mirror of
https://github.com/fdiskyou/Zines.git
synced 2025-03-09 00:00:00 +01:00
350 lines
17 KiB
Text
350 lines
17 KiB
Text
==Phrack Inc.==
|
|
|
|
Volume 0x0c, Issue 0x41, Phile #0x0d of 0x0f
|
|
|
|
|
|
|=-----------------------------------------------------------------------=|
|
|
|=-----------------------=[ The Underground Myth ]=----------------------=|
|
|
|=-----------------------------------------------------------------------=|
|
|
|=---------------------------=[ By Anonymous ]=--------------------------=|
|
|
|=-----------------------------------------------------------------------=|
|
|
|
|
|
|
1 - Hacker's Myth
|
|
2 - The Security Industry
|
|
3 - Black Hat, Two Faces
|
|
4 - Technology
|
|
5 - Criminals
|
|
6 - Forgotten Youth
|
|
7 - The Forward Link
|
|
|
|
-------------
|
|
Hacker's Myth
|
|
-------------
|
|
|
|
This is a statement on the fate of the modern underground. There will
|
|
be none of the nostalgia, melodrama, black hat rhetoric or white hat
|
|
over-analysis that normally accompanies such writing.
|
|
|
|
Since the early sixties there has been just one continuous hacking
|
|
scene. From phreaking to hacking, people came and went, explosions of
|
|
activity, various geographical shifts of influence. But although the scene
|
|
seemed to constantly redefine itself in the ebb and flow of technology,
|
|
it always had a direct lineage to the past, with similar traditions,
|
|
culture and spirit.
|
|
|
|
In the past few years this connection has been completely severed.
|
|
|
|
And so there's very little point in writing about what the underground
|
|
used to be; leave that to the historians. Very little point writing
|
|
about what should be done to make everything good again; leave that to
|
|
the dreamers and idealists. Instead I'm going to lay down some cold hard
|
|
facts about the way things are now, and more importantly, how they came
|
|
to be this way.
|
|
|
|
This is the story of how the underground died.
|
|
|
|
---------------------
|
|
The Security Industry
|
|
---------------------
|
|
|
|
Then in the U.S. music scene there was big changes made
|
|
Due to circumstances beyond our control... such as payola
|
|
The rock n roll scene died after two years of solid rock
|
|
- The Animals, circa 1964
|
|
|
|
There is little doubt that the explosion of the security industry has
|
|
directly coincided with the decline of the hacking scene. The hackers
|
|
of the eighties and nineties became the security professionals of the
|
|
new millennium, and the community suffered for it.
|
|
|
|
The fact is that hackers, mostly on an individual basis, decided to
|
|
use their passion as a source of income. Whether this is good, bad,
|
|
or just pragmatic is completely irrelevant. Nearly all the hackers that
|
|
could get jobs did. For the individuals that decision has been made (for
|
|
better or worse), and in general there's nothing that will change this.
|
|
|
|
This was a hacker exodus. What really mattered was not the loss of any
|
|
individuals, but the cumulative effect this had on the underground. The
|
|
more hackers that left the underground for a corporate life, the fewer
|
|
that came in. And those who stayed became entrenched, increasingly
|
|
disconnected.
|
|
|
|
Collaboration in this new age of career hackers has all but ceased to
|
|
exist. Individuals are now obsessed with credit. For their career, for
|
|
their standing in the community, it must be absolutely clear who this
|
|
research, this vulnerability, or even this opinion belongs to.
|
|
|
|
There is no trust in this corporate community; an underground issue
|
|
greatly amplified by corporate motivations. A single person can go months
|
|
or even years without telling anyone exactly what he is working on, and
|
|
whats more, will be genuinely worried about someone "publishing" their
|
|
results before him. There is no respect for the information he holds,
|
|
no belief that information should be free, no belief that research should
|
|
be open. All that matters is credit; all that matters is fame and money,
|
|
their career.
|
|
|
|
This is purely the fault of the security industry, who has exploited
|
|
and cultivated this culture, designed it for their needs. The truly sad
|
|
thing is that the corporate security world hasn't realized that they are
|
|
sitting on a gold mine, and as a result the mine is likely to collapse;
|
|
and likely to take their industry down with it.
|
|
|
|
The security industry uses information as its sole commodity, information
|
|
about insecurity. Who has the information, and who doesn't is what
|
|
makes this economy work. Whats more, the economy has been founded on
|
|
the continued output of a finite group of hackers. For the most part,
|
|
founded on those hackers that came out of the underground scene at their
|
|
technical prime.
|
|
|
|
But these hackers are not going to continue their production
|
|
indefinitely. They will lose their technical edge, move on to other
|
|
industries, perhaps climb the ladder up to management, and then
|
|
retire. The question is, then what? Then it will be up to the new wave
|
|
of young security professionals, whose motivation is as much financial
|
|
as it is passion for the technology and the thrill of the hacking game.
|
|
|
|
To imagine that these new wave office workers, university trained and
|
|
disinterested, can match the creative output of a genuine hacker is
|
|
laughable. The industry will stagnate under these conditions. The rapid
|
|
technical advancement we have seen will end, no more breakthroughs:
|
|
no more new security products or services. Just the same old techniques
|
|
being rehashed again and again until the rock has been bled dry.
|
|
|
|
I am trying to show you the symbiotic nature of the security industry
|
|
and the hacking scene. Industry needs insecurity to survive, there is
|
|
no doubt about this. A secure and stable Internet is not profitable for
|
|
long. Hackers provided instability, change, chaos. So the industry became
|
|
a parasite on the hacking scene, devouring the talent pool without giving
|
|
anything back, not thinking of what will happen when there are no more
|
|
hackers to consume.
|
|
|
|
For this reason, the security industry, much like the hacker underground,
|
|
is doomed, perhaps even destined for failure. But for now, all that
|
|
matters is that we have a thriving industry and...
|
|
|
|
A hacker underground proclaimed to be dead.
|
|
|
|
--------------------
|
|
Black Hat, Two Faces
|
|
--------------------
|
|
|
|
It would be easy to lay the blame squarely on the shoulders of the
|
|
security industry. A lot of people have. Unfortunately, its not that
|
|
simple. Perhaps the underground could have survived without the lure of
|
|
a six figure job, but one thing should be made clear. The self-proclaimed
|
|
black hat movement does nothing to help.
|
|
|
|
Various black hat groups have claimed to be the voice of the underground,
|
|
but the black hat scene was only ever a pale imitation of the actual
|
|
underground. The underground wasn't at all interested in public
|
|
self-aggrandizement, but this is all the black hats ever did. All that
|
|
their various rants and escapades accomplished was to show how desperate
|
|
they actually were for fame and recognition.
|
|
|
|
But whats worse, while they often talk a big game, they very rarely have
|
|
the pedigree to back it up. This is mostly because these self-proclaimed
|
|
black hats are really just as self-serving as the white hats they pretend
|
|
to detest. With few exceptions, those black hats that aren't already
|
|
working in the security industry are those that don't have the skills
|
|
to cut it.
|
|
|
|
The entire anti-security theme was simply embarrassing. This was just the
|
|
black hat movement admitting that they couldn't step up and represent
|
|
in an increasingly technical world. Where once hacking skill commanded
|
|
respect, now the black hats were promoting misinformation in order to
|
|
make what few hacks they managed to pull off easier. They couldn't step
|
|
up to a challenge, they couldn't outsmart the white hats they so detest.
|
|
|
|
This ineptitude and misguided fervor of the black hat scene had a
|
|
massive negative impact on the hacking underground. The true voice of
|
|
the underground was lost behind the noise and drama, until the voice
|
|
became a whisper.
|
|
|
|
And then eventually fell silent.
|
|
|
|
----------
|
|
Technology
|
|
----------
|
|
|
|
The very nature of technology, a dynamic and intractable force, had a lot
|
|
to say in the demise of the hacking world. In many cases, if a black hat
|
|
had been active 5 or 10 years earlier they would have been technically
|
|
competent and may well have contributed significantly. This is because
|
|
with the utmost respect, and despite all the nostalgia, hackers of the
|
|
past had it easy.
|
|
|
|
In the early years, the problems hackers faced were largely related to the
|
|
availability of information. Isolated groups of people had their tricks
|
|
and techniques, and sharing this information was problematic. This is
|
|
in direct contrast with the situation today, where there is an excess
|
|
of information but a void of quality.
|
|
|
|
As a result of many differing factors, the world is becoming aware of the
|
|
threats posed by lax security. When there is money at risk, steps will
|
|
be taken to protect those assets. We see now an increasing move towards
|
|
technical security mechanisms being employed as part of a defense in
|
|
depth strategy, and as a result, to be a hacker today requires immense
|
|
technical ability in a broad range of disciplines. It takes years of
|
|
individual study to reach this level.
|
|
|
|
But unfortunately, fewer and fewer people are willing, or indeed capable
|
|
of following this path, of pursuing that ever-unattainable goal of
|
|
technical perfection. Instead, the current trend is to pursue the lowest
|
|
common denominator, to do the least amount of work to gain the most fame,
|
|
respect or money.
|
|
|
|
There has also been an increasingly narrow range in what is published. In
|
|
part this is because of the lack of accessibility of certain systems
|
|
(through obscurity or price), but this is also increasingly dictated by
|
|
fashion. In a desire to fit in with the community, to be accepted in
|
|
to conferences, to be seen doing the right things in the right places
|
|
with the right people, researchers are all too happy to slot in to this
|
|
pattern of predictable and narrow progress.
|
|
|
|
And even then, the standards of what makes acceptable research, or for
|
|
what makes a vulnerability interesting, drops with every year. The gap
|
|
between offensive research and defensive implementations continues to
|
|
grow, to the point where public vulnerability research has become a
|
|
parody of what it once was, a type of inside joke.
|
|
|
|
There is no creativity, no sense of arcana anymore.
|
|
|
|
---------
|
|
Criminals
|
|
---------
|
|
|
|
From Operation Sundevil to cyber terrorism. The criminalization of
|
|
computer hacking and, by association, computer hackers had a devastating
|
|
impact on the underground. Hacking was criminalized in two ways, both
|
|
of near equal importance: by legislation of computer crimes, and by the
|
|
new trend of genuine criminals using hacking as a method for fraud.
|
|
|
|
There should be a clear separation between these two things. The fact
|
|
that the underground collectively became criminals under the law for
|
|
what they had been doing for, in some cases, decades. And the fact that
|
|
in public perception, even among professionals that should know better,
|
|
there was very little distinction between a genuine hacker and those
|
|
criminals using hacking purely as a method for profit.
|
|
|
|
Indeed, little of what organized crime and terrorist/activist groups
|
|
are doing could justifiably be labeled hacking. It is simply convenient
|
|
to make this simplification, in media and in industry. The security
|
|
industry knows the difference, but they have no economic interest in
|
|
there being any clarity on this point. Any sort of hacking, anything
|
|
they can sensationalize enough to scare their profit margin up suits
|
|
them perfectly.
|
|
|
|
For the underground, these issues largely affected individuals, not the
|
|
broader structure of things. Each person had to make a personal decision
|
|
on whether it was worth 1) being seen as a criminal under the law and
|
|
2) being seen as a criminal in public perception. Why should the hacker
|
|
face this when such an easy, safe, respectable alternative is available
|
|
in the security industry?
|
|
|
|
Even the term black hat has been twisted into something more closely
|
|
aligned to organized crime. For all their faults, black hats were not
|
|
(in theory) motivated by this type of money.
|
|
|
|
It comes down to an aging hacking population deciding, on an individual
|
|
basis, to settle down with their families, their material possessions,
|
|
their careers. No one can argue that there is anything wrong with this. It
|
|
is just a fact that these hackers left the scene behind.
|
|
|
|
Leaving a void too large to be filled.
|
|
|
|
---------------
|
|
Forgotten Youth
|
|
---------------
|
|
|
|
The forgotten aspect of this whole story is, without doubt, the importance
|
|
of new talent entering the world of hacking. Historically, hacking has
|
|
belonged to the young. With every passing year, the average age of hackers
|
|
collectively increases. Some would claim this is a sign of a maturing
|
|
discipline. For surely, what could youth possibly contribute in this
|
|
technological landscape? They call them kids, dismiss them as irrelevant.
|
|
|
|
Despite all of the issues facing the underground, if hackers had managed
|
|
to get this one aspect right, if they had recognized the importance
|
|
of those who would come after them, if they had given them something
|
|
to aspire to be, if they had directly or indirectly taught them the
|
|
accumulated wisdom that so often separates a hacker from the crowd;
|
|
then perhaps there still would be a hacker underground.
|
|
|
|
Nearly all of the situations surrounding the disestablishment of the
|
|
underground were circumstantial, there was nobody to blame, and nothing
|
|
that could be done. But one point for which this was not true was the
|
|
underground's obligations to young hackers. An entire generation of
|
|
talented hackers have lost the opportunity to become a part of something
|
|
bigger than themselves by participating in a functioning hacking
|
|
community, simply because hackers were too self-absorbed to notice.
|
|
|
|
The decline of the underground scene happened relatively quickly, and
|
|
also relatively quietly. The hacker who left the underground behind
|
|
for his new life was unlikely to justify or explain his choices. In
|
|
fact it was more likely he would deny being changed at all. It's likely
|
|
he'd even continue to have contact with his fellow ex-hackers, in some
|
|
imitation of the underground scene. This only helped to obscure what
|
|
was actually happening.
|
|
|
|
Today's youth, for the most part, have no true understanding of hackers
|
|
or hacking. They have no knowledge of the history, no knowledge that
|
|
a history even exists. Their hacker is the media's hacker, the cyber
|
|
terrorist, the Russian mafia. This is unfortunate, but the real trouble
|
|
begins for those few that somehow become interested enough to look a
|
|
bit deeper.
|
|
|
|
The average person requires some form of role model, something to aspire
|
|
to, to imitate and to an extent, to idolize. At this time, the only
|
|
visible efforts were the white hat researchers, the black hat horde or
|
|
various other technically inept self-proclaimed 'experts'. There is so
|
|
little inspiring research, and even less inspiring hacking, that anyone
|
|
new to the world of hacking is almost invariably left with a skewed
|
|
impression of things.
|
|
|
|
Indeed, for a lot of the young people that managed to acquire the
|
|
necessary technical base, hacking was seen as simply an interesting career
|
|
path. There is no passion in these people, no motivation to extend and
|
|
create. A competent professional, valued employee.
|
|
|
|
But no longer a hacker.
|
|
|
|
----------------
|
|
The Forward Link
|
|
----------------
|
|
|
|
The hacker underground has been systematically dismantled, a victim of
|
|
circumstance. There was no reason for this, no conspiracy, no winner. A
|
|
conquered people, but with no conqueror, no enemy to fight. No chance
|
|
of rebellion. Conquered by circumstance, if not fate.
|
|
|
|
At first this would seem to be a bleak message. What is the point of
|
|
even trying anymore? Why practice a dead art? But the truth is that the
|
|
art is not dead, just the circle that brought the artists together. The
|
|
hacker underground is broken, but the hackers are not.
|
|
|
|
Casualties have been high; but there still exists a scattered,
|
|
marginalized, and misrepresented people who are the hackers. Hackers,
|
|
not black hat nor white, not professionals, not amateurs (surely none
|
|
of this matters), are still out there in this world today, still with
|
|
all the potential to be something great.
|
|
|
|
The question is not then how to artificially group these people into a
|
|
new underground movement. The question is not how to mourn the passing of
|
|
the golden days, how to keep the memories alive. There are no questions
|
|
of this sort, no problems that can be solved or corrected by individual
|
|
action.
|
|
|
|
All that remains is to relax, to do what you enjoy doing; to hack purely
|
|
for the enjoyment of doing so. The rest will come naturally, a new
|
|
scene, with its own traditions, culture and history. A new underground,
|
|
organically formed over time, just like the first, out of the hacker's
|
|
natural inclination to share and explore.
|
|
|
|
It will take time, and there will be difficulties. Some will not be able
|
|
to let go of the past, and some will fail for not remembering it. But
|
|
in the end, after everything has been said and done, the equilibrium
|
|
will be restored.
|
|
|
|
A new world, at the frontier of cyberspace, belonging to the hackers
|
|
by right.
|