Essay on blackhat activities, with response

["Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>]

In 
http://lists.immunitysec.com/pipermail/dailydave/2005-September/002366.html
Dave Aitel writes:

> Hacking, or in common parlance, “breaking into other people's computers” 
> is a tool of the human spirit.

An intriguing, although unsupported, assertion.  Does this mean that 
shoplifting, or in common parlance "taking things out of retail establishments 
without paying for them," is likewise a tool of the human spirit?  And, does 
the phrase "tool of the human spirit" actually have any meaning?

> We live in a time where new technologies 
> engender new freedoms as well as new tyrannies.

This would seem to be true.  New technologies bring both good and bad.

> As the discipline of 
> revolution

Nice phrase, but does it have any meaning?  Most revolutions are pretty 
undisciplined.

> must take hold among a society in order to combat any 
> tyranny,

Again, nice phrase, but is there any evidence to support the hypothesis?  There 
are certainly any number of areas in the developing world where revolution 
(disciplined or not) has been preached over a long period of time, and where 
tyranny still seems to be very much in evidence.

> such has hacking taken hold among the technical community

I think we may need to define "hacking" once again.  Yes, a good many geeks do 
exploratory type "hacking," generally of their *own* systems, but I can't say 
that breaking into other people's systems has a huge following.

> More than anything else, the searchable database has made oppression
> of a group of people a scalable event. 

Well, only if you can infinitely "scale" the volume and detail of your 
database.  And that is very unlikely.

> It can now be done subtly and out of sight, in airport lobby's, in
> welfare offices, in school admission offices. 

The searching?  Or the oppression?  Yes, I can see certain negative uses for 
which a database can be utilized.  I can also see a number of positive uses.

> You can gerrymander an entire society with enough data on the populace
> and the aid of advanced computer algorithms. 

You can gerrymander electoral districts.  I don't think you can gerrymander a 
population, as such.  And if you do gerrymandering, it tends to be obvious.

> Because morality and legality are entirely separate worlds,

Not entirely, although they certainly aren't identical.  And, indeed, we tend 
to hope that our legal systems operate to support ethical behaviour.

> hacking, and 
> the apotheosis of hackers in modern culture (Matrix, et. al) ,

Again, maybe we need a little more definition (especially when you use such big 
words, for such a little dweeb).  Yes, in certain geek wish-fulfillment 
fiction, such as the Matrix movies, we see people being endowed with god-like 
powers, and those people are sometimes also asserted to have technical skills.  
Actually, aside from being pale, antisocial, and sullen, I can't see any 
particularly "hackerish" characteristics or skills in Neo.

In the rest of modern culture, nerds are pretty much ignored, except for the 
mythical (and equally fictional) evil-genius-kids.

> provides 
> the public three valuable things. The first thing is the idea that 
> unknown heroes, electronic Robin Hoods, are working to defeat the 
> oppression around them.

People have the idea that unknown heroes are working to make their life better? 
 Not most of the ones *I* know.  And, even if a lot of people *did* have this 
idea, what value does that hold for them?  Since there *are* no unknown heroes 
helping the general public (well, there are, but they are volunteers working in 
all kinds of fields, and "hackers" generally aren't among them), then this idea 
would be a fantasy, and likely negative, since it would encourage people to sit 
around and wait to be given a handout.

> Hacking truly is the mighty made low.

Explain to me the logic underlying that statement.

> It's not 
> joe-blow's cell phone that gets hacked, but Paris Hiltons.

No, it's Paris Hilton's phone getting hacked that makes the news.  Most of the 
time it's Joe Blow who gets his/her identity (and money) stolen.

> It's not your 
> sister's email, but Michael Bloomberg's.

Once again, stealing the email of the mighty makes the news, but the people who 
really get hurt are the little ones.

> This is as true for the 
> Pakistani hacker groups as for the Chinese.

Correct.  It's equally untrue everywhere.

> Higher levels of oppression, 
> not higher levels of expensive upper education, spawns hackers in places 
> like Turkey, China, Eastern Europe, and South America.

Hmmmm.  Historically, blackhat activity has been prompted by a) access to 
equipment, b) lack of a "life" and too much time on someone's hands, and c) 
lack of supervision.  More recently, attempts to defraud and steal have been 
added to the mix.

> Sometimes just a 
> story about revolution can be enough to inspire true freedom.

Thrilling words.  Sometimes true.  Basically irrelevant.

> The second thing hackers bring the public is a complete defeat of the 
> false sense of security

Ah.  We would like to follow in the footsteps of the "philosophical" terrorists 
of the nineteenth century, would we?

> world governments would like to provide 
> themselves with extensive Brave-New-World-like monitoring tools.

So would a lot of snoops, actually.

> What 
> use is monitoring the public when that data can be manipulated, 
> corrupted, and deceived.

Depends upon whether you are doing the deceiving.

> What use is it to fost an electronic voting 
> scheme on the public when the public knows how it can be fooled into 
> voting for whoever controls the wires?

Well, given the lack of attention paid to the issue, probably it can do you a 
lot of good.  But hey, we've had voting fraud for a long time.  (Oh, and I 
assume you're meaning "foist.")

> By defeating the false sense of 
> security normally associated with complex technologies the public does 
> not understand, hackers defeat a small part of the modern tyrannies we 
> could find ourselves under.

Not really.  By messing up the issues, blackhats ensure that the public remains 
fearful of even trying to undertand the technologies, thus attempting to 
perpetuate a tyranny of those (relatively few) who can manipulate a bit of it.

> The third thing hackers deliver is an offensive operations team against 
> the very powers that seek to defuse other cultural revolutions. 

Oh, yeah, we've seen this *lots* of times.  NOT!

> Whistleblowers have a technique to use that provides anonymity.

Very often the important thing to know about whistleblowers is their identity, 
so that you know whether this person is a trained insider, or some tin-foil-hat 
psycho-ceramic.

> The 
> anonymity of astroturfing corporations can be penetrated.

Oh, this is a conspiracy theory involving (American) football?

> Shredded 
> documents detailing environmental destruction can be pulled from a 
> hacker's email archives and emailed to newspapers.

Thus saving on paper and saving the environment?

> When The SCO Group 
> find their website has been hacked, can they trust that their email has 
> not been stored somewhere, ready for revealing at an inopportune moment? 

Well, as long as their email server wasn't hacked at the same time ...

> In this way, hackers keep those people in places of power honest.

To be honest, I'd rather trust the journalists who use this argument to inflate 
their own sense of self-importance.  And I don't trust many journalists.

> While hacking does harm a few, it frees a many.

I'd have to see the figures on this.

> An exploit itself is a study in cool understated elegance.

Of thousands of exploits I've seen, about 50 contain any elegance at all.

> Hacking is done under extreme 
> pressure and personal risk, each hacker a submarine captain in a leaky 
> boat with a cool head and a steady hand.

That's what they'd *like* us to believe.  Generally by throwing around a lot of 
high-sounding words without much substance.
======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca      slade () victoria tc ca      rslade () sun soci niu edu
But as for me and my household, we will serve the Lord.  Josh. 24:15
http://victoria.tc.ca/techrev    or    http://sun.soci.niu.edu/~rslade



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.