Slashdot Mirror
"Hackers" are Dumb
_alpha_ wrote
in to send us an article about
Detectives in
a digital age which makes the most blatant Hacker/Cracker
error I've seen lately... "Hackers are dumb" . Read
the article, its obviously about crackers. I think that the
media can just s/hacker/Script Kiddie/gi; and call it good.
Abandon the Windows platform and move to something with more security between system-level priviledges and user-level! Of COURSE if you run programs with superuser priviledges you're going to be vulnerable to all kinds of viruses. Perhaps it is just time to outlaw Windows in corporate environments and move to Unix?
I suppose most people here have already read it, but I urge anyone who hasn't to get a copy of "Hackers" by Stephen Levy.
The first part in particular will I think, give those of us who don't remember the first time, an excellent impression of where we come from and why we are here. Sort of like Genesis, Exodus.
So, the stock "hoax" was an altered page lifted
from Bloomberg, and stuck on angelfire. And
people believed it... even though the URL was
there, black on white, in the text box under
the menus. Are most of the investors as bright
as this?
--ac
Ok..nobody give a CRAP about this hacker/cracker stuff. If somebody broke into a computer, I'd say they "hacked in" like most people because it makes friggin sense.
When somebody breaks a password specifically or unlocks a piece of software, I'd say they cracked it. So maybe they crack stuff to get into a computer..but when they get in a do stuff, I call that a "hack"...just like I call a dodgy piece of code or a demo effect a hack. Just like I call programming "hacking". Yes...multiple meanings. Hard concept eh?
But when this stupid ass crap is on slashdot every friggin week...jesus...what happened to the slashdot of 2? years ago. Get used to the fact that english words have multiple meanings or shut the fuck up people.
Flame on.
If I were pissed off at somebody (Maybe a script kiddie who tried to winnuke me or something) I'd write a word macro virus and replace the MSID with documents from his web page (Every good script kiddie has to have a K-R4D web page, right?) and then distribute that on the internet.
If the same $480k was spent on educating the lusers you wouldn't HAVE this problem in the first place.
I agree with you. It seems people around here are getting alittle too self-important.
Script-o-maniacs, crackers, ect. are dumb. They may have brains, just like Gartner group, but doesn't mean they use em (just like Gartner group.) Is there a "ignore" cat. for cracker vs. hacker/free kevin crap? Let me see...
Well that is definitely a queer stance to take. Slashdot needs to really lighten up so people can get back to having a gay surfing experience.
Haha. I can see CNN announcing that. "A crack group of computer muthafuckas broke into the Whitehouse's super secret secure NT web server and changed the home page."
This only reinforces my belief that any article that contains "cyber" is not worth reading
Back in the ol' days, a hacker was what is now called a cracker. And a cracker was someone who would break copy protection schemes and distribute the unprotected version of the software. Then there were Phreakers....well they're another story.
:)
Geez, you internet jocks sure debauched the language used back in the BBS hay-day
Hackers were before BBSes kid...
>Thanks to WarGames, you've got a general public
>that sees the word "hacker" and automatically
>thinks of a pimply-faced anti-social pubescent
>malcontent breaking into NORAD.
Hey! He just wanted to play some games.
- Professor Falcon
joshua^H^H^H^H^H^H
Hmm...interesting. I'm familiar with a Hack as a a poorly written program.
:)
A Hacker was someone who could not program well.
Any decent coder would find it offensive to be called
a "hacker". Mind you, this particular use of the term may
very well be different from one part of the States/Canada/U.K. to
the other. Hacker as I've defined before was the defacto
use of the term in a cyber-community that preceeded the
interent. So much as your definition of Hacker is still
valid in some sense, so is the one I gave.
In any case, there's no use getting one's undies tied in a knot
if people use "Hacker" instead of "Cracker. It's not a sign of ignorance,
just age. Agreed, old-old-timer?
The point is, if your sampling is the set of all hackers who get caught, and your conclusion is that hackers are stupid, you are missing the point that the smart ones don't get caught.
The way I look at it, hacking is the process of pounding on something with whatever tools you have till it does what you want. The art of hacking is knowing which hammer to use and how to hit it. I can as use the term to describe "hacking on the linux kernel" or "hacking someone's linux system". The goal may be different, but the idea is the same. The problem with calling script kiddies "hackers" is merely one of sophistication. It is like calling "programming" in VB "hacking".
As far as I know, a cracker is a hacker that "hacks" with malicious intent. Hence hacker can be used as a broad vague term. To hack means to pretty much rip into/through code.
besides, hacker sounds a lot cooler than cracker;p
He would be assessed fines, not damages. No one who suffered from the virus will see a dime of that money. Those types of penatlies are created for two reasons: to deter people, and to recover the cost of law enforcement.
If someone wants to recover damages, they would have to sue the guy in civil court.
The moron that signed his name to a virus instead.
!!!No, MSWORD did it for him!!!!
It didn't, it said "Cracked by Eaglesoft."
Even back in those days, when us pitaful C= freaks had no clue what Unix was, we knew the difference between "Hacker" and "Cracker"
If you look at all the cases where the person was caught, it was by means that took advantage of the perpitrators blatant stupidity. With wingates and hundreds if not thousands of vulnerable servers on the internet, the chance that someone getting caught who knows what they are doing is NIL.
Dennis J Potechin
The AP Wire and Reuters reporters need to read Eric S. Raymond's Jargon File a few hundred times and get the damn terms right.
It was a while ago. Damn I miss my C128 (for it's C64 mode). Remember the game "Hacker?" Ha ha.
Inference Wiz
Complexity Grokker
Smart Person
Furniture-maker-with-axe
Bard
Loremaster
Geez, just when you though you could avoid political correctness on the internet, some sensitive hacker or whatever the hell they call themselves has to get pissed off. Chill. Its like getting all angry about anonymous coward not being "Courage-challenged Not-wishing-to-be-known person"
What's kind of troubling to me about the way they catch these criminals is by tracking IP's and embeded things in word doucments and such like the Melissa virus.
:-> I guess maybe that's why Intel put serial numbers embeded into the CPU's so you could pull the serial number. Only problem with those, is you can fake that too.
:P
Anyhow, What if say a person, We'll call him "lamer" decided he really hated his friend Fred. He then went and installed Windows 95 using Fred's name, serial # etc. Then pulled out Microsoft Word without using the fix which removed the name and such from the documents. Then while he was at Fred's house he some how got ahold of his ISP's username and password(Which is easy, you'd be surpised how stupid people are). Then lamer noticed that his friends house has a "gray" box which you can easily open up and attach a normal phone cord to was attach to his house(They do have those, atlest in my area). Anyhow Lamer stayed up really late one nite, grabbed his notebook, pulled his bike and biked over to Fred's house. Then wearing rubber gloves opened up the box, attached his notebook modem to it and dialed up the ISP and logged in as Fred. Then Lamer goes out and hacks as many websites as he can and sends out as many macro virii as he can. Then he disconnects himself, packs up,takes off, burns the gloves somewhere, and goes home like nothing ever happened. Now the great smart FBI agents and such track Fred down and say he did all this because his name was embeded into all the macro virii, or his ISP said that he was logged in and it came from his IP that he got at the time. Then you check the phone company, and a call was made from his house at the time too.
So I guess what troubles me about the whole use of logs from ISP's, and all that jazz is, is how do you *REALLY* know you're getting the right person? Things can be so easily faked it isn't funny. In this situation the only way for Lamer to get caught is if someone saw him tampering with the phone, then knew which direction he traveled on his bike and where he went AND there was some physical evidance left AND it was still there after a rain storm. So in an essence, so who's really dumb? So maybe some of these people forgot to cover their tracks a little. Almost all criminals do that. There is no such thing as a perfect crime. However, in computers things can be so easily faked it isn't funny, so how do you *REALLY* know you got the right person? When you track things by logs the like, it isn't as 100% certian as DNA tests, finger prints, etc. There's only one person in the world who has the same finger print as you, however with computers, You can fake IP's, You can fake word documents you can fake it all. Then if you're really good, you don't get caught doing it either and Fred gets blamed for it.
Anyhow, just my two cents.
- Anonymous Coward - Which really isn't anonymous unless I'm using someone elses Internet account on a notebook attached to a payphone.
- Life's a bitch, then marry one.
I'd assumed for a long time that the hacker/cracker confusion was a US/UK thing, ESR being an American and all. I've never heard anyone in the UK use the work hacker without intending the 'cracker' meaning. (And I've never heard 'script kiddie' at all.)
Brits who code are called coders...
More hype for the clueless. These "digital Sherlock Holmeses" are the alchemists of the digital age. They promise gold from lead, but all they're doing is relying on the gullibility of law enforcement and the courts. Their signature parlor trick is examining the swap file entrails of the suspect computer system--they rely on a security hole to work their magic. The forensic text search software that the courts recognize is awful (I've used one of the two--a DOS app compiled with Turbo C++) and can't even do regexs. Try finding the string "John Smith" without a regex when it was written into 16-bit integers or some other non-char scalar. The best I could testify to, based on the results produced by the program I used, was that I didn't find the string I was looking for--fortunately, the case didn't go to trial and I didn't have to sit in the box and sound like a moron. (No, I didn't have access to grep or Perl at the time, I had to use the DOS app).
As for a hacker "wiping out a disk" to cover his tracks, there is some real magic available there if you have the dough to pay for it. Last time I read, it was possible to get a decent read of data that had been written over as many as nine times.
These guys couldn't catch a real (cr|h)acker if their lives depended on it. They rely on the holes in unsecure Operating Systems and other widely-known and easily circumvented clues, like IP trails, to produce evidence. Bah, humbug.
slashdot broke my sig
It seems that nobody - the media, slashdot, or anybody else - can get the usage of the words right (or even agree on what "right" is). The media seems to take "hackers" as a synonym for "those who circumvent security" whether those people really are hackers (yes, a few of them actually are) or are merely script kiddies (the vast majority). Many slashdot readers, on the other hand, seem to say that nobody who circumvents security can be called a "hacker," which is also obviously incorrect, as some of those who break security are indeed skilled hackers in the 1970s sense of the word.
...not to mention the problem that "cracker" in reference to computers already applies to the skilled assembly coders who remove copy protection schemes from software.
10 PRINT CHR$(205.5+RND(1)); : GOTO 10
Ignoring the misuse of word the word Hacker for now, all the stories they have listed here are about people who have not done anything at all particularily smart anyway. Writing the Melissa virus? Well that guy did not even use his own code, he mostly used someone's existing macro virus lib. As for the guy who setup a scam on Angelfire well I'm not even going to start with the basic stupidity of that. None of the people in the article could claim to be described by the term 'Hacker' either the real meaning or the more popular current use of it. And remember all the real crackers who know what they are doing never detected anyway.
Posted by The Mongolian Barbecue:
When your focus is on making money rather than conveying reasoned news stories, this kind of thing happens a lot.
Posted by Mike@ABC:
Sure, the mainstream media will continue to use and misuse the term "hacker," but personally, I think the whole open source/Linux wave is changing that. I have the privilege of covering both the open source movement and computer security issues. When I see a bunch of brilliant Linux coders calling themselves hackers, it makes me review just what a hacker is, and how I might differentiate them from a) "good" computer security hackers, and b) crackers.
Over the past year, I think the use of these terms has improved, while at the same time, I think the more enlightened press people have been able to communicate these basic ideas to their readers -- and that's the tough part. Thanks to WarGames, you've got a general public that sees the word "hacker" and automatically thinks of a pimply-faced anti-social pubescent malcontent breaking into NORAD.
If the open source-ers keep it up for a few more years, that pesky nomenclature might just change once and for all. But it won't happen overnight.
$480,000 seems small to me. Perhaps that is because I'm used to the mainframe world where a minute of downtime costs $1,000,000. (each minute ass another million) Since companies had to take servers down, they felt some loss from that.
If you figgure a tech makes $300 a day ($80,000 a year) This is only 8000 sysadmins working for two days. (what a previous poster claims it took his company) This allows each company in the fortune 500 to use 16 sysadmins. Now granted not all fortune 500 companies were affected, but even still this starts to look small when you remember that these are the largest companies. Looks to me like $480,000 won't even cover the salery of the systemadmins who were not taking care of normal buisness in response to this. No Think of what the cost of business is (see above), and it looks like a bad estimate.
Now I will grant that NT was taken down more then mainframes, and NT doesn't run anything mission critical, but even still we can expect there were losses due to this downtime that aren't figgure in.
IP numbers are usually assigned dynamically with ISPs, so to track a particular crack attempt or spamming run to a specific user, you have to get the ISP's log of whom was logged in on that IP at that time.
The next Cmdr Taco duplicate will be ready soon, but subscribers can beat the rush and see it early!
One thing that I did see in the last paragraph had a little to say about some of the hacker mentality. It said something to the effect of if the lock are so easy to pick (if the internet is that insecure) then you need to change the locks. I wonder how much longer it will be until the corporate world wakes up and smells the ozone realizing that (h/cr)ackers aren't there to cost them millions of dollars in lost assets, but are there to prove a point. The digital world is not secure nor will it be until there is a need for it to be. With the greater anonymity of the internet and more off the shelf tools for script kiddies, the chances of getting (h/cr)acked increase daily, whilst IS managers restore from tape without learning a thing.
Clinton made me a Republican. Bush made me a Libertarian. Trump is making me question reality.
Sad, but there's no rescuing it. Its been dead for years.
This article was definately about script kiddies. The dangerous/skilled hackers don't just mince HTML. And I expect that they are considerably more difficult to track.
And the author of the Melissa virus didn't "sign" it, MS did that for him and he just didn't try and remove it (perhaps he was unaware). Also, from what I've heard, the guy who wrote the virus isn't the one who released it.
--Lenny
//"You can't prove anything about a program written in C or FORTRAN.
It's really just Peek and Poke with some syntactic sugar."
All the crackers that have been caught have been caught.
So "All those hackers [examples of lately caught hand-in-sack people there] are dumb" does not prove anything, nor is helpful in evaluating the damage done by crackers.
I read it as a "nice" way to downplay the involvment of Word macros in industrial piracy ;(
Martha? Brian? I still like 'motherfuckers' (from an earlier post re: crackers)
-- This and all my posts are in the public domain. I am a lawyer. I am not your lawyer, and this is not legal advice.
a hacker is someone who breaks into information systems-no that's a cracker! ok, so a hacker is someone who likes to code efficiently-no a hack is bad programming! Welcome to the wild world of English :) (This reminds me of the discussions of free software-the French have it right here)
---
Don't tell them to use the term "cracker" either. Use a more correct term like "criminal", "intruder", "trespasser", "violator", or "motherfucker".
I am STILL trying to figure out WHY the Gartner Group is considered "expert" in the realm of security.
I am a network security admin/manager by profession, have been for almost 4 years now, and have NEVER heard anything from Gartner that wasn't:
a) So completely obvious that it wasn't even funny.
b) Marketing-speak
c) Guesswork; or
d) Completely wrong.
I especially (dis)liked the last quote:
"The good thing about the Sherlock Holmeses of the Internet is that they are showing us that the locks are not so good," says Gartner's Zboray. "And if Sherlock says so, then you better go out and get new locks."
Huh? It's not the 'Sherlock Holmses' of the FBI or Gartner group or Phar Lap that are examining the locks. The locks are already busted. Nor is it the 'script kiddies'. Its the hundreds of security people and programmers that continously watch their networks, test software, examine code, report to BugTraq and CERT, and get little or no credit for it. Many of them are true 'hackers'.
And we ALREADY knew that the 'locks' were weak in many areas. Puh-LEASE!
ahem...(cough) (cough)
I mean really...who gives a shit?
People...spend a little less time whining over a word and a little more time coding....
The numbers are linked to specific computers, you can however have multiple sites per IP.
There is nothing in this article that has any truth. PS Does anyone believe that the Melissa virus caused $480,000 worth of damage? I seriously doubt even $20,000.
You don't exist. Go away. --SysVinit Halt
What has happened to "hacker" is the same thing that happened to "negative feedback". A good engineer knows that negative feedback acts to preserve the current state, but your typical suit thinks of negative feedback as something that discourages what someone is already doing.
It is noble to try to clear up the confusion surrounding the misuse of terms, but the problem is the confusion is too strong. "Hacker" now means both enthusiast and criminal, just as negative feedback has two contradictory meanings.
I don't have a good suggestion for a replacement, however, and after all these years there isn't a replacement for negative feedback either. A good name would have to be immediately recognizable. If anyone has a suggestion I'd like to hear it.
Bite the hand.
Wait...before we get all lathered up about hacker/cracker/script kiddie/whatever...
This article is nothing more than a string of quotes from security "experts". Let's not lambaste Wired just yet. In fact, perhaps they ought to be congratulated. They just associated names with some very odd uses of the term "hacker".
At this point, I'd be pretty embarassed to have my name show up in that article. I, for one, think that Wired's article wasn't so bad and may insidiously work to alter the hacker/cracker misconception.
Does anybody really expect them to suddenly start saying anything that isn't total BS? Get real. Maybe I should get involved in consulting; it's gotta be a lot easier than working.
Weblogging Considered Harmful:
Hurrah for that... I wrote to Eric Raymond a few days ago about the definition of 'Hacker' in the his Jargon guide, in particular about the way he called the 'cracker' meaning of the word 'deprecated'. I wrote to tell him that a good lexicon writes its definitions on the basis of examples of a word's usage, and so calling a word 'deprecated' amounted to deliberate blindness and linguistic facism. It's funny how advocates of 'free' software can be so completely facistic about everything else :-)
Matthew @ Bytemark Hosting
'nuff said
I personally like the term "CodeSlinger"
-- toolie
There seems to be an obvious double standard in the media's coverage of Hackers/Crackers. They are portraying hackers as both supervillions who could rule the world, if not for the work of a few hard working FBI agents. And as dumb kids who are more of a nuisance than a real thereat. Both portrayals are equally inaccurate. There are capable hackers and scripts kiddies and coverage which paints sweeping generalities about the "Hacker Mentality" only serve to decrease they likelihood of any effective method of protecting our information
So, while we can study software engineering, calling myself a Software Engineer would be misleading and possibly illegal.
(Please note that I AGREE with this setup. Being an Engineer also makes you responsible for your work in a legal sense. Controls on the title make it more meaningful and valuable.)
/* Put tongue in cheek */
Ok, when I was a little kid two weeks ago, I wanted to be a technology columnist. It looked like an easy way to make some bucks -- just spew wild predictions about the future of computing and cash the checks.
I've changed my mind. Now I want to be a computer security consultant who TALKS to technology columnists.
It seems all I have to do is print up some business cards that say "DonkPunch -- Information Security Consultant" and I'm in business.
Best of all, the columnists will fawn over me as a modern-day Sherlock Holmes ("Elementary, dear Watson. He used MS Word to create a macro virus which gave him remote access to little Jenny's hard drive").
How much can I charge per hour to tell people to turn off macros in MS Word?
/* Remove toungue from cheek */
Save the whales. Feed the hungry. Free the mallocs.
". PS Does anyone believe that the Melissa virus caused $480,000 worth of damage? I seriously doubt even $20,000.
"
I'd say 480,000 is a pretty good estimate. The company I work for, which I will not name, spent a whole lot of time and effort on this, even though we weren't hit all that hard. In addition, we took a lot of early precautions that stopped Melissa from being all that bad. Keep in mind, with the press coverage this got, there were a lot of people from above throwing resources at it. I'd say we probably had 1/4 - 1/3 of our people working on this for the better part of two days, including some overtime, because we're busy even without some jerk's idea of a practical joke. With the companies that were hit even harder, and had to take machines and servers down, I wouldn't be surprised if 480000 dollars was the damage tally.
What are you trying to say?
Now that's where you're ol' days start, you young kid you.
---
--
If I actually could spell I'd have spelled it right in the first place.
Got to agree with that, fellow old-old-timer. ;-)
---
--
If I actually could spell I'd have spelled it right in the first place.
i personally am glad that the general public and media are somewhat fuzzy on what we (computer nerds in general) do. i like that fact that the minority in the world can look at a linux kernal and understand it (hell, i can't even explain everything, not saying that i'm some genius, i too am young and stupid, but learning).
enlightened minority.....hmmm, sounds like a cult thing?
later all.
But how much $$$ are you spending to make sure it doesn't happen again? I bet you are spending a lot more $$$ to cover up the security holes in your system. Who should get the blame for that?
Skip ------ See the latest from http://www.anArchyFortWorth.com
It occurs to me that the world is full of dimwits as I read this... The moron that signed his name to a virus instead of telnetting through fifteen countries first :), the absolute know nothing that wrote this all-hype article, the people who use windows and expect to get away with it (does not the windows disclaimer itself say "This application may not be used in a situation where it's failure to function may cause harm or injury to any human...."... So, if someone was harmed, they are in breach of contract and if no one was harmed, what the hell is the problem?) and above all the FBI agent who thinks he's hot **it for figuring out that the virus digitally signed by Joe Smoe came from Joe Smoe (who'd have guessed)... I don't think I even want to touch on the subject of people stoopid enough to buy stocks because some page on AngelFire told them to... That one's beyond the pale, for chrissake, don't believe everything you read on the internet kiddies... Does this mean if I put up some kind of spoof/joke page I'm liable to get sued? The only real conclusion to be drawn from this facile article is that ISP's should make prospective customers pass IQ tests, mandating a minimum monkey-level intelligence before allowing people on the 'net.
ProgModMan? uhh.... ProgModPerson? hmmm... too wordy... CodeCranker? ReCoder? DeCoder?
Does it really matter that "they" misuse the term ? What is the definition of a word other than what is generally accepted, or written in a dictionnary ?
It is as though we are all so self-righteous that only WE know the REAL definition of hacker (as opposed to cracker).
This reminds me of the whole nonsense regarding the word 'queer' and it's re-capture. As far as I'm concerned, 'queer' will always be a derogatory way of referring to homosexuals, much as hacker will always be the word to refer to crackers, and script kiddies (and maybe hackers by our definition too).
/dev/null
USD 125 an Hour. No Kidding.
USD 150 an Hour if you can utter advise as "buy a virus scanner"
USD 500 an Hour if you can explain why they should : "disconnect the intranet from the internet to be sure"
Personally I'd go for `software engineer'. I like it, employers like it, the media like it, it sums up what I do (including all the bits about taking design decisions to produce a working solution quickly --- that's why it's software engineer and not computer scientist... that's my opinion anyway).
Perhaps that's a little tame for some of you...
Damn, I thought if you were having trouble with crackers, you could call the Black Panthers...
8-()
Expanding a vast wasteland since 1996.
(or almost) if you don't actively protect your standards, they get lost in the media
Apparently another sad report coming from a non-hacking source.
I would go into a full story but most people here and abroad know that hacker's are not at all dumb. Well the majority of "HACKERS" and not little wu-ftpd exploit script kiddies.
Thanks for the memories