funsec mailing list archives
Essay on blackhat activities, with response
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rslade () sprint ca>
Date: Wed, 21 Sep 2005 13:37:43 -0800
In http://lists.immunitysec.com/pipermail/dailydave/2005-September/002366.html Dave Aitel writes:
Hacking, or in common parlance, “breaking into other people's computers” is a tool of the human spirit.
An intriguing, although unsupported, assertion. Does this mean that shoplifting, or in common parlance "taking things out of retail establishments without paying for them," is likewise a tool of the human spirit? And, does the phrase "tool of the human spirit" actually have any meaning?
We live in a time where new technologies engender new freedoms as well as new tyrannies.
This would seem to be true. New technologies bring both good and bad.
As the discipline of revolution
Nice phrase, but does it have any meaning? Most revolutions are pretty undisciplined.
must take hold among a society in order to combat any tyranny,
Again, nice phrase, but is there any evidence to support the hypothesis? There are certainly any number of areas in the developing world where revolution (disciplined or not) has been preached over a long period of time, and where tyranny still seems to be very much in evidence.
such has hacking taken hold among the technical community
I think we may need to define "hacking" once again. Yes, a good many geeks do exploratory type "hacking," generally of their *own* systems, but I can't say that breaking into other people's systems has a huge following.
More than anything else, the searchable database has made oppression of a group of people a scalable event.
Well, only if you can infinitely "scale" the volume and detail of your database. And that is very unlikely.
It can now be done subtly and out of sight, in airport lobby's, in welfare offices, in school admission offices.
The searching? Or the oppression? Yes, I can see certain negative uses for which a database can be utilized. I can also see a number of positive uses.
You can gerrymander an entire society with enough data on the populace and the aid of advanced computer algorithms.
You can gerrymander electoral districts. I don't think you can gerrymander a population, as such. And if you do gerrymandering, it tends to be obvious.
Because morality and legality are entirely separate worlds,
Not entirely, although they certainly aren't identical. And, indeed, we tend to hope that our legal systems operate to support ethical behaviour.
hacking, and the apotheosis of hackers in modern culture (Matrix, et. al) ,
Again, maybe we need a little more definition (especially when you use such big words, for such a little dweeb). Yes, in certain geek wish-fulfillment fiction, such as the Matrix movies, we see people being endowed with god-like powers, and those people are sometimes also asserted to have technical skills. Actually, aside from being pale, antisocial, and sullen, I can't see any particularly "hackerish" characteristics or skills in Neo. In the rest of modern culture, nerds are pretty much ignored, except for the mythical (and equally fictional) evil-genius-kids.
provides the public three valuable things. The first thing is the idea that unknown heroes, electronic Robin Hoods, are working to defeat the oppression around them.
People have the idea that unknown heroes are working to make their life better? Not most of the ones *I* know. And, even if a lot of people *did* have this idea, what value does that hold for them? Since there *are* no unknown heroes helping the general public (well, there are, but they are volunteers working in all kinds of fields, and "hackers" generally aren't among them), then this idea would be a fantasy, and likely negative, since it would encourage people to sit around and wait to be given a handout.
Hacking truly is the mighty made low.
Explain to me the logic underlying that statement.
It's not joe-blow's cell phone that gets hacked, but Paris Hiltons.
No, it's Paris Hilton's phone getting hacked that makes the news. Most of the time it's Joe Blow who gets his/her identity (and money) stolen.
It's not your sister's email, but Michael Bloomberg's.
Once again, stealing the email of the mighty makes the news, but the people who really get hurt are the little ones.
This is as true for the Pakistani hacker groups as for the Chinese.
Correct. It's equally untrue everywhere.
Higher levels of oppression, not higher levels of expensive upper education, spawns hackers in places like Turkey, China, Eastern Europe, and South America.
Hmmmm. Historically, blackhat activity has been prompted by a) access to equipment, b) lack of a "life" and too much time on someone's hands, and c) lack of supervision. More recently, attempts to defraud and steal have been added to the mix.
Sometimes just a story about revolution can be enough to inspire true freedom.
Thrilling words. Sometimes true. Basically irrelevant.
The second thing hackers bring the public is a complete defeat of the false sense of security
Ah. We would like to follow in the footsteps of the "philosophical" terrorists of the nineteenth century, would we?
world governments would like to provide themselves with extensive Brave-New-World-like monitoring tools.
So would a lot of snoops, actually.
What use is monitoring the public when that data can be manipulated, corrupted, and deceived.
Depends upon whether you are doing the deceiving.
What use is it to fost an electronic voting scheme on the public when the public knows how it can be fooled into voting for whoever controls the wires?
Well, given the lack of attention paid to the issue, probably it can do you a lot of good. But hey, we've had voting fraud for a long time. (Oh, and I assume you're meaning "foist.")
By defeating the false sense of security normally associated with complex technologies the public does not understand, hackers defeat a small part of the modern tyrannies we could find ourselves under.
Not really. By messing up the issues, blackhats ensure that the public remains fearful of even trying to undertand the technologies, thus attempting to perpetuate a tyranny of those (relatively few) who can manipulate a bit of it.
The third thing hackers deliver is an offensive operations team against the very powers that seek to defuse other cultural revolutions.
Oh, yeah, we've seen this *lots* of times. NOT!
Whistleblowers have a technique to use that provides anonymity.
Very often the important thing to know about whistleblowers is their identity, so that you know whether this person is a trained insider, or some tin-foil-hat psycho-ceramic.
The anonymity of astroturfing corporations can be penetrated.
Oh, this is a conspiracy theory involving (American) football?
Shredded documents detailing environmental destruction can be pulled from a hacker's email archives and emailed to newspapers.
Thus saving on paper and saving the environment?
When The SCO Group find their website has been hacked, can they trust that their email has not been stored somewhere, ready for revealing at an inopportune moment?
Well, as long as their email server wasn't hacked at the same time ...
In this way, hackers keep those people in places of power honest.
To be honest, I'd rather trust the journalists who use this argument to inflate their own sense of self-importance. And I don't trust many journalists.
While hacking does harm a few, it frees a many.
I'd have to see the figures on this.
An exploit itself is a study in cool understated elegance.
Of thousands of exploits I've seen, about 50 contain any elegance at all.
Hacking is done under extreme pressure and personal risk, each hacker a submarine captain in a leaky boat with a cool head and a steady hand.
That's what they'd *like* us to believe. Generally by throwing around a lot of high-sounding words without much substance. ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () sun soci niu edu But as for me and my household, we will serve the Lord. Josh. 24:15 http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Essay on blackhat activities, with response Rob, grandpa of Ryan, Trevor, Devon & Hannah (Sep 21)
- <Possible follow-ups>
- RE: Essay on blackhat activities, with response Jason Geffner (Sep 22)
- RE: Essay on blackhat activities, with response Rob, grandpa of Ryan, Trevor, Devon & Hannah (Sep 22)