[Moderator: A *Very* good article on the nature of skilled vs anklebiter
hackers. Hopefully articles like this will receive as much circulation
as the the poor ones.]
Hacking geniuses or monkeys?
By Ira Winkler
March 30, 1998
ZDTV
By now everyone has heard about the Pentagon hacks-- and the ensuing
arrests of two teenagers in Cloverdale, Calif., and The Analyzer, the
Israeli claiming to be the superhacking mentor of the Cloverdale teens.
There were also two other Israelis arrested at the same time.
The media and Websites like antionline.com portrayed the criminals as
geniuses. I never heard of these supposed geniuses before, but the one
thing that went through my mind was a quote by Scott Charney, Chief of the
Department of Justice Computer Crime and Intellectual Property Unit: "Only
the bad ones get caught."
I wanted the inside scoop, so I talked to some real hackers, who are
really considered "elite" within the hacking community. These are people
who have been hacking for over a decade and can take control of any system
that they want. They invent the hacks that the wannabes find tools to
accomplish.
The opinion of the elite varied little: "The hackers involved in the
Pentagon and ensuing hacks are clueless."
Bad hackers are clueless
Why are the Pentagon hackers clueless? In the first place, they were
caught.
The inside scoop is that the Pentagon hackers did nothing to cover their
tracks and used the same routes of access again and again, making their
capture inevitable. In short, they failed the basics of Criminal Hacking
101.
The true act of stupidity, however, was talking to the press and being
totally unrepentant about their actions. They even bragged about it. This
is like asking the FBI, "Please prosecute me."
While the Department of Justice doesn't usually prosecute juveniles, the
teenagers were almost daring them to. Then The Analyzer jumped in,
threatening to wreak havoc on the entire Internet if the teenagers were
pursued. A week later he was arrested.
Skilled hackers remember the arrest of the people who hacked the DoJ and
CIA webpages. The lesson: if you leave any tracks while embarrassing the
US Government, you will be caught.
The hacking inner circle told me that The Analyzer did not cover his
tracks at all, and his capture was easy, even though it spanned
international lines. And how skillful are The Analyzer and the Pentagon
hackers? According to my sources, almost all the hacks were accomplished
via a tool that automatically exploited the rstatd problem.
You really don't have to know what the rstatd problem means. The best
analogy is that the Pentagon hackers found a master key on the street and
tried it on every lock that they could find. Unfortunately, there are tens
of thousands of "locks" that the master key fits. This is hardly the sign
of a computer genius, according to the elite.
Who is The Analyzer, anyway?
The real hackers then wondered why they have never heard of The Analyzer
before. The talented hackers do seem to know each other or at least hear
about the "rising stars" of the community. The Analyzer never fit this
category. Nor did anyone recognize him when his picture was wired around
the world.
And what about the language that the Pentagon hackers and The Analyzer
used in their unwise interviews?
The Analyzer threatened to damage "Internet servers." Apparently, real
hackers don't use this term, it is too mainstream. The California
teenagers were quoted as saying that the reason they hacked was, "Power."
Among the elite, real power is the anonymous and undetected control of a
computer. Needless to say, the Pentagon hackers were not anonymous or
undetected. I wonder how "powerful" they will feel in prison.
It didn't surprise my hacker friends when another group of hackers,
calling themselves The Enforcers, jumped on the bandwagon. These people
threatened to hack computers all over the world in retaliation for the
capture of The Analyzer and the Cloverdale teens. Of course, The
Enforcers' self-proclaimed leader used the same email address to put out
his statements and respond to queries from the media-- making himself and
his group easy targets for federal attention.
The only reasons he may not be arrested is that his group hasn't caused
any real damage, and the FBI has more important problems to deal with than
wannabe hackers looking for their 15 minutes of fame.
Hacker wannabes
I'm really getting sick of the Pentagon hacking stories, and all the
wannabe hackers clamoring for their moment in the spotlight. Perhaps, when
the FBI starts actively prosecuting juveniles and other people for
hacking-related crimes, these wannabes will start using their computers in
more productive ways.
More importantly, maybe the media will stop portraying anyone who can
hack a computer as some sort of genius. As I have said before, and as the
real hackers can confirm, I can train a monkey to break into a computer in
a few hours. The Pentagon hackers have displayed no more talents than the
monkeys of which I speak. On the other hand, the fact that they can break
into Pentagon computers makes the Department of Defense look like monkeys
as well.
The fact that the media continues to paint these wannabes as geniuses
makes them worse than monkeys.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated
Received on Thu Apr 2 19:00:46 1998