can be dangerous if used

for the wrong intentions.

At the meetings I sat at the back with a notebook and took notes on what went on. The

meetings always began with the co-captain Jonathan Singer going through the club’s agenda

which included the speakers and the topics they will be covering as well as announcements on

future events. Halfway through my first presentation I realized the need for the “Ethics

Statement”, one of the speakers staged a phone call to another person in the audience, then using

his computer he was able to intercept the phone call, decode it, and play it back to the audience. I

also conducted an interview with Gaelen Adams who founded the club and currently also holds

the position of co-captain (Appendix B). In it, I asked him questions that ranged from the goals

of the club to the skills, or literacies, they need in order to participate in competitions to his

views on cybercrime.

Hernandez 3

On the latter question, Gaelen states that “a hacker is just somebody who knows more

about a system than the person who developed it.” He goes on to saying that “hackers are neither

good nor bad. Once you have acquired some sort of knowledge that you shouldn’t have it is what

you do with it that can make you an asshole.” He also makes the point hacking is not something

that’s new he says “I don’t believe that there is more cybercrime per say I just think that it is

more public now. I view computers like a modern hammer, in the old days they used a hammer

to break locks on doors; computers are the new hammers. This is not a new problem it just has

evolved into something different.”

Once I had conducted this interview and had collected enough data on this club’s meeting

procedures I analyzed this data and applied John Swales’ six characteristic of a discourse

community (Swales 466). I chose to focus specifically on the club’s common goals, genres, and

lexis used by the members, as well as literacies, as define by Tony Mirabelli, they must master

(Mirabelli 538).

Characteristics of a Discourse Community

Goals. During the interview with Gaelen I asked him what the club’s goals were and he

responded by saying “I want to foster a learning environment, where anyone regardless of their

knowledge can come in and participate in our meetings. We want people to see the good side of

cyber security and not what is portrayed on the media.” Here Gaelen talks about how we wants

the club to be seen; at the beginning of one of the meetings he started talking about how they had

made their first public appearance on the second page of the Central Florida Future newspaper

for winning first place at the regional competition (Appendix C). There is also the obvious goal

of winning as many competitions as possible. When I walked into the meeting room for the

Hernandez 4

second time the first thing I noticed was a countdown with large red numbers and a leaderboard

on the side being projected onto the front of the room. After looking around the room I realized

that the members of the UCF CCDC team were gathered in one corner of the room working on

the competition and soon after Jonathan made an announcement that this competition was one of

the ones that was open to the public and that we could all join in compete as a team. However,

one goal that was barely mentioned by the club was the fact that those teams that go on to the

national completion usually get hired by large corporations. This I view as the ultimate goal of

the members of this club because hackers usually work alone and therefore getting a job is

extremely difficult, however when they are allowed to exhibit their skills without causing any

real damage they can be easily recruited into high paying jobs.

Lexis. One of the major characteristics of a discourse community is the lexis they use, or the set

of terms that they have appropriated themselves with in order to convey certain meaning. This

being a discourse community of internet savvy members, plenty of terms can be found to be used

outside of their normal speech context. Most people with some sort of computer fluency will

understand terms like URL, cookies, viruses, and perhaps even certain internet protocols like

HTTP. These terms however are commonly used through the club where it is expected of the

members to know their meaning. Then there are those terms that even people like myself, who

work with computers on a very technical level, have a hard time understanding. Some of these

terms range from sending fake data over the internet with some purpose only know by the person

performing the action like “packet spoofing”, “IP address spoofing”, and “ftp fuzzing” to

checking for vulnerabilities that a computer on the web may have like “port scanning” and

“packet sniffing.” Lexis like these are very important during presentations and competitions

when someone wants to convey an action in as few words as possible such as “Hey use

Hernandez 5

Wireshark instead of Nmap on this network.” The reason why someone would say something

like this is because not only do they want this person to sniff some packets traveling through a

certain network, they also want the person to use Wireshark, the industry standard for such task,

instead of the other tool.

Genres. Whenever language is used to get something done whether spoken or written this can be

considered a genre. In this discourse community the most important genre is the website that is

currently maintain by team members and servers two main purposes (Singer). The first is an

open invitation to any member of the club to hack the website, for educational purposes only of

course, and in turn learn from experience how to defend from such attacks in the future. The

second purpose of the website is to hold news about the club, information about future events, an

archive of presentations from previous meetings, and most importantly a page dedicated to

resources that new comers might find useful such as tutorials and tools to familiarize themselves

with.

Having familiarized ourselves with this club of hackers’ discourse community and understanding

its constituents we can now focus on the literacies that they must gain fluency in if they want to

be successful at what they do.

Multiple Literacies

Tony Mirabelli defines literacy as not only be able to read and write but also to be able to

read people and that being “literate means to have control of a socially accepted association

among ways of using language, of thinking, and of acting that can be used to identify oneself as a

member of a socially meaningful group or social network” (Mirabelli 542). In other words, for

the members of this club to be considered members they must behave in certain ways, or like

Hernandez 6

James Paul Gee says either you are part of the discourse community or you are not, there is no in

between, and the only way to be part of it is to be fluent in it.

One of the most essential literacies that every member of this club or at least those who

participate in competitions must have complete fluency over is “the shell.” The shell is the most

direct way to speak to a computer, before computers gained the ability to display graphical

interfaces the only way to talk to a computer was through shell using text. This text consists of

countless of commands each of which can take numerous operands and in turn result in the

execution of different actions.

Another literacy critical for successful competing is knowing the basic of networking, or

in simple terms knowing how the internet works along with its countless of protocols and how

they interact with each other. Along with this it is essential for participants to understand the

Open System Interconnection (OSI) model works, which is divided into seven layers, each of

which is responsible for passing control, of information travelling from one computer to another,

to the layer above and below it starting from the application layer and working its way down to

the machine level and then back up. If one were to not be fluent in either of these they wouldn’t

be prepare to analyze a system for vulnerabilities.

Lastly and most importantly the contestants need to know how to read people. However,

this is much more difficult when one is simply sitting behind a computer and all the information

they have is how the system works and how a regular user would interact with this system.

Therefore these contestants must develop a skill called social engineering. Let’s say for example,

that one of the contestants wants to analyze a foreign system for vulnerabilities and that this

person knows some of the safety measures that this system has in place. In order to not be

Hernandez 7

detected they could use a program called SNORT which will send an array of fake attacks of

numerous kinds along with the real one in hope that the system not knowing which one is the

real one will be unable to deal with the situation. Another form of social engineering is when a

contestant knows that a user must type some sort of information in simple text and send it to a

server and therefore intersects these packets specifically looking for Hyper Text Transfer

Protocol (HTTP) packets which contain that simple text.

Conclusion

In the end we must come to the realization that not all hackers al evil. What I have shown

here is a club of hackers, not a hackers club. The main distinction between the two is that a

hackers’ club implies that there is only one type of hacker and therefore all of its members fall

under the same generalization whether good or bad. However, a club of hackers is a more

flexible term in that its members can be anyone regardless of expertise with all sorts of different

convictions and ethics. As Gaelen told me “a hacker is simply just somebody who knows more

about a system than the person who developed it.” Therefore if we extend this definition to all

aspects of life, than we can see why he chose to end our interview by simply saying “So yea, if I

am a hacker than everyone is a hacker.” What he is really saying with this is that if you are told

to believe something but instead choose to do something else out of your own convictions than

you have become a hacker. It is where those convictions lie that determines if you are that low

life exploiting the hard work of others. He knows this, now I do too, but so do the governments

around the world, hence why they are trying to recruit as many “patriotic computer geeks” as

possible to defend our country.

Hernandez 8

Works Cited:

Gee, James Paul. “Literacy, Discourse, and Linguistics: Introduction.”

Wardle and Downs 481-95

Swales, John. “The Concept of Discourse Community.”

Wardle and Downs 466-79

Mirabelli, Tony. “Learning to Serve: The Language and Literacy of Food Service Workers.”

Wardle and Downs 538-55

Singer, Jonathan. "UCF Collegiate Cyber Defense Club." UCF Collegiate Cyber Defense Club.

N.p., n.d.

Web. 03 Apr. 2013.

Hernandez 9

Appendix A:

Hernandez 10

Appendix B:

Interview Questions:

1. What is your name?a. Gaelan Adams

2. What is your major?a. IT/ Super Senior

3. How long have you been a member of this club?a. I founded the club.

4. What made you want to join this club and what are you trying to get out of it?a. I am trying to build a community for people to learn about computer security and

inspire good ethics in them. I want them to know right from wrong.5. In your own words, how would you describe the goals of this club?

a. To foster a learning environment, where anyone regardless of their knowledge can come in and participate in our meetings. We want people to see the good side of cyber security not what is portrayed on the media.

6. How hard do you believe it is to join this club? Are there any prerequisites?a. Everyone is welcome to come to our meetings; anyone can come in and hopefully learn

something new. Even if they walk in knowing nothing about computers but walk out of here knowing something new then we have done our job.

7. What methods of communication does this club use?a. IRC, Facebook posts, and email.

8. What methods of feedback does the club use?a. Verbal communication, anonymous emails, we take suggestions from the members:

they wanted to learn about Metasploit so we had someone make a presentation on it.9. Who do you believe has power in this club? How does one gain power in the club?

a. We like to keep it flat, “board members” have certain privileges like the right to reserve rooms for meeting and events but for the most part we like everyone to have an equal voice.

10. Did you try to join the competing team KnightSec? Did you get in?a. The team is actually called: CCDC Team, I am part of it as co-captain with Jonathan

Singer.11. What is the selection process for members of this team?

a. This is our first year so we mostly looked for people with previous experience and who had shown participation within the club. This will probably change in the future where we will be having tryouts.

12. Are competitions only for the KnightSec team or can anyone participate in them?a. There are two types of competitions. There is the Cyber Collegiate Defense

Competitions which are sponsored by the NSA and it is only for the members of the competing club. These competitions are very rigorous because our team is given a

Hernandez 11

machine and we must defend them from a red team hired to break everything and stomp on us. The other competitions are called Capture the Flag, these competitions are similar to Jeopardy games where there are categories of questions which range from reverse engineering to looking up someone on Google, and they are open to anyone.

13. How did you do in these competitions?a. On average we are usually on the top 20% of the leaderboards.

14. What kind of skills do you believe are important to have? As a professional? For competitions?a. Good communication, need to have original thinking, very logical thinking. Technical

skills range from knowing how to program in Python, to being able to use tools like ADA, WireShark, Netcap and Snort.

15. What are your views on cybercrime in the past couple of years? Do you believe anything needs to change?

a. I don’t believe that there is more cybercrime per say I just think that it is more public now. I view computers like a modern hammer, in the old days they used hammer to break locks on doors; computers are the new hammers. This is not a new problem its just has evolved into something different.

16. In your own words, how do you define a hacker? Can hackers be good? Based on your definition of hackers do you consider yourself to be a hacker? If so what kind?

a. A hacker is just somebody who knows more about a system than the person who developed it. Do you believe everything you are told? If you do you are nothing more than someone’s bitch, if you don’t and choose to mess with that than you are a hacker. However, hackers are neither good nor bad. Once you have acquired some sort of knowledge that you shouldn’t have it is what you do with it that can make you an asshole, and that’s what gives hackers the stigma they get from society. We are all hackers, hacking is not something that is just related to computers. There two types of hackers, white hat hackers which are the ones that make the decision to inform companies about vulnerabilities and then there are black hat hackers who decide to make a profit those vulnerably. So yea, if I am a hacker than everyone is a hacker.

Hernandez 12

Appendix C: