The latest hacker scandal left egg on the face of the New Republic and won kudos for the Forbes online news service. It revolves around the publication of a story in the New Republic, which illustrated how a 15-year-old hacker, Ian Restil, was extorting money from a computer company, Jukt Micronics. As reported, Restil broke into a database of a software company and demanded money, presumably threatening to destroy or otherwise compromise Jukt's data. Of course, he requested what any 15-year-old kid would -- comic books, subscriptions to Playboy and Penthouse and a Mazda Miata. The Miata should have been a tip off. At 15, Ian wouldn't be old enough to drive.   But that is just the tip of the iceberg. Ian doesn't exist, neither does Jukt Micronics. The article, 'Hack Heaven,' written by Stephen Glass for the New Republic, was a complete and utter fabrication.   While it is interesting to note that it was the online journalists that caught this, it is perhaps more interesting to explore the reasons why the print journalists didn't. In fact, I suspect that the online folks, who are generally more computer savvy than their print counterparts, probably would have missed the phony story if Glass hadn't included names or had been just slightly less sensationalistic in his descriptions. As written, Glass's piece confirms just about every stereotype about hackers. And just about every one of those stereotypes is, like the article itself, pure fabrication.   While hackers might be clever programmers, tricksters or intruders, they are terrible criminals. Most hackers who commit crimes (apart from hacking) get caught. Hackers may know a whole lot about UNIX and TCP/IP, but they know almost nothing about how to commit crimes. When hackers do commit crimes, such as 'carding' (using stolen credit cards to purchase computer software or hardware, for example), they usually get busted -- as they usually leave trails behind them like slugs on a sidewalk. Most of them know that messing with banks, the government or the military is also a one-way ticket to a Federal indictment. Some, even most, hackers engage in some 'gray market' purchasing or manage free long-distance calling, but for the most part, their antics are relatively harmless. One hacker, who discovered that Pizza Hut was run on a UNIX system with a remote dial-in number, was obsessed with discovering how he could hack his way to free pizza -- not your typical threat to national security.   The fact of the matter is that extortion doesn't even occur to these guys. Most of them would have no interest. The ones that would are smart enough to know that if the U.S. Attorney's office is willing to indict Kevin Mitnick on 25 Federal counts for just looking at someone else's proprietary software (for which he could face 200 years if convicted), then they would have no problem taking down an extortionist and putting him away for a long, long time. In the underground, it is considered stupid to profit from your hacking, out of a sense of conformity to a kind of hacker 'ethic,' but also because once money is involved, the risks of getting busted grow astronomically. Besides, there are better, legitimate, ways for hackers to make money.   Most hackers who stay in the scene past high school or college eventually turn their attention to other issues of security, as well. Hackers who really know what they are doing can make big bucks consulting, setting up secure systems for companies, offering security briefings and even running security audits to help companies make their machines more secure. If hackers are going to make money, they are going to do it that way. And there is no ethic that prohibits hackers from taking money from big corporations for showing them how to close a few well-known security holes or explaining how other hackers might try to break in.   Last year at DEFCON, the annual hacker convention in Las Vegas, there were rumors that IBM was looking to hire hackers with six figures starting salary. Some of the high-profile hackers held a 'black hat briefing,' in which representatives from major industry companies, the government and law enforcement each paid $1,000 a head to hear hackers update them on the latest holes, breaches and risks in their own software. By industry standards, they got off cheap. Needless to say, the room was packed.   So where do these mythical images of hi-tech criminals come from? The most obvious answer is popular culture. Movies like War Games, The Net, Hackers and Sneakers all have heavily influenced perceptions of hackers, both in the popular imagination and to hackers themselves. Even though the origin is the same, hackers and the general public view these images quite differently.   Undoubtedly the most significant images of the hacker came from Matthew Broderick's portrayal of hacker David Lightman in War Games, a movie in which the young hacker inadvertently almost starts World War III from an old IMSAI computer in his bedroom. Ever since that movie was released, the image of the hacker has been inextricably bound to fears of national security. When news of the Pentagon hacks broke last month, news shows all over the country opened their stories with clips from War Games. It has become part of the national vocabulary about hackers.   The movie also heavily influenced a generation of hackers. Interestingly enough, however, they paid far less attention to the hacking of NORAD, WOPR and World War III than they did to an earlier scene in which the film's protagonist hacks into his high school's computer and changes a biology grade from an F to an A. For most hackers, that was the hook.   But there is a second, more important, reason why the New Republic story made it as far as it did. Glass's hyperbole was merely the logical extension of what has been happening in reporting on hackers over the past 15 years. The only stories that ever get reported are stories that are sensational. That is, of course, the nature of the news. But even the highest profile hacker cases aren't really that sensational.   Those who have followed Kevin Mitnick's case might remember that he was branded a 'darkside' hacker in the early 1980s. In some ways, it was a charge from which he never recovered. There just isn't enough grist for a news story about a bright kid's creativity, impulse to explore or puckish nature. But there is a story once he is turned to the 'darkside.' One half expects Darth Vader to put in an appearance, 'I am your father, Kevin, search your feelings, you know it to be true ...' Voila, instant story. Even a book like Jonathan Littman's 'The Watchman,' which details the hacking career of Kevin Poulsen, bears the subtitle: 'The Twisted Life and Crimes of Serial Hacker Kevin Poulsen.' A serial hacker? Most of us associate the word 'serial' with crimes of a much grislier nature -- serial rapist, serial murderer, etc. There is no doubt that such associations have continually upped the stakes for the continuation of stereotypes about hackers.   When Glass fabricated his story about a 15-year-old's hi-tech extortion, including the allegation that hackers have begun to retain agents to broker deals for them while law enforcement looks the other way, he pushed the boundaries of exaggeration and hyperbole too far. The issue with Glass's piece isn't that he fabricated, but that he fabricated to the point at which we could no longer ignore it. Most stories about hackers are rife with hyperbole and, more often than not, omissions of context or fact that would give a more balanced and less alarmist perspective. Glass's article was only different in degree. To that end, we might all be thankful that Glass has brought to light what has been going on all along.