Stupid Hacker Tricks - The Folly of Youth

N_burnsy points out an article in Computerworld which "profiles several youthful hackers, some still serving prison time, some free, who have been caught indulging in some fairly serious cybercrime, and looks at their crimes and the lessons they have (or have not yet) learned. Starting with Farid 'Diab10' Essebar, currently a guest of the Moroccan prison system, who wrote and distributed the Mytob, Rbot, and Zotob botnet Trojans. There's Ivan Maksakov, Alexander Petrov, and Denis Stepanov, all guests of the Russian penal system, sentenced to eight years at hard labor for creating a botnet to engage in DDoS (distributed denial-of-service) attacks to blackmail online gambling sites based in the UK, threatening to take the sites down during major sporting events. Then there's Shawn Nematbakhsh who was a little too eager to prove a point about the electronic balloting system that the University of California employed to hold student council elections, by writing a script that cast 800 votes for a fictitious candidate named American Ninja." Not everyone on the list is exactly youthful, and the range of offenses shows how lumpy this area is both to the law and in public perception.

Link without 5 pages of ads...

http://www.computerworld.com.au/index.php/id;193960399;fp;16;fpid;1;pf;1 [computerworld.com.au]

Student elections?

University student imprisoned for interfering in University council elections as a way to expose how bad the voting system is?

There is no justice in the world. That kid should have been given a fucking medal.

Re:Student elections?

OK, I have now RTFA'd. He still should have been given a medal rather than a conviction.

Re:Student elections?

Mod parent up. He really didn't do much that was malicious, hell he even made up a fake candidate so that it would sway the election for a real candidate. All the guy did was prove that the system they payed so much money for was crap, but we can't have that now can we? It would displease our corporate overlords.

Re:

No - mod both you and OP down for posting without reading the article. He wasn't imprisoned. He had to pick up trash and pay costs. The system worked just about right.

Re:Student elections?

Yes, we should make those who point out the gaping holes in our society (which could very easily be used against us, and possibly already have) PAY!!! Humiliate them by the side of the road for the outlandish gall of trying to expose the truth, when it might inconvenience one of his upper-caste betters.

Re:Student elections?

You aren't looking at the big picture. Imagine what calamity would have ensued if American Ninja had been elected to Student Council. Slaughter at Homecoming. Beheadings at Pep Rallies. Eviscerations at the Winter Ball.

Re:Student elections?

But it would have been totally sweet.

Re:Student elections?

we should make those who point out the gaping holes in our society

Except that he explicitly says he was doing no such thing in TFA:

"I really wasn't making any point at all," Nematbakhsh admits, debunking news reports to the contrary. "It was a senior prank, a silly thing."

If he had really been interested in fixing the flaw, he could have brought it to the administration's attention in a much better way that would have avoided him having to do community service, and not screwed up the election.

Your point is still valid, though. When I was an undergrad, a friend of mine discovered that the primary key to the LDAP student/faculty directory was the same number that was encoded on our ID cards, the result being that we could create fake ID cards for anyone in the directory (and thus gain their building privileges, have access to the accounts linked to the card, etc.). He went to the administration with the information, and they reissued cards to the entire student body. Then, they proceeded to start a judicial investigation against him. Thankfully, nothing ever came of it, but it does show the tendency of institutions to punish those who are actually trying to help them.

Re:Student elections?

Except that he admitted he wasn't really making a point, even though if he had the point would be a good one. And if he had been making a point, the punishment would be reasonable.

The point of civil disobedience is not to avoid being caught. It is to be caught in a way that proves the system is corrupt. Punishment is critical to the effectiveness of civil disobedience as a strategy to change the world.

It's also critical for holding back the tide of unthinking self-righteousness in the world. If good intentions were an absolute defense, there would be no end to the crimes people would commit with complete assurance they are on the side of right.

Giving this guy a slap on the wrist is the right thing to do; it serves the purpose of having the rule without doing more damage than breaking the rule did. The rules are there for the guidance of the wise and the protection of fools. The wise might choose to accept punishment in service to a higher cause; the foolish shouldn't be punished more than is necessary to set them on the right track.

Re:Student elections?

All the guy did was prove that the system they payed so much money for was crap, but we can't have that now can we? It would displease our corporate overlords.

Yes, he was such a noble crusader....

"I really wasn't making any point at all," Nematbakhsh admits, debunking news reports to the contrary. "It was a senior prank, a silly thing."

That's why whitehats are becoming rare

If even harmless hacks are illegal and may land you in jail, only serious criminals will take the risk (for serious potential money gains).
I think that is why there are less reports about benevolent hackers pointing out security flaws these days, but lots of reports about botnets for spamming and DDOS activities.

Re:Student elections?

Student election?
Blade/face bijection
Halt candidate/follicle
Ninja insurrection
Burma Shave

Typo in TFA

OK, if you're happy and carefree it no longer means you're gay unless you're homosexual, and hackers are now criminals who break into computers. Even the tech press is calling cyberglars* "hackers". Even slashdot, who should have striven to maintain the word that used to be a badge of honor back when nerds were being rediculed, uses "hacker" like the ignorant lusers do.

So what's the new word for someone who writes quick and dirty code that actualy runs, or changes a transistor radio into a guitar fuzzbox?

BTW, if you wrote TFA shame on you! the proper word is "script kiddie", cyberglar, cyber burglar, "computer criminal". Not "hacker" for God's sake. Just because Joe Sixpack thinks a "hacker" is a criminal and RAM is a brand of truck doesn't mean we should share in their ignorance.

"I used to be a gay hacker, now I'm only a happy nerd" :(

-mcgrew

*Yes, I just coined that word. So sue me.

Re:Typo in TFA

Even the tech press is calling cyberglars* "hackers". Even slashdot, who should have striven to maintain the word that used to be a badge of honor back when nerds were being rediculed, uses "hacker" like the ignorant lusers do.

In other words, pretty much everyone save a few die-hards refers to "crackers" as "hackers" now. That's how languages evolve; trying to go back to the original meaning of the word would be as pointless and futile as Hormel's attempt to disassociate the word Spam from unsollicited emails. Or, taking your example, as futile as trying to get "gay" to mean happy again.

Re:Typo in TFA

That was the point. Like it or not, people who used to be "gay" in a non-homosexual sense are no longer able to use that word that way. "Dick" was a common name when Batman and Robin came out in the 40s (and Dick Tracy), now nobody would call their child "Dick". Language changes whether we want it to or not.

"Hacker" has become something that benevolent hackers can no longer call themselves, no matter how we feel about it.

"catch me if you can"

that tom hanks/ leonardo decaprio movie about frank abagnale serves up the most useful point about guys like these:

1. convict them and put them in prison
2. take them out and convert their sentence into useful work for the federal government. if they f**k up, back in the hole they go

when some guy finds a chink in a voting system and exploits it, yes, he's done wrong, but he's also done society a service, no matter what his intentions were. this doesn't necessarily need to be rewarded, but it does need to be recognized as useful work in pursuit of a useful goal for society. these individuals, however morally and ethically flawed, still have use to society

what they need is supervision, like frank abegnale, and skills that previously went to petty vandalism and self-indulgence at the expense of society can instead be converted into useful work for society. these individual must be supervised, since their ability to form ethical and moral decisions has obviously been shown to be severely compromised, but you will note that frank abegnale today is currently very wealthy and quite the free man, and all of his current wealth accumulated through honest work. rehab is not only possible, but it is also profitable, for the individual who needs an ethical and moral correction, and society at large

Re:

3. You've taken a job away from an honest man and given it to a crook.
4. The other half million blokes in prison still get to rot.

Perhaps it might make more sense to attack the problems in the prison system at a lower level?

Re:

3 - Perhaps. But you've also taken a job away from someone who may or may not be good enough and given it to someone who definitely is good enough. Two sides to every coin (and since I highly doubt the non-criminal would be getting the same kind of supervi

Wrong vote

Shame on you Shawn Nematbakhsh, all respectable Slashdot-reading hackers know the fictitious candidate is always CowboyNeal.

Too much "CSI."

You know the fourth or fifth minute of any CSI episode, just before the Who song and the opening titles, wherein the cops are looking over the corpse of the week and one of them smirks and says something completely snarky and graveyard-humor-y about the whole situation to their appreciative chortling colleagues?

This whole article is like that.

Pure genius

From TFA:

Authorities were able to clearly identify Essebar as the author of the worm; not only had he signed it with the words "by Diabl0" buried in the source code, but he'd written the worm using Microsoft's Visual Studio, which embeds information about the computer on which the code is written into the compiled program -- in this case, the directory path "C:\Documents and Settings\Farid." D'oh!

D'oh indeed!!

American Ninja?

"[...]a fictitious candidate named American Ninja."

Take that! you ninja lover. American Pirate shall prevail over your fake 800 votes.

P.S. (on /. quote): "When you meet a master swordsman, show him your sword. When you meet a man who is not a poet, do not show him your poem. -- Rinzai, ninth century Zen master"

I wonder what would that Rinzai guy show to a sexual predator.

OK, who here over 40 never did anything illegal?

If you are over 45 and you never attempted to gain unauthorized access before you were 20, you either

* were not skilled enough to avoid being caught and you knew it
* had VERY good morals
* didn't have an opportunity

Before the mid-80s "casual" hacking was just as likely to get you a job as it was punishment. By the late '80s and '90s there were much better ways to prove you were good and too many people were misusing other's computer for purposes other than "because they could" or "because it was cool" or to save a few bucks on long distance phone calls.

Re:Bah Hackers

"Cracker" is the distinction made only within the tech community. To the general populous, "hacker" is firmly entrenched and carries the same meaning.

If you really want to change that perception, plan to run full page ads in every major newspaper (because the people who misuse the term are less likely, imo, to get their news online) and launch a multi-million dollar TV campaign in every major market for a few years. Even then, you'll still be vexed by people who will use the old term, but having run the campaign, you'll be able to elevate your level of righteous indignation.

Then you might be able to start a new affinity group: Mankind for the Ethical Treatment of Hackers (METH).