How accurate is SR's depiction of hackers?, I'm reading The Hacker Crackdown... |
How accurate is SR's depiction of hackers?, I'm reading The Hacker Crackdown... |
Oct 3 2006, 11:22 PM
Post
#1
|
|
Dragon Group: Members Posts: 4,589 Joined: 28-November 05 Member No.: 8,019 |
by Bruce Sterling. His vision of the hacker underground is a bunch of teenagers simply looking to make information free. They steal research and shit, but they have no idea how to capitalize it. They seem motivated more by curiosity than anything else. And most importantly, they're rare; he estimates there are about 100 truly 1337 hackers, and about 5,000 true hackers.
Anyone able to expand on this, maybe even speak from experience? |
|
|
Oct 3 2006, 11:35 PM
Post
#2
|
|
Manus Celer Dei Group: Dumpshocked Posts: 17,006 Joined: 30-December 02 From: Boston Member No.: 3,802 |
SR doesn't depict hackers at all, with the possible exception of the old Neo-As.
~J |
|
|
Oct 3 2006, 11:39 PM
Post
#3
|
|
Moving Target Group: Members Posts: 349 Joined: 16-January 05 Member No.: 6,984 |
Put quite simply, it doesn't. It never has and it never will.
Accurate hackers are not that interesting, especially since SR doesn't have accurate computers. |
|
|
Oct 3 2006, 11:47 PM
Post
#4
|
|
Runner Group: Members Posts: 2,526 Joined: 9-April 06 From: McGuire AFB, NJ Member No.: 8,445 |
SR Hackers are script kiddies on steroids. You cant do shit without a program, but if you have the right one at a high enough quality, you can take down government computers.
|
|
|
Oct 3 2006, 11:55 PM
Post
#5
|
|||
Great Dragon Group: Members Posts: 6,640 Joined: 6-June 04 Member No.: 6,383 |
Hysterical and sigged. |
||
|
|||
Oct 4 2006, 12:02 AM
Post
#6
|
|
panda! Group: Members Posts: 10,331 Joined: 8-March 02 From: north of central europe Member No.: 2,242 |
about as accurate as their depiction of firearms (if the 10001 threads about the topic is anything to go by)...
|
|
|
Oct 4 2006, 12:17 AM
Post
#7
|
|||||
Runner Group: Members Posts: 2,526 Joined: 9-April 06 From: McGuire AFB, NJ Member No.: 8,445 |
I'm honored. First time anyone had deemed anything that came from me worthy of sigging. :D |
||||
|
|||||
Oct 4 2006, 12:44 AM
Post
#8
|
|
Dragon Group: Members Posts: 4,589 Joined: 28-November 05 Member No.: 8,019 |
What are RL hackers like, then?
|
|
|
Oct 4 2006, 12:46 AM
Post
#9
|
|
Running Target Group: Members Posts: 1,213 Joined: 10-March 02 From: Back from the abyss. Member No.: 2,316 |
Just like any other person that is really into any other sub culture. Really wrapped up tight in their hobby and very passionate about it. Nothing special.
|
|
|
Oct 4 2006, 01:03 AM
Post
#10
|
|
Great Dragon Group: Members Posts: 6,748 Joined: 5-July 02 Member No.: 2,935 |
Well, the popular image of a "hacker" is a teens-to-twenty-something whiteboy breaking into bank computers, releasing viruses on e-mail, and committing identity theft.
Those are pretty few. For one thing, as Bruce Sterling points out in the book, the vast majority of computer criminals are crackers (yes, they tend to be Caucasian) who crack protection software to copy and meddle with programs and websites. If you're not a big corporation, you're probably not going to lose any money (and, indeed, you may save money by buying or downloading a pirated program - at your own risk). There are a range of amateur-to-semiprofessional criminals (no doubt the Administration calls them computer terrorists, gah) engaged in malicious activity, such as identity theft, credit card fraud, transferring funds from bank accounts, stealing and selling sensitive data, etc. Generally, these people need a certain level of skill above crackers to operate effectively (i.e. make cash and not get caught), and there is probably some crossover with other criminal activities, like breaking-and-entering. Then there are the darkside hackers, or compsecurity guys whose basic jobs are to keep people out of protected systems. Naturally, these are the same guys who have the skills to penetrate other system defenses (and indeed, some compsec guys and gals are hackers who decide to cash in and get a real job where they don't face prison if they fuck up). Pursuers of electronic music, cryptography, game design, mathematics, computer engineering, deep programming and similiar fields tend to have a lot of cross-over with the people who have the legitimate skill and know-how to be a hacker or a cracker, hence the reason those areas are sometimes regarded as the domain of hackers - it's a recognition of trends (skills + interests == higher probability of hackers present). By comparison, the hacker subculture is based off of movies and popculture representation of hackers, which is based off of fictional representations of hackers, which are (loosely) based off of real hackers - and of course the hackers and crackers join in, so there is always a minority of hackers and crackers in the hacker scene. |
|
|
Oct 4 2006, 03:10 AM
Post
#11
|
|
Ain Soph Aur Group: Dumpshocked Posts: 3,477 Joined: 26-February 02 From: Montreal, Canada Member No.: 600 |
I'm currently following a Software Security class as part of my Engineering degree. My current lab consists of having to hack into a comouter.
It's fucking HARD, tedious and boring. First you gotta find open ports. That's easy enough. But next you gotta find what version of what service is running on each port. Then you have to painstackingly (sp) research those services, of that exact version, and look for a exploit to get in. It's boring, boring research and analysing. Not to mention you have to cover your tracks or else you go to jail, Bleh, it's definatly no fun. |
|
|
Oct 4 2006, 03:12 AM
Post
#12
|
|
Dragon Group: Members Posts: 4,589 Joined: 28-November 05 Member No.: 8,019 |
But if you were a hacker, you'd already know that stuff. I guess you become a hacker only if you enjoy doing that research. How do you research an exploit, anyway? Do you just go on the internet, or do you download source code?
And how many schools involve hacking a computer? Is that a normal part of any computer security course? |
|
|
Oct 4 2006, 03:30 AM
Post
#13
|
|
Midnight Toker Group: Members Posts: 7,686 Joined: 4-July 04 From: Zombie Drop Bear Santa's Workshop Member No.: 6,456 |
Most cracking is actually done through social engineering. Call up the IT department and say "This is Steve in Accounting and I forgot my password." It works.
|
|
|
Oct 4 2006, 03:47 AM
Post
#14
|
|
Dragon Group: Members Posts: 4,589 Joined: 28-November 05 Member No.: 8,019 |
How often?
|
|
|
Oct 4 2006, 03:49 AM
Post
#15
|
|
Manus Celer Dei Group: Dumpshocked Posts: 17,006 Joined: 30-December 02 From: Boston Member No.: 3,802 |
Often enough.
~J |
|
|
Oct 4 2006, 03:50 AM
Post
#16
|
|
Dragon Group: Members Posts: 4,589 Joined: 28-November 05 Member No.: 8,019 |
Well, it works for my college; I still don't think it should work that well for research labs and stuff.
|
|
|
Oct 4 2006, 03:57 AM
Post
#17
|
|
Running Target Group: Members Posts: 1,213 Joined: 10-March 02 From: Back from the abyss. Member No.: 2,316 |
Some exploits are also found by accident. NT4 had a bunch of them and you could just easily stumble onto them. A few friends and I were in class, well it was before class playing video games. The head of that department didnt want us playing in that room so he had us locked out of the network on those terminals. We bet our programming teacher that if we could gain access to the network and get access to the computers again can we play games again. He accepted and we sat down to go to work. In less then 30 minutes the 3 of us were in the system and resting passwords and permissions. 20 minutes after that we were back to playing games. Im not a hacker wont claim to be, but I learned a few tricks from old hackers.
A lot of hackers pick up these things from people they know. One of my friends is the child of two prgrammers. They were prgramming when punch cards were the only way. Then on to Cobol and all that stuff. The information is out there, but today if its out there and easy to find you can bet its probably taken care of with a security patch. You can still try that way, because suprisingly a lot of admins are bad at updateing security especially on Windows servers, they fear the security releases. So they run them on a test server for a few days to make sure its not going to crash their networks and cause a lot of trouble ont eh real network. Some are just lazy or really dont have a clue. You can try reverse engineering the software, or you can just try things in general. If you are into computers like the real hackers are you will know how the things work in such minute detail they sometimes just try things that theoretically would work and see what happens. Like I know of a specific commercially availibale router that is sold everyday and is rather popular that does VPN and has a very major problem with the "Security" of this service. The VPN works, and it work like its suppose to. But if you telnet into the back of the router (which is relatively easy) you can then see the VPN and use it to ride into the other computer using the same VPN connection. Since you are on a VPN and its authenticated the other computer wont stop you. Its funny when routers are allowed to set up VPN connections through NAT IP addresses. Oh, did I mention the engineers were told and they said "ok, well get to it when we have the time." |
|
|
Oct 4 2006, 04:00 AM
Post
#18
|
|||
Ain Soph Aur Group: Dumpshocked Posts: 3,477 Joined: 26-February 02 From: Montreal, Canada Member No.: 600 |
We have a list of web sites that discuss existing weaknesses, from which we can download code, yes. A real hacker would probably know by heart security flaws for certain versions. He would probably write his own exploits, which isn't that hard once you understand the logic of the flaw. We have life easier (since it's a class) and the server is running old software with known faults. We just have to find them, then run code on it. I'm pretty sure if you don't hack a computer, you are getting a bad eduction. How else can you understand the dangers that exist? Of course, this is a computer specially set up for this. We're not hacking some random computer of our choice. |
||
|
|||
Oct 4 2006, 04:01 AM
Post
#19
|
|||
Ain Soph Aur Group: Dumpshocked Posts: 3,477 Joined: 26-February 02 From: Montreal, Canada Member No.: 600 |
We learned it's probably the best way to go at it. There are some very good articles on the net about social engineering, just google it. |
||
|
|||
Oct 4 2006, 04:52 AM
Post
#20
|
|
Dragon Group: Members Posts: 4,589 Joined: 28-November 05 Member No.: 8,019 |
But when you finally hack the computer, you'll think it's cool, right?
|
|
|
Oct 4 2006, 10:32 AM
Post
#21
|
|
Moving Target Group: Members Posts: 143 Joined: 28-August 05 Member No.: 7,631 |
Sure, up until the FBI Computer Crimes Division kicks down your door.
|
|
|
Oct 4 2006, 11:14 AM
Post
#22
|
|||
Moving Target Group: Members Posts: 530 Joined: 11-June 05 Member No.: 7,441 |
There are four main ways: 1. Social Engineering. 2. Inside man. 3. Skript Kiddie Way -- go find someone who's researched and written an exploit, and get a copy. 4. Non-Skript Kiddie Way -- poke and prod and poke and prod until you find something for which you can write an exploit. The first three are self-explanitory. The fourth way requires a lot more technical knowledge than the first three. There are a few major techniques that are commonly used -- the most popular of them all being something called a "buffer overflow". This was popularized in the mid 90's by a paper by a guy who called himself "Aleph One" -- the paper was called "Smashing the Stack For Fun and Profit." Basically, if you know how, it's sometimes possible to trick code that handles input poorly into reading your input into it's own program code. By doing this, you can essentially load a program into memory with the same permissions as the program itself -- which, ideally, is an administrator (root) level account. There are other techniques -- trojans (which are really just a technical solution combined with social engineering), exploitation of race conditions, sifting for passwords (either with listening/keylogging techniques or password cracking), and some others. I think I covered all of the most popular ones though. Personally, if I had a class where we had to break into some server, I'd just "social engineer" my way into the room where the server was, yoinch the hard drive, reset the password and call it a day. If it was in the guy's office, for example, I'd just get a pal in the class to distract him while I did the deed, etc. |
||
|
|||
Oct 4 2006, 11:37 AM
Post
#23
|
|||
Shadowrun Setting Nerd Group: Banned Posts: 3,632 Joined: 28-June 05 From: Pissing on pedestrians from my electronic ivory tower. Member No.: 7,473 |
They're not thugs.... They use a battering ram. And flash-bangs. And carry big guns. |
||
|
|||
Oct 4 2006, 12:11 PM
Post
#24
|
|
Moving Target Group: Members Posts: 530 Joined: 11-June 05 Member No.: 7,441 |
They don't usually do that unless they think you might be armed.
|
|
|
Oct 4 2006, 12:54 PM
Post
#25
|
|||
Midnight Toker Group: Members Posts: 7,686 Joined: 4-July 04 From: Zombie Drop Bear Santa's Workshop Member No.: 6,456 |
You don't eve n have to yoink the HD in most cases. If the server is running windows XP (and most are) there are bootable programs available that will show you XPs password list. Likewise, bootable flashdrives and live CD allow you to carry your own OS whereever you go and get protected files from any system. Unless they prohabitied booting except from the hard drive and password protected the bios, it is trivial to break into a system if you have physical access and if you have to open the case it is even simpler to reset the BIOS. |
||
|
|||
Lo-Fi Version | Time is now: 17th April 2024 - 07:05 PM |
Topps, Inc has sole ownership of the names, logo, artwork, marks, photographs, sounds, audio, video and/or any proprietary material used in connection with the game Shadowrun. Topps, Inc has granted permission to the Dumpshock Forums to use such names, logos, artwork, marks and/or any proprietary materials for promotional and informational purposes on its website but does not endorse, and is not affiliated with the Dumpshock Forums in any official capacity whatsoever.