Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stupid Hacker Tricks - The Folly of Youth

Posted by timothy on from the reap-and-sow dept.

N_burnsy points out an article in Computerworld which "profiles several youthful hackers, some still serving prison time, some free, who have been caught indulging in some fairly serious cybercrime, and looks at their crimes and the lessons they have (or have not yet) learned. Starting with Farid 'Diab10' Essebar, currently a guest of the Moroccan prison system, who wrote and distributed the Mytob, Rbot, and Zotob botnet Trojans. There's Ivan Maksakov, Alexander Petrov, and Denis Stepanov, all guests of the Russian penal system, sentenced to eight years at hard labor for creating a botnet to engage in DDoS (distributed denial-of-service) attacks to blackmail online gambling sites based in the UK, threatening to take the sites down during major sporting events. Then there's Shawn Nematbakhsh who was a little too eager to prove a point about the electronic balloting system that the University of California employed to hold student council elections, by writing a script that cast 800 votes for a fictitious candidate named American Ninja." Not everyone on the list is exactly youthful, and the range of offenses shows how lumpy this area is both to the law and in public perception.

7 of 226 comments (clear)

  1. "catch me if you can" by circletimessquare · · Score: 4, Interesting

    that tom hanks/ leonardo decaprio movie about frank abagnale serves up the most useful point about guys like these:

    1. convict them and put them in prison
    2. take them out and convert their sentence into useful work for the federal government. if they f**k up, back in the hole they go

    when some guy finds a chink in a voting system and exploits it, yes, he's done wrong, but he's also done society a service, no matter what his intentions were. this doesn't necessarily need to be rewarded, but it does need to be recognized as useful work in pursuit of a useful goal for society. these individuals, however morally and ethically flawed, still have use to society

    what they need is supervision, like frank abegnale, and skills that previously went to petty vandalism and self-indulgence at the expense of society can instead be converted into useful work for society. these individual must be supervised, since their ability to form ethical and moral decisions has obviously been shown to be severely compromised, but you will note that frank abegnale today is currently very wealthy and quite the free man, and all of his current wealth accumulated through honest work. rehab is not only possible, but it is also profitable, for the individual who needs an ethical and moral correction, and society at large

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  2. Pure genius by hansraj · · Score: 4, Interesting
    From TFA:

    Authorities were able to clearly identify Essebar as the author of the worm; not only had he signed it with the words "by Diabl0" buried in the source code, but he'd written the worm using Microsoft's Visual Studio, which embeds information about the computer on which the code is written into the compiled program -- in this case, the directory path "C:\Documents and Settings\Farid." D'oh! D'oh indeed!!
  3. Re:Student elections? by langelgjm · · Score: 4, Interesting

    we should make those who point out the gaping holes in our society

    Except that he explicitly says he was doing no such thing in TFA:

    "I really wasn't making any point at all," Nematbakhsh admits, debunking news reports to the contrary. "It was a senior prank, a silly thing."

    If he had really been interested in fixing the flaw, he could have brought it to the administration's attention in a much better way that would have avoided him having to do community service, and not screwed up the election.

    Your point is still valid, though. When I was an undergrad, a friend of mine discovered that the primary key to the LDAP student/faculty directory was the same number that was encoded on our ID cards, the result being that we could create fake ID cards for anyone in the directory (and thus gain their building privileges, have access to the accounts linked to the card, etc.). He went to the administration with the information, and they reissued cards to the entire student body. Then, they proceeded to start a judicial investigation against him. Thankfully, nothing ever came of it, but it does show the tendency of institutions to punish those who are actually trying to help them.

    --
    "Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
  4. OK, who here over 40 never did anything illegal? by davidwr · · Score: 4, Interesting

    If you are over 45 and you never attempted to gain unauthorized access before you were 20, you either

    * were not skilled enough to avoid being caught and you knew it
    * had VERY good morals
    * didn't have an opportunity

    Before the mid-80s "casual" hacking was just as likely to get you a job as it was punishment. By the late '80s and '90s there were much better ways to prove you were good and too many people were misusing other's computer for purposes other than "because they could" or "because it was cool" or to save a few bucks on long distance phone calls.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  5. I've a few stupid hacker tricks of my own.. by Anonymous Coward · · Score: 2, Interesting

    About a year ago I was playing a silly Flash game at a site belonging to Telstra, and after a few rounds got bored and fired up Wireshark to see how it logged the scores.

    I found the URL it used to post the scores back to the content server and, in a flash of idiotic curiosity, changed my score to some huge number, requested the URL and checked the scoreboard.

    It was quite thrilling to see my name at the top, with a score a hundred thousand points higher than the next person - then I realised I'd probably committed fraud, especially since there were prizes for the winners. I hurriedly emailed Telstra, apologised very humbly, and asked them to forgive me. When I checked the scoreboard a few days later, my score was gone, and I never heard from them.

    Pretty amazing, considering they had my mobile phone number, email address, IP address AND a written confession.. there must be some nice people working at Telstra (or they couldn't be bothered following it up). Either way, I'm very, very grateful that they let it slide.

  6. Re:Typo in TFA by Anonymous Coward · · Score: 1, Interesting

    now nobody would call their child "Dick".

    I have a few friends named Dick, and I asked one if he would consider naming his son Dick, and he replied, "It is a character building name."
  7. Ok so by Sycraft-fu · · Score: 2, Interesting

    If I come and expose the gaping security holes in your house, you'll be ok with that? If you come home and find me milling around in your living room or rifling through your things, you won't get mad right? After all, I was just exposing the security holes, I didn't do any harm!

    If you aren't ok with me going through your things without permission, I'd have to ask why you are ok with with breaking in to someone else's stuff. You can't have it both ways, if your stuff isn't fair game, why is their stuff fair game?

    And please don't pretend like you have any serious home security. I'm quite sure you have a standard pin-tumbler lock like everyone else in the world. Not only is it trivial to pick, but I don't even need to do that. Since the blanks aren't controlled I just get a blank and make a bump key.