Wouldn't the decline of groups have more to do with a decline of the "scene" they operated in? "Scenes" were primarily prestige-based, and security work has been profesionalized, with hackers working in the legitimate or illegetimate economy instead of mainly vying for symbolic goods. Symbolic capital isn't dead (disclosing vulnerabilities can be good for career advancement), but it's not the main driver anymore.
This is a ideological/philosophical opinion piece scantily clad as an article about something. I know that the author doubtlessly regards his premises as well-founded, but he does not seek to validate these foundations for the reader; he is writing solely for an audience that already shares his opinions.
Initially he brushes against the notion that hacking may have grown, as an activity, due to the geometric (?) progression of connectivity, and that the phenomena he is describing is the demise of the 'collective', as a species, rather than the demise of hacking itself. This is sort of a bizarre moment in the essay, because he immediately forgets the notion and plunges into an ideopathological rumination of the decline of creativity and the destruction of collective will by a search for unique individual identity under the oppressive circumstance of the capitalist/existential philosophical apparatus.
I describe it thusly to give the click-to-comments-first reader a flavour of the essay, and also because I am making fun of him. I am making fun of him with serious purpose, as he has made the fatal, arrogant error of conflating ideas with facts; an error that has literally killed millions of people.
It is interesting that the hacker collectives have declined, and this could have been an interesting essay. It does not seem to me that the raw incidence of hacking has declined. I have no idea why this person believes such a thing. Hacking of all kinds and intentions are reported in a flurry these days. What has declined (I accept his assertion) is the phenomena of the group social identity of hackers. My first hypothesis about this is that anyone who studies graphs and networks could explain it to me without a second's hesitation, and perhaps someone will.
My (largely uninformed: I welcome correction) expectation is that the explanation will be directly related to the progression of connectivity: information is no longer rare or exclusive, and so social representation and status-seeking are no longer necessary parts of the driving activity, which is the hacking. This precludes the fetishization (in a pseudo-Marxist sense) of small networks such as the hacking groups. Small networks doubtlessly continue to exist and function quite well with only a fraction of the awareness of their collective identity.
I would recommend the Adventure Time episode "Thanks for the Crabapples, Giuseppe" as good contextual background material.
It's hard to describe it as deliberate. For me, punctuation is imagined in terms of vocal tone and pacing; it's very auditory. I listen to the sentence to make sure that I have phrased it correctly, and decide on that basis.
I'd say because of money. There's plenty of money in being a professional hacker working for some nation state or shady corp like VUPEN, there's no money in smurfing each other and vying for the role as most leet, no time to go to meets and hacker spaces because money must be made, no time to sit on IRC either since you need to put together your 'red team' SaaS pentester 3000 tool to shill it at the next security con. Hacking is a business now, you either join a state connected security corp or risk having your whole crew being informants and the state coming after you with counter terrorist bravado. It seemed to have changed right when Shadowcrew forums started in the late 90s.
The article talks about uniqueness, but being in a group does not affect uniqueness. You could almost compare it to all the Hacker News advice to not do a startup solo, as you need companions to talk to on the long slog. A hacker in a group can brag to them about his achievements (he could tell the whole world, but then he'd be arrested). He can also brag to other hackers about being in an elite group. It socially enhances them as an individual, it doesn't take away from their individuality.
They say the French revolution was formed in the salons of Paris. What were the salons of this bygone hacker scene? The BBS's running on the Apple ]['s and Commodore 64's that were sitting in the bedrooms of teenage boys. That the means of communication were completely controlled by teenage boys (through a mostly oblivious Bell) affected things in a whole host of ways. Any kid with a phone line in his room and $200 for a Commodore 64 could host a node on this communication network in the mid-1980s.
Two forces destroyed the scene - the carrot and the stick. The stick was the government beginning to notice their existence. The 414's were busted in 1983. There were a series of raids in 1987. In 1990 MoD was busted and Operation Sun Devil happened. This didn't really kill the scene though. A complete free-for-all changed into more careful hackers, not making calls from their house but using acoustic couplers on payphones or (modded) cell phones. They also were quieter about laws they may be breaking. They also became more sophisticated, really understanding the phone system, how Internet hosts and security worked etc. In some ways, attacks by law enforcement made them more dangerous.
The real death knell of the groups was the carrot. The Internet became more widespread, and these people began to get jobs. They formed companies, which they sold for millions of dollars to billions of dollars. Which is not hyperbole. When the guy you knew, who was not all that smarter than you, creates a billion dollar company, wardialing or sniffing the traffic of some host seems less important. Idle hands are the devil's workshop. The closed off world of mainframes on x.25 networks run by Computer Science Phds from top universities, counterposed to another network of working class mischievous teenage boys with their Commodore 64 BBSs in their bedrooms - this is a ripe ground for a hacker scene. A network where you hear stories of teenagers making millions on the hit app they wrote - opportunities like this put a damper on hacker scenes.
Yeah it's a bit sensationalist: in the mid-2000s most hacker groups were just trollin' and pwning each other instead of trying to spread any political message. There was very little purpose in phrack.ru / h0no (apart from pwning whitehats and pissing people off. Their motto was literally rm -rf *)
Hm, not quite sure. There was a "full disclosure" vs "non FD" going on there and it's pretty big political argument if you wanna see it as one. So in a sense, it was not just rm -rf / as you say... It was a little more than that :-)
cDc and L0pht had very little to do with the "full disclosure" debate. More than anything else, that was '90s Bugtraq.
(L0pht obviously had a side in the full disclosure "debate", but they didn't have much to do with the outcome of the debate. I don't recall anyone serious taking the opposing side on full disclosure, by the way; that outcome was a foregone conclusion.)
Can you expand on this? I'd say the outcome has been the opposite of the foregone conclusion, unless I've misinterpreted you. FD seemed like the "of course it's this way" option (unless I misremember), but that's not where we are today.
Do we mean different things by FD? Would you say we're not FD because researchers are incentivized to collaborate privately with companies to resolve vulnerabilities?
What I'd say is that today, few people bat an eyelash if a researcher does a detailed writeup of how a vulnerability and its exploit work (for instance, look at the Google security blog). That wasn't true in the 1990s: if a company of Google's stature had published something like that, it would have been controversial and newsworthy.
I'd suggest FD prevailed because it's relatively safe to publish vulnerabilities today; in fact, it's a career booster.
During the FD debate, there were "important" people suggesting that all vulnerabilities be routed to organizations like CERT, which had as a charter the concealment of vulnerability details.
OK. I think full disclosure isn't quite the norm. More like "FD is tolerated" than "FD prevailed". Project Zero is kind of remarkable. But I suspect we're putting different emphasis on the word full.
@pea isn't talking about cDc and/or L0pht, he is talking about h0h0 and phrack.ru ... They've wrote some tools to expose honeypots that were used to find 0-days, also released (phrack.ru) a 'fake' phrack version with some interesting content nevertheless.
Well, apparently they all existed in some agrarian free time society, before industrial capitalism crushed our collective dreams. Because nobody cared about money in the 80s.
Really, CDC and l0pht had nothing in common? TESO had nothing to do with CCC? No MOD members ended up at X-Force with TESO members? I can draw many lines across all of those groups.
anyone that spent anytime on IRC could tell you all the groups all talked to each other and spent significant amounts of time in various IRC chans with each other.
They might have ./smurf.c'd each other constantly but they all pretty much came out of the same environment.
a quick search shows w00w00 would be connected. Not sure of the others, but I (and I'm sure you do too) know of at least MoD, TESO, ADM folks who came through there.
Not saying all groups by any means, but even with being a few years late getting started in the infosec world of Atlanta there were still a lot of old guard hackers hanging around when I got out of school and people still felt comfortable sharing stories from time to time.
This article discusses why recently we do not see many hacker groups anymore, and why the ones we do, such as Anonymous and its satellite efforts, do not succeed in having the same cultural impact as their forefathers.
Umm, what? I'm hardly a fan of Anonymous, but I think that's a pretty ridiculous statement on its face. The only reason I've even heard of CCC and the like are because I was a huge nerd who read way too many hacker books as a kid. About the only one of the classic groups I recall even getting any mainstream attention was cDc, meanwhile Anonymous routinely make international news.
Anonymous is not a "hacker group." Anonymous is an internet mob which happens to have some members who are hackers. LulzSec was a hacker group.
I know that might reek of pedantry, but it's an important distinction because we don't want to contribute to the misconception that everyone associated with Anonymous is a a sooper geenus power user. Large components of the group agree with its goals but don't have special knowledge.
> The only reason I've even heard of CCC and the like are because I was a huge nerd who read way too many hacker books as a kid.
That tells me that you are certainly not German and probably also not European.
Since the 80s the CCC was regularly in national German news as well as European. Some of the hacks made worldwide news, I guess (I'm thinking especially of the NASA-Hack and the GSM-Hack).
At least in Germany, one of the reasons we don't see other hacker groups appearing is that the various local CCC groups are the obvious place to go for people who would otherwise found own hacker groups.
* CCC[1] was not a 'crew'. The CCC IMHO has still a big impact, mostly due to the (extremely?) high technical skill-set of its members.
* The OP writes about cultural impact NOT mainstream attention. In order to get mainstream attention you have to do something trivial like DDOS Yahoo! which was way below the average technical ability of these 'crews' to cause havoc (if they'd like to do so) back in the day.
I would assume that it's referencing cultural impact in a stricter (sub)cultural sense. The decentralized gulf of Anonymous vs. distinct hacking groups with points of view and identity is largely what the article is bemoaning.
"Notice this does not concern _collaboration_ as much as it does _collectiveness_."
I suppose you're not from Europe or are too young, the CCC made the news a number of times over here. It's probably the biggest and most known group.
Also anonymous actions are kin to those of femen, designed to grab media coverage for free publicity while the media themselves have become more about sensationalism and at the same time more aware of the digital world.
|=-----------------------------------------------------------------------=|
|=--------------------=[ The Fall of Hacker Groups ]=--------------------=|
|=-----------------------------------------------------------------------=|
|=--------------=[ Strauss <strauss@REMOVEME.phrack.org> ]=--------------=|
|=-----------------------------------------------------------------------=|
Hard formatting for 80 character terminals is just annoying because the computing world has moved on to working in paragraphs. If you want to draw boxes then do it properly instead of wasting time doing it in ASCII.
Computer networks increasingly made it possible to transmit unlimited and
uncensored information across their geographical extent with little effort,
with little costs, and in virtually no time. From the communication
development standpoint, one would expect that the events that followed the
80s to our days would lead to a geometric progression in the number of
hacker communities. In effect, hacking has arguably grown. Hacker
communities, definitely not. So what went wrong?
The answer is in the first sentence. It's so easy to get information now that you can do it alone in many cases. You don't need a secret society of hackers to curate and distribute it once you have developed good search engine and research skills (which many younger hackers learn in school). Also, if you're in a tech hotspot or even a major metro, it's easy to meet up with other people for casual hackathons, and there are conferences for everything. things like Defcon are large commercial enterprises these days. I bet within 5 years there'll be a 'leakyworld' for people who follow Wikileaks. It's easy to join or abandon forums, whether on the open web or on the deep web via Tor (which feels a lot like the early days of the WWW to me).
I used to be what real hackers called a "script kiddie" using programs like subseven, back orifice to control my friends computers. Those were the good old days where I was the most popular kid in my group because I had these GOD like powers to control other computers.
So if the creators of Subseven, Back Orifice are reading this, I just want to say thanks.
I asked because I figured you'd give a different definition than the one I'm familiar with.
Black Hat -> Using vulnerabilities to break into other people's computers.
Gray Hat -> Using information gleaned from breakins to other people's computers to find new vulnerabilities.
or
Gray Hat -> Finding vulnerabilities and supplying them to people who break into other people's computers while retaining deniability about the actual breakins; ie, supplying your friends without wanting to know what they're doing with the exploits.
The 1990s "gray hat" would be the guy using leaked SunOS 4.1.3 source to find vulnerabilities.
Your distinction isn't invalid; these "hat colors" have always been confusing.
That's a fairly large ethical gap between those two Gray Hat definitions.
As a, fairly well read, outsider, Black Hat, to me, always implied actualy damage, financial or otherwise.
Gray Hats, on the other hand, still might break in and exploit vulnerabilities, but made certain not to cause any damage.
I suppose this partitioned people based on primary motivation. Black Hat's were in it for personal gain or evil, White Hat's for protection, and Gray Hat's for intellectual pursuit. Much easier to categorize and rationalize the romanticism associated with the culture when your "team" is the Gray Hat's.
Yea the second gray hat is most definitely black. That's not morally questionable, you sold a vulnerability to a bad actor, anyone can see that that is illegal.
Leaking documents like snowden is an actual moral gray area.
NewHackCity was about as much a "group" as the cDc "NSF" was: it was a bunch of people who happened to hang out together (or, in NHC's case, live together). I suppose NHC got to look more like a group when they all left the east coast and set up a hackerspace.
I guess my point is: if you pick apart just the Boston scene, yes, it's going to look like everyone's interrelated. But that scene has, for instance, little to nothing in common with LoD (a bona fide "competitive" hacking group) or Haggis or whatever.
While I agree with most of what was said in the article, it leaves out some important factors in why hacking groups are less visible today.
1 - The role of government. Once the laws caught up to the hackers, and the CFAA was passed in 1986, it gave the government a lot more teeth to federal laws targeting computer crime. Shortly thereafter, you have what some refer to as the "Hacker Crackdown" from 87-90 which went after LOD, MOD and smaller groups. Some went to prison, others went or tried to go legit. I think hackers realized groups tend to have more visibility with the feds and you're more vulnerable to getting caught compared to just working by yourself.
2 - Size and structure. Since most of the groups are pretty closed by nature, when a group is disbanded or law enforcement breaks them up, there's never enough "new recruits" to take the flame and continue on. Look at LulzSec. They had a huge run, but once Sabu flipped and turned most of his crew into the feds, there wasn't anybody else left would/could carry torch any further. So even when you have a high profile group, once it takes a hit, it's rare for them to bounce back. Anonymous is the exception to this rule, but it seems they like the decentralization approach their structure since it assures the group can carry on if/when the feds start to arrest its members.
3 - Knowledge transfer. Not only does size affect the lack the groups today, but also the lack of knowledge transfer. Back in the late 90's I knew a bunch of college guys who were hackers. You could ask them anything and most of the time, they'd let you in on how they hacked email, how they found open servers, etc. Nowadays, somewhat because of law enforcement, somewhat because people now see their hacking techniques as trade knowledge, they're much less open about how they ply their trade. This means every kid who wants to learn how to hack is on his own. There is no MOD or LOD or LulzSec to prove yourself to, to get entry into the club and get higher levels of knowledge. Hackers, are now, left to their own means to seek out and find their own knowledge. As such, the cycle perpetuates itself because now instead of wanting to share this knowledge, they have the attitude, "I found this by myself, go find it on your own." which makes people less likely to form a group to share knowledge.
