Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
News

"Hackers" are Dumb 69

Posted by CmdrTaco from the did-it-again! dept.
_alpha_ wrote in to send us an article about Detectives in a digital age which makes the most blatant Hacker/Cracker error I've seen lately... "Hackers are dumb" . Read the article, its obviously about crackers. I think that the media can just s/hacker/Script Kiddie/gi; and call it good.
This discussion has been archived. No new comments can be posted.

"Hackers" are Dumb More

"Hackers" are Dumb

Comments Filter:

  • More hype for the clueless. These "digital Sherlock Holmeses" are the alchemists of the digital age. They promise gold from lead, but all they're doing is relying on the gullibility of law enforcement and the courts. Their signature parlor trick is examining the swap file entrails of the suspect computer system--they rely on a security hole to work their magic. The forensic text search software that the courts recognize is awful (I've used one of the two--a DOS app compiled with Turbo C++) and can't even do regexs. Try finding the string "John Smith" without a regex when it was written into 16-bit integers or some other non-char scalar. The best I could testify to, based on the results produced by the program I used, was that I didn't find the string I was looking for--fortunately, the case didn't go to trial and I didn't have to sit in the box and sound like a moron. (No, I didn't have access to grep or Perl at the time, I had to use the DOS app).

    As for a hacker "wiping out a disk" to cover his tracks, there is some real magic available there if you have the dough to pay for it. Last time I read, it was possible to get a decent read of data that had been written over as many as nine times.

    These guys couldn't catch a real (cr|h)acker if their lives depended on it. They rely on the holes in unsecure Operating Systems and other widely-known and easily circumvented clues, like IP trails, to produce evidence. Bah, humbug.

  • It seems that nobody - the media, slashdot, or anybody else - can get the usage of the words right (or even agree on what "right" is). The media seems to take "hackers" as a synonym for "those who circumvent security" whether those people really are hackers (yes, a few of them actually are) or are merely script kiddies (the vast majority). Many slashdot readers, on the other hand, seem to say that nobody who circumvents security can be called a "hacker," which is also obviously incorrect, as some of those who break security are indeed skilled hackers in the 1970s sense of the word.

    ...not to mention the problem that "cracker" in reference to computers already applies to the skilled assembly coders who remove copy protection schemes from software.
  • Ignoring the misuse of word the word Hacker for now, all the stories they have listed here are about people who have not done anything at all particularily smart anyway. Writing the Melissa virus? Well that guy did not even use his own code, he mostly used someone's existing macro virus lib. As for the guy who setup a scam on Angelfire well I'm not even going to start with the basic stupidity of that. None of the people in the article could claim to be described by the term 'Hacker' either the real meaning or the more popular current use of it. And remember all the real crackers who know what they are doing never detected anyway.
  • Posted by Mike@ABC:

    Sure, the mainstream media will continue to use and misuse the term "hacker," but personally, I think the whole open source/Linux wave is changing that. I have the privilege of covering both the open source movement and computer security issues. When I see a bunch of brilliant Linux coders calling themselves hackers, it makes me review just what a hacker is, and how I might differentiate them from a) "good" computer security hackers, and b) crackers.

    Over the past year, I think the use of these terms has improved, while at the same time, I think the more enlightened press people have been able to communicate these basic ideas to their readers -- and that's the tough part. Thanks to WarGames, you've got a general public that sees the word "hacker" and automatically thinks of a pimply-faced anti-social pubescent malcontent breaking into NORAD.

    If the open source-ers keep it up for a few more years, that pesky nomenclature might just change once and for all. But it won't happen overnight.

  • $480,000 seems small to me. Perhaps that is because I'm used to the mainframe world where a minute of downtime costs $1,000,000. (each minute ass another million) Since companies had to take servers down, they felt some loss from that.

    If you figgure a tech makes $300 a day ($80,000 a year) This is only 8000 sysadmins working for two days. (what a previous poster claims it took his company) This allows each company in the fortune 500 to use 16 sysadmins. Now granted not all fortune 500 companies were affected, but even still this starts to look small when you remember that these are the largest companies. Looks to me like $480,000 won't even cover the salery of the systemadmins who were not taking care of normal buisness in response to this. No Think of what the cost of business is (see above), and it looks like a bad estimate.

    Now I will grant that NT was taken down more then mainframes, and NT doesn't run anything mission critical, but even still we can expect there were losses due to this downtime that aren't figgure in.

  • IP numbers are usually assigned dynamically with ISPs, so to track a particular crack attempt or spamming run to a specific user, you have to get the ISP's log of whom was logged in on that IP at that time.
  • One thing that I did see in the last paragraph had a little to say about some of the hacker mentality. It said something to the effect of if the lock are so easy to pick (if the internet is that insecure) then you need to change the locks. I wonder how much longer it will be until the corporate world wakes up and smells the ozone realizing that (h/cr)ackers aren't there to cost them millions of dollars in lost assets, but are there to prove a point. The digital world is not secure nor will it be until there is a need for it to be. With the greater anonymity of the internet and more off the shelf tools for script kiddies, the chances of getting (h/cr)acked increase daily, whilst IS managers restore from tape without learning a thing.
  • Sad, but there's no rescuing it. Its been dead for years.
  • This article was definately about script kiddies. The dangerous/skilled hackers don't just mince HTML. And I expect that they are considerably more difficult to track.

    And the author of the Melissa virus didn't "sign" it, MS did that for him and he just didn't try and remove it (perhaps he was unaware). Also, from what I've heard, the guy who wrote the virus isn't the one who released it.

    --Lenny

    //"You can't prove anything about a program written in C or FORTRAN.
    It's really just Peek and Poke with some syntactic sugar."

  • Bias (Score:1)

    by petchema ( 3684 )
    All the crackers that have been caught have been caught.
  • That it's not surprizing that those who get caught are mostly dumb, since smart ones usually manage to stay unseen...

    So "All those hackers [examples of lately caught hand-in-sack people there] are dumb" does not prove anything, nor is helpful in evaluating the damage done by crackers.

    I read it as a "nice" way to downplay the involvment of Word macros in industrial piracy ;(

  • Martha? Brian? I still like 'motherfuckers' (from an earlier post re: crackers)
  • a hacker is someone who breaks into information systems-no that's a cracker! ok, so a hacker is someone who likes to code efficiently-no a hack is bad programming! Welcome to the wild world of English :) (This reminds me of the discussions of free software-the French have it right here)
  • Don't tell them to use the term "cracker" either. Use a more correct term like "criminal", "intruder", "trespasser", "violator", or "motherfucker".
  • I am STILL trying to figure out WHY the Gartner Group is considered "expert" in the realm of security.

    I am a network security admin/manager by profession, have been for almost 4 years now, and have NEVER heard anything from Gartner that wasn't:

    a) So completely obvious that it wasn't even funny.

    b) Marketing-speak

    c) Guesswork; or

    d) Completely wrong.

    I especially (dis)liked the last quote:


    "The good thing about the Sherlock Holmeses of the Internet is that they are showing us that the locks are not so good," says Gartner's Zboray. "And if Sherlock says so, then you better go out and get new locks."


    Huh? It's not the 'Sherlock Holmses' of the FBI or Gartner group or Phar Lap that are examining the locks. The locks are already busted. Nor is it the 'script kiddies'. Its the hundreds of security people and programmers that continously watch their networks, test software, examine code, report to BugTraq and CERT, and get little or no credit for it. Many of them are true 'hackers'.

    And we ALREADY knew that the 'locks' were weak in many areas. Puh-LEASE!
  • ahem...(cough) (cough)

    I mean really...who gives a shit?

    People...spend a little less time whining over a word and a little more time coding....
  • numbers linked to specific sites on the Internet but not specific computers.

    The numbers are linked to specific computers, you can however have multiple sites per IP.

    There is nothing in this article that has any truth. PS Does anyone believe that the Melissa virus caused $480,000 worth of damage? I seriously doubt even $20,000.

  • Beyond the obvious cracker/hacker error is the declaration that cracking is on the rise because of e-commerce. Certainly virus authors do not make money. Typically cracking is for fun and not profit.

    What has happened to "hacker" is the same thing that happened to "negative feedback". A good engineer knows that negative feedback acts to preserve the current state, but your typical suit thinks of negative feedback as something that discourages what someone is already doing.

    It is noble to try to clear up the confusion surrounding the misuse of terms, but the problem is the confusion is too strong. "Hacker" now means both enthusiast and criminal, just as negative feedback has two contradictory meanings.

    I don't have a good suggestion for a replacement, however, and after all these years there isn't a replacement for negative feedback either. A good name would have to be immediately recognizable. If anyone has a suggestion I'd like to hear it.

  • Outside of the hacker/cracker debate, the article also seemed to lump in a third group--true white collar criminals. And they used all their terms interchangably, further confusing the issue. How hard would it really be for Wired to either hire or interview someone who understands the topics they discuss? Too hard, evidently.

  • Wait...before we get all lathered up about hacker/cracker/script kiddie/whatever...

    This article is nothing more than a string of quotes from security "experts". Let's not lambaste Wired just yet. In fact, perhaps they ought to be congratulated. They just associated names with some very odd uses of the term "hacker".

    At this point, I'd be pretty embarassed to have my name show up in that article. I, for one, think that Wired's article wasn't so bad and may insidiously work to alter the hacker/cracker misconception.
  • Does anybody really expect them to suddenly start saying anything that isn't total BS? Get real. Maybe I should get involved in consulting; it's gotta be a lot easier than working.
  • Hurrah for that... I wrote to Eric Raymond a few days ago about the definition of 'Hacker' in the his Jargon guide, in particular about the way he called the 'cracker' meaning of the word 'deprecated'. I wrote to tell him that a good lexicon writes its definitions on the basis of examples of a word's usage, and so calling a word 'deprecated' amounted to deliberate blindness and linguistic facism. It's funny how advocates of 'free' software can be so completely facistic about everything else :-)
  • I personally like the term "CodeSlinger"

  • There seems to be an obvious double standard in the media's coverage of Hackers/Crackers. They are portraying hackers as both supervillions who could rule the world, if not for the work of a few hard working FBI agents. And as dumb kids who are more of a nuisance than a real thereat. Both portrayals are equally inaccurate. There are capable hackers and scripts kiddies and coverage which paints sweeping generalities about the "Hacker Mentality" only serve to decrease they likelihood of any effective method of protecting our information
  • It's also inaccurate in some cases. I don't know about elsewhere, but here (Alberta, Canada) you cannot claim the title Engineer without a degree from a certified educational institute.

    So, while we can study software engineering, calling myself a Software Engineer would be misleading and possibly illegal.

    (Please note that I AGREE with this setup. Being an Engineer also makes you responsible for your work in a legal sense. Controls on the title make it more meaningful and valuable.)

  • /* Put tongue in cheek */

    Ok, when I was a little kid two weeks ago, I wanted to be a technology columnist. It looked like an easy way to make some bucks -- just spew wild predictions about the future of computing and cash the checks.

    I've changed my mind. Now I want to be a computer security consultant who TALKS to technology columnists.

    It seems all I have to do is print up some business cards that say "DonkPunch -- Information Security Consultant" and I'm in business.

    Best of all, the columnists will fawn over me as a modern-day Sherlock Holmes ("Elementary, dear Watson. He used MS Word to create a macro virus which gave him remote access to little Jenny's hard drive").

    How much can I charge per hour to tell people to turn off macros in MS Word?

    /* Remove toungue from cheek */
  • ". PS Does anyone believe that the Melissa virus caused $480,000 worth of damage? I seriously doubt even $20,000.
    "

    I'd say 480,000 is a pretty good estimate. The company I work for, which I will not name, spent a whole lot of time and effort on this, even though we weren't hit all that hard. In addition, we took a lot of early precautions that stopped Melissa from being all that bad. Keep in mind, with the press coverage this got, there were a lot of people from above throwing resources at it. I'd say we probably had 1/4 - 1/3 of our people working on this for the better part of two days, including some overtime, because we're busy even without some jerk's idea of a practical joke. With the companies that were hit even harder, and had to take machines and servers down, I wouldn't be surprised if 480000 dollars was the damage tally.
  • What are you trying to say?
  • Back in the old ol' days a hacker was someone who wrote super tight, highly effecient code. People who did "bad things" were definitely NOT hackers. However, they liked to believe they were so they called themselves hackers.

    Now that's where you're ol' days start, you young kid you.

    ---

  • Agreed, old-old-timer? :)

    Got to agree with that, fellow old-old-timer. ;-)

    ---

  • i personally am glad that the general public and media are somewhat fuzzy on what we (computer nerds in general) do. i like that fact that the minority in the world can look at a linux kernal and understand it (hell, i can't even explain everything, not saying that i'm some genius, i too am young and stupid, but learning).

    enlightened minority.....hmmm, sounds like a cult thing?

    later all.
  • But how much $$$ are you spending to make sure it doesn't happen again? I bet you are spending a lot more $$$ to cover up the security holes in your system. Who should get the blame for that?
  • It occurs to me that the world is full of dimwits as I read this... The moron that signed his name to a virus instead of telnetting through fifteen countries first :), the absolute know nothing that wrote this all-hype article, the people who use windows and expect to get away with it (does not the windows disclaimer itself say "This application may not be used in a situation where it's failure to function may cause harm or injury to any human...."... So, if someone was harmed, they are in breach of contract and if no one was harmed, what the hell is the problem?) and above all the FBI agent who thinks he's hot **it for figuring out that the virus digitally signed by Joe Smoe came from Joe Smoe (who'd have guessed)... I don't think I even want to touch on the subject of people stoopid enough to buy stocks because some page on AngelFire told them to... That one's beyond the pale, for chrissake, don't believe everything you read on the internet kiddies... Does this mean if I put up some kind of spoof/joke page I'm liable to get sued? The only real conclusion to be drawn from this facile article is that ISP's should make prospective customers pass IQ tests, mandating a minimum monkey-level intelligence before allowing people on the 'net.
  • ProgModMan? uhh.... ProgModPerson? hmmm... too wordy... CodeCranker? ReCoder? DeCoder?
  • I'm forced to concurr. This is a silly topic dealing with semantics and 'know-it-all' ism.

    Does it really matter that "they" misuse the term ? What is the definition of a word other than what is generally accepted, or written in a dictionnary ?

    It is as though we are all so self-righteous that only WE know the REAL definition of hacker (as opposed to cracker).

    This reminds me of the whole nonsense regarding the word 'queer' and it's re-capture. As far as I'm concerned, 'queer' will always be a derogatory way of referring to homosexuals, much as hacker will always be the word to refer to crackers, and script kiddies (and maybe hackers by our definition too).

  • USD 125 an Hour. No Kidding.

    USD 150 an Hour if you can utter advise as "buy a virus scanner"

    USD 500 an Hour if you can explain why they should : "disconnect the intranet from the internet to be sure"
  • Personally I'd go for `software engineer'. I like it, employers like it, the media like it, it sums up what I do (including all the bits about taking design decisions to produce a working solution quickly --- that's why it's software engineer and not computer scientist... that's my opinion anyway).

    Perhaps that's a little tame for some of you...
  • Damn, I thought if you were having trouble with crackers, you could call the Black Panthers...

    8-()
  • (or almost) if you don't actively protect your standards, they get lost in the media
  • Apparently another sad report coming from a non-hacking source.

    I would go into a full story but most people here and abroad know that hacker's are not at all dumb. Well the majority of "HACKERS" and not little wu-ftpd exploit script kiddies.

Slashdot Top Deals

The biggest difference between time and space is that you can't reuse time. -- Merrick Furst

Close