Slashdot Mirror
The Myth of the Superhacker
mlimber writes "University of Colorado Law School professor Paul Ohm, a specialist in computer crime law, criminal procedure, intellectual property, and information privacy, writes about the excessive fretting over the Superhacker (or Superuser, as Ohm calls him), who steals identities, software, and media and sows chaos with viruses etc., and how the fear of these powerful users inordinately shapes laws and policy related to privacy and digital rights."
I live in a world where daily I hear people describing their monitor as their computer, and their computer as their "hard drive", or some other such mangled interpretation. That's actually very okay, it's not their job to have to know, and good for them for having some mental map.
What I find not surprising about the article's conclusions is even in the computer professional world I've met many "whizzes" not much more intelligent about what computers are and how they work. Hence, much of the alarm over internet terrorism and superhackers potential to bring the IT world to its collective knees spawns from barely literate computer "geeks". At the same time I find it a little disturbing. And it seems the higher up the ladder one goes, the less competence there seems to be regarding making intelligent conclusions about the IT landscape (hmmmm, Peter Principle?).
The biggest trick Satan ever pulled was convincing the world he doesn't exist
There are no super hackers out there.
Disregard that, I suck cocks.
it's a blue bright blue Saturday hey hey
I just came from a meeting on this very topic. The thing I came away from this meeting is that the real fear is that the Superhacker works for you. Or worse yet, you let him go yesterday. O. M. G.
Just as with any other field or profession, hacking is getting more specialized. It's not that the "superhacker" does not exist, but that such an animal's existence is getting harder and harder to maintain merely because of the expanding skillset and knowledge it takes to be a "hack anything" hacker.
That said, a lot of exploits don't come from being a super techie hacker with the skillz to defeat any system through sheer programming ingenuity or brute force. A lot of them still come from social engineering... convincing foolish people to give you enough information that a middle manager could hack them using nothing more than a standard login.
Where the "superhacker" mainly exists is in the movies. The guy who can pull out his laptop at any given location and hack into any given location on demand and with no preparation or research into the target. He's the human equivalent of the gun that doesn't run out of bullets and hair that dries into a perfectly coiffed do within seconds of getting out of the water.
- Greg
Start a happiness pandemic
Nobody knows the superhacker was ever there.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Knightmare's "Secrets of the Superhacker"...m are/dp/1559501065
http://www.amazon.com/Secrets-Super-Hacker-Knight
Who's afraid of a little social engineering?
Tibbon
tibbon.com
I know the Superhacker exists... because he's me. Now, if you'll excuse me, I need to go back to my 3D virtual reality interface, hop on my lightcycle, and infect the alien mainframe with the Michaelangelo virus. If you need me, I'm at IP address 24.75.345.200.
Gamingmuseum.com: Give your 3D accelerator a rest.
It doesn't take much reasoning to show why this must be the case.
So why is Ohm resistant?
You're punctuation is wrong. You wrote:
Girls on the plus side you can walk all over them and get anything you want.
What you meant to write:
Girls (on the plus side), you can walk all over them and get anything you want.
Law School professor Paul Ohm
I wonder if he teaches Ohm's Law?
So why is Ohm resistant?
Get out of here! Now!
This guy's the limit!
I can't imagine where people get all these ideas about "super hackers" and the like. Now where are my VR goggles? I need to hack a Cray using this pay phone down the street...
It must have been something you assimilated. . . .
It's too bad the quote is "the devil" or you might have gotten yourself some free geek credibility there.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
+1 insightful
+1 pun
Well done friend, well done.
You can be an atheist and still not want to succumb to some weird cross-over sheep disease -- AC
Hackers, terrorists, drug dealers, child molesters, communists:
Useful tools for the control of a fearful and gullible populace.
"My high school still has absolutely zero knowledge of some of the hacks I pulled, and they never will know."
FYI Andrew Matecha of Vancouver BC, there is enough information on your band's website and MySpace page to identify you and figure out which school you committed your crimes against. Not that I care, but you might want to think about that before you brag about illegal activity you've participated in.
but in reality most of the crimes are committed out of stupidity or drug influence
I don't think that inside theft of database dumps containing hundreds of thousands credit card accounts and SSNs is done by stupid or drug-addled people. I don't think that people who systematically probe for SQL insertion vulnerabilities on transaction systems in hopes of defacing something with some politicized rant are stupid or drug-addled. I don't think that people plant stealth FTP servers to serve up kiddie pr0n from unknowing desktops are being stupid or drug-addled. You're confusing malice with stupidity, and poisoned ethics with drug dependence.
Don't disappoint your bird dog. Go to the range.
The first mistake is to think that anything mentioned even requires you to be a "superhacker". Identity theft is trivial. Stand on a street corner and say you're registering people for a contest, and put name, address, social security number on the form, and 90% of people who stop to fill it out will just put their SSN down. Stealing "software" and "media" hardly makes you a superhacker; hundreds of thousands of people do it every day, 99% have probably never even compiled a program. Virus writing isn't difficult either; it's finding the hole to exploit in the first place that CAN be difficult. But given an exploit, turning it into a virus isn't that tough.
Even when we take it up a notch and look at actually dangerous attackers, like people using widespread vulnerabilities to deploy custom rootkits, we're not talking about superhackers.
Then there's a class of people who, if they are inclined to be lawbreaking and antisocial, are superdangerous. Take a look at someone like Michal Zalewski, who's been pumping out advisories, proof of concepts, and gems like a hobby OS for...well, a long time. Can you imagine him in the wild as a black hat? Ugh, scary.
Then there's real superhackers. One former coworker built a railgun for fun, cracked DES (key recovery in 24 hours on a p3, given certain fairly common preconditions), cracked the remote management on a major commercial firewall (because we lost the password, and it was easier than going offsite for password recovery), then founded a security company, got rich when they got bought out, and moved onto toy around with things for nasa and the DoD. So, if someone like somehow finds their way onto - and stays on - a black hat path, well, the mere fact that securing something is harder than cracking it means he will always find a way in, if he wants to badly enough. I think they'd have to be unbalanced to stay black hat, since that sort of talent will either get them illegitimately rich enough that they'll avoid danger, or get them legitimately rich enough that they'll give up black hat activities to go legit.
But identity theft? Please. Peanuts. They're more likely to use large scale espionage to find some valuable nugget; perhaps upcoming M&A activites. Then they sell this info to a third party with plausible deniability and a lot of cash - say, George Soros (not that I'm saying he'd buy, but for example) - and let them profit massively off it and take a kickback. Just one significant score like that should be worth 7-8 figures. That's just one example out of a hundred scenarios where a true uberhacker could illegitimately profit. And they'd almost certainly only do it once, if money was their motivation.
I've seen new Windows XP computers plugged into a network get pwned before you could finish going through the Windows setup wizard. The reason stuff like this doesn't result in "loss of personal records" is because IT professionals and security experts put in a s**tload of effort to make sure it doesn't. But IT professionals and security experts can't prevent a PHB from putting sensitive info onto a laptop and then taking it home only to have it stolen.Yeah, well, I work in a hospital. Every time there's a large-scale problem with the network or enterprise system, it seriously affects the staff's ability to perform their duties. That translates to worse care for the patients. So, do you want your hospital to be running smoothly or not? Do we have to wait until someone IS killed to take security seriously?Buddy, I'll take Bruce Shneier's assessment of security over yours any day.
Hackers
Ever had your credit rating trashed by someone who lifted your financial info through a crack of a third party system? Many thousands of people have.
Odds 1:10,000
worse is you bank with retarded banks.
terrorists
Are you alive? Many thousands of people are not. Another couple dozen just died in Algiers today, killed by the local franchise operators of the same group that has attacked embassies, a US naval vessel, the WTC, the Pentagon, bars, nightclubs, hundreds of markets and restaurants, etc. This month, they are on a new campaign to ambush and kill anyone who reports to work in rural Afghanistan to teach young women how to read. It's super duper, though, that you don't find the people in London, or Madrid, or Detroit that preach the warm-up act for the same crap to be any concern at all. That's comforting!
odds 1:1,000,000
worse if your brown and live in a poor nation
drug dealers
You cite drug dealers, and then complain about "control?" These bastards deliberately seek to make behavioral slaves of generations of their neighbors, and think nothing of the resulting waste of lives and all of the accompanying damage. You'd rather that Wal-Mart sold heroin? Have you ever met someone with their teeth rotting right out of their meth-cooked skull? What is it that encourages you to gloss over the people that seek to make money peddling meth to school kids, or pretend they don't exist?
1:2
But the majority are pot pushers who sell to your kids. Your kids use it like you used to use beer... or pot/lsd. The potential harm for most people is minor.
child molesters
Ever met someone who had their youth stolen by someone like that? Let's find you a few thousand of them, and then you can address them, explaining how the people who did it to them don't exist, or aren't really a problem, and should be allowed to keep doing it. I'm sure you'll be persuasive.
1:100,000
Although these sick bastards affect everyone around their victims, they aren't that numerous. Many people still lead okay lives afterwards with some issues about security and sex. It's not a very homogenous group either.
communists
Well, you've got me there. They only killed a few hundred million people in the last century, so that's not so bad.
0:1
Communism is an idea. What killed most of the people your refering to is mob justice, fear, racial hatred, green, xenophobia, and poor management. Communism is general is a useless idea that was never fully implemented by anyone, could never be so, and used liek religion to clobber people.
"There are more things in heaven and earth, Horatio, than are dreamt of in your philosophy."