The REAL hackers
The REAL hackers
n3w7yp3 | 13782 Reads | There once was a time when hackers actually hacked. When they actually broke into computers and spent hours upon hours looking for exploits in popular software packages – not to sell them, or to post them for the world to know about and get themselves a leet reputation – no, they invested all the time and effort to get a working exploit and then use it for its intended purpose. To break into computers.
The modern definition of a hacker (at least in some circles, most noteably the more whitehat places) is essentially “someone who wants to become a whitehat/security professional later in life”. These sites/people advocate such topics as having “ethics” and “full disclosure”. Do you really know what your so called ethics are? Do you really know what full disclosure does?
Your ethics guide you; they’re what you say keeps you on the straight and narrow path. They keep you from actively breaking into computers; you could eaisley go out and hack half the Internet at any given time – at least that’s what you tell yourself. When a site has a “root this box” style challenge you eagerly gather your team of whitehat buddies. You’re all expected to win the challenge, after all, you’re some of the more knowledgeable people on the site, you’re read hundreds of text files documenting hacking techniques. You take a look at the box expecting to see a root prompt inside 5 minuets. An hour later you’re sitting there frusterated, with no clue on how to procede. Looks like contrived site challenges haven’t prepared you for the real thing, and text files just aren’t as good as expirence. Nevertheless, you go on calling yourself a “security expert” and think about how easy it would be to get a job as a penetration tester, finding exploits and posting them publically on sites like SecurityFocus and milw0rm, and on lists like BugTraq and Full-Disclosure.
Speaking of Full-Disclosure, have you ever though about what it is you so activley support? You post fully functional exploit code to public places, along with detailed usage instructions. You give the script kiddies the digital munitions they need to attack more computers, and yet you decry them. You tell yourself “Oh, it’s okay, I’m not responsible; I put a disclaimer in the comment header of the code!”. It’s not okay. The script kiddies still have the exploits to work with, and the boxen are still getting owned.
On the topic of script kiddies, you decide that anyone who actively hacks is a script kiddie. If someone hacks your shellbox they’re a script kiddie. If someone hacks your whitehat website, they’re a script kiddie. You laugh at groups like h0no, PHC, Gobbles, el8, dikline and ZF0. You call them script kiddies. You hear the name “pr0j3kt m4yh3m” and you associate it with script kiddies. You see leet speak in a zine and you assume that it’s a script kiddie zine. Trust me, the real hackers laugh at you and your kind. They laugh because while you’re talking about the dangers of XSS vulnerabilities in some sample web application, they’re out auditing code, finding real 0day exploits. While you’re talking about how great whitehats are, they’re planning attacks on you. While you and your friends talk about how they’re all script kiddies, they’re cracking your passwords and reading your spools. Who’s the script kiddies now?
The people that you like to term script kiddies are blackhats. The real hackers. They work to preserve the real spirit of hacking. Go read an old issue of Phrack. Notice how it’s more underground, and doesn’t have any articles written by corporate whitehats? Notice how it actively advocates breaking into computers? Notice how it was written by real hackers, by the modern day definition of the word – that is, people who actively break into computers. People who actually hack.
Whitehats are the death of the scene. You leech off what we create and call it your own. You try to copyright ideas that have been around for years. You post digital munitions for anyone to download, compile and run. You think that software vendors are all lazy, incompetiant and corrupt. Trust me, they’re smarter than you’ll ever be. You think that Perl script you coded to exploit an RFI vuln in some PHP application is great code? Yea, right. That’s anotehr thing, you want fame so damn badly that you rush to post an exploit to the public, even if the code is of poor quality, or the exploit is buggy. You want fame so badly that you sell out everything you believed in and become part of the corporate machine. You forget that beneath the shiney surface of the security industry there lurks a darker presence. And it is not happy. Again, you dismiss the pr0j3kt m4yh3m advocates as script kiddies. They hack your box and post your spools, all you can do is call them script kiddies. You call yourselves the real hackers so prove it.
Whitehats will be the death of the scene. They’ve created an atmosphere and fear and greed. Did you honestly expect that you’d be able to go on doing this forever? Did you honestly expect that we’d just sit back and allow you to destroy our world? Did you honestly expect that we’d allow you to define our image? Did you honestly expect that we’d let you redefine the word that describes us?
Hell, did you honestly think you were for real?
ghost 16 years ago
I feel like you covered all points I've struggled to put into words. Awesome article dude. Usually articles about 'hackers' are immediately declined but this makes a great exception. Amen!
ghost 16 years ago
Damned right. amazing article. you really hit some of the key points that plague communities like this one. let this be a wake-up call to all of us, myself included.
ghost 16 years ago
dude, you really changed my perception on what the REAL hackers actually are, this is a really tight article. Thanks :) A++
spyware 16 years ago
LMAO, WTF?! This is practically one big rant against HBH and Mr_cheese itself ;), compare this article with his articles.
Rating this awesome just for the rant-factor. All other people commenting who don't understand shit about hacking: keep dreaming ;)
ghost 16 years ago
Well, i post exploits for what i have no use for. I actually don't go around finding 0days often. Just if i ever come into a situation with something i want to hack and it so happens to be a new exploit, i'll disclose it + tell the vendor.
As for your article, i find some parts pretty contradictory. Like:
You leech off what we create and call it your own yet: You post fully functional exploit code to public places, along with detailed usage instructions.
I would call myself more a whitehat, but:
They keep you from actively breaking into computers; is a lot of bullshit as the "white-hats" typically break into things and tell the admins the holes. Which, they now have the experience, yet they've still done what they needed to do.
As for this active hackers. DO IT! The more experience you have, the better, just don't get caught. I just get pissed when a blackhat comes in and destroys everything, just because they can. That's pretty useless in my opinion. Just destroying with no reason besides that you can?
I want to become a security professional because then i have a challenge. With blackhats it's against the owner, but with whithats it's against the vast numbers of blackhats. Much more challenging and fun, no?
I guess i just don't understand most of your article. You've taken the basis of probably a few whitehats and written a paper saying it describes every whitehat? Or it could be that i'm wierd?
*pretty rough draft because i have to leave soon, but if you want me to explain more things in detal, just ask me.
ghost 16 years ago
I'm whitehack if once im in I didn't use a proxy, and I reckon they are likely to bother pressing charges and if it will be successful. Otherwise im black hat ^.^
ghost 16 years ago
And stop trying to control use, most people are hackers because they don't want to be controlled, and indeed, to fuck with what the world puts most of it's trust in. Computers!
ghost 16 years ago
For the most part, fairly accurate. However, along with all the (poorly-written) pro-whitehat/anti-blackhat articles, it's just a biased opinion on how you think hackers should be. Don't get me wrong, you're one of the only people around here whose opinions I actually respect, but it's all just the same shit over and over again. True as it may be, what the hell is the point? To sum it all up, it's repetitive, boring shit, and I'm sick of hearing about it. Whitehats, blackhats, skiddies, noobs, whoever the hell you are, it doesn't matter; why bother picking at eachother, whining, ranting, complaining? Does it really matter if someone sees you as a skiddy? Does it really matter whether you're an uber 1337 h4xX0r? Don't let it bother you so badly. Just…go outside or something. [targeted at pretty much everyone] ignore the hypocrisy. It's rainy out today.
ghost 16 years ago
whitehats are"security experts" who et mad when someone defeats their work, namely script kiddies, but this dud is right, they label blackhats as script kiddies, im sure if everyone who knows how to hack or has potential to hack werent so scared of going to jail like so many of us do, we would be breaking and entering all the damn time, most of my friends use msn and internet explorer, nothing exploitable to my standards
spyware 16 years ago
Oh and XSS exploits ARE dangerous, mister n3w7yp3. If used correctly of course.
mido 16 years ago
oh, man nice article i suggest to read this… http://www.catb.org/~esr/faqs/hacker-howto.html
korg 16 years ago
"BIG YAWN" Sick of hearing this myself. I hate the term of hat's. I don't label myself like that, I spend a lot of time securing and patching but then when I'm pissed destroying and hacking. Again one person's opinion.
ghost 16 years ago
yea its a well written article… but im with Korg get rid of the hats… you are what you are quit trying to put yourself 'in' with others be yourself and base how you hack and what you do by what YOUR morals are not by anyone elses