Stupid Hacker Tricks - The Folly of Youth

N_burnsy points out an article in Computerworld which "profiles several youthful hackers, some still serving prison time, some free, who have been caught indulging in some fairly serious cybercrime, and looks at their crimes and the lessons they have (or have not yet) learned. Starting with Farid 'Diab10' Essebar, currently a guest of the Moroccan prison system, who wrote and distributed the Mytob, Rbot, and Zotob botnet Trojans. There's Ivan Maksakov, Alexander Petrov, and Denis Stepanov, all guests of the Russian penal system, sentenced to eight years at hard labor for creating a botnet to engage in DDoS (distributed denial-of-service) attacks to blackmail online gambling sites based in the UK, threatening to take the sites down during major sporting events. Then there's Shawn Nematbakhsh who was a little too eager to prove a point about the electronic balloting system that the University of California employed to hold student council elections, by writing a script that cast 800 votes for a fictitious candidate named American Ninja." Not everyone on the list is exactly youthful, and the range of offenses shows how lumpy this area is both to the law and in public perception.

Link without 5 pages of ads...

[muellerr1 (868578)]

http://www.computerworld.com.au/index.php/id;193960399;fp;16;fpid;1;pf;1 [computerworld.com.au]

Re:

[CogDissident (951207)]

Thanks, It was really annoying looking at that tiny sliver of a text-column, and the corresponding 5 pages that they made a relatively small article.

Re:

[Jarik_Tentsu (1065748)]

I feel kinda inadequete. Back when I was a kid, I read some outdated article on DoSing, so decided to open 20 command prompt windows pinging a server over my dial up connection.

It didn't go down. =(

~Jarik

Re:

[TheLink (130905)]

On the bright side, you didn't go "down" either right?

Student elections?

[Nursie (632944)]

University student imprisoned for interfering in University council elections as a way to expose how bad the voting system is?

There is no justice in the world. That kid should have been given a fucking medal.

Re:Student elections?

[Nursie (632944)]

OK, I have now RTFA'd. He still should have been given a medal rather than a conviction.

Re:Student elections?

[chuckymonkey (1059244)]

Mod parent up. He really didn't do much that was malicious, hell he even made up a fake candidate so that it would sway the election for a real candidate. All the guy did was prove that the system they payed so much money for was crap, but we can't have that now can we? It would displease our corporate overlords.

Re:

[Intron (870560)]

No - mod both you and OP down for posting without reading the article. He wasn't imprisoned. He had to pick up trash and pay costs. The system worked just about right.

Re:Student elections?

[neomunk (913773)]

Yes, we should make those who point out the gaping holes in our society (which could very easily be used against us, and possibly already have) PAY!!! Humiliate them by the side of the road for the outlandish gall of trying to expose the truth, when it might inconvenience one of his upper-caste betters.

Re:Student elections?

[Intron (870560)]

You aren't looking at the big picture. Imagine what calamity would have ensued if American Ninja had been elected to Student Council. Slaughter at Homecoming. Beheadings at Pep Rallies. Eviscerations at the Winter Ball.

Re:Student elections?

[unsigned integer (721338)]

But it would have been totally sweet.

Re:Student elections?

[langelgjm (860756)]

we should make those who point out the gaping holes in our society

Except that he explicitly says he was doing no such thing in TFA:

"I really wasn't making any point at all," Nematbakhsh admits, debunking news reports to the contrary. "It was a senior prank, a silly thing."

If he had really been interested in fixing the flaw, he could have brought it to the administration's attention in a much better way that would have avoided him having to do community service, and not screwed up the election.

Your point is still valid, though. When I was an undergrad, a friend of mine discovered that the primary key to the LDAP student/faculty directory was the same number that was encoded on our ID cards, the result being that we could create fake ID cards for anyone in the directory (and thus gain their building privileges, have access to the accounts linked to the card, etc.). He went to the administration with the information, and they reissued cards to the entire student body. Then, they proceeded to start a judicial investigation against him. Thankfully, nothing ever came of it, but it does show the tendency of institutions to punish those who are actually trying to help them.

Re:Student elections?

[hey! (33014)]

Except that he admitted he wasn't really making a point, even though if he had the point would be a good one. And if he had been making a point, the punishment would be reasonable.

The point of civil disobedience is not to avoid being caught. It is to be caught in a way that proves the system is corrupt. Punishment is critical to the effectiveness of civil disobedience as a strategy to change the world.

It's also critical for holding back the tide of unthinking self-righteousness in the world. If good intentions were an absolute defense, there would be no end to the crimes people would commit with complete assurance they are on the side of right.

Giving this guy a slap on the wrist is the right thing to do; it serves the purpose of having the rule without doing more damage than breaking the rule did. The rules are there for the guidance of the wise and the protection of fools. The wise might choose to accept punishment in service to a higher cause; the foolish shouldn't be punished more than is necessary to set them on the right track.

Ok so

[Sycraft-fu (314770)]

If I come and expose the gaping security holes in your house, you'll be ok with that? If you come home and find me milling around in your living room or rifling through your things, you won't get mad right? After all, I was just exposing the security holes, I didn't do any harm!

If you aren't ok with me going through your things without permission, I'd have to ask why you are ok with with breaking in to someone else's stuff. You can't have it both ways, if your stuff isn't fair game, why is their stuff fair

Re:

[junglee_iitk (651040)]

Thanks for saying that.
Just shows that even moderators have not RTFA :)

Re:

[cpricejones (950353)]

But really, who would not want a student council rep who could flip out and kill someone.

Re:Student elections?

[Rary (566291)]

All the guy did was prove that the system they payed so much money for was crap, but we can't have that now can we? It would displease our corporate overlords.

Yes, he was such a noble crusader....

"I really wasn't making any point at all," Nematbakhsh admits, debunking news reports to the contrary. "It was a senior prank, a silly thing."

That's why whitehats are becoming rare

[Lonewolf666 (259450)]

If even harmless hacks are illegal and may land you in jail, only serious criminals will take the risk (for serious potential money gains).
I think that is why there are less reports about benevolent hackers pointing out security flaws these days, but lots of reports about botnets for spamming and DDOS activities.

Re:Student elections?

[smitty_one_each (243267)]

Student election?
Blade/face bijection
Halt candidate/follicle
Ninja insurrection
Burma Shave

Another one in the taxalotl tank

[dbIII (701233)]

Instead the taxpayer loses by having to pay to keep him and he loses even more by being imprisoned - the only winner is somebody whose conviciotn numbers have gone up by one more by locking up a prankster because that is easier than dealing with actual dangers to society. People should realise that their taxes would be lower or spent on something other than petty revenge without mismanagement such as this. Unfortunately hard line law and order gets votes while valuing the rule of law and thus not being in

Did not read the fine article

[dbIII (701233)]

The above was a bit too late at night and a rant plus a bad pun looking for a slightly different story.

One thing that really has hit me in the past however is the inappropriate almost military level responses to computer crime in several cases. For example, a few years back the DVD Jon raid involved an international paramilitary team to catch a single unarmed teenager.

Re:

[MrJSuppish (1235718)]

If I recall correctly, the kid used those 800 votes by using other people's names, and by doing so, removed their ability to vote in the election. So, perhaps not the best way to go about it.

Typo in TFA

[sm62704 (957197)]

OK, if you're happy and carefree it no longer means you're gay unless you're homosexual, and hackers are now criminals who break into computers. Even the tech press is calling cyberglars* "hackers". Even slashdot, who should have striven to maintain the word that used to be a badge of honor back when nerds were being rediculed, uses "hacker" like the ignorant lusers do.

So what's the new word for someone who writes quick and dirty code that actualy runs, or changes a transistor radio into a guitar fuzzbox?

BTW, if you wrote TFA shame on you! the proper word is "script kiddie", cyberglar, cyber burglar, "computer criminal". Not "hacker" for God's sake. Just because Joe Sixpack thinks a "hacker" is a criminal and RAM is a brand of truck doesn't mean we should share in their ignorance.

"I used to be a gay hacker, now I'm only a happy nerd" :(

-mcgrew

*Yes, I just coined that word. So sue me.

Re:

[somersault (912633)]

So what's the new word for someone who writes quick and dirty code that actualy runs, or changes a transistor radio into a guitar fuzzbox?

I vote we call them all "The One". Let's see them bastardise that!

Re:

[neomunk (913773)]

This should be fun...

Let's do a quick headcount. "Who here is The One." *counts about 50,000 slashdotters before giving up*
That's alot of The One(s). Next we need to somehow semantically link "The One" with 'There can be only One" and munch popcorn as the epic geek-fight (with interesting gadgets!) ensues.

Good idea somersault, have some of my imaginary popcorn for your efforts.

Re:

[somersault (912633)]

I hope it's butterscotch.. if only my imagination were as powerful as yours I could make it so!

There can only be one one - though one squared is still one, and 1 ^ 50,000 is still one, so I think we'll be okay, somehow. The geek fight is a good idea though. My weapon of choice is an Amiga A1000, maye with a 21" CRT for backup (only really good for when you're above your opponent of course)

Re:

[contrapunctus (907549)]

Your really insightful comments are overshadowed by your "gay" comments.
I have mod points and I didn't know what to do. I thought I'd give advice instead of modding:
Stick to the point.

I know I'm off-topic.

Re:Typo in TFA

[PRMan (959735)]

That was the point. Like it or not, people who used to be "gay" in a non-homosexual sense are no longer able to use that word that way. "Dick" was a common name when Batman and Robin came out in the 40s (and Dick Tracy), now nobody would call their child "Dick". Language changes whether we want it to or not.

"Hacker" has become something that benevolent hackers can no longer call themselves, no matter how we feel about it.

Re:Typo in TFA

[JaredOfEuropa (526365)]

Even the tech press is calling cyberglars* "hackers". Even slashdot, who should have striven to maintain the word that used to be a badge of honor back when nerds were being rediculed, uses "hacker" like the ignorant lusers do.

In other words, pretty much everyone save a few die-hards refers to "crackers" as "hackers" now. That's how languages evolve; trying to go back to the original meaning of the word would be as pointless and futile as Hormel's attempt to disassociate the word Spam from unsollicited emails. Or, taking your example, as futile as trying to get "gay" to mean happy again.

Re:

[Vellmont (569020)]

BTW, if you wrote TFA shame on you! the proper word is "script kiddie", cyberglar, cyber burglar, "computer criminal". Not "hacker" for God's sake.

I never understand this strange attachment people have to word definitions. Give it up, the word also means "computer criminal".

Just because Joe Sixpack thinks a "hacker" is a criminal and RAM is a brand of truck doesn't mean we should share in their ignorance.

This is the thing I also don't understand. "Joe Sixpack" is the guy defining the language, not people

Re:

[Lemmy Caution (8378)]

"Joe Sixpack" is not entirely the guy defining the language, not as long as people in universities and members of the upper-middle and upper classes get to exercise preferential treatment toward people who speak like them. If Joe Sixpack wants little Joey Sixpack to get into a good college and improve his status, he'll make sure that Joey lurns to tawk purty.

There are many institutional gatekeepers in this world, and we use the mastery of standard English as a basis for making distinctions about who gets to

Re:

[neomunk (913773)]

You're at the wrong site. Judging by your sig, I'll recommend powerline blog(not linked in an effort to keep my soul clean).

GP is absolutely correct in his rant, and if he's guilty of ANYTHING it's bringing up something WE ALREADY ALL (should) KNOW.

If you think the GP is incorrect in his assertion that the word 'hacker' has been used out-of-context by a source that should know better, then you've reached a new level of fail on slashdot.

Personally, I'm offended by the constant creep of middle managers and o

All I can say is

[CSMatt (1175471)]

Watch that ass in prison.

"catch me if you can"

[circletimessquare (444983)]

that tom hanks/ leonardo decaprio movie about frank abagnale serves up the most useful point about guys like these:

1. convict them and put them in prison
2. take them out and convert their sentence into useful work for the federal government. if they f**k up, back in the hole they go

when some guy finds a chink in a voting system and exploits it, yes, he's done wrong, but he's also done society a service, no matter what his intentions were. this doesn't necessarily need to be rewarded, but it does need to be recognized as useful work in pursuit of a useful goal for society. these individuals, however morally and ethically flawed, still have use to society

what they need is supervision, like frank abegnale, and skills that previously went to petty vandalism and self-indulgence at the expense of society can instead be converted into useful work for society. these individual must be supervised, since their ability to form ethical and moral decisions has obviously been shown to be severely compromised, but you will note that frank abegnale today is currently very wealthy and quite the free man, and all of his current wealth accumulated through honest work. rehab is not only possible, but it is also profitable, for the individual who needs an ethical and moral correction, and society at large

Re:

[argent (18001)]

3. You've taken a job away from an honest man and given it to a crook.
4. The other half million blokes in prison still get to rot.

Perhaps it might make more sense to attack the problems in the prison system at a lower level?

Re:

[Jarjarthejedi (996957)]

3 - Perhaps. But you've also taken a job away from someone who may or may not be good enough and given it to someone who definitely is good enough. Two sides to every coin (and since I highly doubt the non-criminal would be getting the same kind of supervision you could argue that the job is brand new, for the criminal, and therefore you're not taking it away from anyone.) You could also use the job as a form of community service, paying them less but allowing them to stay out of jail on good behavior, whic

Re:

[Torvaun (1040898)]

What honest man has that intimate of knowledge of how check fraud is done? There is no amount of studying that can make up for a complete lack of practice.

Re:

[Torvaun (1040898)]

I'm sorry, my post didn't include the word "should". Yes, lots of people should know what to look for to catch check fraud or counterfeit money. My question was who -does- know, and the answer is the criminals for whom getting it right wasn't the difference between passing and failing a test, it was the difference between freedom and prison.

you don't understand the issues

[circletimessquare (444983)]

"3. You've taken a job away from an honest man and given it to a crook."

a crook can't steal a job from an honest man if the job in question doesn't exist. the crooks in question here are doing jobs no one else is doing. otherwise, their exploit wouldn't exist

"4. The other half million blokes in prison still get to rot."

yes, which is exactly what they deserve. robbing banks and raping women isn't very new or very interesting. discovering a technological exploit no one else is doing IS interesting and useful

Wrong vote

[electricbern (1222632)]

Shame on you Shawn Nematbakhsh, all respectable Slashdot-reading hackers know the fictitious candidate is always CowboyNeal.

Too much "CSI."

[Rob T Firefly (844560)]

You know the fourth or fifth minute of any CSI episode, just before the Who song and the opening titles, wherein the cops are looking over the corpse of the week and one of them smirks and says something completely snarky and graveyard-humor-y about the whole situation to their appreciative chortling colleagues?

This whole article is like that.

Pure genius

[hansraj (458504)]

From TFA:

Authorities were able to clearly identify Essebar as the author of the worm; not only had he signed it with the words "by Diabl0" buried in the source code, but he'd written the worm using Microsoft's Visual Studio, which embeds information about the computer on which the code is written into the compiled program -- in this case, the directory path "C:\Documents and Settings\Farid." D'oh!

D'oh indeed!!

American Ninja?

[Thanshin (1188877)]

"[...]a fictitious candidate named American Ninja."

Take that! you ninja lover. American Pirate shall prevail over your fake 800 votes.

P.S. (on /. quote): "When you meet a master swordsman, show him your sword. When you meet a man who is not a poet, do not show him your poem. -- Rinzai, ninth century Zen master"

I wonder what would that Rinzai guy show to a sexual predator.

Don't Blame Me

[lewp (95638)]

I voted for American Ninja.

Morris link shows they are right

[PalmKiller (174161)]

Morris was around 23 when he created his worm, and while he wasn't a teen, that was still a pretty young age.

Re:

[TheLink (130905)]

Despite the Slashdot "summary" saying he is on the list, Robert Morris isn't even mentioned in the article.

OK, who here over 40 never did anything illegal?

[davidwr (791652)]

If you are over 45 and you never attempted to gain unauthorized access before you were 20, you either

* were not skilled enough to avoid being caught and you knew it
* had VERY good morals
* didn't have an opportunity

Before the mid-80s "casual" hacking was just as likely to get you a job as it was punishment. By the late '80s and '90s there were much better ways to prove you were good and too many people were misusing other's computer for purposes other than "because they could" or "because it was cool" or to save a few bucks on long distance phone calls.

Re:

[TheVelvetFlamebait (986083)]

No-one who saw it thought it was folly. ;)

Re:Bah Hackers

[HikingStick (878216)]

"Cracker" is the distinction made only within the tech community. To the general populous, "hacker" is firmly entrenched and carries the same meaning.

If you really want to change that perception, plan to run full page ads in every major newspaper (because the people who misuse the term are less likely, imo, to get their news online) and launch a multi-million dollar TV campaign in every major market for a few years. Even then, you'll still be vexed by people who will use the old term, but having run the campaign, you'll be able to elevate your level of righteous indignation.

Then you might be able to start a new affinity group: Mankind for the Ethical Treatment of Hackers (METH).

Re:

[neomunk (913773)]

I spent all my mod points before I got to this thread or you'd get an insightful. You've summed up the article beautifully.