Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stupid Hacker Tricks - The Folly of Youth

Posted by timothy on from the reap-and-sow dept.

N_burnsy points out an article in Computerworld which "profiles several youthful hackers, some still serving prison time, some free, who have been caught indulging in some fairly serious cybercrime, and looks at their crimes and the lessons they have (or have not yet) learned. Starting with Farid 'Diab10' Essebar, currently a guest of the Moroccan prison system, who wrote and distributed the Mytob, Rbot, and Zotob botnet Trojans. There's Ivan Maksakov, Alexander Petrov, and Denis Stepanov, all guests of the Russian penal system, sentenced to eight years at hard labor for creating a botnet to engage in DDoS (distributed denial-of-service) attacks to blackmail online gambling sites based in the UK, threatening to take the sites down during major sporting events. Then there's Shawn Nematbakhsh who was a little too eager to prove a point about the electronic balloting system that the University of California employed to hold student council elections, by writing a script that cast 800 votes for a fictitious candidate named American Ninja." Not everyone on the list is exactly youthful, and the range of offenses shows how lumpy this area is both to the law and in public perception.

35 of 226 comments (clear)

  1. Link without 5 pages of ads... by muellerr1 · · Score: 5, Informative

    http://www.computerworld.com.au/index.php/id;193960399;fp;16;fpid;1;pf;1

    --
    steampunk web design
    1. Re:Link without 5 pages of ads... by Jarik_Tentsu · · Score: 2, Funny

      I feel kinda inadequete. Back when I was a kid, I read some outdated article on DoSing, so decided to open 20 command prompt windows pinging a server over my dial up connection.

      It didn't go down. =(

      ~Jarik

  2. Student elections? by Nursie · · Score: 5, Insightful

    University student imprisoned for interfering in University council elections as a way to expose how bad the voting system is?

    There is no justice in the world. That kid should have been given a fucking medal.

    1. Re:Student elections? by Nursie · · Score: 4, Insightful

      OK, I have now RTFA'd. He still should have been given a medal rather than a conviction.

    2. Re:Student elections? by chuckymonkey · · Score: 4, Insightful

      Mod parent up. He really didn't do much that was malicious, hell he even made up a fake candidate so that it would sway the election for a real candidate. All the guy did was prove that the system they payed so much money for was crap, but we can't have that now can we? It would displease our corporate overlords.

      --
      "Some books contain the machinery required to create and sustain universes."-Tycho
    3. Re:Student elections? by smittyoneeach · · Score: 4, Funny

      Student election?
      Blade/face bijection
      Halt candidate/follicle
      Ninja insurrection
      Burma Shave

      --
      Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
    4. Re:Student elections? by Intron · · Score: 3, Informative

      No - mod both you and OP down for posting without reading the article. He wasn't imprisoned. He had to pick up trash and pay costs. The system worked just about right.

      --
      Intron: the portion of DNA which expresses nothing useful.
    5. Re:Student elections? by cpricejones · · Score: 2, Funny

      But really, who would not want a student council rep who could flip out and kill someone.

    6. Re:Student elections? by neomunk · · Score: 5, Insightful

      Yes, we should make those who point out the gaping holes in our society (which could very easily be used against us, and possibly already have) PAY!!! Humiliate them by the side of the road for the outlandish gall of trying to expose the truth, when it might inconvenience one of his upper-caste betters.

    7. Re:Student elections? by Intron · · Score: 5, Funny

      You aren't looking at the big picture. Imagine what calamity would have ensued if American Ninja had been elected to Student Council. Slaughter at Homecoming. Beheadings at Pep Rallies. Eviscerations at the Winter Ball.

      --
      Intron: the portion of DNA which expresses nothing useful.
    8. Re:Student elections? by MrJSuppish · · Score: 2, Informative

      If I recall correctly, the kid used those 800 votes by using other people's names, and by doing so, removed their ability to vote in the election. So, perhaps not the best way to go about it.

    9. Re:Student elections? by Rary · · Score: 3, Informative

      All the guy did was prove that the system they payed so much money for was crap, but we can't have that now can we? It would displease our corporate overlords.

      Yes, he was such a noble crusader....

      "I really wasn't making any point at all," Nematbakhsh admits, debunking news reports to the contrary. "It was a senior prank, a silly thing."
      --

      "You cannot simultaneously prevent and prepare for war." -- Albert Einstein

    10. Re:Student elections? by langelgjm · · Score: 4, Interesting

      we should make those who point out the gaping holes in our society

      Except that he explicitly says he was doing no such thing in TFA:

      "I really wasn't making any point at all," Nematbakhsh admits, debunking news reports to the contrary. "It was a senior prank, a silly thing."

      If he had really been interested in fixing the flaw, he could have brought it to the administration's attention in a much better way that would have avoided him having to do community service, and not screwed up the election.

      Your point is still valid, though. When I was an undergrad, a friend of mine discovered that the primary key to the LDAP student/faculty directory was the same number that was encoded on our ID cards, the result being that we could create fake ID cards for anyone in the directory (and thus gain their building privileges, have access to the accounts linked to the card, etc.). He went to the administration with the information, and they reissued cards to the entire student body. Then, they proceeded to start a judicial investigation against him. Thankfully, nothing ever came of it, but it does show the tendency of institutions to punish those who are actually trying to help them.

      --
      "Anyone who [rips a CD] is probably engaging in copyright infringement." - David O. Carson
    11. Re:Student elections? by hey! · · Score: 3, Insightful

      Except that he admitted he wasn't really making a point, even though if he had the point would be a good one. And if he had been making a point, the punishment would be reasonable.

      The point of civil disobedience is not to avoid being caught. It is to be caught in a way that proves the system is corrupt. Punishment is critical to the effectiveness of civil disobedience as a strategy to change the world.

      It's also critical for holding back the tide of unthinking self-righteousness in the world. If good intentions were an absolute defense, there would be no end to the crimes people would commit with complete assurance they are on the side of right.

      Giving this guy a slap on the wrist is the right thing to do; it serves the purpose of having the rule without doing more damage than breaking the rule did. The rules are there for the guidance of the wise and the protection of fools. The wise might choose to accept punishment in service to a higher cause; the foolish shouldn't be punished more than is necessary to set them on the right track.

      --
      Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    12. Re:Student elections? by unsigned+integer · · Score: 5, Funny

      But it would have been totally sweet.

    13. Re:Student elections? by kainino · · Score: 2, Informative

      Except that he explicitly says he was doing no such thing in TFA:

      "I really wasn't making any point at all," Nematbakhsh admits, debunking news reports to the contrary. "It was a senior prank, a silly thing."

      I'm willing to bet that he did that because he figured it would lighten his sentence (as sibling poster noted). It could very well have worked, too.

      If he had really been interested in fixing the flaw, he could have brought it to the administration's attention in a much better way that would have avoided him having to do community service, and not screwed up the election.

      No, and no. If he had brought it to the administration's attention they would probably simply try to suppress it because otherwise actual malicious people might figure it out and do something bad. And if the voting system was a simple largest-percentage voting system, adding 800 votes for another candidate would not affect who won the rest of the election, even if less than 800 other people had voted (in which case, of course, they'd have to ignore the obviously fake American Ninja and give the election to the second place winner).

      Thankfully, nothing ever came of it, but it does show the tendency of institutions to punish those who are actually trying to help them.

      Which just gives a great example of my above mentioned point. Except that getting everyone to re-vote (not that this is necessary) is not as easy as sending a bunch of new cards out.

      --
      Please disregard any grammatical errors in the above message. I normally perfectly English just well!
  3. Typo in TFA by sm62704 · · Score: 4, Insightful

    OK, if you're happy and carefree it no longer means you're gay unless you're homosexual, and hackers are now criminals who break into computers. Even the tech press is calling cyberglars* "hackers". Even slashdot, who should have striven to maintain the word that used to be a badge of honor back when nerds were being rediculed, uses "hacker" like the ignorant lusers do.

    So what's the new word for someone who writes quick and dirty code that actualy runs, or changes a transistor radio into a guitar fuzzbox?

    BTW, if you wrote TFA shame on you! the proper word is "script kiddie", cyberglar, cyber burglar, "computer criminal". Not "hacker" for God's sake. Just because Joe Sixpack thinks a "hacker" is a criminal and RAM is a brand of truck doesn't mean we should share in their ignorance.

    "I used to be a gay hacker, now I'm only a happy nerd" :(

    -mcgrew

    *Yes, I just coined that word. So sue me.

    --
    mcgrew's razor: Never attribute to stupidity that which can be explained by greedy self-interest
    1. Re:Typo in TFA by contrapunctus · · Score: 2, Informative

      Your really insightful comments are overshadowed by your "gay" comments.
      I have mod points and I didn't know what to do. I thought I'd give advice instead of modding:
      Stick to the point.

      I know I'm off-topic.

    2. Re:Typo in TFA by JaredOfEuropa · · Score: 5, Insightful

      Even the tech press is calling cyberglars* "hackers". Even slashdot, who should have striven to maintain the word that used to be a badge of honor back when nerds were being rediculed, uses "hacker" like the ignorant lusers do.
      In other words, pretty much everyone save a few die-hards refers to "crackers" as "hackers" now. That's how languages evolve; trying to go back to the original meaning of the word would be as pointless and futile as Hormel's attempt to disassociate the word Spam from unsollicited emails. Or, taking your example, as futile as trying to get "gay" to mean happy again.
      --
      If construction was anything like programming, an incorrectly fitted lock would bring down the entire building...
    3. Re:Typo in TFA by neomunk · · Score: 2

      You're at the wrong site. Judging by your sig, I'll recommend powerline blog(not linked in an effort to keep my soul clean).

      GP is absolutely correct in his rant, and if he's guilty of ANYTHING it's bringing up something WE ALREADY ALL (should) KNOW.

      If you think the GP is incorrect in his assertion that the word 'hacker' has been used out-of-context by a source that should know better, then you've reached a new level of fail on slashdot.

      Personally, I'm offended by the constant creep of middle managers and other shitstains who think reading slashdot will help their careers somehow. It's evolved into news for nerds, comments by wannabe geeks. A mini-atrocity if you ask me.

    4. Re:Typo in TFA by PRMan · · Score: 4, Insightful

      That was the point. Like it or not, people who used to be "gay" in a non-homosexual sense are no longer able to use that word that way. "Dick" was a common name when Batman and Robin came out in the 40s (and Dick Tracy), now nobody would call their child "Dick". Language changes whether we want it to or not.

      "Hacker" has become something that benevolent hackers can no longer call themselves, no matter how we feel about it.

      --
      Peter predicted that you would "deliberately forget" creation 2000 years ago...
  4. "catch me if you can" by circletimessquare · · Score: 4, Interesting

    that tom hanks/ leonardo decaprio movie about frank abagnale serves up the most useful point about guys like these:

    1. convict them and put them in prison
    2. take them out and convert their sentence into useful work for the federal government. if they f**k up, back in the hole they go

    when some guy finds a chink in a voting system and exploits it, yes, he's done wrong, but he's also done society a service, no matter what his intentions were. this doesn't necessarily need to be rewarded, but it does need to be recognized as useful work in pursuit of a useful goal for society. these individuals, however morally and ethically flawed, still have use to society

    what they need is supervision, like frank abegnale, and skills that previously went to petty vandalism and self-indulgence at the expense of society can instead be converted into useful work for society. these individual must be supervised, since their ability to form ethical and moral decisions has obviously been shown to be severely compromised, but you will note that frank abegnale today is currently very wealthy and quite the free man, and all of his current wealth accumulated through honest work. rehab is not only possible, but it is also profitable, for the individual who needs an ethical and moral correction, and society at large

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:"catch me if you can" by argent · · Score: 2, Insightful

      3. You've taken a job away from an honest man and given it to a crook.
      4. The other half million blokes in prison still get to rot.

      Perhaps it might make more sense to attack the problems in the prison system at a lower level?

    2. Re:"catch me if you can" by Jarjarthejedi · · Score: 2, Insightful

      3 - Perhaps. But you've also taken a job away from someone who may or may not be good enough and given it to someone who definitely is good enough. Two sides to every coin (and since I highly doubt the non-criminal would be getting the same kind of supervision you could argue that the job is brand new, for the criminal, and therefore you're not taking it away from anyone.) You could also use the job as a form of community service, paying them less but allowing them to stay out of jail on good behavior, which would mean no non-criminals had to lose anything.

      4 - Indeed they do. Why shouldn't they? There are many people in prison who don't deserve to be in prison, but we're talking about people who do deserve to be in prison (for the most part) being given a chance to put their, unique, skills to use in a good way. If you could come up with a good and simple way to do that for, say, a drug dealer, or a murderer, then I'd support it (though none of that Starcraftian nonsense of 'Put all the murderers and violent criminals in giant suits of armor and make them your expendable army')

      --
      There are two kinds of fool One says 'This is old therefore good' Another says 'This is new therefore better'- Dean Ing
    3. Re:"catch me if you can" by Torvaun · · Score: 2, Insightful

      What honest man has that intimate of knowledge of how check fraud is done? There is no amount of studying that can make up for a complete lack of practice.

      --
      I see your informative link, and raise you a pithy comment.
    4. Re:"catch me if you can" by Torvaun · · Score: 2, Insightful

      I'm sorry, my post didn't include the word "should". Yes, lots of people should know what to look for to catch check fraud or counterfeit money. My question was who -does- know, and the answer is the criminals for whom getting it right wasn't the difference between passing and failing a test, it was the difference between freedom and prison.

      --
      I see your informative link, and raise you a pithy comment.
  5. Wrong vote by electricbern · · Score: 3, Funny

    Shame on you Shawn Nematbakhsh, all respectable Slashdot-reading hackers know the fictitious candidate is always CowboyNeal.

    --
    alias possession='chmod 666 satan && ls /dev > il && tail daemon.log'
  6. Too much "CSI." by Rob+T+Firefly · · Score: 4, Funny

    You know the fourth or fifth minute of any CSI episode, just before the Who song and the opening titles, wherein the cops are looking over the corpse of the week and one of them smirks and says something completely snarky and graveyard-humor-y about the whole situation to their appreciative chortling colleagues?

    This whole article is like that.

    --
    Slashdot Burying Stories About Slashdot Media Owned
  7. Pure genius by hansraj · · Score: 4, Interesting
    From TFA:

    Authorities were able to clearly identify Essebar as the author of the worm; not only had he signed it with the words "by Diabl0" buried in the source code, but he'd written the worm using Microsoft's Visual Studio, which embeds information about the computer on which the code is written into the compiled program -- in this case, the directory path "C:\Documents and Settings\Farid." D'oh! D'oh indeed!!
  8. That's why whitehats are becoming rare by Lonewolf666 · · Score: 5, Insightful

    If even harmless hacks are illegal and may land you in jail, only serious criminals will take the risk (for serious potential money gains).
    I think that is why there are less reports about benevolent hackers pointing out security flaws these days, but lots of reports about botnets for spamming and DDOS activities.

    --
    C - the footgun of programming languages
  9. American Ninja? by Thanshin · · Score: 3, Funny

    "[...]a fictitious candidate named American Ninja." Take that! you ninja lover. American Pirate shall prevail over your fake 800 votes.

    P.S. (on /. quote): "When you meet a master swordsman, show him your sword. When you meet a man who is not a poet, do not show him your poem. -- Rinzai, ninth century Zen master"

    I wonder what would that Rinzai guy show to a sexual predator.
  10. Re:Bah Hackers by HikingStick · · Score: 5, Insightful

    "Cracker" is the distinction made only within the tech community. To the general populous, "hacker" is firmly entrenched and carries the same meaning.

    If you really want to change that perception, plan to run full page ads in every major newspaper (because the people who misuse the term are less likely, imo, to get their news online) and launch a multi-million dollar TV campaign in every major market for a few years. Even then, you'll still be vexed by people who will use the old term, but having run the campaign, you'll be able to elevate your level of righteous indignation.

    Then you might be able to start a new affinity group: Mankind for the Ethical Treatment of Hackers (METH).

    --
    I use irony whenever I can, but my shirts are still wrinkled...
  11. OK, who here over 40 never did anything illegal? by davidwr · · Score: 4, Interesting

    If you are over 45 and you never attempted to gain unauthorized access before you were 20, you either

    * were not skilled enough to avoid being caught and you knew it
    * had VERY good morals
    * didn't have an opportunity

    Before the mid-80s "casual" hacking was just as likely to get you a job as it was punishment. By the late '80s and '90s there were much better ways to prove you were good and too many people were misusing other's computer for purposes other than "because they could" or "because it was cool" or to save a few bucks on long distance phone calls.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  12. I've a few stupid hacker tricks of my own.. by Anonymous Coward · · Score: 2, Interesting

    About a year ago I was playing a silly Flash game at a site belonging to Telstra, and after a few rounds got bored and fired up Wireshark to see how it logged the scores.

    I found the URL it used to post the scores back to the content server and, in a flash of idiotic curiosity, changed my score to some huge number, requested the URL and checked the scoreboard.

    It was quite thrilling to see my name at the top, with a score a hundred thousand points higher than the next person - then I realised I'd probably committed fraud, especially since there were prizes for the winners. I hurriedly emailed Telstra, apologised very humbly, and asked them to forgive me. When I checked the scoreboard a few days later, my score was gone, and I never heard from them.

    Pretty amazing, considering they had my mobile phone number, email address, IP address AND a written confession.. there must be some nice people working at Telstra (or they couldn't be bothered following it up). Either way, I'm very, very grateful that they let it slide.

  13. Ok so by Sycraft-fu · · Score: 2, Interesting

    If I come and expose the gaping security holes in your house, you'll be ok with that? If you come home and find me milling around in your living room or rifling through your things, you won't get mad right? After all, I was just exposing the security holes, I didn't do any harm!

    If you aren't ok with me going through your things without permission, I'd have to ask why you are ok with with breaking in to someone else's stuff. You can't have it both ways, if your stuff isn't fair game, why is their stuff fair game?

    And please don't pretend like you have any serious home security. I'm quite sure you have a standard pin-tumbler lock like everyone else in the world. Not only is it trivial to pick, but I don't even need to do that. Since the blanks aren't controlled I just get a blank and make a bump key.