The Swedish Hacker Scene

-- First published in Phrack Magazine issue #48

It's about time to fill up this hole in the worldwide history of hackers published in the Phrack series of articles on national scenes. Since no one else seems to be getting around to do it I'd better do it myself.

Sweden was in fact one of the countries in the front line during the birth of computers in the 1940's and 50's. By 1953 KTH university in Stockholm built BESK, at the time being the fastest and most advanced computer in the world. During the late 1960's Linkoping university specialized in computer science and in 1973 the computer society Lysator started out as an offshoot of american hacker culture of the kind you could find at MIT during the 60's and 70's. They are still active and often referred to as the first Swedish hacker society ever, which is indeed true. Now days they still adhere to the international hacker ethic of university societies and among their lines are as well idiots as real bright guys (as is the case of most such societies) and their contributions to the world of e-culture include Project Runeberg; a text archive of Scandinavian literature, and a voluminous FTP archive. There's actually a lot of ASCII work being done at Lysator, including converting Phrack back issues to HTML format.

Despite the early interest in computers in Sweden there was no equivalent to the American phreakers of the 1970's. This was not caused by lack of knowledge but rather by dullness. Sweden was during the 70's and early 80's in a period of both economic wealth and social mentality commonly known as "The Welfare State". Everybody was facing the same high economic standards, nobody was really displeased with Swedish society, and the government granted lots of spare-time activities for youths. Thus the growing ground for any outlaw societies was withdrawn. (Eg Hells Angels didn't start out in Sweden until the 80's.) Swedes were in fact too pleased, too wealthy and too filled up with their vision of an almost utopian society to even get the faintest glimpse of an idea to form any underground movements. Even political groupings like Anarchists, Hippies (in Europe referred to as "Provos") or Fascists were almost WIPED OUT by the extreme political climate and wealth of the 70's.

Thus, phreaker culture couldn't possibly start out in Sweden at this time, though some freaked out engineers and radio-amateurs might have built blue boxes and similar equipment for their household needs. This state of society caused Sweden to lag behind other European and Scandinavian countries in the field of outlaw hacking.

The first hacker activity in Sweden was reported by the authorities in 1980. The hacker in question was a student at Chalmers university in Gothenburg and was sued for manipulating the account system into granting him free access to the mainframe, for which was sentenced to a relatively light fine. Apart from some similar incidents carried out by bright individuals there was no real H/P scene until 1984. Also in 1980 BBS activity started out in Sweden. Most enthusiasts were using a Swedish micro built by Luxor and DIAB in 1978 called ABC-80 (Obviously inspired by the American TRS-80). These enthusiast, however, were well organized engineers running a straight user-group, no anarchists or radicals of any kind were ever involved.

In 1984 a magazine called "Rolig Teknik" started out as an offshoot of YIPL/TAP featuring the same kind of material, and by 1987 some journalist "discovered" this magazine, causing a lot of noise throughout The Welfare State and bringing people out in a public debate of how to defeat this magazine. (Though it actually didn't feature any illegal material; even Sweden has the freedom of speech and press written explicit in its constitution, as in the American First Amendment.) "Rolig Teknik" rapidly became a cult media for underground electronic freaks, outlaw radio amateurs, and other antisocial movements. But let's not get ahead of events.

By early 1984 two youths aged 17 and 19, clearly inspired by the movie "War Games", hacked their way into several Swedish computer systems using a simple Apple II and a 300 baud modem, notably DAFA-Spar - a register containing public information on every Swedish citizen. Though there were no secret data in this computer, and though these hackers never succeed in gaining root access, the incident was annoying to the authorities. Also this year, some wealthy upper-middle class youths started using the was-to-become major European home computer: the Commodore 64. What the Apple II was for America, the C-64 was for Europe. Enter the software crackers.

C-64 was THE symbol of hackerdom to Swedish youths in the 1980's. As software cracker Mr.Z pioneered the hacker scene in 1983 with hundreds and hundreds of cracked games, Swedish hackers somehow got to believe that cracking games was the Big Thing for any hacker. Besides, not many of these guys had modems. By 1987 American game producers were alarmed by the Niagara of cracked C-64 software being downloaded from Europe, causing them to start copy-protecting games that were to be exported to Europe. A closer examination showed that a lot of these cracks were made by Swedish groups, notably Triad and Fairlight. Thus, most Americans to get in touch with the Swedish hacker scene were what you would refer to as the "Warez D00ds" or "Pirates" of the time. Since the Swedes were unable to phreak due to lack of knowledge in the telecom field, American warez d00ds constantly called up Swedish crackers to obtain the latest software.

There seems to be some kind of misconception in the American view of the hacker culture of Europe: Not very many hackers in Sweden and the rest of Europe got into phreaking nor net hacking in these early years, perhaps with the exception of the movement in Germany caused by Chaos Computer Club. By tradition most European hackers in general, and Swedish hackers in particular, turned to software cracking and demo programming. (The Demo as an art form was invented in Europe during 1984-86.) None of these activities were actually illegal at the time being, though indeed underground. This might have helped to create the general American view of European hackers as "Idiotic Immature Warez D00ds". In fact, most European hackers look upon software cracking and demo programming with pride, though spreading (warez trading) wasn't considered a real hacker activity, and pirating for economic gain was looked upon with disgust and utter contempt. Software spreading in all forms was finally outlawed in Sweden January 1st 1993.

1986: Enter the Netrunners. By the year 1986 the legendary BBS "Tungelstamonitorn" under the supervision of Jinge Flucht began distributing H/P and Anarchy files. Jinge himself, being a social inspector and thereby fully aware of the state of society, was upset with The Welfare State and thought the Swedes had gone law-abiding in an absurd and unhealthy manner. In his view people seemed to accept laws without ever questioning them, thereby making Sweden into a conformistic utopian hell. Later Jinge joined the Fidonet where he got known for running the most explicit and intense debates in Swedish BBS-culture ever.

Probably the H/P files stored at Jinges BBS were the spark that lit the Swedish net hacking scene. Swedish hackers had SEEN "War Games", HEARD about the CCC in Germany, and now they finally got their hands on documents that explained the techniques. In 1987 excerpts from Steven Levy's "Hackers" and Bill Leebs "Out of the Inner Circle" were reprinted in the Swedish computer- magazine "Datormagazin" by editor Christer Rindeblad, creating a common group-awareness among Swedish hackers. ("Out of the Inner Circle" had actually been translated to Swedish already 1985, but was obviously read mostly by security experts and War Games-obsessed wannabe's.) 1987 also saw the birth of the first all-Swedish hacker group ever to make themselves a name outside Scandinavia. This was of course SHA - Swedish Hackers Association.

SHA wanted to be a hacker group of international standards and qualities. They collected the best people, storing up a knowledge basis for future use. In the years 1989-92 SHA was at its height, successfully trashing computer companies and computer scrap dumps and gaining access to hundreds of computers. Inspired by the German hackers Pengo and Hagbard in Leitstelle 511 they started having regular meetings on fridays at their own booked table in a restaurant in Stockholm. Their perhaps biggest achievement ever was made in 1991 when they wrote a scanner to exploit the Unix NIS-bug, running it on 30 processes simultaneously, and ending up with some 150.000 passwords whereof 600 gained root access. Though some would say SHA were a bit too fond of the media image of hackers and sometimes had a weakness for hacker cliches, no one can really deny their achievements.

Swedish hackers also got a lot attention for their carding activities in 1989. Both Sneaker of SHA and Erik XIV of Agile wrote modulo 10-calculators to produce endless series of valid Visa-numbers. Erik XIV was even on national television, demonstrating the weaknesses of the credit card system. Cynically they were both busted.

At Christmas 1990 the Swedish X.25 network Datapak and Decnet were both attacked by a group of UK hackers called 8LGM (8 Little Green Men or 8-Legged Groove Machine - I don't know which one is a media nick). Using a war dialer they scanned about 22.000 entries and successfully accessed 380 of these. This is perhaps the most well-known of all hacks in Sweden, causing a lot of media noise. (The exact figures are a product of the Swedish telephone system AXE that I will write more about in a moment.) As reported in Phrack #43 they were busted and convicted under the new British anti-hacker law.

Later Swedish achievements include the phonecard emulator, constructed by Atari ST enthusiast Marvin in 1992, after hearing the Swedish phone company Telia boast of these prepaid phonecards superior security. Though these silicon-based chip phonecards (256 bytes serial EPROMs) couldn't actually be recharged or easily tampered with, he realized there was no problem in emulating the chip with a Motorola 68c705 one-chip computer. Some fake phonecards were manufactured and sold for almost nothing among his very best friends more on a "See, it can be done"-basis than with any intention to defraud Telia or earn heaps of money. Somehow the blueprints for the emulator found its way into the Internet.

Swedish hackers in general have a very strong tradition of forming groups, due to their roots in programming activities rather than phreaking. Group awareness and culture is very widespread and accepted within the boundaries of the whole Swedish computer underground. Thus, LOYALTY is very strong among Swedish hackers. Most hackers who get busted by authorities or blackmailed by companies would rather DIE than telling the name of even a single 10-year old warez d00d.

While we're at it - hacker busts, and phreaker busts in particular, are carried out in quite a disturbing manner in Sweden. To explain this I must first explain a bit about the Swedish telephone system.

Almost all Swedish networks use a system similar to 4ESS, constructed in cooperation by the State Telecom "Televerket" and Swedish telecommunications equipment producers Ericsson Telecom. This system is called AXE, which is an abbreviation for Automatic Cross-Connection Equipment. AXE is used in some 100 countries all over the world and probably one of the most beautiful exchange systems ever developed. AXE is designed for national, metropolitan and rural networks, and the same system nucleus is used in all the different systems. It can control both digital and analog equipment, though it's made with the aim on transforming all Swedish networks from analog to digital connections. It also comes with a fully featured bureaucratic organization for maintenance, administration and economics in general. AXE has the capability of building virtual groups in switching-stations, thus putting your PBX into the telco soup as well, making you believe you have the control over it though it's actually located elsewhere.

In short, this is an centralized, monolithic system of the horribly efficient type that telcos love. It tells any amateur to keep their hands off and do something else. Of course it's a system that hackers and phreakers hate, since it's limited to authorities. The filthy crowd do not know what is going on inside these exchanges, and the telcos like to keep it that way.

AXE also works with stored program control that resides inside the system core of every switching station. Of course this is all software, and of course State Telecom, upon building AXE, couldn't hold back their Big Brother tendencies.

The result is that every call made from anywhere to anywhere, is logged in a central computer. Now that's something! Not only did this equipment wipe out every possibility to box within Sweden, but it also removed all kind of phone privacy. In fact not only calls are logged, but ALL activity performed at your terminal. If you lift the handset, press a digit and hang up, time, date and the digit you pressed is registered. All this data is stored on magnetic tapes for 6 months.

Now, luckily Sweden has a strong Computer Privacy Act. You just aren't allowed to set up and use such facilities as you please, not even if you are the State Telecom. There is even a specific authority, "Datainspektionen" (The Computer Inspection Department) with the only purpose of looking after and preserve citizen privacy by protecting individuals from corporate and governmental interests. As a result State Telecom "Televerket" (which later changed name to "Telia" as they were transformed from an authority into a private corporation as of July 1st 1993) were not allowed to give out any of the information gathered in these registers to anyone else than either the calling or the receiving party. Not even the police could have this information in case they weren't suspecting a indictable crime resulting in at least 2 years of prison, such as drug trading or terrorism, and you don't get that kind of penalty for phreaking alone - at least not in Sweden.

But Telia could evade these restrictions. In order to successfully phreak using PIN-codes, you have to call an operator using a Swedish version of the 800-number: a 020-number. Telia could then claim the call was made to the owner of that number: AT&T, MCI & Sprint mostly. (There are of course Calling Cards in Sweden as well: "Telia Access" - neither used nor abused by anybody.) As well as these companies have their own intelligence agencies, so have Telia. Once eg AT&T had someone traced for phreaking, Telia could easily produce a complete list of calls made to AT&T operators from a certain number. Telia themselves would even use information they weren't allowed to: they would pull out a list of ALL outgoing calls from the phreaker in question including calls to MCI, girlfriends, mom, dad, grandma... all logged calls.

Telia would then call this poor phreaker to their local Swedish office, sticking the endless list under his/her nose, commanding: "TALK, or we will turn you in to the authorities", carefully not to mention that all information on the printout would be absolutely useless in court. The only conclusive evidence would in fact be those calls traced back all the way from America or wherever the phreaker called; in that way rigorously documented. Naturally, the common phreaker had no legal experience and wouldn't know about this. Instead he would talk, giving out detailed information on his/her techniques worthy of a full-time high-educated security consultant. After this session the phreaker was given a bill of the calls that could indeed be proven in court. If he/she didn't pay it - Telia (or any other operator) would end up turning him/her to the authorities anyway. So much for cooperation. Telia themselves would, if they felt it was necessary, go even further than the overseas operators, systematically exposing every weakness in the phreakers personal life, using the information in the computer log for psychological terror.

This pattern of treatment of Swedish phreakers seems to be very much the same among all telecom providers in Sweden. Lately Telia, under command of security officer Pege Gustavsson made some noteworthy mistakes though: in their efforts to convict as many phreakers as possible, they called up companies receiving calls from "suspicious" individuals, warning them about this or that person calling them over and over again. This could only mean Telia was also systematically monitoring some Swedish hackers and had formed some security group to carry out this probation. Normally this should have been kept quiet, as Telia are absolutely not allowed to form their own abuse police forces, but at some instance they happened to call up a security company using phreakers as informants. Of course this security company didn't like the idea of having "their" phreakers traced around, and the matter was brought to public attention. Many independent sources agreed that Telia had violated the Swedish Computer Act, and hopefully this brought an end to this wild tracing. You shouldn't be too sure though, since Telia themselves never confessed of doing anything illegal.

As you might have understood the Computer Act is quite an important factor in all legal discussions concerning Swedish hacking. This Act came out as a result of general attention focused upon the computers vs. privacy matter in 1973. As Sweden was one of the first countries to make use of computers in governmental administration, and as Swedish authorities were eager to register every possible piece of information, some politically influential individuals started a debate resulting in the founding of the Computer Act and the Computer Inspection Department. As a result Sweden is light years ahead of most countries when it comes to privacy matters. For example there is no problem in having the number identification possibilities on your line deactivated for good, and it won't cost you anything. You can also easily obtain free printouts from any computer register containing information on you, including the register at your local AXE-exchange.

To sum this article up I can draw the conclusion that even Sweden has had its handful of bright hackers, each category bringing their straw to the stack. Even though Swedish officials and companies would hardly admit it, these hackers have obviously been very important for this country, at least in forcing system managers, security officials, software producers, policemen, politicians and so on to think things over. Sweden has also attracted outside attention in some cases, and will probably keep doing so. If you should pin- point one group that has meant more to the Swedish scene than any other, it wouldn't be any of the H/P groups, but rather the cracking pioneers Fairlight - a well organized and world-famous warez producer.

Linus Walleij aka King Fisher / Triad

(Some handles have been changed to protect retired Swedish hackers from luser mail.)

Swedish readers may be interested in the fact that I'm currently writing a lengthy text in Swedish (a book actually) providing a closer look at Swedish hacking history, which will be released on hypertext and ASCII sometime later this year. Over and out from Sweden!