'New breed' drowning out hacker culture?

[InfoSec News <isn () C4I ORG>]

http://www.zdnet.com/zdnn/stories/comment/0,5859,2605327,00.html

By Weld Pond, Special to ZDNet
July 20, 2000 10:21 AM PT

A lot has changed in the last 10 years since I first poked my head
below the surface of the mainstream computer world into the realm of
the computer underground.

The thing that most intrigued me about this world, and why I stayed,
was the huge body of knowledge and ways of looking at things that
wasn't taught in schools and wasn't in any books. This incredibly
important information about the computers that ran most of the
businesses and governments in the world was largely ignored.

The way the information was largely ignored by the mainstream made it
"forbidden knowledge." This still holds true today and is a driver for
many young people to enter the world of hacking. The way we deal with
proprietary systems and computer security as a society leads to this
"forbidden knowledge" effect. This has not changed much.

Another thing that hasn't changed is the rebellious nature of
teenagers. Having "forbidden knowledge" allows them to rebel against
"the man" -- corporations and the government.

Attacks, such as defacing Web sites and denial of service, and
"liberating" information, such as credit card numbers, have always
been around but they have increased in quantity due to several
factors. The quantity of attacks has increased because there are more
attackers and they are better armed.

There are more people who have access to computers today and the
information and tools to carry out attacks has never been easier to
access.

There are more underground Web sites, more underground newsletters,
more exploit kits and tools than ever before. This information, now
indexed by all the big search engines, can be brought to you in
seconds on a DSL or cable modem.

Kids today have it so easy! Back 10 years ago you had to wait hours
for your favorite underground BBS phone line to clear. Then you had to
scroll through text indexes at 2400 baud (about 1/100 the speed of a
high-speed modem) and pick the file you wanted which might take all
night to download.

Easy access to tools is only one change in the landscape however. The
other major change in the last 10 years is society's reliance on
computers. They are not just back behind the counter at the bank or in
the data center of a large corporation. They are right in our homes
and on our desks at work.

If someone defaces a Web site or takes down your stock trading site,
you see it and it impacts your life. This change gives people a new
medium to spread their message and has brought the rise of web
graffiti artists and "hacktivists." It also brings some level of fame
to the attackers.

So now there are more people, with easier access to attack tools and
exploit information, able to break into computers and spread their
message to more viewers. But the people carrying out all of the
attacks are not the people developing the tools or publishing
information about computer security vulnerabilities. This new class of
attacker has arisen in the past few years and is usually called a
"script kiddie".

The script kiddies seem to be everywhere. Their numbers are enormous
compared to those who actually have the hacking skills to find the
vulnerabilities in a supposedly secure system. You can see this effect
at hacker conferences such as DEF CON and Hacking on Planet Earth 2000
(H2K). The number of intelligent people speaking has grown slightly
each conference but the audience seems to be doubling each year. There
are clearly more consumers of the "forbidden knowledge" whether they
are "script kiddies," people trying to secure their own software or
computer systems, or more nefarious types out to commit serious
crimes.

If you define hacker as one who has the hacking skills required to
find computer security problems and write the tools required to
demonstrate them, then not that much has changed in the last 10 years.

If you broaden your definition, as the media often does these days, to
those who can follow cookbook instructions or run pre-canned scripts
to attack a computer then a lot has changed. The effects of the script
kiddies are what people see and care about now. They impact more
people and have captured the public's image of what a hacker is. So
while old school hackers haven't changed much, a new breed has arisen
and threatens to drown out the original hacker culture with Web site
defacements and denial of service attacks.

Weld Pond is a research scientist working with the security firm
@Stake Inc.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".