Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

The REAL hackers


The REAL hackers

By n3w7yp3 avatarn3w7yp3 | 14696 Reads |
0     0

There once was a time when hackers actually hacked. When they actually broke into computers and spent hours upon hours looking for exploits in popular software packages – not to sell them, or to post them for the world to know about and get themselves a leet reputation – no, they invested all the time and effort to get a working exploit and then use it for its intended purpose. To break into computers.

The modern definition of a hacker (at least in some circles, most noteably the more whitehat places) is essentially “someone who wants to become a whitehat/security professional later in life”. These sites/people advocate such topics as having “ethics” and “full disclosure”. Do you really know what your so called ethics are? Do you really know what full disclosure does?

Your ethics guide you; they’re what you say keeps you on the straight and narrow path. They keep you from actively breaking into computers; you could eaisley go out and hack half the Internet at any given time – at least that’s what you tell yourself. When a site has a “root this box” style challenge you eagerly gather your team of whitehat buddies. You’re all expected to win the challenge, after all, you’re some of the more knowledgeable people on the site, you’re read hundreds of text files documenting hacking techniques. You take a look at the box expecting to see a root prompt inside 5 minuets. An hour later you’re sitting there frusterated, with no clue on how to procede. Looks like contrived site challenges haven’t prepared you for the real thing, and text files just aren’t as good as expirence. Nevertheless, you go on calling yourself a “security expert” and think about how easy it would be to get a job as a penetration tester, finding exploits and posting them publically on sites like SecurityFocus and milw0rm, and on lists like BugTraq and Full-Disclosure.

Speaking of Full-Disclosure, have you ever though about what it is you so activley support? You post fully functional exploit code to public places, along with detailed usage instructions. You give the script kiddies the digital munitions they need to attack more computers, and yet you decry them. You tell yourself “Oh, it’s okay, I’m not responsible; I put a disclaimer in the comment header of the code!”. It’s not okay. The script kiddies still have the exploits to work with, and the boxen are still getting owned.

On the topic of script kiddies, you decide that anyone who actively hacks is a script kiddie. If someone hacks your shellbox they’re a script kiddie. If someone hacks your whitehat website, they’re a script kiddie. You laugh at groups like h0no, PHC, Gobbles, el8, dikline and ZF0. You call them script kiddies. You hear the name “pr0j3kt m4yh3m” and you associate it with script kiddies. You see leet speak in a zine and you assume that it’s a script kiddie zine. Trust me, the real hackers laugh at you and your kind. They laugh because while you’re talking about the dangers of XSS vulnerabilities in some sample web application, they’re out auditing code, finding real 0day exploits. While you’re talking about how great whitehats are, they’re planning attacks on you. While you and your friends talk about how they’re all script kiddies, they’re cracking your passwords and reading your spools. Who’s the script kiddies now?

The people that you like to term script kiddies are blackhats. The real hackers. They work to preserve the real spirit of hacking. Go read an old issue of Phrack. Notice how it’s more underground, and doesn’t have any articles written by corporate whitehats? Notice how it actively advocates breaking into computers? Notice how it was written by real hackers, by the modern day definition of the word – that is, people who actively break into computers. People who actually hack.

Whitehats are the death of the scene. You leech off what we create and call it your own. You try to copyright ideas that have been around for years. You post digital munitions for anyone to download, compile and run. You think that software vendors are all lazy, incompetiant and corrupt. Trust me, they’re smarter than you’ll ever be. You think that Perl script you coded to exploit an RFI vuln in some PHP application is great code? Yea, right. That’s anotehr thing, you want fame so damn badly that you rush to post an exploit to the public, even if the code is of poor quality, or the exploit is buggy. You want fame so badly that you sell out everything you believed in and become part of the corporate machine. You forget that beneath the shiney surface of the security industry there lurks a darker presence. And it is not happy. Again, you dismiss the pr0j3kt m4yh3m advocates as script kiddies. They hack your box and post your spools, all you can do is call them script kiddies. You call yourselves the real hackers so prove it.

Whitehats will be the death of the scene. They’ve created an atmosphere and fear and greed. Did you honestly expect that you’d be able to go on doing this forever? Did you honestly expect that we’d just sit back and allow you to destroy our world? Did you honestly expect that we’d allow you to define our image? Did you honestly expect that we’d let you redefine the word that describes us?

Hell, did you honestly think you were for real?

Comments
pt00's avatar
pt00 15 years ago

What is the big deal with hats? Are we really so desperate to fit into a group that it's necessary for us to choose a side. Why can't we all just do what we do and not have to contribute to these flame wars of Blackhats vs. Whitehats.

And as for those who voted this article poor; I think it is a well written piece of work, and his opinions have logical reasons behind them. Just because you don't fully agree with what is being said, or just because the author is merely ranked Mad User, or just because you feel threatened by the presence of a hacker who isn't afraid to break the law, doesn't mean you have to give the article a low rating.

skills_440's avatar
skills_440 11 years ago

i know im probly gonna take some heat but whats a n00b to do and this has been bugin me latly and this seems like a good article to post it on…. is HBH a blackhat site???? even thu the article above says no i still want to be shure before i start posting and asking questions about hacking.

Neutr0n's avatar
Neutr0n 11 years ago

:o vg thumbs up ;)