“At Ljudmila, we see ‘hacker’ as a positive word, with a positive meaning”
Luka Frelih is an artist from Ljubljana, Slovenia, working with computers and networks. In addition, he is a computer programmer, free software hacker, and web designer. He’s been a core member of Ljudmila -- the Ljubljana Digital Media Lab – since its founding in 1994. Ewen Chardronnet, the chief editor of Makery.info web magazine, asked him about his 25 years of hacking and creative activism at Ljudmila.
After visiting the PIF.camp summer hacker camp in August, organized in the beautiful Soča valley in the Slovenian Alps, Ewen Chardronnet came back in September to spend more time with the organizers in Ljubljana and took the opportunity to discuss Slovenian hacking history with Ljudmila co-founder Luka Frelih in the “hacker room” of their lab. Luka Frelih has been a key figure of the creative hacking scene in Slovenia and his work has been recognized in a European media art context in general. Frelih was instrumental in developing the net.art scene in Slovenia in the 1990s, as a key member of such pioneering net.art community projects as 7-11, Refresh, Remote-C, and the ASCII Art Ensemble. Luka Frelih was a member of the legendary Makrolab, an art & science mobile media lab project (1997–2007) initiated by Marko Peljhan and Projekt Atol Institute, which is where Ewen Chardronnet and Luka Frelih met for the first time. Together with other Ljudmila programmers he developed the SLIX (a Slovenian easy-to-use Linux) distribution and diverse free software tools to publish and manage multimedia databases on the web. In 2010, the Ljudmila Media Lab became the Ljudmila Art and Science Laboratory and was joined by a new generation of artists and DIYers who developed the Theremidi Orchestra, the Culture.si portal for international cooperation, and the Kulturnik.si (a metasearch engine and cultural news and events aggregator) among many other activities. In 2017, Ljudmila teamed up with the Projekt Atol Institute and Delak Institute to establish Osmo/za, a new collaborative space in the very center of Ljubljana, where Luka Frelih continues to dedicate his energy to Ljudmila projects now more than ever.
Ewen Chardronnet: Could you tell us a little about the cultural context surrounding the beginnings of hacking in Slovenia?
Luka Frelih: The second half of the ‘80s, with the Spectrum and Commodore 64, was the first time when many people wanted to have computers. They were finally affordable, relatively cheap, and you could basically start programming and playing games on them at home. At the beginning, it was not possible to buy them in Yugoslavia, nor was it possible to import them, except with very specific companies selling them for a lot of money of course. So, we imported them anyway. People would go to Austria or sometimes even to Munich. They would buy the computer there, hide it in the car, and bring it over. The tunnel at the Ljubelj mountain pass was a typical place where people smuggled them, since the Austrian and Slovenian border patrols couldn’t see one another from opposite sides of the tunnel. If you were unlucky and they found it, they could take it away, or make you pay customs tax on it, but they were small computers and the border police did not always look so closely. You could also buy them here from people who smuggled them – through classified ads in the paper for instance. It’s how my parents bought me my first computer, a Commodore 64, from someone who brought two over the border and just sold one of them.
Is that how you started programming?
Yes. These computers all had BASIC built in, so learning to program was pretty easy and obvious. The most popular software for them were games. You could buy pirated games on cassettes tapes. Every Saturday they were on sale at the market, but also the computer magazines had big classified ad sections with probably 80% pirated software and 20% smuggled computers. This was really important and basically the only way to buy software here. One particular thing about Ljubljana is Radio Študent, a student radio station created in 1969 (it still exists). Every day before the start of the program and after it was over (the program lasted about 12 or 14 hours a day) they played the sound of computer games, usually for ZX Spectrum. So, you could record these beeps and bleeps to a cassette and have a new game every day from the radio. This was really not prosecuted, you couldn’t buy these games here legally anyway and we were not a big market. Radio Študent and Moj Mikro Magazine were among the few who published original Slovenian software while at the same time supporting piracy, it was a kind of wild west era for copyrights on computer programs. This smuggling went on into the PC era and soon there was even a shop on the other side of the border, a Slovenian shop. Eventually the prohibition ended, and customs fees were lowered so companies started to import PCs from Taiwan, usually in parts and they were assembled in Slovenia. Then people didn’t need to go across the border, but this took 6 or 7 years before we could buy them in Slovenia. But still it was these white label boxes, they didn’t have the brand names on them – those were really expensive compared to the white boxes. Most of the parts – motherboards, controller cards, cases – were coming from Taiwan.
When did the first hacking communities appear then?
The stories of hackers start with the beginning of public internet, 10 years after home computers came on the scene, so in the second half of the ‘90s. After the BBSs (Bulletin Board Systems) became internet providers, it was also the time when Ljudmila started. In 1994, we built our first website and there was already the academic provider, ARNES – Academic Research Network of Slovenia, where you didn’t pay for access, but you had to pay for the phone time. On the commercial provider of Telekom, SIOL – Slovenia Online, you didn’t pay for the phone time, they had free numbers, but you paid for the internet time. So, a hacker found a way to steal user names and passwords from SIOL and started to trade them. Basically, this was a way to afford more time on the internet, because you wouldn’t pay yourself but somebody else would get a bill for your internet time. There was a bit of a fight between the telecom admins and the guy who discovered this loophole. Then there were other people who exploited this to steal the passwords and sell them and tried to make some money. This was the first wave of hacking on the internet.
Why was Ljudmila created?
Ljudmila was created by an initiative of the Open Society Institute (Soros Foundation), as a response to artists who wanted to have a space where art, technology, and knowledge could come together. So, this became the Ljubljana Digital Media Lab – Ljudmila. In the beginning it was a group of many artists expressing a wish to work with technology, but they needed know-how, and I was one of the hackers/programmers who joined this initiative and was familiar with technology. Marko Peljhan and Vuk Ćosić were the two artists who were the most active in the beginning, doing some projects, learning how to make websites, setting up our first space, teaching other artists how to make websites.
Because the foundation, even before that, was already funding communication equipment for schools on the ARNES network, ARNES then gave Ljudmila free access to the internet. We bought a leased line and put our servers and routers on our end, but they gave us connectivity. At that time, we also had our own dial-up servers that people could call and get online. They would only pay for phone bills, like the ARNES service, but the use time was for free, email was for free, web hosting was all for free. And because artists and cultural organizations couldn’t get accounts via ARNES directly, this was a kind of hack, a bypass – for culture, NGOs, and activists of different kinds – to get on the early web and email through Ljudmila. Now the Ministry of Culture also finances ARNES, so you can officially get ARNES usernames and services, but at that time it was not possible directly.
Could you tell us some typical hacker stories of the times?
One of the very popular things to do on the internet at that time was IRC, especially for young people. The cool thing on IRC was to be an “Op,” the operator of a channel, because you could kick out annoying people. Basically, you had the power there. Some of them learned how to do DOS – Denial of Service – against each other, to basically push them off the internet for a short time, and when the Op disconnects from a channel, you can become the Op yourself and take over. A few kids got really good at this and they were also hacking computers abroad to use them in these DOS attacks, as you would need lot of machines with good internet to send lots of packets to a specific IP, overload it, and take over their channel. One time, one of these guys, who was nicknamed SENSEI, basically attacked the main Slovenian provider SIOL to protest the admins refusing to stop the attacks against him. He called them saying “I’m being attacked, do something, my internet is not working.” They said “Well, you get what you asked for, so suffer.” So basically, he disabled their domain name system servers, DoSing them for a few days and a lot of customers were affected. For SIOL this was of course not acceptable, and they cut him off, but they didn’t want to lose him as a customer, so in the end they isolated him from the foreign networks and blocked his international internet. He then couldn’t hack others, but that also meant others couldn’t hack him by using computers outside Slovenia. He was OK with that as he was interested anyway in the IRC network in Slovenia and was now mostly immune to DoS attacks. In the end, it was a situation where everybody was happy.
What are these people doing now?
A lot of these guys found jobs as security specialists or developers. This first guy who was stealing passwords, who found the loophole to steal these passwords was actually working at the help desk at ARNES. So, quite a competent guy who had a bit too much free time. And the SENSEI was basically a kid in primary school. I would say most of the hackers of Slovenia were not interested in making money, but in discovering things, proving their competence, showing off their knowledge, maybe finding some loophole, and bragging afterwards.
There are two other stories of Slovenian hackers that are interesting and quite typical, and illustrate these attitudes.
In 2004, “Slonček” – a 16 year old – founded Suprnova.org, which for a couple of years was the most popular Bittorrent search engine in the world. But two years later, when the police knocked on his door, he quickly decided to shut down the site. By then, other similar sites, like The Pirate Bay, were around and better prepared to stand up to legal threats.
Another, less funny story, begins in 2013. Dejan Ornig was hired by our police to hack, spy, and inform on the email, Facebook, and other internet accounts of more than 300 “people of interest.” At this time, he also found out that the police were using their “secure” radio system Tetra in a not really secure way, and warned them. After a while, when they didn’t seem to care, he told the media about it, and that got him prosecuted for hacking the system. At this time, besides Ornig, it seemed also that the two police officers that hired him are being prosecuted, but the outcome is currently unknown.
But there are some counter-examples, right?
Yes, one counter-example happened around 2008, when a Slovenian wrote a malware called the Butterfly Bot. It was used by a Spanish criminal group to create the Mariposa Botnet. The Slovenian made this virus bot, then started selling it on the underground market and would get paid via Western Union or bank transfer to his girlfriend’s bank account. And because the Spanish group infected more than a million computers all over the world with this botnet eventually the FBI bought this software and traced the money to a bank account in Slovenia. The Slovenian police found this guy, with the pseudonym “Iserdo” aka Matjaž Škorjanc, who was a more typical cyber-criminal, doing it for the money, and he didn’t want to stop. Even when they took all his computers, the next day he went to a shop and bought new ones with a lot of cash. When the NSA supposedly wanted to hire him and send him to Hawaii, the now famous workplace of Snowden, he just told them to fuck off. They came twice to his place, took all his computers, but they had a hard time finding evidence. In the end, they managed to prosecute and convict him. He spent 5 years in prison in Slovenia.
Slovenia does not extradite their citizens, contrary to what happened to Guccifer, the Romanian guy who was extradited. But Guccifer was doing more politically visible hacks, probably not for money, unsure of his own motivation, but probably trying to uncover some corruption or conspiracies. Iserdo was just doing malware for money.
After getting out of prison in 2014, Iserdo founded a cryptocurrency mining aggregator NiceHash, now infamous for having 4700 Bitcoins stolen from their wallet in 2017 (worth $64 million at the time).
And just this month (October 2019) he was arrested in Germany on reopened charges coming from the USA related to Mariposa Botnet and the Darkode cybercrime forum. So anyway, it seems his luck has still not turned around yet, nor has he come around.
What is the Ljudmila definition of a “hacker” then?
At Ljudmila, we, from the start, were using the word “hacker” for a creative person who uses or misuses technology, not the malevolent hacker that we call a “cracker.” We see it as a positive word, with a positive meaning. We use it to describe ourselves – we are hackers, and we’re doing this interview in the hacker room, where programmers work, and we have a hacker camp, which is the PIFcamp, where art and technology come together for experimentation, making prototypes of projects, building an international community, having fun, etc. But most of the hacker scene in Slovenia goes into the infosec business, and we can call them “white hat hackers,” or the ones more active in the media, the “hacktivists,” basically protesting against trade agreements like ACTA, trying to fight for a fairer copyright regime through networks like Creative Commons, or using Free Software, or building free communications like WLAN mesh networks.
For instance, Lugos, the Slovenian Linux Users group had a place for a long time called Cyberpipe (Kiberpipa), a very important place for hacker culture, really active with a lot of young talent, at least until most of them went to the start-up world. Then they also lost their space, and most are now a bit older and need jobs, so they are not as visible anymore. One group from Cyberpipe is the Computer Museum, that finally got a new space last year, and are now renovating it to bring their project of collecting old computers and computer archeology into a more public view again.
There was also a brief period when the State, in early 2000s, and its Ministry for Information Society were supporting Free Software and Linux projects, for example translations. Even at Ljudmila we did SLIX, Slovenian Internet Linux distribution which was focusing on an easy-to-use desktop in Slovenian. But after a few years they reformed into something dealing mostly with government infrastructure and now for a decade there is almost no funding for these kinds of Information Society NGOs, despite it being an important field of society, relating to autonomy, privacy, fairness, against the kind of “Silicon Valley” surveillance capitalism. At Ljudmila we still have our own email and web servers, but this is becoming less and less relevant against big centralized services like Facebook or Gmail that, today, probably have about 90% of Slovenians as customers. There are probably similar stories in all of ex-Yugoslavia.
So what’s next?
There are a lot of people who are now veteran internet and free software hackers, who still have ideals, but we are a small minority against commercial developments. Everybody now has an Android or iPhone, nobody asks how it works, what it’s gathering, why, who profits.
I am not very optimistic about the ability of the EU, and especially our country, to have a viable sovereign or autonomous infrastructure. Even some theoretically good laws like GDPR, or the first attempt at a cookies directive, while they are well intentioned, trying to do good, they have two consequences: one is mostly annoying people, making a lot of money for lawyers in the process, without any big changes, and as well, the big companies actually end up finding a legal way through the small print to do these things anyway.
And with the new directive on copyright, that was first rejected but then passed in the second vote, and that now has to be implemented in EU countries, I think it is getting worse and worse. We are more and more in a vulnerable position. Nobody is policing these laws day to day, but if you do something disruptive and become visible, they will always be able to find something on you, and put the pressure on. Somehow you are permanently breaking the law, but nothing happens until you become their problem and then you can easily be punished and silenced.
In a way, it is the same with privacy as with copyright. There is no big internet industry in Slovenia, the copyright industry is also really small, because of it is a minor language, and I don’t think it is going in a good direction. We will pay more and more to American copyrights and give more and more of our data to the American internet.
What do you think of the economic war between China and the US? For instance, the next Huawei, the Mate 30, will come out without Android and Google.
Some hackers may like it if they don’t come by default with Google! But most of the people will want their Facebook and their Instagram, their YouTube. I always say, if YouTube had not been bought by Google it would have been banned very quickly. But because Google bought it, the US made a special law lo legalize YouTube. In Europe, the laws are not as clever – they don’t make the emergence of an industry as possible or as easy. Of course, they’re trying to push back against Silicon Valley, but they also make things even more difficult for small initiatives here in Europe. Even if it doesn’t bring about problems directly it creates uncertainty that you’re taking a larger and larger risk to do something illegal by providing autonomous services because of all these laws.
The next fight is the G5 mobile network. Who will implement it? Will it be implemented in every fridge and toaster? In every power meter? What does this mean? Somebody will be able to figure out when you get up, when you make your coffee, what movies you are watching even, just with the amount of electricity you use at a certain second.
This will also be used to survey illegal work on machines at night in basements, or independent farmers, or even for people growing hydroponic weed in their flats...
Yes, privacy is going away in many many ways we don’t realize yet. The problem is first that people want these things, they want the phones and the apps and easy-to-use communications, and second, it makes money. Even a good government would have a hard time stopping something that makes a lot of money, as it also brings taxes, and that helps them to be re-elected...
More about Luka Frelih: https://wiki.ljudmila.org/Luka_Frelih_CV
And about Ljudmila Art & Science Laboratory: https://wiki.ljudmila.org/Main_Page
Ewen Chardronnet (France) is an author, journalist, curator, and artist. Ewen Chardronnet is currently acting as chief editor of Makery.info magazine, a magazine on DIY culture and creative communities in French and English. Since the early 90s, he has participated in many artistic endeavors and published as an essayist in numerous publications. He has lectured extensively and has served on various boards and committees in the field of art and technology. He is co-founder, along with the artist group Bureau d’études, of The Laboratory Planet a journal and performance collective. His last publication is a nonfiction narrative on a secret history of the American space program (Mojave Epiphanie, Inculte, March 2016).
Luka Frelih is an artist working with computers and networks, a computer programmer, free software hacker and web designer. He's been a core member of LJUDMILA – Ljubljana Digital Media Lab since its founding in 1994.
He is one of the developers for Culture.si and Kulturnik.si cultural information portals run by LJUDMILA.
He has taken part in many collaborations connecting technology and art. Member of Makrolab, ASCII Art Ensemble, and pioneering net.art community projects such as: 7-11, Refresh, and Remote-C. in addition, he programmed the instant ascii camera, a net art generator, and more than one web map interface for positioned radio-linked roaming agents. Together with other Ljudmila programmers he developed the SLIX (Slovenian easy to use Linux) distribution and diverse free software tools to publish and manage multimedia databases on the web.