Forgot your password?
typodupeerror
News

Impressive 'expose' on Hackers in US News 64

Posted by CmdrTaco
from the stuff-to-read dept.
MrsMalkav writes "In light of all the other hacker 'exposes' that have been going on, this one article is really impressive. It even has the correct distinction between crackers and hackers (God forbid). They even mentioned 'script kiddies'..."
This discussion has been archived. No new comments can be posted.

Impressive 'expose' on Hackers in US News

Comments Filter:
  • by Anonymous Coward
    Crackers are also hackers, they are the same
    words for different people. Okay, script kiddies
    are definitely no hackers. But people with elite knowledge of a system, who can break into a "secured" system is also a hacker. Just like a ball can mean that thingie which you use for soccer and those thingies in your pants. It's just confusing for people who don't really know who's doing what....and sometimes you just need to crack a system to annoy someone who's cowardly advertising shit on his site (whitepower.org was hacked), so there you go!
  • Posted by Mike@ABC:

    Yeah, this piece is an ad for ISS. They certainly should've called other so-called "white hats." And I would've liked to have seen comment from the cDc or other hackers in response -- they're NOT hard to reach, and they're generally nice folk.

    However, this piece does give a pretty good thumbnail sketch of hackers, crackers and kiddies, and lays out the basics of how things work between them. U.S. News readers likely don't see much of that, and it's good that someone got that stuff right for a mass audience. I've covered the hacker community, and believe me, it's hard!

    It really is a shame they didn't use more sources. That would've made this story truly l33t!

  • The article mentions that ISS is publically traded. Not that I'd actually BUY their stock, but I just did a symbol search on Quote.yahoo.com and didn't find any company by the name Internet Security Sytems.

    Any ideas?

  • My main gripe is in grouping folks like cDc and Phrack in with the black hats; not even mentioning that Back Orifice serves two legit purposes: demonstrating the problems in MS security and doing remote admin. And more recent (last few years) issues of Phrack are actually quite interesting and useful.

    Some groups and people are grey hats; shady characters, but still make useful contributions. I wonder what they'd say about L0pht...

  • Not only that, but your posting appears as being submitted on 10th June, I see the article as having being posted on 9th June, and the US News article referenced 'was' posted on 14th June. Ok, so who has the time machine here, anyway?
  • Those guys sure do look cool. Kind of like beatnicks!
    Hey dude, pass the jolt!

  • is at http://cgi.pathfi nder.com/time/digital/daily/0,2822,26529,00.html [pathfinder.com]

    This one with quotes from Eric Raymond and Emmanuel Goldstein

  • They seem to be traded on NASDAQ [nasdaq-amex.com].

    Regards, Ralph.

  • There seemed to be some disfavour upon hiring "Black Hats". This seems entirely logical to me: who could better aid you than an ally of the people you are trying to stop? There are of course concerns, like 'are they loyal?' and 'are they gonna crack us instead?'.

    I like the bit about "NT is too unreliable... (et al)". Ha ha.

    PS: I wonder what the intersection of the Script Kiddie realm and the Warez D00dz realm is like... most likely it looks like a 14 year old's bedroom.

  • All in all this is a very good article. I have one problem with it, though, based on a silly little thing which doesn't have anything to do with the topic of the article:

    Last summer also witnessed the debut of "Back Orifice," which grants unauthorized users remote access to machines running either Windows 95 or Windows 98, the operating system of choice for most home computers.

    Last I checked it wasn't the OS of choice, but of taciturn consent. Didn't work for Louis XIV... Ahwell. Otherwise I'd love to see more articles like this.


    ---
    "'Is not a quine' is not a quine" is a quine.

  • I think some people don't realize what a "coup' de-ta" this article is. I have been reading US News and World report for 5 or 6 years, I have watched their political nutrality dwindle. They are a big business magazine, typically with republican style adds and endorsments. That all but spells out guess what other financial relationship... I have spotted as many at 10 full page Mircrosoft ads in a single 45 page magazine. The ice was broken a few months ago hey did a feature on Linus, Eric Raymond, and Redhat, but that was really the first mention of Linux ever.

    The shocker was this line... "Security profesionals deride Microsoft operating systems, in particular, as porous and unreliable, often crashing and leaving themselves open to attack."

    The staff at US News has got to think Microsoft is a dead duck in the evolving OS war to defect. They get BIG bucks from M$. Lots of CEO's read and base there market decisions on US News. This could be a very important gauge of things to come.

  • Rather than claim to have an original bone in my body, I found Hacker News Networks [hackernews.com] description of the article a little less glowing. I also wonder if the Greg Shipley mentioned in the article is actually Pete Shipley.

    From http://www.hackernews.com/arch.html?0608 99 [hackernews.com]

    ISS Gets Free Advertising
    contributed by lamer
    Here's a nice 'adverticle' for ISS. ISS must be really wonderful because they have "tangled" with cDc, that horrible hacker group that makes Microsoft's life "miserable". I don't suppose it's possible that MS makes its own life miserable by putting out 3rd rate software? Nah. And I don't suppose it is possible that the author of this article did any research other than contacting ISS? Nah.
  • by arielb (5604)
    enough with this "correct distinction" nonsense. One article isn't going to make a difference. Hacker is always going to be a bad word after that movie where that kid almost sets off WW3
  • It IS the OS of choice for home users. People can go to the store, pick up a game or something, go home, pop it into their cdrom, watch it autorun, and play within 2 minutes. No screwing with command line things or make files or imcompatible window managers. Plain, simple, ease of use. And linux dosen't have the shelf share that windows apps do. Nor does it have seamless support for usb, dvd, and other nifty home-user goodies. Say, for example, the home users has a problem and the system won't boot up. There's no flyers telling who to call for support, so he takes it down to Joe's Computer Shack and wants it fixed. But, as it turns out, Joe dosen't support linux and neither do any of the other local shops. Home user is screwed.

    Just because someone dosen't run your particular favorite OS dosen't mean they're a damn clueless fool. I'd like to run linux if it had support for my hardware. And I'm not going to buy a whole new computer just so I can run an OS.

    There's more to an operating system than just technial superiority.
  • Suppressing the speech of another just because it dosen't happen to be your favorite flavor is just wrong. It wouldn't be right of me to walk into your house and start trashing your place because I don't like the style of your jeans. Maybe I hate people who like blue jeans, because I happen to be a black jean wearing person. As long as freedom of expression dosen't hamper someone else's rights, then the person has a right to express himself in whatever fashion so chosen.

    You support damaging someone's property because of their views, yet I doubt you would be too happy if a nazi guy kicked your ass because of your views. Just because you don't like someone's ideas dosen't mean you have the right to suppress them. Is mindlessly destroying someone's property going to change anything for the better? Using my previous example, would you suddently realize the error of your ways of wearing blue colored jeans and become 'enlightened' to the ways of black jeans? Many, many people have been killed and tortured because of this kind of ignorant intolerance.
  • It appears that `lamer' has chosen a good handle for himself. Anyone reading the article would notice that the article itself quotes several notable people as saying that Microsoft's poor security is a major part of the problem, and that many non-ISS people (e.g. Marcus Ranum, who pioneered firewalls as we know them today, and is directly quoted attacking NT's security) were interviewed. The author obviously did plenty of research.

    While the article is not perfect, it's about the best thing I've seen in the mainstream media on the subject. Yes, ISS gets more plugs than they perhaps deserve. But you can't do a "white hats vs black hats" story without interviewing the best-known and most financially successful white hats.

  • What's interesting to me is that this article provides some useful information to some people who wouldn't otherwise get it--people who don't, for instance, read Wired.


    An article I read last year gave a sort of rogues'-gallery rundown of weekly newsmagazines; the quote I remember most was from a circulation manager at U.S. News, who said (half-jokingly, but only half) "Our target demographic is basically retired Air Force officers living in Arizona." Yikes. No wonder it seems even whiter than Newsweek.

  • "some system administraitors dispute the distinction" (between 'hacker' and 'cracker'),
    unless they just mindlessly lump them all in the same catagory as 'unprofessional computer tinkerers' - hacking, or rightly put, 'experimenting' is an essential part of learning, (sometimes by mistake or trial and error) and needn't be kneejerkingly associated with malevelant criminals.

    Chuck
  • "Security professionals deride Microsoft operating systems, in particular, as porous and unreliable, often crashing and leaving themselves open to attack. "Windows NT is slow, it's buggy, and we don't trust it," says Marcus Ranum, founder of the security software company Network Flight Recorder, who faults NT-centric networking strategies for contributing to decreased security."
  • I don't think that the Slashdot community will ever come up with a term for people that try to break into other computers that will satisfy everybody.

    I think "cracker" is a much better term than "hacker," though.

    George Orwell's _1984_ came up with an interesting way to "prevent" crime by removing words for the different categories of crime from the language (double speak). So, things like rape, murder, stealing, and presumably taking too large a deduction on your income tax could only be expressed by the word "crimethink." Apparently, if you can't express the exact nature of the crime, it may be harder to commit.

    I think the term "script kiddies" is perfect for some of those with too much time on their hands, since the term is so patently offensive to those that are being described.

    If you want a better word than "cracker," you might want to consider the much simpler (and more Orwellian) "low life." [smile]

    My own opinion, of course.
    --
  • This is my favorite quote from the article:

    "Windows NT is slow, it's buggy, and we don't trust it," says Marcus Ranum, founder of security software company Network Flight Recorder, who faults NT-centric networking strategies for contributing to decreased security.

    This is really going to help me overcome any remaining resistance to the idea of beginning a migration from NT to Linux at the company I work for.
  • so it seems that ISS are running around jamming fingers in dykes

    While Merriam-Webster says that "dyke" is an acceptable (mostly British) spelling of that particular word, in general, I thnk it's more socially acceptable to jam fingers into "dikes".

  • I'd classify the "script kiddies" as dangerous. My system is pretty much immune to them, sure, but their attempts create so much security-related "noise" that the attacks by truly competent crackers get buried in the logs under tons of garbage.

  • i'd give him especially annoying. i'd say the "especially dangerous" ones are the crackers distributed these 'scripts' in the first place.

    Actually in one way script kiddies are more dangerous than crackers. Crackers generally are more knowledgeable, and better at covering their tracks. This in general means that they usually don't do malicious things or disrupt the general operation of systems because that would give themselves away. Script kiddies, unfortunately are often malicious little brats who don't have the self restraint not to trash things or are clueless morons who unintentionally destroy things.


  • White hats, black hats... what about Red Hats?

    It certainly isn't a black and white world, and I think that the author of the US N & W R article realizes this, and I'm sure most of /. realizes this, but unfortunately you can only get so deep in a new article, particularly one like this, which must be general in order to make sense to it's audience, one not necesarily that knowlegeable about the subject.

    I suppose it's inevitable that stronger and stronger countermeasure forces (like the ISS etc.) will emerge, but it ups the stakes. The "[Crack|Hack]er war", _like_all_wars_ can only escalate.

    Only by getting more secure products out there, and/or educating admins, I think, can the hacking *problems*-- the really anoying (pointless web page defacing) and wicked harmful (destruction of important data, theft of cc #s)-- be reduced.

  • I've been a reader of US News and World Report for 13 years (since I was 15, believe it or not), and they've always leaned to the right (guess where my politics lay).

    I was very pleased to so this article and more so pleased that it was actually pretty acurate. I wasn't suprised, though: I expect as much from them.

  • Either I really don't understand what a hacker is (I'm not one yet, just a wannabe but thought I understood the def) or they are wrong or i really don't know how to learn English.

    The way I understood what they called hackers or "white hat hackers" in this articles are people that are on the other side of the fence and help do network protection (like ISS). If this is what the article is meaning I don't agree that it is the definition of hacker. Maybe the guy at ISS are hacker but this isn't that that give them this distinction.

    For me a hacker is someone who belong to a human society that have the characteristics (the society) to have a high global technical level in computer science domain and is a society of gift. That is I'm a hacker not only if I am a good at using computers (knowing how to use a spreadsheet doesn't count of course) but also if I do something to the hacker community and agree with the ethic of this community. I personnaly know how to use computer (there is a lot of things i don't know but I know how to learn them for most of them) and i really love the hacker ethic, but having never done anything for the community (writing free software, maintening/traducting an howto or a manual, administring a mailing list/a website...) I don't call myself a hackerm just a wannabe (and a newbie).

    I am the only one that understand the word hacker like that (in the main line at least)???

  • The problem with Hacker is that it now have two different meanings in the same domain (computer science) and that these meanings are totally different (on refer to something illegal and stupid the other to something legal and not stupid at all).

    If we use Crackers to refer to people that break into system computer we have the same problem but "less worse". I don't care that it may refer to people in the south of the USA because this meaning is not computer related and therefore isn't that annoying. I care more that it also refer to people breaking software security in order to copy them because they both are computer related.

    So we end with either calling these two groups crackers and referring to them as people cracking software security and do a distinction between two or three groups, those that crack software securities to gain the control of a computer (the hacker/cracker crowd), those that crack software securities in order to be able to redistibute these softwares (the warez crowd) and optionnaly those that do DOS (Denial Of Service of course) and Script Kiddies (they often are the same i think).

    Or we have another solution, find a new word for the hacker/cracker crowd (those that break into computers). If we choos this one I would propose breackers, not that I particulary like this word (but I don't care since I don't want to be one) but since they are breaking into computers that describe them pretty well. and if this word don't sound appealing why should we care? We don't have to make these things appealing.

    Just my 2 cents.
  • Check out http://www.hackernews.com/arch.html?0608 99 [hackernews.com] for their take on it. Seemed like more of an ad for ISS and I tend to agree. Though, they did get the terminology more correct than most articles.

  • so it seems that ISS are running around jamming fingers in dykes protecting Windows from an endless stream of script kiddies. although the author took things a little far when he said "The script kiddies are considered especially dangerous." i'd give him especially annoying. i'd say the "especially dangerous" ones are the crackers distributed these 'scripts' in the first place.

    forget cracking though, think about hacking your own site [wammo.co.nz]!

  • A "cracker" is malicious. Most sites are cracked if they are vandalized. A "hacker" is someone who evokes certain information from a machine or person or thing by guiding the thing/person in the desired direction. Another term is "Social Engineering". If I ask you questions, and I get the desired answers from you, I have hacked your brain. I am a hacker. I am a social engineer.

    One definition [internet.com]: "Whereas crackers sole aim is to break into secure systems, hackers are more interested in gaining knowledge about computer systems and possibly using this knowledge for playful pranks."

    Another definition [tuxedo.org]: "cracker n. One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker (q.v., sense 8). An earlier attempt to establish `worm' in this sense around 1981-82 on Usenet was largely a failure."

    And yet another [tuxedo.org]: "hacker n. [originally, someone who makes furniture with an axe] 1. A person who enjoys exploring the details of programmable systems and how to stretch their capabilities, as opposed to most users, who prefer to learn only the minimum necessary. 2. One who programs enthusiastically (even obsessively) or who enjoys programming rather than just theorizing about programming. 3. A person capable of appreciating hack value. 4. A person who is good at programming quickly. 5. An expert at a particular program, or one who frequently does work using it or on it; as in `a Unix hacker'. (Definitions 1 through 5 are correlated, and people who fit them congregate.) 6. An expert or enthusiast of any kind. One might be an astronomy hacker, for example. 7. One who enjoys the intellectual challenge of creatively overcoming or circumventing limitations. 8. [deprecated] A malicious meddler who tries to discover sensitive information by poking around. Hence `password hacker', `network hacker'. The correct term for this sense is cracker."

    I hope that makes sense.
  • You forgot one of the oldest and most time-honored:

    "One who makes furniture with an axe."
  • Wow Off topic but you actually were able to stay awake through that one...

    Also whats so wrong with having scripts some newbie hacker kid didnt write them it was some experienced lazy sod that did and made them available for everyones enjoyment and learning.

  • Not to mention the fact that, buried near the bottom of the article, there is a pre-announcement of the upcoming release of Back Orifice 2000.

    Do they have a beta program?
  • >Ranum claims an underground figure known as >"ReDragon" was an ISS employee while > co-editing the popular hacker zine Phrack.
    Isn't there a frequent poster here named ReDragon? Hmmmm..but then again, that's about as original as calling yourself 31337 HaX0r.
    "running around jamming fingers in dykes"
    lol Schmack, that's not a common term in English, there's a lot of room for misunderstanding if taken out of context!
    Overall, the article was sorta informative. I liked the fact that they got the hacker/cracker distinction right for once, and the reference to script kiddies was cool. Although I have to agree, they're more annoying than dangerous. Crackers are a valuable resource to people who want to keep their networks secure. If I were a highly paid admin for a major corporation or military installment, I'd find the best crackers and pay them handsomely to find holes. What better way to find your security weaknesses than to pay someone to break in?

  • Heheh, you forgot the other original meaning of hacker. If I remember correctly, it was originally coined at MIT as someone who playes practical jokes and generally goes places that the MIT administration doesn't like them getting into.
  • Another thing about Windoze 2000: if you can believe computer magazines, win2000 isn't going to have any 16 bit app support, and that it was decided to leave that out. Personally, I hope that this isn't true (no, I am not a Microsoft fan, so please don't flame me, I just think that a possibly ok OS is going to be made totally not-even-having-a-chance-at-being-ok because of this stupid desision.
  • "Hacker" means(in rough chronological order of emergence)

    1) A driver of a horse-drawn carriage (hansom cab)
    2) A Taxi driver
    3) A not-very-proficient Golfer
    4) a poorly-skilled pilot of Radio Control Aircraft
    5) a certain type of computer programmer (i.e. one who hacks up a program rather than being more methodical about development.)

    I suggest that we use the word "hacker" to refer exclusively to Taxi drivers, and refer to people who crack other's machines out of malice as "Vandals", "Jerks", or "motherfucking script kiddies."

    We should also refer to allegedly professional sysops who leave holes on their hosts that you could drive a truck through, as "idiots", "Microsoft Certifed Idiots", and "useless payroll ballast."

    -jcr
  • I was very pleased to see this article. It's not perfect (somebody made mention of "grey hats," which isn't a common term to my knowledge, but is definitely descriptive of a few people I know), but it is leaps and bounds ahead of piles of previous articles I've seen on the topic.

    And I was real amused at the description of security hole-stricken Windows NT as "porous." I'll need to remember that one.

  • I still say the term "crackers" is confusing...some people still view "crackers" as white people, or as Floridians, or as dumb southerners...aggghhhh!


    Also like to mention that, apparently, dropping out of college can be good.

    Dan
    You look so stupid, happy, and numb...
  • Dos=glorified program loader
    Win 3.1=glorfied program loader w/gui and "task switching", 3rd party TCP/ip stack addon
    Windoze 95=single user, Multitasking OS with all the crappy leavings of DOS, and an added integral TCP/IP stack(easily crashed, but hard to break in.. No multi user capabilities)
    Windoze NT=Single user, Multitasking OS, written from scratch to be compatible with win 95(removed some of the crappy DOS leavings), integral TCP/IP stack(easily crashed) and very insecure web serving addons.
    None of the above come anywhere close to OpenBSD(or even Linux ;-) for security, usefulness, or anything.. yet people keep buying and using Microcrap, just cuz they bought it 10 years ago... Sigh...
    NT is not a server OS, and not even a good desktop OS.
    And I have heard that only about 40% of current win32 programs are compatible with NT5.0 (win 2000) right now... Maybe people will kick Windows for a real OS soon. (As soon as Unix{Linux, FreeBSD, etc...) gets game support, and some good games avalible only for Unix, I think a lot of young people will switch anyway.. I think that's the direction Free software should start taking more...
    Oh yeah... Back to the original train of thought.. If your IT department insists on running NT, they need to be Clued...
  • I know, I know. I'm reading too far into it. It was intentional. I offer my most humble and abject apologies.

    So sue me for trying to be humorous.

    Sue me for trying to brighten someone's day.

    Sue me for making little hospitalized Johnny smile just one more time.

    Sue me for trying to make us geeks worldwide slap their knees and guffaw with laughter!

    Someone's got to do it! If not me, then who? Barry Manilow? I think not!

    *sniff*

    ...And remember, you can't attack Brainania. It's not on the big map.
  • That's where dual booting comes in to play.
  • Yea Yea Yea weve all been through this, so why is it that people give hackers a bad name. it is because the crackers are idiots, the search for ways to break, destroy, and demolish systems without the care to cover tracks or with out thinking of the consequences. Know i must admit that there are great Crackers out there, but the majority are little 16 yr old punks with nothing more to do than to exploit some server with a program he DOWNLOADED! He didn't put the effort to think of what it does and he sure as he*l didn't make it. So to all you little suckers out there that are downloading programs to break into systems or to grab some info, STOP! or make the program your own damn self and realize what goes into hacking, then mabey you'll learn that it isn't the fact that you broke into a system but that you CAN break into a system and don't!



    KODE
  • Okay RimRod know sh*t about computers, sorry but if you knew anything you wouldn't of put that bs up!

    KODE

To be a kind of moral Unix, he touched the hem of Nature's shift. -- Shelley

Working...