The REAL hackers

The REAL hackers

By n3w7yp3 | 13922 Reads |

0     0

There once was a time when hackers actually hacked. When they actually broke into computers and spent hours upon hours looking for exploits in popular software packages – not to sell them, or to post them for the world to know about and get themselves a leet reputation – no, they invested all the time and effort to get a working exploit and then use it for its intended purpose. To break into computers.

The modern definition of a hacker (at least in some circles, most noteably the more whitehat places) is essentially “someone who wants to become a whitehat/security professional later in life”. These sites/people advocate such topics as having “ethics” and “full disclosure”. Do you really know what your so called ethics are? Do you really know what full disclosure does?

Your ethics guide you; they’re what you say keeps you on the straight and narrow path. They keep you from actively breaking into computers; you could eaisley go out and hack half the Internet at any given time – at least that’s what you tell yourself. When a site has a “root this box” style challenge you eagerly gather your team of whitehat buddies. You’re all expected to win the challenge, after all, you’re some of the more knowledgeable people on the site, you’re read hundreds of text files documenting hacking techniques. You take a look at the box expecting to see a root prompt inside 5 minuets. An hour later you’re sitting there frusterated, with no clue on how to procede. Looks like contrived site challenges haven’t prepared you for the real thing, and text files just aren’t as good as expirence. Nevertheless, you go on calling yourself a “security expert” and think about how easy it would be to get a job as a penetration tester, finding exploits and posting them publically on sites like SecurityFocus and milw0rm, and on lists like BugTraq and Full-Disclosure.

Speaking of Full-Disclosure, have you ever though about what it is you so activley support? You post fully functional exploit code to public places, along with detailed usage instructions. You give the script kiddies the digital munitions they need to attack more computers, and yet you decry them. You tell yourself “Oh, it’s okay, I’m not responsible; I put a disclaimer in the comment header of the code!”. It’s not okay. The script kiddies still have the exploits to work with, and the boxen are still getting owned.

On the topic of script kiddies, you decide that anyone who actively hacks is a script kiddie. If someone hacks your shellbox they’re a script kiddie. If someone hacks your whitehat website, they’re a script kiddie. You laugh at groups like h0no, PHC, Gobbles, el8, dikline and ZF0. You call them script kiddies. You hear the name “pr0j3kt m4yh3m” and you associate it with script kiddies. You see leet speak in a zine and you assume that it’s a script kiddie zine. Trust me, the real hackers laugh at you and your kind. They laugh because while you’re talking about the dangers of XSS vulnerabilities in some sample web application, they’re out auditing code, finding real 0day exploits. While you’re talking about how great whitehats are, they’re planning attacks on you. While you and your friends talk about how they’re all script kiddies, they’re cracking your passwords and reading your spools. Who’s the script kiddies now?

The people that you like to term script kiddies are blackhats. The real hackers. They work to preserve the real spirit of hacking. Go read an old issue of Phrack. Notice how it’s more underground, and doesn’t have any articles written by corporate whitehats? Notice how it actively advocates breaking into computers? Notice how it was written by real hackers, by the modern day definition of the word – that is, people who actively break into computers. People who actually hack.

Whitehats are the death of the scene. You leech off what we create and call it your own. You try to copyright ideas that have been around for years. You post digital munitions for anyone to download, compile and run. You think that software vendors are all lazy, incompetiant and corrupt. Trust me, they’re smarter than you’ll ever be. You think that Perl script you coded to exploit an RFI vuln in some PHP application is great code? Yea, right. That’s anotehr thing, you want fame so damn badly that you rush to post an exploit to the public, even if the code is of poor quality, or the exploit is buggy. You want fame so badly that you sell out everything you believed in and become part of the corporate machine. You forget that beneath the shiney surface of the security industry there lurks a darker presence. And it is not happy. Again, you dismiss the pr0j3kt m4yh3m advocates as script kiddies. They hack your box and post your spools, all you can do is call them script kiddies. You call yourselves the real hackers so prove it.

Whitehats will be the death of the scene. They’ve created an atmosphere and fear and greed. Did you honestly expect that you’d be able to go on doing this forever? Did you honestly expect that we’d just sit back and allow you to destroy our world? Did you honestly expect that we’d allow you to define our image? Did you honestly expect that we’d let you redefine the word that describes us?

Hell, did you honestly think you were for real?