Confessions of an Error-Filled Tome

[InfoSec News <isn () c4i org>]

[This was grabbed from another list I'm on, I should also mention that 
we're currently reading Mr. Verton's book and expect to have a full 
review in the near future.  - WK]


---------- Forwarded message ----------
Date: Thu, 2 May 2002 14:10:58 -0400 (EDT)
From: Jason Scott <jscott () textfiles com>
To: intel0202 () yahoo com
Cc: dc-stuff () treachery net, jericho () attrition org, veggie () gothic net
Subject: Confessions of an Error-Filled Tome

Mr. Verton:

As a researcher working on a historical documentary and a collector of
what some would call "hacker history", I am often told about
interesting or relevant books and articles that come out. I was
directed to your book by an incredulous IRC denzien who was crowing
about the numerous errors in your book, errors that even an "outsider"
shouldn't have missed. I wanted to see for myself, and purchased a
copy (used) of "Confessions of Teenage Hackers (2002)".

The tipster was correct; your book suffers, even on a cursory glance,
from glaring errors. I figured you have high hopes of a second edition
being printed, so I wanted to pass them along to you. Keep in mind
that these are just from a cursory glance; I've not had the
opportunity to read the book cover to cover.

--------------------------------
Page 196: "A nationwide hacker crackdown nabs teenage members of the
notorious hacking groups known as the Masters of Deception (MOD) and
the Legion of Doom (LOD). The teen hackers are responsible for the
famous Martin Luther King, jr. Day crash of the AT&T long-distance
telephone network. The hackers would be indicted in 1992."

..this is false. The Martin Luther Day crash of 1990 was caused by a
bug in the AT&T switching software (often reported as a "wrong BREAK
statement in the C code"; analysis of the software bug in question is
out on the internet), which caused a cascading failure and the outage.
No hackers were at all involved.

Transcription of AT&T Report on the Bug:
http://www.infowar.com/iwftp/risks/Risks-9/risks-9.63.txt

Lumping MOD and LOD together as some sort of super-team causing this
crash is an additional error; I was not privy to exact member
politics, but it's generally known and reported elsewhere that the two
groups were not fond of each other, and regardless, none of them were
involved in the crash. What DID happen is that members of MOD were
raided shortly after the crash occurred, very likely the result of
turned-up heat from authorities trying to show results for a major
infrastructure loss. In March, Eric Bloodaxe and The Mentor (both of
LOD) also were raided, along with a number of other folks, as part of
a continued effort by the FBI. In all cases, the crimes they were
ultimately accused of (and for some indicted on) were not related to
the AT&T crash.

What bothers me here is the use of the phrase "hacker crackdown",
which is the title of the Bruce Sterling book that makes the entire
situation of blaming hackers on a problem they didn't cause its
central thesis! That is, you mention the title of the book and get the
facts wrong entirely and completely when they're recounded within the
first chapter. I'm of the opinion you didn't actually read it.

> From the hazy vantage point of a decade, I could understand some minor
slip-ups, but this entire situation was researched and written about
perfectly by another author. You are perpetuating a myth, a myth
easily researched and dismissed.
---------------------------------------


---------------------------------------
Page 203: Your bibliography/listing of Hacking-related articles begins
in 1994. That is fundamentally disturbing. I have to assume this is
the extent of your research outside of web page listings, and if so,
you're working with a lopsided, heavily sensationalistic bombardment
of fearmongering. Most of the coverage of "defacements" attaches an
extreme amount of weight to the process, when it mostly consists of
the modfication of text and image documents on an often unrelated
server, separated from the actual day-to-day functioning of a
government in corporate entity. Once the Internet became a "hot topic"
in 1995 with the advent of Netscape and AOL/Microsoft forays into it,
desperate media outlets, lacking in solid information, grabbed onto
any subject they could, and defacements recieved a foolish amount of
coverage. Your biblography indicates you have bought into it
completely.  
--------------------------------------

--------------------------------------
Page 207: "John Vranesevich - www.antionline.com/jp - The website of
the founder of the hacking Web site AntiOnline.com, thought to be one
of the best hackers in the world."

Goodness, by who? Certainly by Mr. Vranesvich and yourself, I suppose.  
This isn't my fight, but I find your classification of him
particularly ironic since you thank Jericho of Attrition for
assistance with defacement history, and somehow neglect his many
months of research into Vranesevich as a charlatan:

http://www.attrition.org/negation/
-------------------------------------

-------------------------------------
Page 208: "Cult of the Dead Cow (now @Stake) - www.l0pht.com - The
Cult of the Dead Cow (cDc) is best known as the group that authored
and distributed Back Orifice, an open-source software product that
allows a hacker to take over a remote computer. However, the group has
since gone legitimate under the auspices of @Stake, a security
consulting firm.  That's there you'll end up with this link."

I'm completely confused where you got this information. L0PHT was a
group of Boston-based hackers and technical folks who had a permanent
space rented in downtown boston and later outside boston, hence, a
loft (l0pht).  Many folks visited them and were friends and
associates, including members of the Chaos Computer Club and the Cult
of the Dead Cow. But to combine them like they were all the same
people... that's just bizzare.

The Cult of the Dead cow was a textfile writing group founded in
Lubbock, TX in 1984. They released writings on BBSes and later the
Internet, well into the present day, and still have occasional
releases. They gained the attention of the media in the early 1990's,
and delighted in being called upon for media interviews, many of which
they used for their own purposes. In the mid 1990's, they started
releasing programs, including the much-touted Back Orifice tools, and
gained notoriety for that as well.  Currently, they are affiliated
with a movement called Hacktivismo, which calls upon hackers to use
their efforts to better the world for freedom and human rights. This
is a positive thing, so I understand why you would be unaware of it.

The L0pht gained notoriety for their programs from the start,
releasing exploits and programs to show flaws in Windows and other
commercial products. They were acquired by @Stake and dropped the
l0pht name some time afterwards, although the name still appears in
various locations, more as a hint or a reminiscince than anything
else.

This is also an ironic mistake, as no two groups have earned as much
airtime and column space as these two in the second half of the 1990s,
which falls smack into your obvious area of focus. To combine them
points to incompetency.
-----------------------------------------

This was minimal effort to find these mistakes. If you intend to
correct them in a second edition, please let me know and I will send
you more. If you are not interested and have already turned your
efforts to other mistake-ridden tomes, I will bother you no further.

- Jason Scott
  TEXTFILES.COM



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.