Skip to main content

View Diary: SoapBlox Press Release on Yesterday's Event (168 comments)

Comment Preferences

  •  I hate hackers (16+ / 0-)

    with a passion, people who do things to just see if they can and they destroy a lot in the process.  I swear, I was thinking of writing a whole diary on how much I hate those bastards.

    Seriously, I've seen businesses ruined, years of hard work because someone just could.  

    •  Difference between (13+ / 0-)

      "hackers" and "crackers". A cracker does damage. A hacker's only crime is curiosity. They may get in, but they do minimal to no damage and often leave hints about how to fix what they do break so it doesn't happen again.

      Obama's campaign just transformed from "Yes, we can" to "You're fuckin'-A right we did!"

      by Eddie in ME on Thu Jan 08, 2009 at 10:20:00 AM PST

      [ Parent ]

      •  Don't get too romantic (21+ / 0-)

        From a system administrator's point of view, a hacker getting in to a system is no less debilitating than a crack.

        The administrator doesn't and can't know what damage was done, what files were compromised.  They must always assume the worst.  That means rebuilding the system in most cases.

        Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves. - William Pitt

        by Phoenix Rising on Thu Jan 08, 2009 at 10:25:39 AM PST

        [ Parent ]

        •  True enough (6+ / 0-)

          But better it be a white hat getting in and showing that they can than a black hat getting in and destroying everything, don't you think?

          When I was a teenager, I used to be a white hat... and I would bust into something, and proceed to leave detailed instructions on how to stop me from doing it again, and actually left real contact information for how to reach me. Most often what I got was appreciation, and never did I get cops.

          Obama's campaign just transformed from "Yes, we can" to "You're fuckin'-A right we did!"

          by Eddie in ME on Thu Jan 08, 2009 at 10:29:10 AM PST

          [ Parent ]

          •  White hats don't break into other people's... (4+ / 0-)
            Recommended by:
            Odysseus, Los Diablo, petral, MKSinSA

            ... systems.  Period.

            Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

            by JRandomPoster on Thu Jan 08, 2009 at 10:35:09 AM PST

            [ Parent ]

            •  No offense... (2+ / 0-)
              Recommended by:
              Miss Blue, rubine

              ...but I think it's a little difficult to tag a 14 year old teenager who was curious and trying to be helpful as a "black hat". But that's just me.

              Obama's campaign just transformed from "Yes, we can" to "You're fuckin'-A right we did!"

              by Eddie in ME on Thu Jan 08, 2009 at 10:39:20 AM PST

              [ Parent ]

              •  The Computer Fraud and Abuse Act (3+ / 0-)
                Recommended by:
                jayden, MKSinSA, JRandomPoster

                does not see it your way.  Spread the word through the playgrounds.

                •  Doesn't apply here. (2+ / 0-)
                  Recommended by:
                  Debbie in ME, gooderservice

                  I didn't access financial or government institutions, didn't defraud anyone or obtain anything of value (although a good attorney could call the thrill of the experience "something of value", I'm sure), didn't harm anyone's medical treatment, didn't cause $5k in damages, and didn't cause a threat to public safety.

                  Not to say I was being a good boy, I certainly wasn't... but I wasn't malicious and I wasn't tearing people's systems apart.

                  Obama's campaign just transformed from "Yes, we can" to "You're fuckin'-A right we did!"

                  by Eddie in ME on Thu Jan 08, 2009 at 11:19:11 AM PST

                  [ Parent ]

                  •  Don't be so sure. (3+ / 0-)
                    Recommended by:
                    bronte17, Seneca Doane, MKSinSA

                    If it takes a sysadmin more than a day or two to investigate the compromise, even if there were no hacks preformed or data damaged, odds are that his billable time is approaching that 5K mark.  His salaried time might not be that high, but billable probably is.

                    Keep in mind, when a system is compromised at all, the worst must be assumed.  You can't just look at the logs and say, "Oh, gee - I left port XYZ open, and someone got in and read my email."  No, you say, "Aw, ::explicative deleted:: I need to close XYZ down and check every single package, executable and script on the system."

                    Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

                    by JRandomPoster on Thu Jan 08, 2009 at 11:25:06 AM PST

                    [ Parent ]

                  •  Where are you getting this list? (0+ / 0-)

                    From some summary of the act, or the act itself?

                    By the way, you also need to check case law.  These things don't unpack themselves.

              •  It might be difficult... (6+ / 0-)

                ... until you've been the guy who gets paged at 3:00 in the morning because your systems have detected an intrusion, and you know you won't sleep for the next 36 hours.

                I grew up in the age of BBS's.  I've - ah - seen the darkside.  I knew darn well that some of the data I was seeing was not intended for my eyes at the time.  And given the way the world has changed, how prevalent the net has become in everyone's lives, I'd say at this point that the 14 year old wanna-be hacker who does not know what he is doing is wrong is about as rare as a video card driver written in COBOL.

                Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

                by JRandomPoster on Thu Jan 08, 2009 at 11:01:43 AM PST

                [ Parent ]

                •  True enough (4+ / 0-)

                  But I was 14 in 1995, and using my 486/33 with Slackware Linux to toy with things. The Internet was not nearly the same beast then as it was now, and the legality of what we were doing was mostly brought into question by that terrible but amusing movie, Hackers.

                  I'm not arguing whether or not what I was doing was wrong, because it was. I'm just arguing that you can't call a 14 year old growing up in the AOL days that messed around with stuff a "black hat" for busting in and actually leaving solutions to the problem. There isn't a "grey hat", else I'd say I was wearing that... but I think "black hat" also has to include some malicious intent, which I possessed none.

                  Obama's campaign just transformed from "Yes, we can" to "You're fuckin'-A right we did!"

                  by Eddie in ME on Thu Jan 08, 2009 at 11:15:05 AM PST

                  [ Parent ]

                  •  People Who See The World In Terms of Black.... (13+ / 0-)

                    ....and white are missing out on what makes being human worth while.

                    We are more than simple binary devices.

                    Reality is complex and hazardous; that's what makes it interesting and meaningful.

                    •  Well said. n/t (2+ / 0-)
                      Recommended by:
                      Debbie in ME, Vacationland

                      Obama's campaign just transformed from "Yes, we can" to "You're fuckin'-A right we did!"

                      by Eddie in ME on Thu Jan 08, 2009 at 11:36:07 AM PST

                      [ Parent ]

                    •  Wait till your identity is compromised... (1+ / 0-)
                      Recommended by:
                      susans

                      ... because some 'noble' script kiddie discovered an exploit in some system somewhere that was then used by a real hacker.  Then tell me about white and black in this domain.

                      Or work in a pager carrying role for an on-line retailer or an ISP for a few weeks.  And then tell me that such naive intrusions do not cause harm, at a minimum in the form of massive work for the maintainers of the system, which takes away their family time and sleep, destroys eating habits and can lead to insanely high and persistent stress levels.

                      I hardly see the world in terms of white and black.  But there are lines that should not be crossed.  Some are more obvious than others - murder and rape are so dark gray that they might as well be black.  Hacking for curiosity's sake is a lot darker than you may think.

                      Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

                      by JRandomPoster on Thu Jan 08, 2009 at 11:57:50 AM PST

                      [ Parent ]

                      •  My Bank account (0+ / 0-)

                        and all of my personal information including social security number may be in the hands of identity thieves right now.  The box of backup tapes from the bank fell off the truck somehow.  Hackers are far less likely scenario then some idiot losing tapes or taking home data on a laptop that gets subsequently stolen.

                        Hackers do serve a purpose.  Would you rather trust the word of Microsoft that something is secure or have people poke at it and discover weaknesses and inform the company of those weaknesses?  A cracker will find an exploit and use it and I would rather somebody find it and patch it before that can happen.

                        •  I understand what you are saying... (4+ / 0-)
                          Recommended by:
                          susans, bablhous, pgm 01, skohayes

                          ... but I disagree completely about hackers serving a purpose.  Yes, something can be learned from their acts, but there are other ways.  Saying that hackers serve a purpose in a positive way is like saying that burglars serve a purpose.  After all, when a burglar smashes your window and robs your house, you learn that you should install an alarm system, right?

                          I've had a pretty broad career, that includes sysadmin work and also software development for fraud detection for a major on-line retailer.  I can tell you that almost every exploit out there is posted on various developer forums; a good sysadmin or dev does not wait to be attacked to fix a problem, but is always checking to see if there might be a problem and testing their own systems for faults.  There are companies that do nothing but security testing; there also exists a huge developer community that shares information.  And if someone has such information, it is far better to email the sysop or post on such a forum than go and destructively prove that such a weakness exists on a given system.  Such hackers are arrogant and destructive; they shield themselves in a false morality that they are fighting the good fight, when in reality, they are just making things worse.

                          I will concede that Microsoft is not always as forthcoming with security fixes and announcements as might be desired.  They sometimes go for the security through obscurity approach - that is, if no one knows it isn't secure, then no one can break in.  By way of contrast, however, the Linux community is the exact opposite.  And there are far more industrial grade systems running Linux out there than you might think.

                          Finally, a not on identity theft.  The percentage of identity theft through direct hacks of servers is actually low, though, it does happen, and is one of the greatest fears of those who manage systems that keep people's personal data.  However, far more identity theft occurs because people don't use a secure browser, don't run spyware and virus scanner programs, and don't patch their operating systems regularly.  Add to this the frequency of intercepted snail mail and people in credit card call centers stealing information (it happens - a lot) - and you have a blooming identity theft market.

                          Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

                          by JRandomPoster on Thu Jan 08, 2009 at 01:27:03 PM PST

                          [ Parent ]

                  •  Again... (9+ / 0-)

                    ... busting in is a problem.  Leaving solutions may sound noble, but believe me, the sysadmin who finds said solutions is going to figure that the attacker is just mocking him.

                    You say I can't accuse a 14 year old in the AOL days of being a black hat.  Well, yes, I can.  With this said, I was 14 in the early 80's - our toys were Amigas and 286's and university mainframe terminals that we could get access to.  Like many, I did no intentional damage as I snooped about, but I know that I had caused problems and angst for the folks who ran those systems.  And given that I had to get past protections to see various bits of datum, it was obvious that I was not supposed to be there.

                    I'll admit that a 14 year old's moral compass may not be well developed yet.  But still, they know.  I did, and I'm betting deep down you also knew that what you were doing was illicit.  And as I've stated before, as time goes on, and the ambient level of knowledge about the net and computers increases, it will be harder and harder for anyone to claim that they were just "trying to help".

                    Or, to put the whole thing another way, if a 14 year old was walking along the street, checking every door knob to see if folks had locked their front doors, and upon finding an unlocked door, was entering the house, reading all the personal papers, then leaving a note reminding the home owner to keep their door locked, you'd probably call that wrong, and say that the 14 year old should have known better.  In my mind, there is no ethical difference between the intrusion into said home owner's house and intrusion into someone's systems.

                    Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

                    by JRandomPoster on Thu Jan 08, 2009 at 11:39:40 AM PST

                    [ Parent ]

                •  I would tend to argue that the hacker did you a (0+ / 0-)

                  favor by intruding - those 36 hours either should have been done ahead of time to prevent the intrusion in the first place or at the very least should be done now to prevent future attacks.  In the end, stronger security - better for everyone.

                  •  Calling malarkey on that. (4+ / 0-)
                    Recommended by:
                    Phoenix Rising, susans, boadicea, skohayes

                    The bottom line is that even the best of the best cannot know every single possible exploit - new ones are discovered every day.  Even with constant vigilance, there will always at least be partially successful attacks.  And with the noise generated by all the script kiddies, it can obfuscate the real attacks.  Of course, as noted elsewhere in thread, those script kiddie attacks also often have mechanisms that report back to the author of the script - and furthermore, even a script kiddie attack must be treated as a legitimate attack.

                    Or to put it another way, consider this scenario.  Some kid discovers your front door is unlocked.  He goes in, reads all your personal papers (you don't know if he took your credit card numbers and social security information), raids your refrigerator, and takes a dump on the carpet.  But he leaves a note telling you that you really should lock your door.  Done you a favor, has he?  Yeah, right.

                    I find it ironic that you sit here, safely blogging about how much of a favor these asshats are doing sysadmins while right now, somewhere on some system that you probably use, someone is miserable because he is having to clean up some hacker's mess so that your credit is safe, your identity is safe, your connection is secure.

                    Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

                    by JRandomPoster on Thu Jan 08, 2009 at 12:49:06 PM PST

                    [ Parent ]

                •  Cobol? (2+ / 0-)
                  Recommended by:
                  Mercuriousss, JRandomPoster

                  How to shoot yourself in the foot with COBOL:

                  COBOL
                     USEing a COLT 45 HANDGUN, AIM gun at LEG.FOOT, THEN place ARM.HAND.FINGER on HANDGUN.TRIGGER and SQUEEZE. THEN return HANDGUN to HOLSTER. CHECK whether shoelace needs to be retied.

                  more programming "foot" jokes here...

                  "red hair and black leather, my favorite colour scheme" - Richard Thompson

                  by blindcynic on Thu Jan 08, 2009 at 04:11:59 PM PST

                  [ Parent ]

                  •  Arrrrrgh! (0+ / 0-)

                    I very rarely use donuts... must not donut just for COBOL code... against FAQ.... have nothing against poster... but is COBOL... what to do...

                    /snark

                    Thanks for the laugh :)

                    Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

                    by JRandomPoster on Fri Jan 09, 2009 at 02:09:35 PM PST

                    [ Parent ]

        •  Or at a minimum scanning every single... (1+ / 0-)
          Recommended by:
          boadicea

          ... package on the system, running system wide permission checks, etc.  It is painful.

          There are many words to describe the various types of black hats, their intent, and abilities - phishers, script kiddies, fraudsters, hackers, crackers.  I use hacker myself as a general term (even though I still like the old Jargon File definition and connotations better, it is in the common parlance as a black hat).  But in every case, all of these folks are going in to data and systems that are not theirs, and causing someone else work and pain.

          If you want to get romantic on someone, sing the praises of the white hats.  Usually it's the black hats that get romanticized - even if it's in an anti-hero sort of way.  White hats are usually reported as... well, bland - even if they are the ones beating back the attacks and cleaning up the mess with at least as much if not more technical skill than that of the attackers.

          Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

          by JRandomPoster on Thu Jan 08, 2009 at 10:34:21 AM PST

          [ Parent ]

        •  Do you know if this sort of thing.. (0+ / 0-)

          where they were able to install port scanning scripts on to the machines.  SoapBlox servers were then being used to scan other servers across the Internet, looking for vulnerabilities.

          Is like a self perpetuating virus?

          Or actual hackers/crackers targeting weak security?

          And if the later, what is the point, to steal personal information? Or host illegal websites?

          Just curious.

          I am a liberal - I question authority, ALL authority.

          by Pescadero Bill on Thu Jan 08, 2009 at 10:43:55 AM PST

          [ Parent ]

          •  Short General Answers (5+ / 0-)

            Is like a self perpetuating virus?

            Yes and no.  Technically, a worm is closer to a self perpetuating virus for unix servers.  A scripted attack may occur from another compromised host, but often is run directly from the script kiddie's host.  It depends on the script and the user of the script, and how many other hosts the script-kiddie has under control already to use as platforms for attack.

            Or actual hackers/crackers targeting weak security?

            On any given day, security may be weak.  Security is always a race between those who would compromise it, and those who maintain it.  It is always in flux, and requires constant vigilance.  Ironically, the white hats who defend the systems must be that much better than the black hats who would destroy them; the white hats must protect against all attacks; the black hats only need one success.

            And if the later, what is the point, to steal personal information? Or host illegal websites?

            Yes.  The networks of collected personal information are wide spread and organized.  A bit of data about a person from point A, a bit more from B... soon you have enough to preform identity and credit card theft.

            But others do it to host illegal sites.  Others just because they can.  Others to preform DDOS attacks against someone they don't like or think needs to be 'punished' for something.  Others out of pure maliciousness and spite.

            Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

            by JRandomPoster on Thu Jan 08, 2009 at 11:10:21 AM PST

            [ Parent ]

      •  Got it (2+ / 0-)
        Recommended by:
        Eddie in ME, vcmvo2

        My point, whatever you call them, is those who do damage just to see if they can.  Hm, wonder if I can figure this out?  It's malicious and it's just mean.

        Mean people suck, I'm that juvenile at times, it just sucks.

        And the term "crackers" means something else to me, as in a great piece by the Daily Show and look at all those "crackers" on the golf course (oops, spilled a box of saltines).

        Random, I know, sorry.

      •  Hackers and crackers (0+ / 0-)

        Hackers break into systems

        Crackers crack software.

        At least that is what I understand.

        •  See link... (2+ / 0-)
          Recommended by:
          pgm 01, Matt Z

          ... above to the Jargon File.

          The good guys (White Hats) wanted to retain the term hacker for their own, and introduced the term cracker.  It never caught on, and in general, if one refers to a hacker or a cracker (which is almost never used these days), one is usually referring to a Black Hat.

          Which brings us to somewhat more modern terms.  Black Hats are those who preform malicious hacks.  White Hats are those who work on the side of maintaining systems, but have the technical knowledge to go to the dark side if they so wish.  Some may claim that the term White Hats includes those who probe system defenses and report weaknesses to the owners of those systsms; I do not consider such a person a true White Hat unless employed by the owner of the system to do so, as it is still an intrusion, causes work for the system owners, and any exploits found may be reported back to a true Black Hat hacker if a root kit or script is being used to preform the hack that has an information feed back to its author.

          The term hack itself has a lot of meanings.  It can mean a kludge, as in, "wow, that's a horrible hack, but at least the data's flowing".  It can mean an eloquent solution, as in "that is one nifty hack!"  It can mean a fast and quick solution, as in "I'll hack something to get the data flowing".  But strangely, if one is working for the good guys, one who preforms a hack will rarely refer to him/herself as a hacker anymore.

          Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

          by JRandomPoster on Thu Jan 08, 2009 at 12:21:28 PM PST

          [ Parent ]

          •  I'm not exactly a n00b (1+ / 0-)
            Recommended by:
            JRandomPoster

            White hat, black hat- thats not what I was talking about.

            More specifically, a hacker goes after systems. A cracker goes after a piece of software- usually using reverse compilation or other techniques, to circumvent DRM or other anti-copy measures.

            And yes, most white hats do not refer to themselves as hackers. "Security Consultant" seems to be in vogue.

            •  Appologies (1+ / 0-)
              Recommended by:
              wezelboy

              Yep, the manner in which you use the terms is also on the mark.

              Guess I was just taking a stroll down memory lane as to the old nomenclature.

              Quick to judge, Quick to anger, Slow to understand; Ignorance and prejudice and fear walk hand in hand. -- Neil Peart

              by JRandomPoster on Fri Jan 09, 2009 at 10:03:41 AM PST

              [ Parent ]

          •  In the original sense of the term (0+ / 0-)

            hackers weren't "white hats" or "black hats", because hackers never spent their time breaking into computer systems.

            (Well, hardly ever.)

            Hacking back then was about writing software, particularly software that would then be used to write more software. Hackers wrote text editors, compilers, operating systems, and the like.

            Be the change that you wish to see in the White House.

            by Nowhere Man on Fri Jan 09, 2009 at 08:08:12 PM PST

            [ Parent ]

    •  I still distinguish (5+ / 0-)

      There are a lot of hackers out there, who just do things to see if they can.  A lot of them are "white hats", working to secure systems by exposing and then fixing security holes.

      The "black hats" - crackers, phreakers, phishers, and spammers - are just plain criminals.  Things like these SSH brute force scripts serve only the people who deploy them, to the detriment of the people whose systems are used.

      For the sake of good hackers, remember that the term 'hacker' wasn't even originally applied to computer users; hacking was an MIT term for the stunts they pulled (like turning the dome of one of the campus buildings into an overgrown R2D2...).

      Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves. - William Pitt

      by Phoenix Rising on Thu Jan 08, 2009 at 10:23:16 AM PST

      [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site