Slashdot Log In
The Myth of the Superhacker
Posted by
CowboyNeal
on Wed Apr 11, 2007 03:49 PM
from the scourge-of-the-internet dept.
from the scourge-of-the-internet dept.
mlimber writes "University of Colorado Law School professor Paul Ohm, a specialist in computer crime law, criminal procedure, intellectual property, and information privacy, writes about the excessive fretting over the Superhacker (or Superuser, as Ohm calls him), who steals identities, software, and media and sows chaos with viruses etc., and how the fear of these powerful users inordinately shapes laws and policy related to privacy and digital rights."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
interesting, amd maybe not surprising (Score:5, Insightful)
I live in a world where daily I hear people describing their monitor as their computer, and their computer as their "hard drive", or some other such mangled interpretation. That's actually very okay, it's not their job to have to know, and good for them for having some mental map.
What I find not surprising about the article's conclusions is even in the computer professional world I've met many "whizzes" not much more intelligent about what computers are and how they work. Hence, much of the alarm over internet terrorism and superhackers potential to bring the IT world to its collective knees spawns from barely literate computer "geeks". At the same time I find it a little disturbing. And it seems the higher up the ladder one goes, the less competence there seems to be regarding making intelligent conclusions about the IT landscape (hmmmm, Peter Principle?).
Re:interesting, amd maybe not surprising (Score:5, Funny)
Parent
You punctuated incorrectly... (Score:5, Funny)
Girls on the plus side you can walk all over them and get anything you want.
What you meant to write:
Girls (on the plus side), you can walk all over them and get anything you want.
Parent
Re:You punctuated incorrectly... (Score:5, Funny)
Parent
Re:interesting, amd maybe not surprising (Score:5, Funny)
"Girls on the plus side you can walk all over them and get anything you want."
You may want to define where that comma should go, or else you're gonna have some angry plus-size girls after you!
Parent
Re: (Score:3, Interesting)
Re:interesting, amd maybe not surprising (Score:5, Funny)
People want something to aspire to, and the idea of the existence of a superhacker controlling every aspect of the internet at a moment's notice is pretty good at taking up brain space.
Parent
Re:interesting, amd maybe not surprising (Score:5, Funny)
Not only is he making a good point, but he did so with a single 1 paragraph-long sentence.
Parent
Re:interesting, amd maybe not surprising (Score:4, Funny)
Parent
From 'The Usual Suspects' (Score:3, Insightful)
Re:From 'The Usual Suspects' (Score:5, Informative)
Parent
Quote? YOU FAIL IT! (Score:4, Informative)
Parent
Re: (Score:3, Interesting)
Screw that. Give me Satan any day.
Re:From 'The Usual Suspects' (Score:5, Insightful)
He was dealing with a fundamental theological problem: how does a good God create a universe in which evil exists. He came up with a novel solution: it's all good, but evil chooses lesser goods over greater goods -- an concept closely akin to the modern economic concept of opportunity cost. You cannot have the capacity to choose without the capacity to choose the wrong thing; if you were forced to choose the right thing all the time then you wouldn't have free will. Therefore free will implies the existence of evil, which is not a thing in itself, but a deficit.
Dante sharpens Augustine's point in the Divine Comedy: evil is really the result of stubborn, even aggressive stupidity. As outlandish as the punishments that are meted out in the Inferno, they're all pretty much people getting unlimited quantities of whatever it was they pursued in life.
The Devil, then, doesn't need to exist; at least if he does he has no power of his own. There is no need to believe in the nearly all-powerful devil of neo-Christian folklore. The power of Satan, both biblically and by orthodox theology, lies in the stupidity and stubbornness of humanity. A near omnipotent Devil is not really any better off than a powerless but tricky one because (a) near omnipotence is not very useful when the other side is omnipotent and (b) it is impossible to spread evil (in the Augustinian sense) by the exercise of raw power.
Which brings us to the Superhacker. There is no need for a hacker to obtain near omnipotent technical skills. In any case people with extremely high levels of technical skills have better uses for them. Instead, a hacker exploits the stubbornness and stupidity of people who own computers. They won't pay competent people to manage them. They'll choose software for superficial convenience. In Augustinian terms they choose the lesser goods of short term cost savings and convenience over the greater good of security.
Parent
omnipotent technical skills (Score:3, Insightful)
Who says that just beacuse you are at that level you are somehow magically honest? Often times its the thrill of cheating the system that appeals to the upper % of the food chain in the first place.
Re: (Score:3, Insightful)
I'm not saying there aren't technically very strong black hats, but they hardly represent the peak of technical skills.
Can you imagine a Ron Rivest wasting his time devising rootkits? Or Bruce Shneier? That's journeyman work. Yes, it takes some skill, and patience, but is hardly a suitable field for e
Re: (Score:3, Funny)
I can understand doubts about the existence of a god, but this? You mean that after witnessing Windows and the RIAA you still don't believe in the existence of Evil Design? They are way too evil to have happened by chance.
This article is stupid (Score:5, Funny)
There are no super hackers out there.
Disregard that, I suck cocks.
Re: (Score:3, Funny)
If you're a guy, you should have waited for an Apple/Mac related story. Then, you would have been on topic.
Mods - that was "Flamebait", the parent was "Troll", "Overated" or maybe "Offtopic".
On the other hand, if he/she said "Macs are great!" and then said "I suck cocks.", then that would be on topic, although, redundant.
Re:This article is stupid (Score:4, Informative)
Parent
Re: (Score:3)
Second, I've done "mods on crack" comments before and had the desired results, so yes, it does work.
Last but not least, if you think M2 is anyhting more than a bandaid on a bulletwound, you're insane.
Thanks for playing!
Hmmm (Score:5, Funny)
Re: (Score:3, Insightful)
Re:Hmmm (Score:5, Insightful)
I don't know about being "hacked." Is that something you do with a machete? Or a scalpel? Or, maybe, a golf club?
I was talking about "hackers."
You must be one of those people who thinks the word "hacker" refers to someone who uses a computer to commit crimes. Actually, we have a word for that already: it's "criminal." Hacker already has a meaning, and that isn't it.
I don't presume to be an authority, and I would certainly never call myself one, but I know people who exhibit the hacker spirit in their work and their everyday lives, and they tend to be leaders in the companies they work for. Hackers are resourceful; they find innovative ways of using tools that get the job done more efficiently in less time. They see possibilities where others see obstacles. Remember that kid who took his toys apart (and probably yours, too) just to see how they worked, and even managed to put them back together - give or take a few pieces? He was a hacker. Or the one who found a new and novel use for something you thought was boring and mundane? Hacker.
Do you have a friend who can fix your car, or a leaky faucet, or get your printer working again? Even though he's never worked with your particular printer or car before? He's a hacker.
We used to celebrate free spirits who had an insatiable curiosity about how things worked, and who shared their knowledge freely with anyone who wanted to learn, and couldn't sleep until they found the solution to a problem they were stuck on. But the media has latched on to a buzz word, so hard working, honest, productive people get slandered by ignorant morons who want to feel superior, at least until they can't get their printer to work. Then they ask that guy in the office who is "good with computers" to help them, and they never see the irony in this.
Someone else in this thread pointed out that most people think their monitor is the "computer," and that box with the wires coming out of it is the "hard drive." These people don't know any better and don't care, until something stops working. Then they ask someone for help, and that person who solves their problem for them is usually someone who possesses at least some of the qualities associated with "hackers."
Yet these same people will hear about an intrusion, or a virus or a worm and say "those damn hackers" because, once again, they don't know any better, and they don't care. As long as their printer works.
And here you are, surfing the Internet and posting on Slashdot, oblivious to the efforts of all the "hackers" who wrote code, developed protocols and designed the computer hardware that would make it all possible.
Parent
Hollywood Strikes Again (Score:5, Insightful)
That said, a lot of exploits don't come from being a super techie hacker with the skillz to defeat any system through sheer programming ingenuity or brute force. A lot of them still come from social engineering... convincing foolish people to give you enough information that a middle manager could hack them using nothing more than a standard login.
Where the "superhacker" mainly exists is in the movies. The guy who can pull out his laptop at any given location and hack into any given location on demand and with no preparation or research into the target. He's the human equivalent of the gun that doesn't run out of bullets and hair that dries into a perfectly coiffed do within seconds of getting out of the water.
- Greg
Re:Hollywood Strikes Again (Score:4, Informative)
Interestingly, they did make a movie about him, Takedown. While no Oscar winner, I felt is was one of the better hacking movies Hollywood has put out. As opposed to movies like "Hackers" or even "Swordfish", this movie's dialogue actually made sense to those who know the definitions of all of the acronyms (cause it's a true story), and the computers showed on-screen, actually looked like something people actually use.
But getting back on topic, it's the social engineers that we should all be afraid of. These guys may not be really hackers (at least not in traditional sense), they're really just con artists. You don't need a computer to get pwned.
Parent
The difference between a hacker and a superhacker (Score:4, Insightful)
You too can be a Superhacker! (Score:4, Informative)
http://www.amazon.com/Secrets-Super-Hacker-Knight
Who's afraid of a little social engineering?
I know the Superhacker exists... (Score:5, Funny)
Re:I know the Superhacker exists... (Score:4, Funny)
Wow! You really are a super-hacker. I could never even get a stack to accept that, let alone have those packets route.
Parent
Re:I know the Superhacker exists... (Score:5, Informative)
E.g. on my machine:
ping 66.102.7.104
is equivalent to:
ping 1113982824
Similarly, 24.75.345.200 is actually this address:
PING 407656904 (24.76.89.200): 56 data bytes
Parent
Who is talking about a super hacker? (Score:3, Insightful)
Sure it's an old example, but it is also a great example. Maybe he didn't go releasing chaos in every category, but for a public example this is a pretty good one. Look at the stuff he got into and ahold of. These articles burned my eyes so I couldn't read the all three parts or even all of part one. Sorry, but one other thing -- where exactly is all this concern and discussion about a super-hacker? How can it be overblown, overhyped, etc? I don't hear anyone talking about a super-hacker.
Ohm's Law (Score:4, Funny)
I wonder if he teaches Ohm's Law?
Re:Ohm's Law (Score:4, Funny)
Parent
Re: (Score:3, Funny)
Whois Paul Ohm? (Score:5, Funny)
I can't imagine where people get all these ideas about "super hackers" and the like. Now where are my VR goggles? I need to hack a Cray using this pay phone down the street...
Re:Whois Paul Ohm? (Score:5, Interesting)
At one company I was asked to "break into" a Windows machine. The previous user had left and only he had the password. He was not on speaking terms with the company. Luckily, the user had given me the password to another system. Even luckier, he used the same password. So after about fifteen minutes of making myself look busy, I tried his password and got in. No one asked how I was able to get in; everyone assumed that I was able to hack the system.
At another company there was a dusty router that sat in a rack. One day it stopped working. They'd tried power cycling it (their usual troubleshooting step), but that didn't work. So I went in, unplugged it for a few minutes, plugged it back in. I was looking through the manual for a troubleshooting guide when someone comes over and congratulates me.
Richard Feynman had a similar story but it involved safe cracking. And most people know the joke about the plumber, the punchline being, "but knowing where to hit costs $300." Forget the latter, it's not relevant...
Anyhoo, the point I'm making is that it's easy for people to mistake dumb fool luck and bullshit for real expertise. I know this firsthand.
Parent
control (Score:5, Insightful)
Hackers, terrorists, drug dealers, child molesters, communists:
Useful tools for the control of a fearful and gullible populace.
Odds you will be a victim of (Score:5, Insightful)
Ever had your credit rating trashed by someone who lifted your financial info through a crack of a third party system? Many thousands of people have.
Odds 1:10,000
worse is you bank with retarded banks.
terrorists
Are you alive? Many thousands of people are not. Another couple dozen just died in Algiers today, killed by the local franchise operators of the same group that has attacked embassies, a US naval vessel, the WTC, the Pentagon, bars, nightclubs, hundreds of markets and restaurants, etc. This month, they are on a new campaign to ambush and kill anyone who reports to work in rural Afghanistan to teach young women how to read. It's super duper, though, that you don't find the people in London, or Madrid, or Detroit that preach the warm-up act for the same crap to be any concern at all. That's comforting!
odds 1:1,000,000
worse if your brown and live in a poor nation
drug dealers
You cite drug dealers, and then complain about "control?" These bastards deliberately seek to make behavioral slaves of generations of their neighbors, and think nothing of the resulting waste of lives and all of the accompanying damage. You'd rather that Wal-Mart sold heroin? Have you ever met someone with their teeth rotting right out of their meth-cooked skull? What is it that encourages you to gloss over the people that seek to make money peddling meth to school kids, or pretend they don't exist?
1:2
But the majority are pot pushers who sell to your kids. Your kids use it like you used to use beer... or pot/lsd. The potential harm for most people is minor.
child molesters
Ever met someone who had their youth stolen by someone like that? Let's find you a few thousand of them, and then you can address them, explaining how the people who did it to them don't exist, or aren't really a problem, and should be allowed to keep doing it. I'm sure you'll be persuasive.
1:100,000
Although these sick bastards affect everyone around their victims, they aren't that numerous. Many people still lead okay lives afterwards with some issues about security and sex. It's not a very homogenous group either.
communists
Well, you've got me there. They only killed a few hundred million people in the last century, so that's not so bad.
0:1
Communism is an idea. What killed most of the people your refering to is mob justice, fear, racial hatred, green, xenophobia, and poor management. Communism is general is a useless idea that was never fully implemented by anyone, could never be so, and used liek religion to clobber people.
Parent
Re:control (Score:4, Insightful)
I notice there's one word you keep using, here. Thousands. Last I looked, the population of the planet was around 6 billion and climbing. My mathematics is hit or miss, but it sounds to me like you're saying that laws that affect at least a major chunk of those 6 billion people should be made on the basis of actions that kill less than 1% of them.
To me, that isn't terribly logical. On that basis, to me it'd make sense that if a War on Terror was going to be valid, surely a War on Ebola would be even moreso, since I'm guessing the number of people it's killed would be higher.
Parent
At root, the article attempts to pervert English (Score:3, Informative)
The last thing we wnat is this term misused in a law somewhere or even in popular usuage. Some poor sod getting dragged off by security after being heard uttering what will be the suspiciuous words "I'll have to get superuser access" is some stupidity we can live without.
Other than that there are good points - he's talking about the mythical "cyberterrorist" (also a bad word due to distinct lack of angry robots with bombs - but at least it doesn't already have a meaning).
This article is dumb (Score:5, Insightful)
Even when we take it up a notch and look at actually dangerous attackers, like people using widespread vulnerabilities to deploy custom rootkits, we're not talking about superhackers.
Then there's a class of people who, if they are inclined to be lawbreaking and antisocial, are superdangerous. Take a look at someone like Michal Zalewski [coredump.cx], who's been pumping out advisories, proof of concepts, and gems like a hobby OS for...well, a long time. Can you imagine him in the wild as a black hat? Ugh, scary.
Then there's real superhackers. One former coworker built a railgun for fun, cracked DES (key recovery in 24 hours on a p3, given certain fairly common preconditions), cracked the remote management on a major commercial firewall (because we lost the password, and it was easier than going offsite for password recovery), then founded a security company, got rich when they got bought out, and moved onto toy around with things for nasa and the DoD. So, if someone like somehow finds their way onto - and stays on - a black hat path, well, the mere fact that securing something is harder than cracking it means he will always find a way in, if he wants to badly enough. I think they'd have to be unbalanced to stay black hat, since that sort of talent will either get them illegitimately rich enough that they'll avoid danger, or get them legitimately rich enough that they'll give up black hat activities to go legit.
But identity theft? Please. Peanuts. They're more likely to use large scale espionage to find some valuable nugget; perhaps upcoming M&A activites. Then they sell this info to a third party with plausible deniability and a lot of cash - say, George Soros (not that I'm saying he'd buy, but for example) - and let them profit massively off it and take a kickback. Just one significant score like that should be worth 7-8 figures. That's just one example out of a hundred scenarios where a true uberhacker could illegitimately profit. And they'd almost certainly only do it once, if money was their motivation.
A Million Monkeys. (Score:3, Insightful)
the more difficult a security system is to use, the greater the chance it won't be used.
employees will write client information and passwords on paper, allow others to use use their accounts, or hit 'yes' to every prompt.
So very wrong (Score:5, Insightful)
I've seen new Windows XP computers plugged into a network get pwned before you could finish going through the Windows setup wizard. The reason stuff like this doesn't result in "loss of personal records" is because IT professionals and security experts put in a s**tload of effort to make sure it doesn't. But IT professionals and security experts can't prevent a PHB from putting sensitive info onto a laptop and then taking it home only to have it stolen.Yeah, well, I work in a hospital. Every time there's a large-scale problem with the network or enterprise system, it seriously affects the staff's ability to perform their duties. That translates to worse care for the patients. So, do you want your hospital to be running smoothly or not? Do we have to wait until someone IS killed to take security seriously?Buddy, I'll take Bruce Shneier's assessment of security over yours any day.
Re:Ah, just call me... (Score:5, Interesting)
It doesn't take much reasoning to show why this must be the case.
So why is Ohm resistant?
Parent
Re:Ah, just call me... (Score:5, Funny)
Get out of here! Now!
Parent
Re:Ah, just call me... (Score:4, Funny)
+1 pun
Well done friend, well done.
Parent
Re:Myth? (Score:5, Funny)
FYI Andrew Matecha of Vancouver BC, there is enough information on your band's website and MySpace page to identify you and figure out which school you committed your crimes against. Not that I care, but you might want to think about that before you brag about illegal activity you've participated in.
Parent
Re: (Score:3, Insightful)
Re:Nothing speical about hackers (Score:5, Insightful)
I don't think that inside theft of database dumps containing hundreds of thousands credit card accounts and SSNs is done by stupid or drug-addled people. I don't think that people who systematically probe for SQL insertion vulnerabilities on transaction systems in hopes of defacing something with some politicized rant are stupid or drug-addled. I don't think that people plant stealth FTP servers to serve up kiddie pr0n from unknowing desktops are being stupid or drug-addled. You're confusing malice with stupidity, and poisoned ethics with drug dependence.
Parent