Forbes Offers a Sympathetic Portrayal of Hackers

← Back to Stories (view on slashdot.org)

Forbes Offers a Sympathetic Portrayal of Hackers

Posted by kdawson on Tuesday August 7, 2007 @03:42PM from the we're-not-the-enemy-and-they-know-it dept.

selain03 sends us to Forbes for a surprisingly tolerant article on the recent Defcon. The reporter spoke to several of the event organizers and faithfully conveyed their characterization of the community as motivated by curiosity about technology. The article quotes a Department of Defense cybercrime guy: "Run-of-the-mill individual hackers are just noise as we try to focus on the real problem. We have to investigate every threat, but we're often dealing with ankle biters." A refreshing perspective to read in the mainstream media.

24 of 97 comments (clear)

Min score:

Reason:

Sort:

"ankle biters"? by timmarhy · 2007-08-07 15:46 · Score: 5, Insightful

As shown in the past, it's often the very very simple hacks like finding an unprotected machine and installing sub7 on it that brings down the giants. A high level of technical experience is NOT a prereq. for a serious hack

--
If you mod me down, I will become more powerful than you can imagine....
1. Re:"ankle biters"? by Creepy+Crawler · 2007-08-07 16:25 · Score: 4, Insightful
  
  True that, but is does take a great deal of restraint and expertise to go black hat and not leave a trace.
  
  Black hats go by a different name: corporate espionage. In that, they are in a profession of spy with computers and data, and not of personal communications.
  --
  
  Mod parent up! by Anonymous Coward (Score:1) Thurs, Nov 31, @13:37
2. Re:"ankle biters"? by Anonymous Coward · 2007-08-07 16:43 · Score: 2, Interesting
  
  I work for a billion dollar privately owned health insurance company, and we recently had an incident where an internal development group connected an internal development machine to the DMZ without adequate password controls, violating several policies (password standards, development system standards, DMZ-house system standards, etc) to do some file transfer testing for an app they'd written. They even had a name setup in our external DNS! Someone ssh'ed in with a service account with the same password as the username and goofed around until it was finally discovered by chance. If it had been configured properly, the compromise would have never happened. If it had proper security measures in place, we'd have seen the attempt in real-time in our SEM. It was a comedy of errors, and sadly, the guilty parties in the company didn't even receive a slap on the wrist.
3. Re:"ankle biters"? by iamdrscience · 2007-08-07 17:13 · Score: 5, Funny
  
  I understand your point, but c'mon, can you honestly tell me that if there were a fire convention, you wouldn't go? It sounds pretty awesome to me.
4. Re:"ankle biters"? by Garridan · 2007-08-07 17:51 · Score: 2, Insightful
  
  Not really. People with extremely high technical competence still miss the little things once and a while. Only takes one little hole.
5. Re:"ankle biters"? by Opportunist · 2007-08-07 20:14 · Score: 4, Interesting
  
  You make that sound like it's some cool spy movie. It isn't. It's just plain illegal. Well paid, granted, but illegal. It's neither flashy (you can't even brag about your smooth moves!) nor in any way exciting. Neither is being wanted by some three-letter-agencies. Do you happen to know why they ALL have three letters, no matter what country or nation they belong to?
  
  The only movie related thing that is real for a black hat is the briefing closing line from Mission Impossible: If anything goes wrong, we don't know you anymore and have never known you even existed.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
6. Re:"ankle biters"? by Opportunist · 2007-08-07 20:25 · Score: 3, Interesting
  
  It is a prerequisite, though, for hacks that aren't executable by clickmonkeys. Granted, pretty much every exploit there is today has been "tooled" to perfection, so that even the most clueless brick on earth can use them to do harm.
  
  I'm honestly not afraid of hackers. I mean, the old school kind. The "real" ones. The ones that actually know that TCP/IP ain't the Chinese secret service and that a buffer overflow isn't something that requires a plumber to fix. In their growth years, they sooner or later stumbled upon the hacker's creed, and whether they heed it or not, the damage they do is usually minimal. Yes, they may steal your data (which is often enough a severe damage), but they don't destroy data intentionally.
  
  What I'm afraid of is the scriptkid. The person without a clue, but with a tool. He doesn't know what he does, he doesn't know what he aims for, but he just clicks and hopes, trying to destroy and mess with other people's computers. He's the equivalent of the schoolyard bully. No clue, no skill, no perspective, but the need to once at least "prove" that he's "better" than someone else. If you're looking for wanton data destruction, that's the place to look for it.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
7. Re:"ankle biters"? by Lord+Ender · 2007-08-08 03:22 · Score: 3, Insightful
  
  You make that sound like it's some cool spy movie. It isn't. It's just plain illegal. Well paid, granted, but illegal. It's neither flashy (you can't even brag about your smooth moves!) nor in any way exciting.
  Imagine you have some custom malware which is only in use in a few places in the world. There will be no anti-virus signature for it because its custom. Now imagine it looks for certain words or phrases (such as "earnings") in Word or Excel documents and encodes the surrounding text in to some covert, background-noise packet, like NTP or DNS. You have also programmed your bug to only phone home while the computer is in use, so you don't trigger any off-hour activity alarms.
  
  You now know whether these companies will beat earnings estimates or not. You can sell short or buy on margin with 100% confidence on the days these companies release their earnings reports.
  
  So, no, you can't brag or tell chicks at bars that you are a spy doing espionage. But you CAN brag that you are a "trader" and are up 600% YTD.
  
  Most companies barely fund and train their security departments well enough to stop mass worms--the kind that screw up large numbers of computers and suck up noticeable amounts of resources. There is NO WAY they would find a bug that does not replicate and lives on only a single PC in the finance department. Even if they did, they would likely just reformat the thing and be done with it. No reason starting in on forensics! Time is money!
  
  Also, there is no huge chunk of money missing from any individual person, so who is going to hunt you down? You've only stolen a fraction of a penny per share from thousands of oblivious shareholders.
  
  When the rewards are so high and the risks are so low, you can bet that there are many less-ethical people out there who are willing to do it, and would enjoy every minute of it. For some people, it wouldn't take much work convincing themselves that they are no more crooks than the people they are stealing from.
  
  --
  A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
I can see it... by thatskinnyguy · 2007-08-07 15:46 · Score: 5, Insightful

Who better to design safes than professional thieves?

--
The game.
1. Re:I can see it... by poopdeville · 2007-08-07 16:48 · Score: 4, Insightful
  
  Mechanical Engineers.
  
  --
  After all, I am strangely colored.
2. Re:I can see it... by smookumy · 2007-08-07 17:17 · Score: 2, Insightful
  
  Yes, exactly. After all, they're taught by the finest thieves: universities.
The truth behind this article... by Anonymous Coward · 2007-08-07 15:46 · Score: 5, Funny

Some of the Defcon guys thought it would be hilarious to hack a major media outlet and place a sympathetic story about themselves on it. Mission accomplished!
Not Daniel Lyrons by Jah-Wren+Ryel · 2007-08-07 15:51 · Score: 5, Funny

A Forbes article that isn't hyper-sensationalist and pro-status-quo?
What, was Daniel Lyons too busy impersonating Steve Jobs to do the piece?

--
When information is power, privacy is freedom.
Re:"Middle America, Meet The Hackers!" by syousef · 2007-08-07 15:53 · Score: 4, Funny

Because that doesn't sound like a sitcom or anything...

You're forgetting pwn-ography never makes it to mainstream tele.

--
These posts express my own personal views, not those of my employer
The world is not fair... by Tatisimo · 2007-08-07 16:05 · Score: 4, Insightful

Why didn't the more interesting story about the evil undercover reporter who got pwned made it to the mainstream media? There's no justice in this world for hackers... Won't somebody think of the hackers? ;_;

--
Give Kashyyyk back to the Wookies
1. Re:The world is not fair... by LordLucless · 2007-08-07 17:41 · Score: 3, Informative
  
  Sydney Morning Herald, one of Australia's largest newspapers, had a fairly pro-Def Con article about it too. http://www.smh.com.au/articles/2007/08/04/11856481 97448.html
  
  --
  Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
Why forbes.com? by Dr.+Cody · 2007-08-07 16:33 · Score: 4, Funny

But, of all the places, why Forbes? Couldn't they have picked some respectable outlet?

Maybe Forbes was the only site they had any luck with, since, having alienated techies so thoroughly, they couldn't hire a competent webadmin.
1. Re:Why forbes.com? by Propagandhi · 2007-08-07 17:25 · Score: 4, Funny
  
  Nah, Forbes is just so single minded it's super easy to guess their passwords (it's money, by the by... always money).
About Forbes by prakslash · 2007-08-07 16:48 · Score: 3, Insightful

May be it is just me but I find Forbes to be like women's "Cosmo" magazine for dumb guys and wannabes.

All it has is 3 things: (1) Articles that state the obvious (2) Shit load of Rolex and Lexus ads (3) Those top 10 lists like 'top 10 affordable vacation getaways' where their definition of affordable vacation is something that costs between $30k and $100k.
Sometimes it is almost like they are taunting the reader, saying "look, drool and weep".
Even in this article, their 'discovery' is that serious hackers are curious about technology, script-kiddies are just a nuisance.
Color me surpised...
1. Re:About Forbes by Animats · 2007-08-07 17:29 · Score: 5, Informative
  
  May be it is just me but I find Forbes to be like women's "Cosmo" magazine for dumb guys and wannabes.
  Forbes went downhill after Malcom Forbes Sr. died. Forbes Magazine used to do some hard-hitting investigative reporting. Malcom Forbes Sr's attitude was "Go ahead, sue me for libel. I'm a billionare". They've gone soft since the son took over.
  Business Week, which used to be the cheering section for big business, has improved a bit.
  It's not clear what will happen to the Wall Street Journal under Murdoch's ownership, but it's not looking good. The WSJ has gone downhill in the last few years, anyway. The fundamental problem is that its classic functions, stock charts and major stock-related events, are all on line now. Nobody on Wall Street needs to read the Wall Street Journal; anything that affects trading was on their Bloomberg long before.
Re:Hackers and Crackers by someone1234 · 2007-08-07 17:16 · Score: 3, Informative

Hacker originally meant anyone who dabbles with ANY code. Not necessarily bypassing security, and not necessarily on someone elses computer, and not necessarily without consent.

--
Patents Drive Free Software as Hurricanes Drive Construction Industry
Re:Hackers and Crackers by Anonymous Coward · 2007-08-07 19:00 · Score: 3, Informative

Umm, no. Being a hacker has absolutely nothing to do with wanting to break into somebody's computer, be it for fun, profit, or whatever else.

Being a hacker has everything to do with having talent at and taking delight in learning how large, complicated but internally consistent systems work and then using that knowledge to solve problems, overcome limitations and make improvements. A hacker is somebody who instinctively wants to take things - most often computer systems/programs - apart, tinker with them, put them back together again and in doing so learn something, so that they can do really clever things with that knowledge later: and who gets off on doing all of this.

Hackers existed before most computers were connected to any other computers to break into.
Alternate definitions by Almahtar · 2007-08-07 19:28 · Score: 2, Interesting

I've often heard what you call a 'hacker' called a 'white hat hacker' and what you call a 'cracker' called a 'black hat hacker'.

When I was just starting learning security stuff circa '95-'97 the term 'cracker' referred (in most stuff I read and by people I talked to at the time) to people who modified binaries on their own system to do things they weren't supposed to (such as a no cd crack or adding new features to a binary - it didn't have to be illegal), while hacking usually referred to gaining unauthorized access to anything, be it local or over network.

It all depends on what crowd you gained your definitions of hacking and cracking from. I prefer these definitions because they seem to have more precision. You can hack for multiple reasons (good or bad, white or black hat), you can crack for multiple reasons (good or bad, white or black hat).

A company I worked for had a lot of cracked copies of their software circulating the Internet and I spent some of my time for them reverse engineering and preventing one of their more mysterious and unsolved cracks - I'd call that white hat cracking.
Re:Who creates the scripts? by AgentSmith · 2007-08-08 04:03 · Score: 2

Uh no.

Way back in the day, Hackers were and still are the folks creating the scripts.
"script kiddies" were little wanker wannabes that logged into an IRC chat or usenet session
and eavesdropped, glommed, or begged scripts out of real programmers. They then ran these
scripts thinking they were so 133t! This may have changed, but if you're actually writing or modifying
code call yourself anything other than a script kiddie.

Most of these so called script kiddies I've met couldn't code themselves out of a paper bag.
But they were so awesome when they stole someone else's script, broke into the local phone system, got caught and went to juvie.

It's not breaking into things, it's figuring how things work.

Mod me redundant, because this should be repeated 10 times down the list by the time I post.