The good and bad of hackers

Started by Metgod, December 12, 2002, 01:46:17 PM

Previous topic - Next topic
Okay, I'm not writing anything here.. just posting an email I got in the InfoSec mailing list that Attrition hosts. Someone is replying to a post somewhere, or an article or whatever it was... I loved the reply. Is quite good I think. Good wit. Reminds me of my wit...

Forwarded from: Robert G. Ferrell <rferrell@texas.net>

At 02:23 AM 12/11/02 -0600, you wrote:

> In early October, I wrote a column about how words influence the way
> we view and act upon situations. I made specific reference to the
> word "hacker" and how the word seems innocent, even cute. But I said
> it actually describes an action that is criminal.

If you think "hacker" is innocent or cute, you need to spend some
time with Mr. Webster:

"One who cuts or severs with repeated irregular or unskillful blows"
"One who cuts or shapes by or as if by crude or ruthless strokes"

Charming.

Of course, the same dictionary now lists hacking as "gaining
access to a computer illegally," but that is the direct result of the
persistent misuse of the term by a careless and lazy press,
more interested in sensationalism than, say, accuracy.

> Hackers, I was told, don't do those things. Real hackers provide a
> valuable service by checking and assuring the security of many
> computer systems.

No, no, no, no, no.  Hacking has nothing to do with security.  Let me
reiterate: hacking has nothing to do with security.  I want you to
stand in front of a mirror and repeat that sentence until it sinks
in.  Hacking has nothing to do with security.  Hacking is a way of
looking at and solving complex problems.  Some of those problems
might involve security, but there is nothing inherent in hacking that
causes its practitioners to break into other people's systems.  I think
this whole misunderstanding stems from the fact that early hackers
(myself among them) used to, shall we say, explore beyond the
boundaries of our own systems in order to figure out how different
architectures and platforms worked.  Remember that this was long
before the Web, the explosion of "Dummies" or other computer
how-to books, and in many cases in the absence of any available basic
system documentation.  We were interested solely in how things worked.
We couldn't care less about reading someone's email (yes, we had that
back then) or rifling through their files.  We wanted to see how their
operating systems were put together, or how their machine communicated
with other machines.  Most of the time there wasn't even any security
in  place to crack.  Security wasn't designed into systems then, as there
weren't any malicious hackers around to require it. We all pretty much knew
one another.

A lot of modern "hackers" have used the vague "quest for knowledge" as an
excuse for their intrusions, but most of what there is to know can be
gleaned without recourse to illicit activities these days, so that
rationale falls flat.  They're just mindlessly chanting a mantra whose
origin they don't really understand.

> The people who wrote to me, the good hackers, informed me in no
> uncertain terms that the people I was describing are "crackers," and
> I should be more careful to distinguish between the two labels.

Crackers break into computer systems, for a variety of reasons.  Cracking
and hacking are only marginally connected.  The world is not divided into
"hackers" and "crackers."  If you must think of information security this
way, use the terms "white hat" and "black hat," respectively (though I
personally think those terms are misleading oversimplifications).

> I've never heard the label "crackers" used in this context.  
> "Computer cracker" is a new term to me, and I'll bet most of the
> general public have never heard this meaning of the word, either.

It's a common, accepted term, and has been for years.  I suggest that
you do at least minimal preparatory research before you write about a topic
in the future.

> Perception is reality

This is a copout and a circular argument.  The press have created this
"perception" by abusing the reality.

> Words mean what people think they mean.

Thank you, Humpty Dumpty.  Be careful not to sit too close to the
edge of that wall.  What you're really saying is, "words mean what
the media decides they mean."

> Most of us in the non-computer community consider anyone who breaks
> into, or tries to break into, a secure computer system to be a
> hacker.

Yeah?  Well most of us in the computer community consider anyone
who writes about things they don't understand to be "clueless."

> The definition that the general public understands is very different
> from the one the computer community accepts. Each perception is
> accurate for each of the respective groups based on their experience
> and information.

The general public only knows what the press tells them.  If writers
don't bother to check on the definitions of words they use, it's
not surprising that the public has come to misunderstand what hacking
is.  Responsible, professional journalists subscribe to the notion
that theirs is a position of public trust, in which it is the duty of the
reporter to convey information factually, accurately, and without
bias (unless otherwise stated).  This includes doing research on
the meanings of words before you use them in a sentence.

> The "good hackers" told me the media is to blame for the
> misunderstanding by spreading inaccurate information about what the
> computer experts actually do. That may be partially correct, but it
> seems to me that those same computer experts carry some
> responsibility to educate and inform their various detractors. They
> certainly did it to me when they felt unjustly attacked. They might
> be able to provide simple definitions such as:

Again, we've been doing just this for years.  I went to Google and put in
"hacking" and "definition." I got 109,000 returns.  You obviously haven't
done any research whatsoever.

Here, since you don't seem to have access to your own dictionary, are
some of the other definitions of a hacker:  "a person who is inexperienced
or unskilled at a particular activity," "a person who works solely for
mercenary reasons," and finally and most appropriately on this occasion, "a
writer who aims solely for commercial success."

I think we've uncovered the real "hacker" here.

RGF

Robert G. Ferrell
rferrell@texas.net
http://rferrell.home.texas.net/rgflit.html

"My Terminal is my Soul"

Update: I just looked at my inbox and saw the original article posted at the same mailing list:
http://www.jsonline.com/bym/career/dec02/101856.asp

J. Robert Parkinson
jrp@@parkinson.com
Dec. 8, 2002

In early October, I wrote a column about how words influence the way
we view and act upon situations. I made specific reference to the word
"hacker" and how the word seems innocent, even cute. But I said it
actually describes an action that is criminal.

I said hackers are guilty of "breaking and entering" because they
intrude into computer systems that are the private property of others.

There was more to the column, of course, but that was one of the main
points. Well, did I get reactions from readers! I received dozens of
e-mails telling me I didn't know what I was talking about.

Hackers, I was told, don't do those things. Real hackers provide a
valuable service by checking and assuring the security of many
computer systems.

The people who wrote to me, the good hackers, informed me in no
uncertain terms that the people I was describing are "crackers," and I
should be more careful to distinguish between the two labels.

I've never heard the label "crackers" used in this context. "Computer
cracker" is a new term to me, and I'll bet most of the general public
have never heard this meaning of the word, either.

Along with chastising and correcting me, readers sent long definitions
from a variety of sources to help educate me on the important
distinctions between hackers and crackers. For that I say "thank you."  
It's always important to continuing learning, and I'll be aware of the
distinctions in the future.


Perception is reality

There is another broader lesson here, however, for all of us, and it
relates to the old adage, "Perception is reality."

Words mean what people think they mean.

Most of us in the non-computer community consider anyone who breaks
into, or tries to break into, a secure computer system to be a hacker.  
So in our minds, that is a valid and accurate label. For the "good
hackers," however, our label and definition doesn't fit them. It
describes that other group.

The definition that the general public understands is very different
from the one the computer community accepts. Each perception is
accurate for each of the respective groups based on their experience
and information.

The "good hackers" told me the media is to blame for the
misunderstanding by spreading inaccurate information about what the
computer experts actually do. That may be partially correct, but it
seems to me that those same computer experts carry some responsibility
to educate and inform their various detractors. They certainly did it
to me when they felt unjustly attacked. They might be able to provide
simple definitions such as:

Hackers test computer systems to determine how secure they are.  
Hackers often are employed by companies to test their systems in order
to protect them and the public at large.


Mischief makers

Crackers, on the other hand, break into secure systems just to see if
they can do it, and sometimes they create mischief.

There is a clear distinction between these two motivations. One is
honorable, valuable and legal. The other isn't.

All of us in business know what we intend when we send messages to our
clients and customers. What is really important, though, is what our
clients and customers think we mean. Their thoughts and
interpretations dictate their feelings and reactions.


Sending the right message

If, somehow, they misunderstand our message, it isn't their fault;  
it's our fault. We didn't craft the message accurately. Because words
mean what people think they mean, we must consider not only what we
believe our words to mean but also how our words might be interpreted
by others.

That's the real lesson for all of us behind the strong reaction to the
hacker column.

Once again, to all of you who took the time to write and educate me I
say thank you and keep writing. I hope we all learned a good lesson
not only about computer labels, but also about the need to pay close
attention to all the words we use in business and how others might
interpret what we say.


"My Terminal is my Soul"

The best book ive read on the true meaning of hackers was by Steven Levy entitled "Hackers: Heroes of the Computer Revolution". For me, that was and eye opener. And i really loved the book. I let someone borrow a copy and never got it back...i need to buy me a new one.

I have never read the book. However, I can say that I'm not so sure there is a 'best' definition for the word 'hacker'. There are so many different views/feelings/beliefs on the word, but they are all different. Even ones that have the same idea are different in some ways. I'm not even talking about the wording either.  

Think about all the aspects:

programming
security
networking
operating systems

let's not forget the never ending pursuit of knowledge either.

[list goes on]

and one skill which all true hackers have in some way:

problem solving

Without problem solving we wouldn't get anywhere because there are too many problems. Even just troubleshooting is problem solving. Figuring out a problem.. say, can't get code to compile. Well you solve the error, which is a problem. Problem solving.


Even with all these aspects and such, there could be many hackers each with different specialties and skills. And each one might have a different drive or interest. Perhaps the definition goes too deep too often.

Maybe a more simple definition would be better. Not too simple but simple enough so it doesn't get confusing or distorted.

Some refer to it as coders who can do anything they need or want to. Some say they are security experts. Some say they are network and system administrators. Some say a combination of those things. Some say too much. Some just need to shut up.

Truth is, there will always be confusion or distortions. There will always be some form of discrepancy and differences in general.

One thing is clear though: They are generally intelligent, good at problem solving, and want to learn everything they can, and are often quite talented. That, of course, is only characteristics, not a definition.

Simple as that.


Met
"My Terminal is my Soul"

December 16, 2002, 01:00:50 AM #4 Last Edit: December 16, 2002, 01:07:24 AM by Tazinator
Ive not read many books on the subject, I have seen quite a few Television specials. Of which, some on TLC, Discover, and even one on MTV once.

The one on MTV entitled "True Life: I'm a Hacker" was the saddest excuse for ripping on our culture i've ever seen. The people they picked to interview and the material they broadcasted saddened me deeply. They portrayed hackers as people who torment and harass people on AOL, yes you read that right, AOL and who also illegally pirated software and movies. They specifically targeted movies. In fact, one kid claimed he was a "hacker" because he could watch Star Wars: Episode I on his puter. God god people, I dont know of anyone who didnt somehow manage to land a pirated MPG copy of Episode I before it came out in theaters. Christ, even "users" where I worked had a copy they got from a "friend" who in turn got from his "friend". To think, all this time i've been busting my ass in learning everything I could about all aspects of computers. Years of learning and study and experimentation and all I really had to do was go buy a TV Card for my machine and copy something off HBO. <shakes head in disgust>
Oh and I might add, the main technical consultant for this episode was none other than John Vranesevich. Some of you might remember him from a stupid web network called AntiOnline, which I believe all the old investors have pulled out of and good ol John is now desperately trying to sell off his sites. Emmanuel @ 2600 did a review back when it aired for those of you who never saw it or dont remember: http://www.2600.com/news/display/display.shtml?id=350.

As for the TLC and Discovery specials. I thought they did a pretty decent job with the subject. The episode was titled: Hackers: Computer Outlaws. It aired this year for the first time if i'm not mistaken back in July. I never got a chance to see it then, but it was on this past Friday evening (Dec 13) and due to the title, I had to watch it. They could have come up with a title that didnt scare the everyday average joe so much, but overall I thought the episode was pretty good. It did interviews with John Draper (A.K.A. - Captain Crunch), Kevin Mitnick (A.K.A. - Condor) and Apple Co-Founder Steve Wozniack (A.K.A. - Oak Toebark). These were three solid people who make up the most significant parts of the history of hacking. The episode started from hackings roots of Phone Phreaking and brought us up to present times. I would recommend if you have the time and chance that you watch this documentary. I think they painted Mitnick as more of a "legend" then he really is. I have my personal opinions. Kevin is a good guy, I have nothing against him, but basically he got famous because of Uncle Sam's hell-bent effort to make an example of him. He really didnt do all that much in terms of hacking, but he did have to endure a lot of B.S. for nothing simply because the Feds saw him as a way to paint hackers as a menace in the public eye. Overall though, a good show. http://tlc.discovery.com/convergence/hackers/hackers.html for those of you who want more info.

Then I come to the other special on TLC / Discovery entitled: Hackers: Outlaws and Angels. This I was only able to catch parts of. I intend to watch it the next time its on in full though to see it in its entirety. Not that it was that good, but I cant make good judgment simply by watching bits and pieces. Thats kind of how our culture of hacking has gotten corrupted in the publics eye. They see bits and pieces that the media shows them. Anyhow, this show from what I saw tries to outline a difference between "hackers" and "crackers", but it doesnt do too hot of a job from the segments I saw. It also concentrates on a lot of more recent issues like the MPAA vs 2600 and so on. It aired for the first time this past week (Dec 11) and if anyone has seen this episode, I would be interested to hear your views on it.

I did read one good book on Hacking once. It dealt specifically with the MOD vs. LOD. I read it and its pretty good. Its basically a 3rd person documentary of the whole war between the two groups, and having been indirectly involved with that whole saga a while back, it does a good job of staying on track and not over exaggerating things. The book is entitled "Masters Of Deception: The Gang That Ruled Cyberspace" and its a good read for those of you who are unaware of that portion of hacker history.

Currently I am in the middle of a book on the whole history of Cryptography entitled: crypto written by Steven Levy. So far it seems a good read, but ive only been able to read it bit by bit because of lack of free time these days.

In closing, I think the definition of what a hacker really is has become tainted and corrupted. Too much of that is due to media and corporate influence. The saddest thing I see these days is companies hiring people to break into mail servers to set up SPAM accounts for them so they dont loose thier own ISP's. That and now any person who believes them self to be computer savvy in the slightest dubs themselves a "hacker" to all their friends. As an IT guy I hear and see it all the time. I've always been good at blending in to my surroundings. If you were to meet me on any given day, you probably wouldnt be able to guess I know what I know about technology, nor match up my history and handle online with my face. Because of this blending in, people seem to feel safe to take about doing things on my network at work in front of me because they dont realize who I am. Its not uncommon for me to hear conversations of "how lax security is on this network" from some of my users. Funny thing is none of them have been able to compromise my checks and balances and are usually the same people to pick up the phone and whine about not being able to check their email because they tinkered with the settings on thier machine. One time I almost died laughing because I was fixing a machine in a cubicle, and as I was leaving I passed by another few cubes to hear someone tell another person "you better not do that man, the network security guy is vicious S.O.B. and is sure to nail you". But neither of them knew that I was[/i] the "network security guy". Hehe.

Thats just my run down....
"A well known hacker is a good hacker, an unknown hacker is a great hacker..."

I don't care what your parents told you, you aren't special.
  • https://github.com/tazinator

taz, you must be online! SUUPS! anyway, the way i basically see it metty, is that it has nothing to do with "breaking into computers". Its more of a love of an intrest. I wrote a big spill on it  a while ago...ill post the url if i find it. But thats what everyone else thinks of hackers. Stooopid.....

what's hacking? ??? One time I "hacked" up a booger. :-X

BAH!  ;D

Wilnix
alt email address: wilnix@hackphreak.org

December 23, 2002, 08:38:50 PM #7 Last Edit: December 23, 2002, 09:12:53 PM by Zerored
Well, i saw that mtv special a long while back and that was a joke. It was wrong on countless fronts. It was just sad. Just wish there was a way to paint the right picture...
And, interesting, taz about your involvement. Those stories are of legend..hehehe...i got bunches of questions!
But, about the lies of MTV and the cyberterrorism...which this post should maybe be in, it all goes along the same lines as itt tech and that foolish security program. Such a waste. Taz, you said pple were saying stuff about the security guy that were ignorant. Every time i got back to itt, i heard some wack fool saying "Were gonna learn how to hack!" Im thinkin "Hack what??" They sound so ignorant. So dumb that i just sit there and listen to them in awe! Oh, and all of this in 3 months. I dont think so. What is hacking? theyd tell you "breaking into computers" Id love to see those goonz do something with the so called knowledge they get from that school (security wise). Itt tech (for security) is a lie and a straight up con. What about hacking do they think theyre learning? How to use programs? Script kiddie central. I do have the oppertunity to sit through one of the classes and see for mylself. Jealous? Not in the slightest. Ninety five or nine percent of the individuals in the class are extremely weak in using linux, if they remember it at all (only 3 months of class on it..on that big ass detailed operating sysem! 3 months and NO c or c++ programming..NADA!). And the bsds? The same percentage has NEVER, NEVER seen the OS, used it, or heard of it. Its just irritating. And i think establishments like this are a problem promoting the lie of hacking....geeze, i sound like metty, but it really gets to me. I mean, most of em dont even remember or know how to set ip addresses on a router!! Alas, Taz, Uneek and all, this time will separate the men from the boys.

heh... you said MTV and special.. something wrong there. Anyhow..

Yeah I watched it too and it was a joke. What's funny though, is somewhere on (I think) HNN (was still up then) the 'star' basically said he did it all to make MTV look bad. That it was completely fake and so on. Well it was a pathetic attempt at revealing this community. But can you really expect it to be good ? I can't. The L0pht was on there and I do not know why they would do that. But nevermind them.

As far as your questions for Taz, Zero, I'll answer them all for him while he's gone and to save his time (though he can add whatever he likes... and rightfully so). Simple answer is that he doesn't talk to anyone about that post. That includes handle, and whatever went on. Best thing would be to read other accounts on it. I do believe one of the Phrack prophiles has something on LoD or MoD but am not 100% sure on that. They definitely did one on Loyd (The Mentor). So check that.

ITT are not only a fraud for security, they are a fraud in general. I don't know much about their programs and really do not want to .. unless for a laugh.

As far as the goons you know from there.. well, a lot of people do that.. for whatever reasons (one probably being to sound impressive or for fame which it is not about). And those same folks could do better by learning a lot and helping others.. Not by throwing words that are worthless. Though I must say that some in the past seemed to think I did this and that with computer systems.. and would ask me with things but that's gone.. long gone. And I didn't really say much (as if I did IRL anyways).. and avoided stuff .. especially stuff that was really just stupid. So I'm not surprised. It all depends on how you present yourself. I can be quite an egomaniac and quite relentless with whatever so maybe that's it. Just ignore the morons. They will most likely never learn but it shouldn't worry you (not saying it is).

As far as your comment about routers, it all depends on who it is and what they want to do and what they want to know. What was your program and what did it consist of ?

I do believe, though, that most people do not care about everything.. if they aren't going to use it they don't care.. even if it could be useful. Unix is often one of those topics. Same with Linux (actually I think most are more inclined to learn Linux than the former).

For me, I go back and forth with that... health and who knows what else effect how much I currently know or what I do. Oh well.. I am quite good nonetheless.

I quit coding though.. It was fun back then but I just wouldn't enjoy it the same now.

Oh and Zero, don't worry.. you aren't sounding like me... not even close. And anyways, my comments about some hack related stuff (ethics and otherwise) are not the same now. I don't bother (kind of brought that up in another post tonight) with a lot of things in that nature, and though I feel it's sad all these idiots plague the Internet.. I do not like how I responded in the past. I have also changed in other ways.. I think I am more tolerant and more open-minded.. I really believe I went overline with such criticism and being so relentless. Among the things I attacked others for are their English but I seldom do that now. Not unless they bring it onto themselves (e.g., that Mariela on the board you posted the address to).

Well there was more to this but as usual.. I got side tracked and just returned to it. So I'm gonna close this..

if you have anymore comments, feel free to respond. :)


Met
"My Terminal is my Soul"

January 03, 2003, 05:58:35 AM #9 Last Edit: January 03, 2003, 06:03:56 AM by Tazinator
Thats a chapter in my life's history I dont speak of much. Not really a proud ethical or moral moment in my life as I did many things I'm not proud of thinking back on them. At the time I didnt care if what I was doing was right or wrong and eventually my arrogance brought that chapter to an abrupt end if you get my drift  ;)

As far as people saying things like "We're gonna learn to hack" and whatnot, that probably wont ever change. I hear it too. Hell, people see me do simple administrative tasks at work and make comments like "Thats some serious hacker s**t". ( Being PG for the youngsters who may be reading ;) ) Im talking things like using SMS to remotely control a PC on the network to fix a "user error". I think therein lies most of the problem too. People these days are so exposed to computers yet not very many fully understand them. Because of this, when someone does the slightest thing out of the ordinary on a machine, everyone around them starts calling them a "hacker" thus feeding the ego of that person and fooling them into believing its true.

I get labeled a hacker everywhere I work usually after the first day or the first time someone meets me and gets a chance to see me work, but the difference is I earn it. I dont just amaze and astound users with my ability to use the ping command. I use the whois command dammit!!!

Hehe, seriously tho. Im not afraid to crawl around the registry on a Windoze box to tweak and fix. Opening Regedit alone i've found can amaze and astound users and admins alike. Microsoft has done a good job in frightening people away from the registry as most people think thats where the Magic Blue Smoke that makes the PC work is kept. ;)
I get machines and software to do things they arent ordinarily designed to do. I get hardware to interact with other hardware that it theoretically shouldnt be able to communicate with. I find backdoors and holes where people dont think to look, and the list goes on.

In my opinion, hacking and being a hacker doesnt nessisarily mean you know the combined knowledge of the years graduating class at MIT, it means you strive to learn everything you can, figure out how things actually work, you dont accept boundries and limits placed on things by others, you explore, experiment, never give up, etc. Thats my idea of what it means to be a hacker. Unfortunately today most people dont want to strive to figure out what goes on behind the scenes. They want to click the mouse on a button and feel as though they've accomplished something great. Those people are what I like to call the George Jetson Hackers. They dont want to do any manual coding, scripting, etc. They want to simply kill a server or workstation or gain access to an area on a network where they dont belong with the push of a button or an ever so gentle keystroke and then they want to boast about how hard[/i] they worked. Just like George Jetson ;)
"A well known hacker is a good hacker, an unknown hacker is a great hacker..."

I don't care what your parents told you, you aren't special.
  • https://github.com/tazinator

Understandable on all fronts. I absolutely cannot wait till the first hfx con...but, and i will rant in detail, but that whole itt thing is...i dont have the words to describe it. But i will...i will...

I think the term "hacker" is a simple word that seems to get pushed into a complicated phrase...

"Hacking is a state of mind"
"Hacking is a different view of the world"
"Hacking is thinking out of the box"
"Hacking is this.."
"Hacking is that..."

All over-glorified definitions INHO...

A Hacker used to be a hobbiest of some sort, being that most computer related projects were hobbies. Seems to be why UNIX is treated as a hobbiests OS...I could be wrong on that.

Now the media has beaten this term to death, and all the underground seems to agree on that. But why? Well, after looking at some articles, interviews, etc...It seems to me that many "white hat" hackers have fed this info to the media and since the media hasn't a clue they just went with it...

For a subject I really couldn't care less about, I have to admit I read too much about it. If nobody agrees with this, I won't be upset. This is just my take on the situation at this point. I coudl change my mind.

Where's the BEEF?

Wilnix
alt email address: wilnix@hackphreak.org

SMF spam blocked by CleanTalk