posted by
LaminatorX
on Friday April 18 2014, @05:23PM
from the Law-and-Disorder-on-the-Electronic-Frontier dept.
from the Law-and-Disorder-on-the-Electronic-Frontier dept.
The earlier, bigger part of hacking history often had congregations as protagonists. From CCC in the early 80s to TESO in the 2000s, through LoD, MoD, cDc, L0pht, and the many other sung and unsung teams of hacker heroes, our culture was created, shaped, and immortalized by their articles, tools, and actions.
Why don't we see many hacker groups anymore? And why is that that the few which are around, such as Anonymous and its satellite efforts, do not have the same cultural impact as their forefathers?
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 3, Interesting) by hopdevil on Friday April 18 2014, @05:42PM
Not a bad article, but as typical phrack it's quite lofty
Groups still exist, and they still have significant impacts. There aren't not many new members to groups that I know of, at least not in the US. But there are quite a few small hacking groups that I know that have continued to resist being indoctrinated back into society. They aren't in it for being big and having media attention.
Now that "cyber security" is a coined business phrase and there an enormous industry exists around it, I'm not sure the desire that originally drove my youth to hacking exists in the same way for the current generations. I blame the kids for "surrendering to the mediocracy that our society has condemned our leisure time to."
So maybe this is at least part of it.. being a hacker isn't something kids can identify with. Hacking culture is certainly going to shit. Look at Defcon these, so many kiddies, so little talent.
Damn I'm getting old.
(Score: 5, Insightful) by omoc on Friday April 18 2014, @06:06PM
I fully agree, also you'll stop doing this when you have a wife and kids. The newer generations don't know enough to have any impact, it takes a lot of background from assembly, OS, compiler and nowadays mitigations make it more complicated. When you look at students today and the people at the right age for that sort of thing, they know a very limited set this (maybe it's partly education? or maybe they're too lazy as you say). In the old days stack based overflows were fun, while today ASLR is still easy, mitigations like StackGuard (and maybe exec shield) set the bar very high. For web stuff like XSS you better forward any vulnerability immediately or people will think you want to steal their money / credentials. Simply put, the fun is not the same today.
Business is also a good point, you're rewarded by lots of companies to be a white hat. In the early days that worked only through extortion so instead many just broke things with their signature for fun and to gain "reputation".
(Score: 3, Insightful) by frojack on Friday April 18 2014, @06:45PM
In trying to explain why people don't form hacking groups, the article jumps the shark and attempts to explain why groups don't exist at all:
Yet, here we are, Soylentils all, participating on a medium formed by a small group. Its but one such small group that EACH of us belongs to. The internet has millions of such small groups. The open source movement has grown, and there are any number of projects that people can contribute to. The old school hackers have grown up and become "security researchers".
But even if you take the article to apply ONLY to hacking, the simple truth is that it has become more difficult, more dangerous, and too lucrative. The idle hacker is no longer welcomed by the big money guys, because they see Joe Hacker as a security risk. And because it changed from a game to a business model, the authorities have applied some serious resources to tracking them down and slapping them in jail.
And, let's face it. Most of the low hanging fruit has been gathered. Its even fairly difficult to break into a Windows box these days.
No, you are mistaken. I've always had this sig.
(Score: 0, Interesting) by Anonymous Coward on Friday April 18 2014, @07:01PM
Forming a group is a second step, first you need a hacker
To the Windows remark: in terms of mitigations, OpenBSD is still best and Windows is more secure than Linux. Linux has the problem that many distributions don't enable all mitigations as Windows does so Linux is surprisingly more vulnerable
(Score: 1, Informative) by Anonymous Coward on Friday April 18 2014, @09:09PM
Windows is more secure than Linux
I'm going to guess that your definition of "secure" and mine are significantly different.
An OS that needs band-aids plastered all over its outside seems antithetical to the term.
Windows 2000 Has 65,000+ Bugs [googleusercontent.com] (no orig link[1]) [google.com]
many distributions
Let's examine the flip-side of your hypothesis:
First, there's the EoL'd M$ stuff that people STILL use at home.
3.x, 95, 98, 98SE, ME, 2000, XP
(Unlike Linux, there are no backported patches for old versions.)
Visduh, 7, 8, 8.1 (Oh, wait; that's already been declared obsolete), 8.2
Now, what were you saying about "many"?
[1] I'm not linking directly to the other site any more.
If the link is broken because Dice Holdings is still screwing around, I advise you to substitute a valid 12-character string for the bogus one following q=cache:
[2] "Microsoft support" has always seemed like an oxymoron to me.
-- gewg_
(Score: 0) by Anonymous Coward on Saturday April 19 2014, @04:02AM
Bugs are not security. When Windows 2000 was around you'd have bugs like "this drop-down doesn't show that these options are available". When a comparable version of RedHat was around you wouldn't even have a UI for that particular feature to have a similarly mis-informed drop-down, you had only .conf files to muck around with. So there was no chance of that bug being reported! This bug is not a security related issue and Windows 2000 had a lot more people pounding it than any distro of Linux.
Normally I wouldn't mind, but I had built several web-servers during the Wink2K era and the first machine that was soundly rooted was built on... RedHat. I don't know what it's like today but back then it was just a little too open. I'll concede in advance that that's my fault, but I'll sternly warn you that bad default settings are a far worse security problem than bug-count. That's why wifi routers come pre-configured with individual passwords these days. This is the point the original poster was trying to make.
You are right, though, your definition of "secure" is unique. Most (including myself) will agree that Linux is way more secure than Windows, but we don't base that on bug-count, we based that on the unseen little glitches that can be exploited but not disabled without installing a patch. What the original poster was saying, though, was that the sentence was too short. It should read: "Linux is way more secure than Windows in the hands of a knowledgeable user." Frankly, he has a point about that, as I accidentally proved that rainy morning when the IT Boss called me into her office to explain why she ripped my RedHat machine off our network.
(Score: 5, Interesting) by frojack on Friday April 18 2014, @09:15PM
This is disastrously, and disappointingly correct.
For many years, till I finally abandoned it, Red Hat would install with so many ports and services open that it tool 20 minutes to run through the system and shut them all before you dared put it on the internet. I don't know if it has changed since, because I walked away from the distribution and close clones.
Ubuntu is somewhat of the same.
Opensuse, on a clean install will be locked down tight, but even it will open services to all network interfaces when you enable things like time servers, or DNS servers, unless or until you invoke its firewall.
There is too much assumption of operator competence.
No, you are mistaken. I've always had this sig.
(Score: 3, Insightful) by Hairyfeet on Saturday April 19 2014, @05:58AM
Meh its just "it became a business" and kids moved onto frankly cooler stuff. in my area there is a LOT of kids into doing creative things with hardware and software when it comes to video and audio, so instead of hacking some OS they build up this grab bag of plugins and tools from all over the place and use it to create some really wild music. Just like in the old days of hacking they are using hardware and software in ways never imagined, they just don't actually use the name hackers anymore.
ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
(Score: 3, Informative) by tynin on Friday April 18 2014, @05:44PM
He puts forward a good argument. That said, I'm not convinced that their aren't hacking groups out there. They are just deeper underground than broadcasting their interests on the internet proper, http(s). That said, the cracking groups are no doubt still going strong, and many cities have maker/hacker spaces filled with like minded people wanting to do cool shit.
(Score: 2) by song-of-the-pogo on Friday April 18 2014, @06:04PM
It seems, and I could well be wrong, that it's more risky to engage in such activities in these days of overzealous law enforcement and prosecutorial overreach, though those trends wrt hackers and the law appear to have started back in the 80s. I found both of these an interesting read:
The Hacker Crackdown: Law and Disorder on the Electronic Frontier [gutenberg.org], Bruce Sterling
Underground: Hacking, madness and obsession on the electronic frontier [gutenberg.org], Suelette Dreyfus
I really wish I'd known about this stuff back in its heyday and had found a way to be a part of it. I keep meaning to check out my local hackerspace...
"We have met the enemy and he is us."
(Score: 0) by Anonymous Coward on Saturday April 19 2014, @10:30AM
Thanks, new to me & seems interesting. Co-author: Julian Assange.
(Score: 5, Interesting) by hybristic on Friday April 18 2014, @05:58PM
I attribute this to a few things. The top level reason is that people see it as a way to impress their friends, and its no longer an act of insatiable curiosity.
When I first started hacking, it was just computer games. I would mod some code to get the desired effect and it was awesome. So I would get into some IRC chatrooms and learn even more. I met some real deal hackers, ones that loved what they did and did it because they wanted to see if they could. They inspired me to learn about information security, and take my hacking a step further into the real world. I was part of a few small time groups, we didn't really do anything noteworthy. What I did notice was that with the rise of Anonymous the "scene" was getting flooded by socially awkward kids with little interest in learning to hack. My friends would have never let me take the easy way out of a problem, we wanted to learn for ourselves. That simply isn't true about these new groups. Anonymous skiddies want Twitter fame, not knowledge or skills. Those other groups released real exploits, and talk showed off their latest hack. Those OG groups inspired me to want to improve and learn more about the way information is managed by a system. Now people want to just run a program and get the desired results. This is partly due to the fact most of those older exploits are well documented and don't exist as often, while poor development makes things like SQL injection or XSS a more common vuln. Then you add in the LulzSec thing, were you cannot trust your own group members to not roll over on you. I don't want to go around publicly breaking the law to have my own team turn me over to the Feds. This probably happened a lot already, but when your entire appeal is how public you are, the shadiness of a guy you've never met that is hundreds of miles away becomes obvious.
I think that there are still plenty of groups that exist, they have simply moved out of the limelight. They see that talking about what you are doing so blatantly makes you look like a script kid, because all the other people in the space that are doing so are skids. Also, you can get jobs a lot easier now with this skill set and make good money, I think that also offers a route away from the hacker group ideal.
(Score: 4, Insightful) by timbim on Friday April 18 2014, @06:04PM
Because everyone saw LuzSec get taken down one member at a time. Not to mention the absurdly long prison sentences that get handed down for these so called crimes. They're all underground, now more than ever.
(Score: 2, Informative) by Anonymous Coward on Friday April 18 2014, @06:15PM
LulzSec were somewhere between mediocre and bad at what they did and mostly attention whores. The only good affect they had was that websites fixed their SQL injection vulnerabilities.
(Score: 1) by timbim on Friday April 18 2014, @06:29PM
Yeah because obtaining the entire mail server backup of HBGary is something script kiddies do.
(Score: 0) by Anonymous Coward on Friday April 18 2014, @06:41PM
No one said they were script kiddies but HBGary was possible through simple SQL injection.
(Score: 1) by timbim on Friday April 18 2014, @06:56PM
I see. That's pretty crazy.
(Score: 5, Interesting) by hybristic on Friday April 18 2014, @07:02PM
I used to work for HBGary before the hack happened, and even talked to a few of the guys about what happened afterwards. The system that was compromised was a 3rd party CMS developed by some douche. They however didn't take the time to ensure that what he developed was secure, because in their minds it wasn't a critical system, and should never have had information that would effect their mission critical systems. Keep in mind that this was a system designed for HBGary Federal, not their normal operations. And the guy in charge of making sure that HBGary Federal was secure is the same weak link that gave them access to other, normal HBGary operations. Aaron Barr, CEO of a federal security contractor, used the same password EVERYWHERE!! That then leaked over into the normal operations of HBGary, and Greg's personal stuff like rootkit.com. Having worked with Aaron, this is no real shock to me when I heard it. What surprised me was that people like Greg and Martin would allow for something so stupid to ever occur. They usually never cut corners. While I have some moral objections against my former employer, the guys I worked with were very smart. I think in the end they got so focused on the system based exploits that they forgot about the internet. Also, they were in the process of building a game at the time, so that might have caused some additional distractions.
(Score: 1) by timbim on Friday April 18 2014, @08:23PM
Game? What kinda game?
(Score: 3, Funny) by hybristic on Friday April 18 2014, @09:30PM
Good question. I believe it was a space RPG, maybe MMO even, using Unity engine. But I am not sure what ever came of that.
(Score: 2, Insightful) by Joe Desertrat on Saturday April 19 2014, @03:57AM
Maybe not necessarily LulzSec, but your point is spot on. "Hackers" used to start when they were school age, nowadays with zero tolerance policies and stories of students getting expelled or arrested for pointing out a security flaw or fixing a problem, anyone engaged in this sort of activity probably feels they need to stay undercover. It's even worse should an adult be labeled a hacker, that probably gets you a high profile file with the NSA.
(Score: 4, Interesting) by bucc5062 on Friday April 18 2014, @06:10PM
"Why don't we see many hacker groups anymore? And why is that that the few which are around, such as Anonymous and its satellite efforts, do not have the same cultural impact as their forefathers?"
Fear.
The oligopoly in one way fears computers, as much as it needs them. So the only thing they fear more is those that control and manipulate computers (by this I mean data processing/storage). When there is a group that has the ability to enter into the inner sanctum of information, those in power will crack down harder than on others. Steal my fancy car, don't care, let a jury decide. Break into my computers and access my secrets, you will be finished.
The more things change, the more they look the same
(Score: 0) by Anonymous Coward on Friday April 18 2014, @06:22PM
Disagree. While it gets more challenging, anonymity is still possible. People usually get caught because they brag about what they did.
(Score: 3, Insightful) by Appalbarry on Friday April 18 2014, @06:26PM
I'd guess that one factor is that a lot of illegal activity that used to be more or less at a hobby level (ie teenaged boys in their bedrooms) has been replaced by high level hacking done by people working for either organized crime or government.
There's a lot of money to be made by figuring out how to get into other people's systems, and that tends to move people away from small, anarchic groups towards more corporate settings.
(Score: 5, Insightful) by metamonkey on Friday April 18 2014, @07:07PM
Used to be you got a good laugh out of replacing your school's website with pics of boobies. Today for downloading some research papers you get threatened with 50 years in federal pound-me-in-the-ass prison until you see eating a bullet as the better option, RIP Aaron.
Seriously, next time you think about breaking in to anything, anywhere, just go grab a gun and knock over a liquor store instead. You'll get less time.
Okay 3, 2, 1, let's jam.
(Score: 5, Informative) by The Mighty Buzzard on Friday April 18 2014, @08:36PM
My rights don't end where your fear begins.
(Score: 1, Informative) by Anonymous Coward on Saturday April 19 2014, @07:30AM
This is what happened, read the book now if you haven't, NOWn [wikipedia.org]
https://en.wikipedia.org/wiki/The_Hacker_Crackdow
These days people are afraid of changing their own desktop wallpaper for sometimes it's a crime. https://en.wikipedia.org/wiki/Windows_7_editions#W indows_7_Starter [wikipedia.org]
The CFAA is an incredibly draconian and vague law that can be used to destroy pretty much anybody at will https://en.wikipedia.org/wiki/Computer_Fraud_and_A buse_Act [wikipedia.org]
The internet is such a sad place these days.
(Score: 0) by Anonymous Coward on Saturday April 19 2014, @08:00AM
some things are just not real. like money. or languages. you hand over some dead tree branch rolled into a sheet and get a machine that can transport you around the planet if filled with dinosaur blood. or if you happen to understand what another person is saying might get you killed. (*). ...
the internet used to be a public beach where anybody not caring about sand fleas could build their dream castle or go about knocking down other sand castles until next hightide and clean sheet.
now people acctually use cement on the interbeach. more fantasy tried to be made more substantial.
hell soon they'll remote control nuke carrying drones thru the interbeach and prolly then has to leqve the cementified beach and take comfort with the cat in the same box.
(*) I doubt anyone not sspeaking chinese would get upset if cursed in chinese.