==Phrack Magazine==
Volume Seven, Issue Forty-Eight, File 2a of 18
Phrack Editorial
by
Erik Bloodaxe
This may very well be my last Phrack editorial, since I'm no longer going to
fill the day-to-day role of editor, so I figure I ought to close out my
crusade to piss everyone off.
I don't like most of you people. The hacking subculture has become a
mockery of its past self. People might argue that the community has
"evolved" or "grown" somehow, but that is utter crap. The community
has degenerated. It has become a media-fueled farce. The act of intellectual
discovery that hacking once represented has now been replaced by one of
greed, self-aggrandization and misplaced post-adolescent angst.
DefCon IV epitomized this change in such amazing detail, that I can only hope
to find words to describe it adequately. Imagine the bastard offspring
of Lollapalooza and a Star Trek convention. Imagine 300+ people out of their
homes, and away from Mother's watchful eye for the first time in their
pathetic lives. Imagine those same people with the ego of Rush Limbaugh and
the social skills of Jeffrey Dahmer, armed with laptops loaded with programs
they can't use, and talking at length to reporters about techniques they
don't understand. Welcome to DefCon.
If I were to judge the health of the community by the turnout of this
conference, my prognosis would be "terminally ill."
It would seem that "hacking" has become the next logical step for many people
looking for an outlet to strike back at "something." "Well, gee, I've already
pierced every available piece of skin on my body and dyed my hair blue...what
on earth can I do now to shock my parents? I know! I'll break some federal
laws, and maybe get my name in the paper! THAT WOULD BE COOL! It'll be
just like that movie!"
I hate to burst everyone's bubble, but you are so fucked up.
In this day and age, you really don't have to do anything illegal to be
a hacker. It is well within the reach of everyone to learn more, and use
more powerful computers legally than any of us from the late 70's and early
80's ever dreamed. Way back then, it was ALL about learning how to use these
crazy things called computers. There were hundreds of different types of
systems, hundreds of different networks, and everyone was starting from ground
zero. There were no public means of access; there were no books in stores or
library shelves espousing arcane command syntaxes; there were no classes
available to the layperson. We were locked out.
Faced with these obstacles, normal, intelligent, law-abiding adolescents from
around the globe found themselves attempting to gain access to these
fascinating machines through whatever means possible. There simply was
no other way. There were no laws, and yet everyone knew it wasn't strictly
kosher behavior. This fact added a cheap rush to the actual break-in, but
the main drive was still simply to learn.
Now, with the majority of operating systems being UNIX-based, and the majority
of networks being TCP/IP-based the amount of knowledge to be gathered has
shrunk considerably. With the incredibly low prices of powerful personal
computers, and the free availablity of complex operating systems, the need
to break into remote systems in order to learn has been removed. The only
possible needs being met by remote intrusions would be a means to gather
specific information to be sold, or that base psychological rush from doing
something forbidden and getting away with it. Chasing any high only leads
to a serious crash, and in the case of breaking into computers, that
only leads to jail.
There is absolutely nothing cool about going to jail. I know too many
people who are currently in jail, who have been in jail, and some who are
on their way to jail. Trust me on this, people. You will not be
respected by anyone if you act rashly, do something careless and
end up being convicted of several felonies. In fact, all of your "friends,"
(those who didn't get busted along with you, and turn state's evidence against
you) will just think you were a moron for being so sloppy...until they also
get nailed.
Get raided and you will almost certainly spend time in jail. Even once you
are released, you will lose your passport and your ability to travel freely,
you will lose your ability to do business in classified environments, you
will become unemployable by most companies, you may even lose your rights to
use computer or networking equipment for years. Is is still worth it?
I break into computers for a living, and I love my job. However, I don't
kid myself about just how lucky I really am. Don't fool yourselves into
thinking that it was easy for me to achieve this, or that anyone else can
easily slip into such a role. Staking out a claim in the information security
industry is a continual battle for a hacker. Your past will constantly
stand in your way, especially if you try to hide it and lie to everyone.
(Read the recent Forbes ASAP article and spot the hacker from Garrison
Associates lying about his past, although he was raided for running
the Scantronics Publications BBS in San Deigo just a few short years ago.
Shame on you Kludge.)
I've never lied about anything, so that can't be held over my head. I've
never been convicted of anything either, although I came closer to jail
than hopefully any of you will ever experience. The ONLY reason I avoided
prison was the fact that law enforcement was not prepared to deal with
that type of crime. Now, I've taught many of those same law enforcement
agencies about the nature of computer crimes. They are all learning and
not making the same mistakes any more.
At the same time, the technology to protect against intrusions has increased
dramatically. Technology now exists that will not only stop attacks, but
identify the attack methodology, the location of the attacker, and take
appropriate countermeasures all in real-time. The company I work for makes it.
I've always said that anything that can stop me will stop almost anyone,
even through I'm not anywhere close to the world's best. There simply
aren't that many things to monitor, once you know what to look for.
The rewards have diminished and the risks have increased.
Hacking is not about crime. You don't need to be a criminal to be a hacker.
Hanging out with hackers doen't make you a hacker any more than hanging
out in a hospital makes you a doctor. Wearing the t-shirt doesn't
increase your intelligence or social standing. Being cool doesn't mean
treating everyone like shit, or pretending that you know more than everyone
around you.
Of course, I'm just a bitter old sell-out living in the past, so
what do I know?
Well, what I do know, is that even though I'm one of the few screaming about
how fucked up and un-fun everything has become, I'm not alone in my disgust.
There are a bunch of us who have reached the conclusion that the "scene"
is not worth supporting; that the cons are not worth attending; that the
new influx of would-be hackers is not worth mentoring. Maybe a lot of us
have finally grown up.
In response, expect a great many to suddenly disappear from the cons. We'll be
doing our own thing, drinking a few cool drinks someplace warm, and reflecting
on the collective pasts we've all drawn from, and how the lack of that
developmental stage has ruined the newer generations. So those of us
with that shared frame of reference will continue to meet, enjoy each
other's company, swap stock tips in the same breath as operating system
flaws, and dream about the future of security.
You're probably not invited.