As Hackers Go, CMU Students in It to Win

Article excerpt

You know all that stuff that keeps you up at night -- paying the bills, wanting a raise, buying a bigger home or a nicer car?

George Hotz, among the world's best known computer hackers, doesn't share your concerns.

It's a little odd, he acknowledges, to think that becoming the first person to break into and alter an iPhone was easy but that holding down a 9-to-5 job seems unfathomable. "It's a little defect in your mind that makes you want to sit there and stick it to the machine all night," he says.

Hotz, 23, a Carnegie Mellon University sophomore from Glen Rock, N.J., plays as a member of CMU's capture-the-flag team, going up against computer researchers around the world to break code and find guarded information.

Played for skill and prize money, the games have real-world implications for everyone.

Twitter this month said hackers compromised 250,000 user accounts. Recent attacks kept customers from accessing accounts at PNC Bank and other U.S. banks. The New York Times and other media outlets say the Chinese hacked their websites, and top U.S. military officials have warned that the Department of Defense cannot protect itself.

Often vying against competitors who work in defense industries, CMU students ranked first in the world in 2011 but slipped last year to second behind a team from Russia that -- as Hotz will tell you -- maintains the online rankings.

After graduation, some of the students plan to work in computer security research or write software. Breaking into other people's code can help them avoid similar mistakes, said Alex Reece, 21, a senior from Orlando, Fla., who has lined up a job to write software for a San Francisco-based data management firm.

"Because I played the role of the attacker so much, I'm aware of these common weaknesses," Reece said.

Hackers often divide themselves into the good, who seek vulnerabilities to patch before someone can exploit them, and the bad, who try to scam victims and steal money. The truth is, they all fall into a gray area, Hotz said. He follows his own Golden Rule: Do unto others ... and don't be a jerk.

"There is no objective morality," he said.

Wearing a black sweater, blue jeans and duck boots, Hotz opens his wallet and flips out a fake Northwestern University ID that he made to get into football games and the library when he lived in Evanston, Ill., but did not enroll in classes.

So this time he's committed to graduating from college?

"Who said I'm getting an undergraduate degree?" he said with a comical indignity. "I'm just here (at CMU) to chill."

"Free Geohot"

On a wintry Tuesday afternoon, Hotz sits in the "Cluster" -- an oval-shaped room in CMU's Gates Center for Computer Science. White marker boards cover the walls, and graffiti covers them: detailed drawings of a mermaid, a dragon and the man in the moon, next to complicated algorithms and code diagrams.

"You can log out anytime you want but you can never leave," is scrawled near the top of one wall where it cannot easily be erased.

Hotz and about a half-dozen others play Minecraft, a computer game popular with middle-schoolers that allows players to develop their own universes by building homes and landscapes. The CMU students play an altered version that allows them to add nuclear reactors.

Reece sits on the floor, a backpack at his feet and an Apple laptop resting precariously on his knees as he leans against the wall.

Hotz breaks things to see how they work. Using the online name "Geohot," he was, at 17, the first person to hack into an iPhone so that owners could choose their cellphone carrier and add content. …