The Seven Types of Hackers

Bruce Schneier's blog links to a nifty article listing the seven types of malicious hackers. The list is: Cyber criminals; Spammers and adware spreaders; Advanced persistent threat (APT) agents; Corporate spies; Hactivists; Cyber warriors; and Rogue hackers.

Missed some

[Capt.DrumkenBum]

Script kiddies. (They believe they are hackers)\
The real pros. (The ones you never hear about)
Probably some others.

Re:Missed some

[WrongSizeGlass]

Probably some others.

Insert name of government agency here ...

Re:Missed some

[iammani]

Probably some others.

You mean He-Who-Must-Not-Be-Named.

Re:Missed some

[DarthVain]

Security Experts.

Re:Missed some

Probably some others.

Cowboy Neal?

Re:Missed some

[dkleinsc]

You're just being paranoid. Those government agencies don't exist. And if you don't believe me, just ask them.

Re:Missed some

[El_Muerte_TDS]

Don't forget: those who won't be named.

You know, the people that $^#!***LOST CARRIER

Re:Missed some

[interkin3tic]

Script kiddies. (They believe they are hackers)

Doesn't that fall under #7 (put by itself on the second page, so it's easy to miss):
"Malicious hacker No. 7: Rogue hackers There are hundreds of thousands of hackers who simply want to prove their skills, brag to friends, and are thrilled to engage in unauthorized activities. They may participate in other types of hacking (crimeware), but it isn't their only objective and motivation. These are the traditional stereotyped figures popularized by the 1983 film "War Games," hacking late at night, while drinking Mountain Dew and eating Doritos. These are the petty criminals of the cyber world. They're a nuisance, but they aren't about to disrupt the Internet and business as we know it -- unlike members of the other groups."

Doesn't say anything about skill there.

The real pros. (The ones you never hear about)

Seems like focusing on a group that is defined as "the ones you know nothing about and therefore have no idea how to counter them or even if they exist" is a good way to do nothing more than stress out. Seems like the steps you'd take to counter the other ones are about all you can do.

Doctors treat symptoms mostly, once you know you have a disease, you know how to fight it (hopefully). Preventative steps like vaccinations, diet, exercise, and being on the lookout for symptoms are about all you can do for your health otherwise. You have to realize that you, right now, may have some horrible disease or cancer that hasn't gone symptomatic yet. Worrying about that is pointless though. Seems like the same would be true of uber hackers you don't know about. Take the steps to prevent the other ones, and common sense steps. Don't spend a lot of time worrying that you have an evil Iranian 007 infiltrating your security unless you have evidence that there is. You can always find something unfounded to be paranoid about.

Re:Missed some

Don't forget the US Government sponsored 'hackers' that devote every day to generating mod points on /. to mod commodore64_love and his other accounts down. He must be silenced for the good of the liberals!

Re:Missed some

[blair1q]

It doesn't have a name.

Re:Missed some

[jgagnon]

You're a spy and you don't really exist. So where does that leave us?

Re:Missed some

[c0lo]

Script kiddies. (They believe they are hackers)

TFA

Malicious hacker No. 7: Rogue hackers
There are hundreds of thousands of hackers who simply want to prove their skills, brag to friends, and are thrilled to engage in unauthorized activities.

They may be "hacking stupid", but they are legion... just as the populace bearing arms...
Because we are yet to see them being persistent, it doesn't mean it cannot happen to make a mass transition from the "rogue" category to the "low-tech hacktivists" one.

Re:Missed some

[Capt.DrumkenBum]

He-Who-Must-Not-Be-Named.

I will name him dammit!!!
Monkey boy himself, Steve Ballmer.

We have all know all along that it was him! Why else would MS make such a hackable OS?

Re:Missed some

[Scarletdown]

Probably some others.

You mean He-Who-Must-Not-Be-Named.

Hastur is a hacker?
Hastur never really came across as a hacker type.
Hastur is... (oh shit!)
*** Transmission terminated at the source ***

Re:Missed some

[ShakaUVM]

>>These are the petty criminals of the cyber world. They're a nuisance, but they aren't about to disrupt the Internet

TFA that wrote that was amazingly stupid. Robert Morris took down the internet, and he was basically the stereotypical rogue hacker described in the article. Ditto the guys that wrote Melissa (David Smith), Sasser (Sven Jaschan), and so forth.

Over the years, there have been multiple ways found to "disrupt the internet" and some have been exploited (negative routing table entries being a famous way) and some haven't been.

Or, in other words, the author is stupid.

Re:Missed some

So you all really don't exist, whats the purpose of being here then?

Re:Missed some

[interkin3tic]

I'd assume he's actually just oversimplifying things for his target audience. I got the impression that this was a list to be forwarded to someone's CEO or boss who didn't understand that norton antivirus wasn't protecting against corporate espionage. A primer for getting people used to thinking about there being different types of dangerous types online. Such people hopefully wouldn't have much reason to be concerned with script kiddies shutting down more than their own website. If this list is meant for people who design networks (which I don't understand the first thing about) then I'd hope such people had much more in-depth knowledge about the dangers here than the list presents. Maybe I'm being wildly optimistic due to ignorance, but I'd hope a head engineer type person at, say, Cisco would have already heard of script kiddies and wouldn't be reading this list and would take steps.

Re:Missed some

[microbee]

The legendary hot female hackers.

They only exist in fairy tales, and dreams of /. readers.

Re:Missed some

[kill-1]

Like the xkcd 1337 series.

Re:Missed some

[baegucb]

As of when I post this, noone has mentioned http://www.catb.org/~esr/faqs/hacker-howto.html and I rather doubt the author at infoworld has ever read it.

Re:Missed some

[MokuMokuRyoushi]

That's what I asked myself, Mr. Anderson.

Re:Missed some

[FatdogHaiku]

So you all really don't exist, whats the purpose of being here then?

To confirm a lack of existence and discredit any rumors to the contrary. The aforementioned actions should not be interpreted as an indication that said non-existent entities do in fact exist.

Re:Missed some

[kholburn]

Don't forget Cyber Ninjas.

You definitely can't see them!

Re:Missed some

That wasn't the government, it was me, Anonymous Coward, otherwise known as K. Ma-, no, too obvious, Karl M..

The Commodore and his cockpuppets must be stopped before I can overthrow Jefferson's wonderful government and subject the world to socialism MHUAHUAHUAUHUA!

Oh, and put bandwidth caps on dial-up and outlaw bunny-ears. BUAMHUAHUAHUAHUAHUAHUAHUAHUAHUAHUAHUAHUAHUAHUAHUAHUAHUAHUA!!!!!!!!!!

Re:Missed some

[Dan93]

There is No Such Agency like that....

Re:Missed some

[Alex+Belits]

He actually meant Candlejack. ...what? Of course, I am here. I just gave him some Microsoft marketing people from this site, they are dime a dozen.

Re:Missed some

[syousef]

Script kiddies. (They believe they are hackers)\

The real pros. (The ones you never hear about)

Probably some others.

No, no, no! It's Grumpy, Sleazy, Scammer, Pedant, NoLife, Recluse, and Doc aka The 7 Dwarves.

Re:Missed some

I thought I was the only one who didn't like that douche. Rejoice brothers! Sell the airwaves, for cheap!

Re:Missed some

I think that's a another dimension. Like for example one could have real pro spammers and script kiddie corporate spies

Re:Missed some

[Dreth]

Probably some others.

You mean He-Who-Must-Not-Be-Named.

You mean Candlejack? That isn't hacker rela

The common thread

[GodfatherofSoul]

They all think they're the "good" kind.

Re:The common thread

[jayme0227]

Nah. Some of them know they are criminals. Their moms probably think they're good boys, but these guys who are actively participating in organized crime know that they are bad guys.

That's it?

What about "Curious kids"?

Re:That's it?

[gearsmithy]

or stupid users

Re:That's it?

[izomiac]

That'd probably fall under "Malicious hacker No. 7: Rogue hackers". I really want to disagree with the statement "they aren't about to disrupt the Internet and business as we know it", because that's exactly what used to happen. Sadly, I don't think I've seen much evidence for this group's competence as of late.

I say "sadly" for a couple reasons. First, I like to believe that self taught amateurs can do amazing things, good or evil. And second, people take security more seriously when worms take out parts of the internet and viruses flash your BIOS. The current lineup of malware is pathetic compared to the malware of old. Kinda like the difference between yearly influenza and the 1918 flu.

Run!

Pro tip: When ever you see "APT," run in the other direction. That term belongs to Marketing now.

Re:Run!

[Scarletdown]

Pro tip: When ever you see "APT," run in the other direction. That term belongs to Marketing now.

apt-get install...

you missed one

called the your a fooken lamer poster

Gotta Have Catchy Nicknames for Them Though

Yeah but you need a catchy name like 'hacktivists' or else no one will publish your oversimplified crappy little classification rant that ends with you saying 'know thine enemy' and making ROGER GRIMES look like a badass hacker hunter.

Here are your suggested nicknames:

Script kiddies.

The Can't-Somebody-Else-Code-It? Hacker

The real pros.

The Gingerbread Men

Re:Gotta Have Catchy Nicknames for Them Though

[wmbetts]

The term as been around over a decade now. If I remember correctly it was first used to describe the milw0rm attacks on the Indian nuclear program.

Re:Gotta Have Catchy Nicknames for Them Though

[blair1q]

Script kiddies.

The Can't-Somebody-Else-Code-It? Hacker

"There's a hack for that."

Re:Gotta Have Catchy Nicknames for Them Though

[skids]

The seven types of useless speculation-based throwaway tech articles:

1) Those that try to classify things
2) Those that list traits of things or people
3) Those that troll-bait old tech holy wars
4) Those that recycle old ideas as new and revolutionary
5) Dups from this-day-last-year because the byline didn't display the year
6) Shameless FUD
7) Those that ego-stroke the intended audience by telling them how unique they are.

Re:Gotta Have Catchy Nicknames for Them Though

Blame that on Cory Doctorow.

There's Cool, Groovy, Hip and Square

And than you become one of those "Groovy" hackers. Groooooovy.....

Wait A Second

[mattwrock]

I always considered myself a hacker in its original sense. Someone who modded an existing piece of hardware or software to suit their needs, or to work around an existing issue. My latest and most simplest "hack" is getting Froyo on my phone, since my carrier wouldn't send the update. Where am I on the list? Certainly not Hackivist. I guess I am now a "modder" or "homebrewer". I am afraid that the previous terms will be added to the hacker list, with the word criminal added in front.

Re:Wait A Second

He lists malicious hackers!

Re:Wait A Second

Although I guess "Rogue" would be the catch all category

Re:Wait A Second

[jgrahn]

I always considered myself a hacker in its original sense. Someone who modded an existing piece of hardware or software to suit their needs, or to work around an existing issue. My latest and most simplest "hack" is getting Froyo on my phone, since my carrier wouldn't send the update. Where am I on the list? Certainly not Hackivist. I guess I am now a "modder" or "homebrewer". I am afraid that the previous terms will be added to the hacker list, with the word criminal added in front.

You're a hacker in my book. Those others are not. And I'm surprised that Slashdot has started using the word *exclusively* to mean criminals.

Re:Wait A Second

[trollertron3000]

Do you code? If not then how do you hack anything? You just load ROMs. So you're a modder. Now you may love the lifestyle, but in my not so humble opinion if you don't write code you really can only "hack" mechanical things because you can't alter the software of anything controlled by code. You can get other people to write it for you and run it. But does that really meet the definition? If so then I'm a mechanic. If that's the bar then half the world can be listed as hackers for jail breaking their phone. No sir you are a scenester. Which is okay I guess If you just want to look like you're a bad ass. Like those guys with all the Celtic tattoos on 50k "motorcycles". It's okay I guess. But it ain't no 1%er.

Re:Wait A Second

[isleshocky77]

I was reading through the comments getting extremely aggravated waiting to see how long it would take someone to point out he's naming types of crackers, not hackers. Stop allowing people to use the word hacker as a negative word without making them informed.

Re:Wait A Second

[trollertron3000]

How does one allow another to use a word exactly? Language evolves my friend. Evolve with it or you'll be very very angry in life. You obviously understand the meaning so the message was conveyed properly. So what's the big deal?

Re:Wait A Second

[_anomaly_]

Why exactly do those listed not fall under the category of malicious hackers?
"Hacker" is only used as a negative word in this context because of the adjective "malicious".

Re:Wait A Second

[isleshocky77]

and on the other hand, you have a point sir. Good call. Please kindly excuse me as I remove my foot from my mouth.

Re:Wait A Second

[Lord+Ender]

Hacker in its original sense is "one who hacks," esp. with a knife or axe. The definition you are talking about is little-used. The definition Bruce is talking about is by far the most common definition used in the infosec world. Since he is an infosec expert writing for an infosec blog it's fairly obvious which of the multiple definitions he intended. It's so obvious, in fact, that anyone who complains about the terminology here is just being intentionally thick. Kinda funny, really.

Re:Wait A Second

[_anomaly_]

No problem. It seems there are A LOT of people making that mistake in this thread.

Re:Wait A Second

[Khashishi]

Then hactivist doesn't belong in there either., since activists are not motivated by malice.

Re:Wait A Second

[BJ_Covert_Action]

Someone who modded an existing piece of hardware or software...

I guess you missed that part of his post? Either way, good job at coming off like an arrogant douche in the fine /. tradition of not reading something in detail. =P

Re:Wait A Second

Reverse /. effect on technical jargon? Is it possible for /. to Godwin itself?

These are the questions we must have answered, lest the crackers win!

Re:Wait A Second

[ShakaUVM]

>>I was reading through the comments getting extremely aggravated waiting to see how long it would take someone to point out he's naming types of crackers, not hackers. Stop allowing people to use the word hacker as a negative word without making them informed.

I was scanning through the comments wondering when people, once again, would blame redneck hicks for all of our criminal computer activity.

Seriously, pedants - "crackers" is a stupid word, and this is why your War on Terminology failed. Black Hats sounds much cooler, and is more popular thereby.

Re:Wait A Second

[Mister+Whirly]

You can't fight city hall indefinitely without just throwing in the towel at some point. I get sick of having a 5 minute conversation every time the subject comes up (sometimes the same conversation multiple times with the same person), so i just let it go now. Language evolves and once a phrase is out there publicly, used correctly or not, you can't put the toothpaste back in the tube. Coincidentally, the folks misusing "hacker" also seem to be the ones that call their desktop towers "CPU" or "hard drive" when referring to their entire tower, or refer to any brand of MP3 player as an "iPod".

Re:Wait A Second

[trollertron3000]

He said he loaded a ROM. I read it just fine asshole.

Re:Wait A Second

[gnapster]

All the same, it would be good to have 'malicious' included in the title. From the title, I was expecting seven types in the whole spectrum from white hat to black. It's not like the title was getting overly long.

Re:Wait A Second

[gnapster]

I believe that the reason people complain about the semantics of hacking is this: they value the definition of 'hack' that first became popular at MIT and is codified in the Hacker HOWTO and the Jargon File. To wit, the application of ingenuity to a problem. This is a beautiful concept, and there is no other word which captures it. I would like to talk to people about this concept, but the vocabulary has been diluted, making my goal more difficult. At the end of the day, though, it is probably futile to attempt to coerce the English-speaking masses towards this definition. That saddens me a bit, although I understand that the Psychology community has suffered much more than those in technology.

Re:Wait A Second

The mass media found a new word and a new container to put people into. Hacker sounds all scary and naughty, so that's the end of the old definition for which you would fit. Experienced developers that work up the greasy pole refer to amateur coders as hackers too. I.e. they don't know what they're doing, do a crap job engineering wise, and generally leave a big pile of poo to be fixed when they leave.

If you worked out how to install an OS yourself, without someone pre-packaging the process or a walkthough. 1: you should post the details, and 2: you're a real "hacker", so I guess we should invent a new term, like "rooter". Except that's a device to clean out shit.

Re:Wait A Second

[_anomaly_]

I agree, the title certainly is misleading.

Re:Wait A Second

[Lord+Ender]

Anyone upset that the English language overloads terminology needs to find himself a new language. Whining about this is as silly as whining about water being wet.

Re:Wait A Second

I always considered myself a hacker in its original sense

Hacker in the original sense meant "cracker". As computers became more and more common, a lot of newbies - mostly kids - did try hacking in the "original" sense but they grew up and became real programmers and adults who could be charged with crimes. They no longer wanted to distinguish themselves as the bad guys but they hated to lose the cool sounding title. Thus, the word cracker was born and why most old timers still think of hacking as cracking.

Re:Wait A Second

[celtic_hackr]

I will never tire of setting the record straight every time someoone uses the term hacker incorrectly. The original article title does say "malicious hackers", but Bruce has truncated it to just hackers. Sensationalism.

The original article is a little mysterious, is this another BofA + Chamber attempt to discredit Wikileaks? Wikileaks as Hactivists? I thought Wikileaks were the good guys? I know some people would like to put them on the other side. It's nice, from a certain perspective, to be able to put all your political dissenters into one square and shoot them all.

Re:Wait A Second

[turing_m]

It's true - we are in the position of the French government trying to legislate language when it's beyond our control at this point. And still, words descended from the original meaning of "hacker" and maintaining that connotation of "tinkering" do not have a corrupted meaning, e.g. "an ugly hack", "hack something together". Though I'll have to train myself not to use the old term lest people think I am breaking into banks or something.

Re:Wait A Second

[MokuMokuRyoushi]

Bruce Schneier's blog links to a nifty article listing the seven types of malicious hackers

Maybe that was intentional? Yes? I understand your point, and the original use of the term 'hacker', but it doesn't have any relevance here.

Re:Wait A Second

If you read anything other than the title of the submission, you'd note the article and the summary pertain to seven types of malicious hackers.

Re:Wait A Second

[triffid_98]

Geohot says yes?

Re:Wait A Second

[rekenner]

He said that was his latest and simplest. Meaning that's not the only thing he's done.
Arrogant douchebag.

Re:Wait A Second

[orangebox]

You're correct. I don't understand why "cyber criminal" is listed as a type of hacker when most of the listed types are considered criminal acts.

Re:Wait A Second

[Nursie]

Also note that wikileaks don't hack anything, they just receive and publish data.

That's very, very fishy.

Not that I think Hacktivism is necessarily malicious or 'bad'. but then I guess that makes me a rogue... LOL

Re:Wait A Second

[WaroDaBeast]

(...) or refer to any brand of MP3 player as an "iPod".

I agree with everything you said before (I actually had a hard laugh the first time I heard someone call their computer a CPU), but — and even though I hate it when people call any portable music player an iPod — I see that from a different angle. It's just like people using the term "kleenex" when they mean "tissue." (I got other examples in mind, but they only apply to my country.)

I guess it all revolves around the eternal debate between descriptive and prescriptive grammar. Who's right? Who's wrong?

Re:Wait A Second

Of course you can. If "city hall" knows that you'll give up at some point they'll keep going. They have the resources for the long siege if they think they're going to win. If we teach them that they can't win then it's in their own best interests, in a "democratic" society, to fold sooner rather than later. Hmmm, mixed metaphors...

Re:Wait A Second

Wow you're a fucking douche. Way to disparage an entire segment of the culture. I've never claimed to be a hacker, but I consider my /b/ros from hackaday to be family as much as I consider any of the guys I've gone WEP cracking with.

Personally, I don't understand the fixation on battling over the word hacker like some sort of linguistic holy land. The people who have been "fighting the good fight" on restoring the word to it's former meaning are wasting their breath. They should have rebranded themselves a long time ago.

Not that it would have helped. The lines between Hacker, Cracker, and Maker are so blurred that even a successful attempt would eventually result in the new job title getting slandered and pidgon holed just like it was the first time.

Not to be a total hypocrite but I'd just like to distance the maker/hackaday crowd from the circuit-bending morons. That shit sounds terrible and is usually accompanied by a soul patch and an an apple logo. It's fucking embarassing. Why don't they wear UFO t-shirts and talk klingon while they're at it? Great PR... The colors black and green lose sex appeal around these jokers.

Re:Wait A Second

[Nyder]

Do you code? If not then how do you hack anything? You just load ROMs. So you're a modder. Now you may love the lifestyle, but in my not so humble opinion if you don't write code you really can only "hack" mechanical things because you can't alter the software of anything controlled by code. You can get other people to write it for you and run it. But does that really meet the definition? If so then I'm a mechanic. If that's the bar then half the world can be listed as hackers for jail breaking their phone. No sir you are a scenester. Which is okay I guess If you just want to look like you're a bad ass. Like those guys with all the Celtic tattoos on 50k "motorcycles". It's okay I guess. But it ain't no 1%er.

Wow, you've proven yourself to be Mr. Badass. Why don't you regal us with tales of your hacking adventures?

Re:Wait A Second

[stardaemon]

Oi! No feeding the troll!

"trollertron3000" is a bit of a giveaway, even if it wasn't obvious from the post.

Re:Wait A Second

>> This is a beautiful concept, and there is no other word which captures it.

http://dictionary.reference.com/browse/expert

The word has been in use a few centuries longer than 'hacker' in the meaning you are referring to, and covers the same.

Re:Wait A Second

[BetterThanCaesar]

[...] or refer to any brand of MP3 player as an "iPod".

I think you just used "MP3" to mean any digital audio file and compression format. It's easy to fall into those traps. Language is full of similar misconceptions or alterations that have built up through the years. Sometimes the meaning differs depending on what area you are in, like the word "theory" which means different things in science and otherwise, or "hacker" for that matter, which means different things in engineering and otherwise.

Re:Wait A Second

[webscathe]

IMHO... A hacker is anyone who derives joy from discovering ways to circumvent limitations.

Re:Wait A Second

[Thing+1]

Language evolves and once a phrase is out there publicly, used correctly or not, you can't put the toothpaste back in the tube.

Exactly. I just tried to help someone understand the origin of the phrase that has devolved into finding proof in a dessert. He maintained that "language evolves and math does not" but saying something that is patently ridiculous as a way of heightening one's credibility just doesn't seem to make sense. "The proof of the pudding is in the eating" makes sense. "The proof is in the pudding" does not; perhaps during a marriage proposal, I suppose, but not in general, and I agree, sometimes you just throw in the towel when people willfully choose to act as if they were ignorant.

Re:Wait A Second

And with a name like "troller" tron ...

Re:Wait A Second

[Gr8Apes]

I always considered myself a hacker in its original sense. Someone who modded an existing piece of hardware or software to suit their needs, or to work around an existing issue. My latest and most simplest "hack" is getting Froyo on my phone, since my carrier wouldn't send the update.

You're a hacker in my book.
Those others are not.
And I'm surprised that Slashdot has started using the word *exclusively* to mean criminals.

Whatever happened to the word "cracker" (the original word describing a hacker with criminal intent)?

Re:Wait A Second

If you can point out any portable music player that doesn't play MP3 format, you may be right.

Re:Wait A Second

[Mister+Whirly]

Well, you can carry that rather large and heavy banner around. I carried it for years and my arms are simply too tired to do it anymore. In my eyes, they have already won - I don't think that every major media outlet is going to issue retractions at any time and start correctly using the term correctly in the future. Plus being a pedantic asshat is pretty fun when you are young, but as the years go by it loses some of the luster. Now get off my lawn!

Re:Wait A Second

[Mister+Whirly]

"start correctly using the term correctly" brought to you by the Department of Redundancy Department.

Re:Wait A Second

[awshidahak]

I hate it whenever people call my T91MT an iPad too.

Re:Wait A Second

[WaroDaBeast]

Never forget that, sadly enough, it's always "Too much, too complicated" for most people, even if a five-year-old can do it (I'm looking at you, mom, who simply "couldn't" figure out how to plug a parallel cable despite the color code and the particular shape of the connector).

Re:Wait A Second

[trollertron3000]

I code on your mother's chip using JTAG.

Re:Wait A Second

[trollertron3000]

Sorry sorry I had that all wrong. I can only debug your mother's chip using JTAG. The code I write requires ANSI C.

Re:Wait A Second

[hardane]

It's not just about terminology overload but more than anything about main stream media AND IT tech media totally using 'hacker' instead of cracker/blackhat/malware writer/cyber criminal as general term to describe all kinds of blackhats, crackers, etc. and always *only* about villains of some sort - and those all have more describing terms they can be talked about while hackers, the real ones, can be best described as hackers, but thanks to this bullshit the terminology has to be explained "just in case" when using term "hacker" for what it means - even if you talk about crackers or other cyber villains separately in same post, babble, artile, discussion or whatever just to be sure.

Yes it pisses me off, and it's not only an english issue either - I bet that many countries have translation for "hacker" (ie. hakkeri in finnish) and I bet that it's misused by media in most countries exactly the same as in english.

As for what comes to "whining", I could say the same on whining about people pointing out that hacker means something else than criminal - and it is mighty silly thing to whine about.

Re:Wait A Second

[trollertron3000]

LOL, you lose and I win, again. Read my nick sucker.

Pair tree?

[sideslash]

"From the partridge-in-a-pair-tree dept" -- did I miss a pun, or was "pear" just misspelled here?

(Yeah, I know, "ja wohl, mein dictionary" and all that.)

Record high trading volume, dow drops 1000 point

may 6, 2010. look for the photo in Wall Street Journal. Vice Admiral Joseph Maguire rang the NYSE opening bell, Maguire is deputy director for Strategic Operational Planning at the National Counterterrorism Center. Record high trading volume, dow drops over 1000 points... someone banked billions in an hour

Missing option

[blair1q]

8) Website devs who force simple articles to split unnecessarily across multiple webpages. They're in it for clicks and ad revenue, essentially scamming multiple banner-ad buyers into paying for the same article read. Here's an example.

Re:Missing option

[Charliemopps]

Wheres my mod points when I need them. It's funny because it's true!

Re:Missing option

[jcoy42]

Also missing: users who have installed Adblock Plus and don't even see the ads.

Re:Missing option

Yeah so, /. takes InfoWorld backhanders. Do you see how many of their stories get posted to the front page?

Re:Missing option

[nzap]

Also missing: users who have installed Adblock Plus and don't even see the ads.

They don't see the ads, but they still see the inconvenience of imitating the limitations of a paper format.

Re:Missing option

[Dr_Barnowl]

They're beneficial - they weren't going to buy anything anyway, so they've saved the ad server some bandwidth. It's not free, you know.

Re:Missing option

8) Website devs who force simple articles to split unnecessarily across multiple webpages. They're in it for clicks and ad revenue, essentially scamming multiple banner-ad buyers into paying for the same article read. Here's an example.

Those website devs aren't hackers, they're just hacks.

Hackers vs. Crackers

So I take it we've abandoned arguing that the 'hackers' label is for sophisticated tinkerers and that 'crackers' should be used to label criminals.

Good. It was a stupid argument.

good hackers?

Are all hackers really evil? In my book I count all the usual wizards and programers or patchers as hackers. Even if they are helping and not trying to bring you down.

Re:good hackers?

re-read the summary: it says malicious hackers, ie the bad/evil guys.

rogue hackers

[smitty97]

Does Rogue Hackers include all the roguelikes such as Net Hackers, Moria Hackers and Angband Hackers?

Re:rogue hackers

It includes everyone who changes their font in order to look different from other people, but end up looking retarded.

Re:rogue hackers

[trollertron3000]

The moment I see them I inspect their gear. If they don't use c++ I grief them hard and boot them from the instance.

Re:rogue hackers

[ElectricTurtle]

Perhaps, but some rogue hackers might have trouble resolving Ancient Domains of Mystery...

Re:rogue hackers

[nzap]

xkcd

Re:rogue hackers

[game+kid]

It did, but they all died and they're never coming back.

Re:rogue hackers

[thatskinnyguy]

No but the font change makes you a scene hacker/tool.

Re:rogue hackers

No, it makes him a ttool.

Re:rogue hackers

[HeckRuler]

Lookout rgrd! Bruce is coming for you!

Wikileaks? Really?

[Kell+Bengal]

If they're conflating Wikileaks with hackers, then it's pretty clear to me that they either don't know what hackers are, don't know what Wikileaks is, or are riding the Wikileaks-hater bandwagon.

I've always broken it down by "hats"

from good to bad...

white hat, gray hat, black hat, and asshat

I don't remember where I originally heard this, known it for years, so sorry to the source.

Re:I've always broken it down by "hats"

[camperdave]

I'd reverse the last two. Black hats are being deliberately malicious and evil, whereas the other is just being a jerk for the sake of being a jerk.

Re:I've always broken it down by "hats"

from good to bad...

My "hierarchy of involution" looks like: black/gray/white/ass-hats - with Aaron Barr far beyond the last category.

Re:I've always broken it down by "hats"

Yeah, but what they fall short of in evilness they make up for in obnoxiousness.

Re:I've always broken it down by "hats"

At least the black hat will stop bugging you once he's accomplished whatever he wants to accomplish; the asshat will stay around to hound you for no other reason than to annoy you.

innacurate re: wikileaks

[Junior+J.+Junior+III]

From the article:

Malicious hacker No. 5: Hacktivists
Lots of hackers are motivated by political, religious, environmental, or other personal beliefs. They are usually content with embarrassing their opponents or defacing their websites, although they can slip into corporate-espionage mode if it means they can weaken the opponent. Think WikiLeaks.

I'll grant that Wikileaks are activists. I'll also grant that they have some great hackers working for them. But what the article describes as "hacktivism" is not what wikileaks does. Wikileaks employs hackers defensively, to provide a secure system that guarantees anonymity for the sources who leak information to them.

Although there have been allegations made in the press by people who probably don't know anything about information security, I have seen no evidence that suggests that Wikileaks obtains information by cracking into systems. On the contrary, Wikileaks have always claimed to work by receiving information from sources who were privileged with access to the information, and who elected to leak it to Wikileaks out of duty to their conscience.

There has been, to date, no evidence brought forward which suggests that Wikileaks has ever broken into a system to extract information out of it. That isn't the way they do things.

There are "hacktivists" who do things like deface websites in order to publicize a cause, or DDoS attack some target that they disagree with. But that is not what Wikileaks does, either. Misguided sympathizers from "Anonymous" may have done some of these things in an attempt to aid Wikileaks, but that is still not something that Wikileaks does or endorses.

Re:innacurate re: wikileaks

Wikileaks have always claimed to work by receiving information from sources who were privileged with access to the information, and who elected to leak it to Wikileaks out of duty to their conscience.

Oh, well as long as they claim to not hack systems, I see no reason not to trust them. I hereby proclaim Wikileaks to be an honest company because that's my opinion so it must be fact!

Re:innacurate re: wikileaks

[gearsmithy]

Well we know Assange isn't a hacker... we have evidence to suggest that he's be laid at least twice.

Re:innacurate re: wikileaks

[nzap]

Wikileaks have always claimed to work by receiving information from sources who were privileged with access to the information, and who elected to leak it to Wikileaks out of duty to their conscience.

Oh, well as long as they claim to not hack systems, I see no reason not to trust them. I hereby proclaim Wikileaks to be an honest company because that's my opinion so it must be fact!

The strawman industry is booming in Trollsville.

Re:innacurate re: wikileaks

[c0lo]

Oh, well as long as they claim to not hack systems, I see no reason not to trust them. I hereby proclaim Wikileaks to be an honest company because that's my opinion so it must be fact!

Doh, AC... Your proclamation seems a bit redundant (to use a mild term), don't you think?
Or you haven't heard about "Innocent until proven guilty" yet?

Re:innacurate re: wikileaks

[HeckRuler]

Agreed, but when he said "think wikileaks" he could have meant the material on wikileaks. Although, that's kinda silly as the majority of wikileaks is stuff that's leaked by those entrusted with said information leaking it to the public. It's kinda build into the name.

Re:innacurate re: wikileaks

[incubbus13]

I was just going to comment on that. By connecting wikileaks to a rogue's gallery of villains, the article makes it's political leanings pretty clear. It's also woefully brief and simplistic. But this article seemed more designed to get lots of hits, by using every buzzword it could think of that'd make it come up high on Google than useful or informative. I guess if you were teaching a 5th grade class an introduction to malicious software hackers it'd be a place to start. This is like a nursing home-time news broadcast designed to scare seniors and technophobes. Kids are licking toad's butts to get high! News at 11! Fluff piece. Maybe it'll be on L&O next season.

K.

Re:innacurate re: wikileaks

"There has been, to date, no evidence brought forward which suggests that Wikileaks has ever broken into a system to extract information out of it."

So what about the allegations that some NYT journalists had their email accounts hacked prior to or shortly after speaking with Assange?

Hackers?

[D+Ninja]

Angelina Jolie is suspiciously absent...

Re:Hackers?

[Stregano]

That is because she was a crappy hacker. She needed the help of ZEROCOOL a.k.a. Crash Override a.k.a. Dade Murphy. Don't forget about Razor and Blade, they are elite.

Re:Hackers?

[c0lo]

Angelina Jolie is suspiciously absent...

Currently on active assignment for a job requiring a "Cat4 hacker"... be patient.

Re:Hackers?

[PPH]

OTOH, Keanu Reeves is blessedly absent.

Rogue Hack

[DarthVain]

When you're killed by the letter "k"

which type was steve jobs and steve wozniak

[decora]

when they were selling blueboxes?

"future millionaire" hackers?

Re:which type was steve jobs and steve wozniak

[blair1q]

phreaks

Re:which type was steve jobs and steve wozniak

[trollertron3000]

Woz would be a hobbyist hacker. Steve Jobs would be a suit.

Waaaaaaaaaay too complicated.

There are only two:

- Fat, preferably beard
- Super-Slim, Glasses

Maybe you should have an editor read this one, Rog

[Minwee]

"If you think simply having a buffer overflow, fully patched systems, and antivirus will defend against all hackers no matter their objectives, you're wrong."

Um, if you think that a buffer overflow is supposed to defend you, then you're even more wrong.

Re:Wikileaks? Really?

[blair1q]

If you include in Wikileaks the people who are stealing the secrets and giving them to the organization, then Wikileaks are hackers. They're quite a bit less technical about their acquisition of data, but they are the most famous representative of the hacktivists subset of (cr|h)ackers that includes those who are more technical. If you prefer, you can always think Sneakers.

Re:Record high trading volume, dow drops 1000 poin

[c0lo]

may 6, 2010. look for the photo in Wall Street Journal. Vice Admiral Joseph Maguire rang the NYSE opening bell, Maguire is deputy director for Strategic Operational Planning at the National Counterterrorism Center. Record high trading volume, dow drops over 1000 points... someone banked billions in an hour

How does it go? Something like "never attribute to malice that could be reasonable explained by stupidity" or something (because it weren't the guys that caused it the ones who banked them billions).

Now all we need

[Dachannien]

...is a list of skill bonuses for each class, and we can start rolling up characters!

Re:Maybe you should have an editor read this one,

[game+kid]

XD

Re:Maybe you should have an editor read this one,

"If you think simply having a buffer overflow, fully patched systems, and antivirus will defend against all hackers no matter their objectives, you're wrong."

Um, if you think that a buffer overflow is supposed to defend you, then you're even more wrong.

That HAD to be a typo . . . somehow. Not sure how. I think he might have meant "firewall", but I just can't see how "firewall" could morph into "buffer overflow". Unless there's a buffer overflow vulnerability in your firewall? But then, as you so succinctly pointed out, that wouldn't help your network much.

The irony . . .

[Ethereal.Visage]

Oh, the irony. I attempted to read the article, and I get "Site off-line".

Anyone think that he might have just won the "pissed off the hackers" achievement?

The Seven Types of Criminal Hackers

Why do reporters and writers everywhere keep doing this?
A hacker is a highly skilled computer programmer who loves doing neat things with computers or other electronic devices.
Just because he has the right skill set doesn't mean that he wants to steal your money/identity.
The correct term for any person that uses a computer in malicious ways is CRACKER. Get your shit together, people!

At this rate, true hackers will have to coin a new term to represent themselves.

The Dictionary

[QuincyDurant]

...still supports the original sense as the primary meaning:

hacker |hakr|
noun
1 informal an enthusiastic and skillful computer programmer or user.
  a person who uses computers to gain unauthorized access to data.

And, believe it or not, there are other meanings:

1.
: one that hacks
2
: a person who is inexperienced or unskilled at a particular activity
3
: an expert at programming and solving problems with a computer
4
: a person who illegally gains access to and sometimes tampers with information in a computer system

Since there is no other convenient synonym for Definition #4, it's hard to blame writers for using "hacker" as shorthand.

The Slashdot poster

[CrazyJim1]

Although trained in different skill sets, they come together as a communal force to DOS sites.

Only Two Types

[Plekto]

There are only two types.

Those that you know about.
Those that you don't know about yet.

Thankfully, idiots make up 98%+ of the ones out there, but there are some that you never see, never know about, and are usually doing it as part of their normal job for whatever agency or government that is hiring them.

Of course, they aren't interested in us normal folk, so it's really us vs the idiots. And some days I wonder how they can be doing so well. Then I see my neighbor and it makes quite a lot of sense...

Re:Wikileaks? Really?

Well, to be fair, if you've followed Wikileaks you'd know that they've hacked a few email accounts at the New York Times and offered them advice on improving their security. Not exactly worthy of someone like the World's Number 1 Hacker or anything, but still within the definition of hacker. It's also well known that Assange is a former/current hacker and allegedly there are some within the organization as well. I'm not sure if Grimes knows about any of this, he seems kind of naive based on some of his responses to comments on his articles.

Re:Wikileaks? Really?

[cbhacking]

I thought that was supposed to mean the people who are "defending" Wikileaks, Anonymous et. al.

It's unfortunate that the writing isn't very good, because the point he's trying to make (the random troublemaker is different from the commercially motivated is different from the targeted attacker) is a pretty good one.

I need a Venn diagram to explain the fail

[HeckRuler]

Yeah, I'm not really diggin the list.
#1 "Criminal" is any law-breaker, which would be everyone on the list, except maybe "Cyber Warriors". Also maybe Hackticists, depending on if you consider "crime" to mean anything "socially detrimental".
#1a Maybe you meant for-profit criminals, which would still include Spam, Adware, and Corporate Spies.
#2 Spamming and adware spreading are two different activities. They may be of the similar low-hanging-fruit bulk-rate sort, but I don't know if they overlap.
#3 APT, wow what a horrible name. But after a wiki explanation, I think it includes anyone whose dayjob/hobby is to screw over a specific target. That would include subsets of Corporate Spies, Hacktivists, and maybe cyber warriors.
#6 What the hell is a "cyber warrior"? I think they were in Shadowrun.
#7 Rogue hackers is kind of a catch-all, but it includes subsets or splinter-groups of all the other types.

And yeah, missing from the list is:
#8 National Entities, with two flavors: "Yours" and "Foreign".

A Venn diagram would do wonders here.

Re:Maybe you should have an editor read this one,

[Spykk]

The buffer overflow is there to offset the adjacent buffer underrun. It is a very delicate system.

Re:Maybe you should have an editor read this one,

I think what your referring to is buffer overflow protection. Buffer overflow is where data overflows your buffer and causes writes to unintended sections of memory. Buffer overflow protection simply checks to see exactly how full the buffer is and prevent any writes that exceed it. There is no way to use a buffer overflow to your advantage unless your a hacker.

He missed a large section of hackers

There is a fairly large section of hackers that try to operate within the bounds of the law. There only goal is simply to "enhance" already existing software so that it performs the way they want it to. This is generally refereed to as game hacking. These hackers take advantage of software security holes to make the software perform in an unintended way. This often is applied to games for things like "god mode", "wall hacks", etc... While these hackers don't intend to be a threat they often expose threats, and create additional security holes that were not foreseen by software creators.

Re:Maybe you should have an editor read this one,

Sorry i forgot to mention buffer under run is where you are reading information from your buffer faster than you are adding information to the buffer. This problem usually occurs on cd-burners where this problem can cause permanent damage to the disk being written. But it does have instances where it can be an issue. The protection for this is simply to limit the speed that data is being read from the buffer. There is never an instance where buffer under run is good. and it can not be protected against with a buffer overflow. Using the one to protect against the other is just stupid. Each one needs it's own specialized form of protection and can they do not simply cancel each other out.

That is the biggest load of crap...

...I've ever seen on Slashdot.

Malicious hacker No. 5: Hacktivists
Lots of hackers are motivated by political, religious, environmental, or other personal beliefs. They are usually content with embarrassing their opponents or defacing their websites, although they can slip into corporate-espionage mode if it means they can weaken the opponent. Think WikiLeaks.

Right... 'Think Wikileaks' ?!??

Wikileaks don't hack anything. They offer an anonymous way of publishing information of public interest. Some of the information published on wikileaks is probably gained through 'hacking' (by which you mean 'cracking', but that ship has long sailed thanks to widespread ignorance).

Unless of course you deem journalism to be some kind of 'hacking' activity?

Seriously slashdot! Moderate this lame duck crap PLEASE!

How about

Doc, Grumpy, Happy, Sleepy, Bashful, Sneezy, and Dopey?

Um...they missed a category

I started my career as a "White Hat Hacker." I was hired by a large telecom to hack their entry points. Anyone?

Hacker vs. Cracker

[LongearedBat]

In the 80's (before the internet) and before jargon was mixed up by casual computer users...

- A "hacker" meant someone who was proficent enough with computers (few people were at that time) that they typed really fast at their keyboard, usually writing code or scripts. Today a "hack" still means quickly written, not carefully thought out code.

- A "cracker" was someone who broke copy protection. Today that would include breaking network security.

I may be considered pedantic, but it would be good to retain the difference in meaning between the two words.

Re:Hacker vs. Cracker

[MadMaverick9]

Not pedantic at all, simply correct.

See RFC 1392.

http://tools.ietf.org/html/rfc1392#page-21 (hacker)
http://tools.ietf.org/html/rfc1392#page-12 (cracker)

I wouldn't classify anyone on that list as a hacke

I wouldn't classify anyone on that list as a hacker. A hacker learns by trying, exploring systems and learning along the way. All of those descriptions were based on the premise that hackers are bad. For shame.

You might as well give me the keys to your etc.

[parlancex]

How can we even begin to discuss hackers without this video? http://www.youtube.com/watch?v=wQ_SE71N3Bc

Seven Types

[halcyon1234]

1. 1. Sleepy
2. 2. Sneezy
3. 3. Dopey
4. 4. Grumpy
5. 5. Happy
6. 6. Bashful
7. 7. Cowboy Neil

Sidenote: Slashdot's css has fucked up OL. Another entry for my user style. Great job, Slashdot. Great job.

ol li
{
list-style-type:decimal !important;
}

when will you guys look at the bond market

[decora]

the conspiracies are thousands of times worse in the bond market, and people get away with hundreds of times more stuff there.

Sub 7 is 31337

[NSN+A392-99-964-5927]

i just clicked the server, then hit his firewall and crashed his computer.

Re:Maybe you should have an editor read this one,

And if all else fails, remove your RAM! There, problem solved!

Who cares?

Does it really matter? The security industry is obsessed in trying to define "the enemy" and portraying infosec as a battle ground.
It isnt!!! It's just some people trying to stop other people misusing their computers. You know, like groundskeepers keeping kids off the grass. The people "hacking" do it for all sorts of reasons. Understanding those reasons is not required to thwart them. Understanding the vulnerabilities is all that matters, the threat agents could be micky fecking mouse and donald barstard duck for all I care.

The only "threat" to our personal information, money, identity, national secrets, whatever - is a lack of due diligence. ALL successful intrusions are possible due to someone somewhere being slack, not the work of an evil genius. And contrary to popular belief, an "unhackable" network is completely possible - it's just costs more than the other type.

So while it suits large corporations and governments to paint themselves as under siege from a more capable, better resourced adversary. The truth is they are using it as a front to focus less on securing existing systems while they blow the budget on building new ones. All the tools required already exist. Only the man power to run them properly holds us back.

Re:Who cares?

[hardane]

Does it really matter? The security industry is obsessed in trying to define "the enemy" and portraying infosec as a battle ground. It isnt!!! It's just some people trying to stop other people misusing their computers. You know, like groundskeepers keeping kids off the grass. The people "hacking" do it for all sorts of reasons. Understanding those reasons is not required to thwart them. Understanding the vulnerabilities is all that matters, the threat agents could be micky fecking mouse and donald barstard duck for all I care.

The only "threat" to our personal information, money, identity, national secrets, whatever - is a lack of due diligence. ALL successful intrusions are possible due to someone somewhere being slack, not the work of an evil genius. And contrary to popular belief, an "unhackable" network is completely possible - it's just costs more than the other type.

So while it suits large corporations and governments to paint themselves as under siege from a more capable, better resourced adversary. The truth is they are using it as a front to focus less on securing existing systems while they blow the budget on building new ones. All the tools required already exist. Only the man power to run them properly holds us back.

Unhackable network is completely possible - well, that's a claim that I have rarely heard. And most times when I have heard such claim it has been followed by explanation on how it would have to be very simple setup, minimizing the system from kernel to application level to function as reliably as ever possible. I would say that even C-64 version of Contiki OS running only it's tiny and extremely limited (and most certainly extremely carefully planned, this is a windowing multitasking OS for 8-bit processor running on 64KB RAM and is able to provide a www server to public) http server - if you count out the fact that a computer running at 1Mhz and with very small amount of memory available to handle network traffic it is bound to be very vulnerable to DoS attacks I would still not feel comfortable stating 100% certain that this system could not have some minor flaw somewhere in the code that would allow an exploit of some sort be used against it.

And if we talk about serious business or other extremely high level server implementations, or rather network implementations it is damn ballsy to say that it is possible to create a system 100% guaranteed to be unhackable. To state that intrusions are possible only because someone being slack, well that is just silly to put it nicely.

However I can agree with the last part of your message - partly! That is most certainly not all, but just as certainly some corporations indeed focus less on securing systems when focusing more on profits, savings & budjet - especially when it's not about their network and their servers but the end user products. Microsoft has a dark history on acting just that way - didn't they last year fix a hole in Windows that was known from early 2000's?

Re:Wikileaks? Really?

[gnola14]

I was thinking the exact same thing. First of all, his definition of "hacktivist" is quite broad, so that even blogs or PETA-like sites could fall into that category. Besides, AFAIK Wikileaks just gives a channel to distribute classified information, it doesn't do the hacking themselves. Poor article really, don't know how such a smart guy as Schneier could link it...

Re:Maybe you should have an editor read this one,

[rwv]

What's wrong with the Buffer Overflow defense? Also, might I suggest that you try protecting your data from hackers with NULL pointers.

Re:Record high trading volume, dow drops 1000 poin

[gregthebunny]

Hanlon's razor:

Never attribute to malice that which is adequately explained by stupidity.

****malicious***

[Gunstick]

It says "Your guide to the seven types of malicious hackers"
Please note the word malicious

There are many more types of hackers, which are not malicious at all.

Not seven but 3 types.

There are 3 types. Whitehats, greyhats and backhats.

http://en.wikipedia.org/wiki/White_hat
http://en.wikipedia.org/wiki/Grey_hat
http://en.wikipedia.org/wiki/Black_hat

Only the blackhats does nasty stuff on the net. FYI.