BusinessWeek on Hacker Hunters 155
prostoalex writes "You keep hearing about FBI, Secret Service or other law enforcement authorities involved in pursuing international cybercrime gangs, but who are those people and how does the cyberlaw enforcement work? Business Week talks about hacker hunters and people they're after. A large portion of the article is dedicated to describing the global scope of such activities with Russia, Eastern Europe and China leading the ranks for criminal hideouts."
The "H" word (Score:5, Interesting)
Re:The "H" word (Score:5, Insightful)
*sigh* Could we just once please stop this endless discussion?
What does it matter what a hacker and a cracker is? As if a programmer gets more attention once the media start to call him a hacker and call the phishers crackers. Also: definitions can change, you know that?
Re:The "H" word (Score:2)
Definitions can change, and it is acceptable that they change depending upon certain circumstances. The problem with the misuse of the term "hacker" is that it imposes cultural violence.
Re:The "H" word (Score:3, Funny)
Yeah, I remember the last time my coworkers found out I was a hacker*, and executed me on the spot after an hour or two of being beaten with blunt instruments! Damn, that was kind of a shitty day.
* In both senses.
Re:The "H" word (Score:1)
That depends on what your definition of "definition" is. And what the meaning of the word "is" is.
Re:The "H" word (Score:3, Insightful)
You are the people with the motivation because you are the ones who will benefit from a more positive definition.
So quit pissing into the wind and just come up with a neologism for the positive aspects (old aspects) of the term hacker.
If you're a masochist then keep on trying to convince people who won't benefit one way or the other to change their behavi
Re:The "H" word (Score:3, Insightful)
That may be true. But it will never happen, because it is in the very nature of a hacker not to care what ignorant people think.
Re:The "H" word (Score:4, Insightful)
It's also in the very nature of a hacker to know *everything* and to be a pompous ass that nobody listens to, anyway.
Re:The "H" word (Score:2)
Seriously, go on fighting if you want, but you've already lost.
Re:The "H" word (Score:4, Insightful)
I can assure you there are many people who use "hacker" and "to hack" frequently in their everyday language, and if you suggested that they abandon the term simply because John Q. Public uses it differently, they'd laugh at you.
All language is context sensitive. Know your audience and you'll be understood. It's pointless to critize BusinessWeek, but it's similarly pointless to criticize people who use the term among themselves for the older meaning.
Re:The "H" word (Score:1)
-chris
Re:The "H" word (Score:3, Insightful)
Does it matter what the difference between an African-American and a nigger is? Or a terrorist and a freedom fighter? Or a republic and a democracy?
Yes. Yes, it does. In the hope for a better world, language is our greatest asset.
priorities (Score:2)
Could we please move on to things that matter a wee bit more?
Its too late for that (Score:2)
True, it may have been due to mis-information, but i doubt we can change that now.
Re:Its too late for that (Score:2)
Stop the shit (Score:5, Insightful)
Re:Stop the shit (Score:1)
Spam now or has ever referred to a kind of food?!?
The shifting definition (Score:1)
Everytime I hear someone say "That's gay!" it makes me cringe. How's that for brainwashing the young?
Re:The shifting definition (Score:1)
Re:The shifting definition (Score:2)
On a similar note, people commonly use "you're a faggot for having that" which means 'I'm jealous of you for having that' around here. Go figure.
Re:The "H" word (Score:3, Interesting)
It's like an other epithet. It needs to run its course - become hackneyed and then it can be reclaimed by the culture. Nigger, queer are fairly recent examples where the derogatory have been partially reclaimed. If you want an older example, try looking up the history of Quakers - a once derogatory term that the community uses to talk about itself 350 years later.
Bottom line: You are never going to get people to use the hacker/cracker differentiation. You almost have to be a hacker to even understand it.
Re:The "H" word (Score:2)
Given that the positive-meaning hacker is virtually unknown amongst the non-technical, you're always going to be outnumbered vastly on this.
Why not use a different word, which won't have the negative connotations, instead of trying to order back the tide?
Re:The "H" word (Score:1)
Yes, we can try. But we can't succeed.
I'm on your side, though. I remember writing a letter to my hometown newspaper 20 years ago asking them to please understand what a "hacker" really was. But it was hopeless then, and it's hopeless now.
So face it, this is a battle we cannot win. Save your energy for the ones where we have a chance.
Re:The Hacker is the problem (Score:2, Interesting)
A hacker is someone who loves hacking just for the thrill of it. AND Not for money. Haven't you heard about ParMaster, etc.?
Re:The Hacker is the problem (Score:1, Flamebait)
To take an extreme example of your argument -- the popular, if utterly bogus, "slippery slope" approach -- your argument would suggest that murder, if committed for thrills but not money, is simply dandy. Less severely, it would justify breaking into peoples' homes if nothing were stolen or physically
Re:The Hacker is the problem (Score:2)
Re:The Hacker is the problem (Score:2)
As for "do something else than it's purpose", that's very vague. Again, it depends on the consequences. It might be considered unethical, for instance, to release a program which let people easily unlock everybody's cars with their cell phon
Re:The Hacker is the problem (Score:1)
Re:The Hacker is the problem (Score:2)
A croporation abusing of it's monopoly surely deserves to be ripped-off; this is what reverse-engineering does, and as such, shall be entirely protected by law, simply as a message to potential abusive monopolists.
Re:The Hacker is the problem (Score:1)
Re:The Hacker is the problem (Score:2)
(hint: in my country, the Supreme Court has decided that sharing music online isn't theft).
Re:The Hacker is the problem (Score:1)
A hacker is an "explorer" and one who seeks to learn, or gather information.
A cracker is the same, but with malicious intent, and who often also hijack targeted systems by installing backdoors or trojans the first time they break into the system.
Hackers hacking into a system are harmless, beware of the cracker.
You described a cracker, NOT a hacker, I just felt I should make that clear.
Re:The Hacker is the problem (Score:3, Informative)
Re:The Hacker is the problem (Score:1)
The fact that your system is vulnerable to exploitation is neither the hacker's, nor the cracker's fault.
I believe the point the parent was trying to make is that you would probably prefer the "hacker" rather than the "cracker" in the system based on what they would supposedly do with said "compromised information."
Re:The Hacker is the problem (Score:3, Insightful)
From the victim's point of view, barring taking the system apart and comparing it with a known uncompromised version, it's damn near impossible to ensure that further damage wasn't done. Even if the machine isn't listening on any ports at all, for instance, it doesn't
Re:The Hacker is the problem (Score:1)
Re:The Hacker is the problem (Score:2)
For institutions in which maintaining customer faith in the security of their information is extremely critical, it might actually make sense to have IT people working with their software vendors and specifically looking for vulnerabilities before anybody else finds them. If your online banking system has a flaw, it's best if you or the vendor finds it before anybody else does in case that somebody else does something which sends your customers fleeing in droves and worrying about identity thef
Re:The Hacker is the problem (Score:2)
Re:The Hacker is the problem (Score:2)
Just because you can get in doesn't mean you should. Now if a Hacker did come to me saying there may be a possibility of a vulnerability and that, with my permission of course, they would like to do a security audit I may be more amenable. Especially if they are willing to tell me what vulne
Re:The "H" word (Score:2)
Hacker Hunter U (Score:5, Interesting)
Re:Hacker Hunter U (Score:1)
What about Brazil? (Score:2, Funny)
Hacker hunters are evil. (Score:2, Funny)
People for the Ethical Treatment of Hackers(PETH) is the hackers only hope. W0n'7 j00 h31p?
misquote from the story (Score:4, Funny)
Actually, I know the guy, and it wasn't the bust that did it.. he wasn't even aware of the encroaching officers.. he just failed AGAIN at getting a first post on slashy.
Pfft. They care so much. (Score:5, Informative)
Re:Pfft. They care so much. (Score:2)
Re:Pfft. They care so much. (Score:1, Flamebait)
The FBI needs more funding. They only have 5 billion dollars. That is not even 1 dollar for every person in the world. ;)
What would worry me more than the FBI tracking h
Re:Pfft. They care so much. (Score:2)
Because I don't live in your country.
Why do your troops occupy so much of the globe when no war is declared?
Why do you even need troops, if your lifestyle is so good, why would you ever need to use deadly force to convince others you're right?
If you don't read Lenin books, how can you know you don't agree with him?
Well those are really rhetorical questions, but here's an interesting question:
Do you, your troops, or your government care that half your population and most of
Re:Pfft. They care so much. (Score:5, Informative)
There's *no* point in an agent taking a case or even wasting his/her time returning your call (one of many every day) when he/she already knows that an Assistant United States Attorney (AUSA) won't take the case for prosecution. The threshold set by AUSAs can amazingly high for damages in most cases. Where I work, it is around $50,000 before they'll even talk to you. There's just too much already out there.
Criminal Investigations are all about prosecution. They all have too many cases as it is, all of which they hope to get prosecuted. There's no way an agent will waste their time on an unprosecutable intrusion.
Unprosecutable because:
1) damages don't meet the threshold.
2) the system was unpatched and "invited" the hacker in - I hate this the most.
3) the system was not bannered "..by clicking ok, you agree to give up your expectation of privacy"... - also a stupid reason, but the case law is there.
4) the hostile systems are difficult to obtain evidence from (read: overseas, unfrienldy).
5) the hostile is obviously a script kiddie (stupid warez, IRC, etc.). Experience shows that the effort put forth to go after these idiots is not worth the 30 days probation a juvenile gets in MOST cases - damage dependant.
Experience will tell you what kind of effort your phone call is worth to an investigator. After he delete's your message, there are probably 3 or 4 more waiting to make their own report.
The agency I work for forwards intrusion reports to us via e-mail. I ignore 90% of them. If I responded to them all (or even half), I'd NEVER have the time to go after the important ones. That's life.
Re:Pfft. They care so much. (Score:1)
I suppose that's one point of view I hadn't given much consideration towards. But the fact is, I'll make a call to report an intrusion. If I get a response at all it's usually just "Fax us details". No one ever responds to the fax.
Now I suppose they might not respond because they don't thin
Re:Pfft. They care so much. (Score:2)
Seems unlikely, since companies don't like admitting that they've been compromised (unless forced to do so -- there's a relevant California law regarding customer data, IIRC), but if they pooled information on this sort (e.g. attack methods, pwn3d machines that they were attacked through, any apparent targets, etc) they might be able to better judge when it's worth spending resources on pursuing some possib
Re:Pfft. They care so much. (Score:1, Interesting)
Unprosecutable because:
1) damages don't meet the threshold.
2) the system was unpatched and "invited" the hacker in - I hate this the most.
3) the system was not bannered "..by clicking ok, you agree to give up your expectation of privacy"... - also a stupid reason, but the case law is there.
4) the hostile systems are difficult to obtain evidence from (read: overseas, unfrienldy).
5) the hostile is obviously a script kiddie (stupid warez, IRC, etc.). Experien
Re:Pfft. They care so much. (Score:2, Informative)
I wish I could. That list is based on plain old experience. There's no way they'd ever admit to that. Although, as you can see from the other comments, it pretty obvious.
Those are not "documented" requirements. They are plain realities.
Re:Pfft. They care so much. (Score:2)
Re:Pfft. They care so much. (Score:1)
Re:Pfft. They care so much. (Score:5, Interesting)
Re:Pfft. They care so much. (Score:4, Interesting)
That's just it... The thresholds are high - not because those are the glamerous cases (the vast majority are sensitive enough NOT to make it to the press), but because they have the greatest impact on our society, and hence, the taxpayers. For example:
a) A Government contractor housing sensitive information is compromised. The cost to the taxpayer is not obvious, but it *is* there. And it's a greater cost than you might imagine. Compromised technology and data exfiltration -- funded by taxpayers like you.
b) your company's website is brutalized, and perhaps the customer database is somehow compromized. The cost in rebuiding the servers is (if it's really big) around $10,000 in man hours. Explain to me how a price will be put on the customer database. This will have to be done by the already overworked prosecuter in court (assuming it ever gets there). Prosecution and sentencing are based on damage to society, in most cases.
Which one do you think the FBI is most interested in (for the sake of the taxpayer)? In the case of the first, *all* taxpayers bear a burden. In the case of the second... not so much.
Understand this. Cybercrime investigators are overworked well beyond what you can imagine. A threshold *has* to be established. If you fall below that threshold, I'm sorry. Secure your systems.
The days of sending out the fire department to get little kitty out of the tree are over. This has nothing to do with "ignoring the little guy". It's economy of resources.
Re:Pfft. They care so much. (Score:2)
Im sure thats why the freedom loving arabs are attacking us, because we threaten their democracies hahahahhaha.
Re:Pfft. They care so much. (Score:1)
All this clearly is not acceptable. If there aren't enough officers to handle this, it is up to the authorities to secure better funding so they can handle what is clearly
Re:Pfft. They care so much. (Score:2, Insightful)
First, that's not in every jurisdiction. Just in some of the more overworked ones. The threshold is not just a total of what was stolen, it includes man hours (for recovery and [non LE] investigation), along with other resources.
Second, it's still a federal offence. Speeding is still speeding, even if you pass a cop doing 65 in a 55. But does he stop you?
Re:Pfft. They care so much. (Score:1)
They dont arrest them? (Score:1)
Ive got my tin foil hat on again too..
Re:Popup (Score:2)
Re:Popup (Score:1)
Hmm... I'm using Firefox, and I didn't get any popups. I know! You must've been hacked! Quick, report it to the Secret Service!
Are you using the Adblock plugin? If not, you should be. I'm showing 11 blocked scripts on that page. I'm not feeling ambitious enough to find out if any of them result in popups, but I wouldn't doubt it.
SCO mydoom (Score:5, Informative)
McBride however is remembered as calling the resulting DOS attacks "the darker side of the Linux community we've been fighting."
Re:SCO mydoom (Score:5, Funny)
Well then, this is an excellent opportunity for Mr. McBride to apologize to the Linux community for his inadvertant slander. I have no doubt that such a man who has shown a constant willigness to reach out to the press will take an immediate opportunity to correct his mistake.
(Holding breath)
Advertising (Re:SCO mydoom) (Score:4, Interesting)
1: Advertising. They had a bot net that they wanted to demonstrate the power of. "Behold the might of our bots! It takes down SCO and Microsoft! Now pay protection money or your online casino is out of business."
2: Social engineering against administrators. Linux-users are more likely to be administrators and have other network-related jobs. The crackers might think that attacking SCO and Microsoft would gain them symphaty from some of the administrators.
3: The crackers don't like Microsoft. The security updates are a hindrance to them.
4: The crackers don't like Linux/BSD. Microsoft's saving graces, in the cracker's eyes, is that they at least used to make insecure software, and they made a monoculture fertile to malware. By casting the blame on "linux fans", they might hurt the image of the FOSS community.
Wrong date (Score:1)
Interesting Article (Score:1)
This was a very interesting article, although long. It's good to know that law enforcement agencies are at least trying to do something to stop this crime, but as the article stated it is hard because of things like little available funding and difficulties inherent in dealing with foreign governments with lax cybercrime laws, like Russia, but still, they're trying.
I for one worry little about these government task forces spying on the rest of us. Sure, it might happen, but I would think that as long as we
"Hacker hunters," huh? (Score:3, Funny)
Re:"Hacker hunters," huh? (Score:1)
Reminds me of something else:
"The blast blasted blubber beyond all believable bounds"
Sounds like a show on Discovery Channel (Score:2)
Return of the "USSS" defacement (Score:2)
Archived site [archive.org]. It was even funnier when the Mission Impossible music played as the background sound.
Obviously hit by phasers set on *stupid* (Score:2, Insightful)
Just make it up. (Score:1)
Were they driving Volkswagen hatchback sport/racing pickup trucks? Was the house a four-story duplex ranch single-family apartment?
Re:Just make it up. (Score:1)
Re:Just make it up. (Score:1)
FBI hacker (Score:3, Interesting)
I always thought that somewhere in the FBI worked some geek that couldn't really accomplish anything, but for some reason, they couldn't just fire him. So when they realized that he's a computer geek, they gave him a computer and said, "Here, go after cyberhackers." What they didn't realize was that he'd actually take it seriously. So now there's a geek in some dark room at the FBI going after 1337 h4x0rz. And the FBI talks about it as if they have a department of 6,000 professional MSCE's tracking evil hackers out there.
Just More FED FUD (Score:1)
The article claims that shadowcrew is out-on-bond, and that the case is not even over yet. These guys (shadowcrew) will probably get an attorney who will explain that the Feds are nothing but a bunch of 'blow-hard-bastards', and that they should take the case all the way to court(s).
If this a case the Feds are 'proud' to give to BusinessWeek, I'd hate to see the ones they are *not* so proud to show us.
After all, the Feds don't even know where to look for these people.
I mean, they claim that alot of th
Proof Law Enforcement Has All the Tools It Needs (Score:3, Interesting)
Good for them. Now will lawmakers begin to realize that Law Enforcement for the most part already has all the tools they need to fight crime? There is no need to keep ramping up the powers they are granting to the cops every damn year that directly or indirectly erode personal liberty in this country?
I'm not holding my breath.
I read the article (Score:2)
Re:I read the article (Score:2)
Paul
Re:About time hackers get caught (Score:2, Interesting)
17 billion dollars spent annually on Texan Medical. Approximately 5 billion spent on hackers. Its just a way to get rid of ignorance. Being a hacker (No, not a cracker) I went first because bullies at school were mean. To get away from all of this I took on computers. Realiz
Re:About time hackers get caught (Score:1)
Not crackers. (Score:3, Interesting)
Anything but "crackers". "Crackers" just has no ring to it at all :-).
I almost added to the list:
Then I thought of a perfectly good reason to fight it. The script kiddeez and "Neo" wannabees hear the term "hacker" applied to black hat activity. T
Re:not hackers. (Score:1)
Re:not hackers. (Score:2)
Corn Bread!
Re:not crackers. (Score:1, Funny)
Re:SlashDot Port Scans Resulting From Parent Post (Score:1)
With Firewall Kazowie (plug plug) doing sound effects from the ZoneAlarm logs, it's pretty entertaining on the first post of the day with a new IP address.
Re:Please Explain further? (Score:2, Informative)
Firewall Kazowie reads ZoneAlarm logs and plays sounds effect wavs in real time depending which port was hit. On my box, I have a Star Trek themed sound effect on each port that Slashdot hits i
Re:Please Explain further? (Score:2, Informative)
If you don't like the port scanning or can't stand to wait to post, don't post to Slashdot.
As for 'Firewall Kazowie', [primus.ca] here is the blurb about it:
Re:Please Explain further? (Score:1)
Re:The obvious... (Score:1)
Mine is a world that begins with school... I'm smarter than most of the other kids, this crap they teach us bores me...
Bores you, or you're too stupid to learn. School isn't just about math and english, it's social skills.
Yes, I am a criminal. My crime is that of curiosity.
No, your crime is breaking the law and attacking people who you don't know for no other reason than you're bored.
News flash: being able to compile some script you got off IRC, using linux, or t
Re:The obvious... (Score:1)
Read it again and think of how a complete generation is becoming 'criminals' as we speak. Don't get caught up in the nonsense of the text.
Re:The obvious... (Score:3, Insightful)
As for the manifesto itself, it's absurd and incredibly egocentric. "Judging people by what they look like"? N