💾 Archived View for aphrack.org › issues › phrack64 › 4.gmi captured on 2021-12-03 at 14:04:38. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
_ _
_/B\_ _/W\_
(* *) Phrack #64 file 4 (* *)
| - | | - |
| | A brief history of the Underground scene | |
| | | |
| | By The Circle of Lost Hackers | |
| | | |
| | Duvel@phrack.org | |
(____________________________________________________)
--[ Contents
1. Introduction
2. The security paradox
3. Past and present Underground scene
3.1. A lack of culture and respect for ancient hackers
3.2. A brief history of Phrack
3.3. The current zombie scene
4. Are security experts better than hackers?
4.1. The beautiful world of corporate security
4.2. The in-depth knowledge of security conferences
5. Phrack and the axis of counter attacks
5.1. Old idea, good idea
5.2. Improving your hacking skills
5.3. The Underground yellow pages
5.4. The axis of knowledge
5.4.1. New Technologies
5.4.2. Hidden and private networks
5.4.3. Information warfare
5.4.4. Spying System
6. Conclusion
--[ 1. Introduction
"It's been a long long time,
I kept this message for you, Underground
But it seems I was never on time
Still I wanna get through to you, Underground..."
I am sure most of you know and love this song (Stir it Up). After all,
who doesn't like a Bob Marley song? The lyrics of this song fit very well
with my feeling : I was never on time but now I'm ready to deliver you
the message.
So what is this article about? I could write another technical article
about an eleet technique to bypass a buffer overflow protection, how to
inject my magical module in the kernel, how to reverse like an eleet or
even how to make a shellcode for a not-so-famous OS. But I won't. There
are some other people who can do it much better than I could.
But it is the reason not to write a technical article. The purpose of
this article is to launch an SOS. An SOS to the scene, to everyone, to all
the hackers in the world. To make all the next releases of Phrack better
than ever before. And for this I don't need a technical article. I need
what I would call Spirit.
Do you know what I mean by the word spirit?
--[ 2. The security paradox.
There is something strange, really strange. I always compare the
security world with the drug world. Take the drugs world, on the one side
you have all the "bad" guys: cartels, dealers, retailers, users... On
the other side, you have all the "good" guys: cops, DEA, pharmaceutical
groups creating medicines against drugs, president of the USA asking for
more budget to counter drugs... The main speech of all these good guys
is : "we have to eradicate drugs!". Well, why not. Most of us agree.
But if there is no more drugs in the world, I guess that a big part
of the world economy would fall. Small dealers wouldn't have the money to
buy food, pharmaceutical groups would loose a big part of their business,
DEA and similar agencies wouldn't have any reason to exist. All the
drugs centers could be closed, banks would loose money coming from the
drugs market. If you take all thoses things into consideration, do
you think that governments would want to eradicate drugs? Asking the
question is probably answering it.
Now lets move on to the security world.
On the one side you have a lot of companies, conferences,
open source security developers, computer crime units... On the
other side you have hackers, script kiddies, phreackers.... Should
I explain this again or can I directly ask the question? Do you really
think that security companies want to eradicate hackers?
To show you how these two worlds are similar, lets look at another
example. Sometimes, you hear about the cops arrested a dealer, maybe a
big dealer. Or even an entire cartel. "Yeah, look ! We have arrested a
big dealer ! We are going to eradicate all the drugs in the world!!!". And
sometimes, you see a news like "CCU arrests Mafiaboy, one of the best
hacker in the world". Computer crime units and DEA need publicity - they
arrest someone and say that this guy is a terrorist. That's the best way
to ask for more money. But they will rarely arrest one of the best hackers
in the world. Two reasons. First, they don't have the intention (and if
they would, it's probably to hire him rather than arrest him). Secondly,
most of the Computer Crime Units don't have the knowledge required.
This is really a shame, nobody is honest. Our governments claim that
they want to eradicate hackers and drugs, but they know if there were
no more hackers or drugs a big part of the world economy could fall. It's
again exactly the same thing with wars. All our presidents claim that we
need peace in the world, again most of us agree. But if there are no more
wars, companies like Lockheed Martin, Raytheon, Halliburton, EADS, SAIC...
will loose a huge part of their markets and so banks wouldn't have
the money generated by the wars.
The paradox relies in the perpetual assumption that threat is
generated from abuses where in fact it might comes from inproper
technological design or money driven technological improvement where the
last element shadows the first. And when someone that is dedicated enough
digs it, we have a snowball effect, thus every fish in the pound at one
time or an other become a part of it.
And as you can see, this paradox is not exclusive to the security
industry/underground or even the computer world, it could be considered
as the gold idol paradox but we do not want to get there.
In conclusion, the security world need a reason to justify its
business. This reason is the presence of hackers or a threat (whatever
hacker means), the presence of an hackers scene and in more general terms
the presence of the Underground.
We don't need them to exist, we exist because we like learning,
learning what we are not supposed to learn. But they give us another good
reason to exist. So if we are "forced" to exist, we should exist in
the good way. We should be well organized with a spirit that reflect our
philosophy. Unfortunately, this spirit which used to characterized us is
long gone...
--[ 3. Past and Present Underground scene
The "scene", this is a beautiful word. I am currently in a country
very far away from all of your countries, but it is still an
industrialized country. After spending some months in this country, I found
some old-school hackers. When I asked them how the scene was in their
country, they always answered the same thing: "like everywhere, dying". It's
a shame, really a shame. The security world is getting larger and larger and
the Underground scene is dying.
I am not an old school hacker. I don't have the pretension to claim
it I would rather say that I have some old-school tricks or maybe that my
mind is old-school oriented, but that's all. I started to enjoy the
hacking life more or less 10 years ago. And the scene was already dying.
When I started hacking, like a lot of people, I have read all the past
issues of Phrack. And I really enjoyed the experience. Nowadays,
I'm pretty sure that new hackers don't read old Phrack articles anymore.
Because they are lazy, because they can find information elsewhere,
because they think old Phracks are outdated... But reading old Phracks is
not only to acquire knowledge, it's also to acquire the hacking spirit.
----[ 3.1 A lack of culture and respect for ancient hackers
How many new hackers know the hackers history? A simple example is
Securityfocus. I'm sure a lot of you consult its vulnerabilities
database or some mailing list. Maybe some of you know Kevin Poulsen who
worked for Securityfocus for some years and now for Wired. But how many of
you know his history? How many knew that at the beginning of the 80's he
was arrested for the first time for breaking into ARPANET? And that he
was arrested a lot more times after that as well. Probably not a lot
(what's ARPANET after all...).
It's exactly the same kind of story with the most famous hacker in
the world: Kevin Mitnick. This guy really was amazing and I have a
total respect for what he did. I don't want to argue about his present
activity, it's his choice and we have to respect it. But nowadays,
when new hackers talk about Kevin Mitnick, one of the first things I
hear is : "Kevin is lame. Look, we have defaced his website, we are much
better than him". This is completely stupid. They have probably found a
stupid web bug to deface his website and they probably found the way to
exploit the vulnerability in a book like Hacking Web Exposed. And after
reading this book and defacing Kevin's website, they claim that Kevin
is lame and that they are the best hackers in the world... Where are we
going? If these hackers could do a third of what Kevin did, they would
be considered heroes in the Underground community.
Another part of the hacking culture is what some people name "The
Great Hackers War" or simply "Hackers War". It happened 15 years ago
between probably the two most famous (best?) hackers group which had
ever existed: The Legion of Doom and Master of Deception. Despite that
this chapter of the hacking history is amazing (google it), what I
wonder is how many hackers from the new generation know that famous
hackers like Erik Bloodaxe or The Mentor were part of these groups.
Probably not a lot. These groups were mainly composed of skilled and
talented hackers/phreackers. And they were our predecessor. You can still
find their profiles in past issues of Phrack. It's still a nice read.
Let's go for another example. Who knows Craig Neidorf? Nobody? Maybe
Knight Lightning sounds more familiar for you... He was the first editor
in chief of Phrack with Taran King, Taran King who called him his
"right hand man". With Taran King and him, we had a lot of good articles,
spirit oriented. So spirit oriented that one article almost sent him
to jail for disclosing a confidential document from Bell South.
Fortunately, he didn't go in jail thanks to the Electronic Frontier
Foundation who preached him. Craig wrote for the first time in Phrack
issue 1 and for the last time in Phrack issue 40. He is simply the best
contributor that Phrack has ever had, more than 100 contributions. Not
interesting? This is part of the hacking culture.
More recently, in the 90's, an excellent "magazine" (it was more a
collection of articles) called F.U.C.K. (Fucked Up College Kids) was
made by a hacker named Jericho... Maybe some new hackers know Jericho for
his work on Attrition.org (that's not sure...), but have you already taken
time to check Attrition website and consult all the good work that Jericho
and friends do? Did you know that Jericho wrote excellent Phrack World
News under the name Disorder 10 years ago (and trust me his news were
great) ? Stop thinking that Attrition.org is only an old dead mirror of
web site defacements, it's much more and it's spirit oriented.
Go ask Stephen Hawking if knowing the scientific story is not
important to understand the scientific way/spirit... Do you think that
Stephen doesn't know the story of Aristotle, Galileo, Newton or Einstein ?
To help wannabe hackers, I suggest that they read "The Complete
History of Hacking" or "A History of Computer Hacking" which are very
interesting for a first dive in the hacking history and that can easily be
found with your favorite search engine.
Another good reading is the interview of Erik Bloodaxe in 1994
(http://www.eff.org/Net_culture/Hackers/bloodaxe-goggans_94.interview)
where Erik said something really interesting about Phrack:
"I, being so ridiculously nostalgic and sentimental, didn't want to see
it (phrack) just stop, even though a lot of people always complain about
the content and say, "Oh, Phrack is lame and this issue didn't have enough
info, or Phrack was great this month, but it really sucked last month."
You know, that type of thing. Even though some people didn't always
agree with it and some people had different viewpoints on it, I really
thought someone needed to continue it and so I kind of volunteered for
it."
It's still true...
----[ 3.2 A brief history of Phrack
Let's go for a short hacking history course and let's take a look at
old Phracks where people talked about the scene and what hacking is.
Phrack 41, article 1:
---------------------
"The type of public service that I think hackers provide is not showing
security holes to whomever has denied their existence, but to merely
embarrass the hell out of those so-called computer security experts
and other purveyors of snake oil."
This is true, completely true. This is closely related to what I said
before. If there are no hackers, there are no security experts. They
need us. And we need them. (We are family)
Phrack 48, article 2:
---------------------
At the end of this article, there is the last editorial of Erik
Bloodaxe. This editorial is excellent, everyone should read it. I will
just reproduce some parts here:
"... The hacking subculture has become a mockery of its past self.
People might argue that the community has "evolved" or "grown" somehow,
but that is utter crap. The community has degenerated. It has become a
media-fueled farce. The act of intellectual discovery that hacking once
represented has now been replaced by one of greed, self-aggrandization
and misplaced post-adolescent angst... If I were to judge the health of
the community by the turnout of this conference, my prognosis would be
"terminally ill."..."
And this was in 1996. If we ask to Erik Bloodaxe now what he thinks
about the current scene, I'm pretty sure he would say something
like: "irretrievable" or "the hacking scene has reached a point of no
return".
"...There were hundreds of different types of systems, hundreds
of different networks, and everyone was starting from ground zero.
There were no public means of access; there were no books in stores or
library shelves espousing arcane command syntaxes; there were no classes
available to the layperson. ..."
Have you ever heard of a "hackademy"? Nowadays, if you want to be a
hacker it's really easy. Just go to a hacker school and they will teach
you some of the more eleet tricks in the world. That's the new hacker way.
"Hacking is not about crime. You don't need to be a criminal to be
a hacker. Hanging out with hackers doesn't make you a hacker any more
than hanging out in a hospital makes you a doctor. Wearing the t-shirt
doesn't increase your intelligence or social standing. Being cool doesn't
mean treating everyone like shit, or pretending that you know more than
everyone around you."
So what is hacking? My point of view is that hacking is a philosophy,
a philosophy of life that you can apply not only to computers but to
a lot of things. Hacking is learning, learning computers, networks,
cryptology, telephone systems, spying system and agencies, radio, what
our governments hide... Actually all non-conventional subjects or what
could also be called a third eye view of the context.
"There are a bunch of us who have reached the conclusion that the "scene"
is not worth supporting; that the cons are not worth attending; that the
new influx of would-be hackers is not worth mentoring. Maybe a lot of us
have finally grown up."
Here's my answer to Erik 10 years later: "No Eric, you hadn't finally
grown up, you were right." Erik already sent an SOS 10 years ago and
nobody heard it.
Phrack 50, article 1:
---------------------
"It seems, in recent months, the mass media has finally caught onto
what we have known all along, computer security _IS_ in fact important.
Barely a week goes by that a new vulnerability of some sort doesn't pop up
on CNN. But the one thing people still don't seem to fathom is that _WE_
are the ones that care about security the most... We aren't the ones that
the corporations and governments should worry about... We are not
the enemy."
No, we are not the enemy. But a lot of people claim that we are and
some people even sell books with titles like "Know your enemy". It's
probably one of the best ways to be hated by a lot of hackers. Don't be
surprised if there are some groups like PHC appearing after that.
Phrack 55, article 1:
---------------------
Here I will show you the arrogance of the not-so-far past editor,
answering some comments:
"...Yeah, yeah, Phrack is still active you may say. Well let me tell
you something. Phrack is not what it used to be. The people who make
Phrack are not Knight Lightning and Taran King, from those old BBS
days. They are people like you and me, not very different, that took
on themselves a job that it is obvious that is too big for them. Too
big? hell, HUGE. Phrack is not what it used to be anymore. Just try
reading, let's say, Phrack 24, and Phrack 54..."
And the editor replied (maybe Route):
"bjx of "PURSUiT" trying to justify his `old-school` ezine. bjx wrote
a riveting piece on "Installing Slackware" article. Fear and respect
the lower case "i"".
This is a perfect example of how the Underground scene has grown up in
the last few years. We can interpret editor's answer like "I'm writing
some eleet articles and not you, so I don't have to take into
consideration your point of view". But it was a really pertinent remark.
Phrack 56, article 1:
------------------------------
Here is another excellent example to show you the arrogance of the
Underground scene. Again, it's an answer to a comment from someone:
"...IMHO it hasn't improved. Sure, some technical aspects of the
magazine have improved, but it's mostly a dry technical journal these
days. The personality that used to characterize Phrack is pretty much
non-existant, and the editorial style has shifted towards one of `I know
more about buffer overflows than you` arrogance. Take a look at the Phrack
Loopback responses during the first 10 years to the recent ones. A much
higher percentage of responses are along the lines of `you're an idiot,
we at Phrack Staff are much smarter than you.`..."
And the reply:
" - Trepidity <delirium4u@theoffspring.net> apparently still bitter at
not being chosen as Mrs. Phrack 2000."
IMHO, Trepidity's remark was probably the best remark for a long long
time.
Let's stop this little history course. I have showed you that I'm
not alone in my reflection and that there is something wrong with the
current disfunctional scene. Some people already thought this 10 years ago
and I know that a lot of people are currently thinking exactly the same
thing. The scene is dying and its spirit is flying away.
I'm not Erik Bloodaxe, I'm not Voyager or even Taran King ... I'm
just me. But I would like to do something like 15 years ago, when the
word hacking was still used in the noble sense. When the spirit was still
there. We all need to react together or the beast will eat whats left
of the spirit.
----[ 3.3 The current zombie scene
"A dead scene whose body has been re-animated but whose the spirit
is lacking".
I'm not really aware of every 'groups' in the world. Some people are
much more connected than me. And to be honest, I knew the scene better 5
years ago than I do now. But I will try to give you a snapshot of what
the current scene is. Forgive me in advance for the groups that I will
forget, it's really difficult to have an accurate snapshot. The best way
to have a snapshot of the current scene is probably to use an algorithm
like HITS which allow to detect a web community. But unfortunately I don't
have time to implement it.
So the current scene for me is like a pyramid and it's organized
like secret societies. I would like to split hackers groups in 3
categories. In order to not give stupid names to these groups I will call
them layer 1 group, layer 2 group and layer 3 group. In the layer 1, 5
years ago, you had some really "famous" groups which were, I think,
composed of talented people. I will split this layer into two categories:
front-end groups and back-end groups. Some of the groups I called
front-end are: TESO, THC, w00w00, Phenoelit or Hert. Back-end groups
include ADM, Synergy, ElectronicSouls or Devhell. And you also have PHC
that you can include in both categories (you know guys you have your
entry in Wikipedia!). And at the top of that (but mainly at the top of
PHC) you had obscure/eleet groups like AB.
In the layer 2, I would like to include a lot of groups of less
scale but I think which are trying to do good stuff. Generally, these
groups have no communication with layer 1 groups. These groups are: Toxyn,
Blackhat.be, Netric, Felinemenace, S0ftpj (nice mag), Nettwerked
(congratulation for the skulls image guys!), Moloch, PacketWars,
Eleventh Alliance, Progenic, HackCanada, Blacksecurity, Blackclowns or
Aestetix. You can still split these groups into two categories, front-end
and back-end. Back-end are Toxyn or Blackat.be, others probably front-end.
Beside these groups, you have a lot of wannabe groups that I'd like to
include in layer 3, composed of new generation of hackers. Some of these
groups are probably good and I'm sure that some have the good hacking
spirit, but generally these groups are composed of hackers who learned
hacking in a school or by reading hackers magazine that they find in
library. When you see a hacker arrested in a media, he generally comes
from one of these unknown groups. 20 years ago, cops arrested hackers
like Kevin Mitnick (The Condor), Nahshon Even-Chaim (Phoenix, The Realm),
Mark Abene (Phiber Optik, Legion of Doom) or John Lee (Corrupt, Master
of Deception), now they arrest Mafia Boy for a DDOS...
There are also some (dead) old school groups like cDc, Lopht or
rhino9, independent skilled guys like Michal Zalewski or Silvio Cesare,
research groups like Lsd-pl and Darklab and obscure people like GOBBLES,
N3td3v or Fluffy Bunny :-) And of course, I don't forget people who are
not affiliated to any groups.
You can also find some central resources for hackers or phreackers
like Packetstorm or Phreak.org, and magazine oriented resources like
Pull the Plug or Uninformed.
In this wonderful world, you can find some self proclaimed eleet
mailing list like ODD.
We can represent all these groups in a pyramid. Of course, this
pyramid is not perfect. So don't blame me if you think that your groups
is not in the good category, it's just a try.
The Underground Pyramid
_
/ \
/ \
/ \
/ \
/ \ <-- More eleet hackers in
/ \ / \ the world. Are you in?
/ -(o)- \
/ / \ \
/ \
/ \
/_____________________\
/ \ <-- skilled hackers
/ AB, Fluffy Bunny, ... \ hacking mainly
/___________________________\ for fun
/ | | | \
/ PHC | TESO | ADM | cDc \ <-- Generally
/ EL8 | THC | Synergy | Lopht \ excellent skills
/ GOBBLES| WOOWOO| Devhell | rhino9 \ some groups have
/ ... | ... | ... | .... \ the good spirit
/_______________________________________\
/ | \
/ Blackhat.be | HackCanada \ <-- good skills,
/ Toxyn | Felinemenace \ some are
/ ... | Netric \ very
/ | ... \ original
/___________________________________________________\
/ \
/ WANABEE GROUPS \ <-- newbies
/_________________________________________________________\
/ \ <-- info
/ Resources: 2600,Phrack, PacketStorm, Phreak.org, Uniformed, \ for
/ PTP, ... \ all
/_________________________________________________________________\
All of these people make up the current scene. It's a big mixture
between white/gray/black hats, where some people are white hat in the day
and black hat at night (and vice-versa). Sometimes there are communication
between them, sometimes not. I also have to say that it's generally the
people from layer 1 groups who give talks to security conferences around
the world...
It's really a shame that PHC is probably the best ambassador of the
hacking spirit. Their initiative was great and really interesting.
Moreover they are quite funny. But IMHO, they are probably a little too
arrogant to be considered like an old spirit group.
Actually, the bad thing is that all these people are more or less
separate and everyone is fighting everyone else. You can even find some
hackers hacking other hackers! Where is the scene going? Even if you are
technically very good, do you have to say to everyone that you are
the best one and naming others as lamerz? The new hacker generation
will never understand the hacking spirit with this mentality.
Moreover the majority of hackers are completely disinterested by
alternate interesting subjects addressed for example in 2600 magazine or
on Cryptome website. And this is really a shame because these two media
are publishing some really good information. Most hackers are only
interested by pure hacking techniques like backdooring, network
exploitation, client vulnerabilities... But for me hacking is closely
related to other subjects like those addressed on Cryptome website. For
example the majority of hackers don't know what SIPRnet is. There is only
one reference in Phrack, but there are several articles about SIPRnet in
2600 magazine or on Cryptome website. When I want to discuss about all
these interesting subjects it's really difficult to find someone in the
scene. And to be honest the only people that I can find are people away
from the scene. The majority of hackers composing the groups I mentioned
above are not interested by these subjects (as far as I know). Old school
hackers in 80's or 90's were more interested by alternated subjects than
the new generation.
In conclusion, firstly we have to get back the old school hacking
spirit and afterwards explain to the new generation of hackers what it is.
It's the only way to survive. The scene is dying but I won't say
that we can't do anything. We can do something. We must do something.
It's our responsibility.
--[ 4 Are security experts better than hackers?
STOP!!!!! I do not want to say that security experts are better than
hackers. I don't think they are, but to be honest it's not really
important. It's nonsense to ask who is better. The best guy, independent
from the techniques he used, is always the most ingenious. But there
are two points that I would like to develop.
----[ 4.1 The beautiful world of corporate security
I met a really old school hacker some months ago, he told me something
very pertinent and I think he was right. He told me that the technology
has really changed these last years but that the old school tricks still
work. Simply because the people working for security companies don't
really care about security. They care more about finding a new eleet
technique to attack or defend a system and presenting it to a security
conference than to use it in practice.
So Underground, we have a problem. A major problem. 15 years ago,
there were a lot of people working for the security industry. At times,
there also were a lot of people working in what I will call the
Underground scene. No-one can estimate the percentage in each camp, but
I would say it was something like 60% working in security and 40% working
in the Underground scene. It was still a good distribution. Nowadays, I'm
not sure it's still true. A better estimation should be 80/20 orientated
to security or maybe even worse... There are increasingly more and more
people working for the security world than for the Underground scene. Look
at all these "eleet" security companies like ISS, Core Security, Immunity,
IDefense, eEye, @stake, NGSSoftware, Checkpoint (!), Counterpane, Sabre
Security, Net-Square, Determina, SourceFire...I will stop here otherwise
Google will make some publicity for these companies. All these security
companies have hired and still hire some hackers, even if they will say
that they don't. Sometimes, they don't even know they hired a hacker. How
many past Phrack writers work for these companies? My guess is a lot,
really a lot. After all, you can't stop a hacker if you have never been
one...
You'll tell me: "that's normal, everyone has to eat". Yeah, that's
true. Everyone has to eat. I'm not talking about that. What I don't like
(even if we do need these good and bad guys) is all the stuff around the
security world: conferences, (false) alerts, magazines, mailing lists,
pseudo security companies, pseudo security websites, pseudo security
books...
Can you tell me why there is so much security related stuff and not
so much Underground related stuff?
--[ 4.2 The in-depth knowledge of security conferences
If you have a look at all the topics addressed in a security
conference, it's amazing. Take the most famous conferences: *Blackhat,