How accurate is SR's depiction of hackers?, I'm reading The Hacker Crackdown... Options

[emo samurai]

by Bruce Sterling. His vision of the hacker underground is a bunch of teenagers simply looking to make information free. They steal research and shit, but they have no idea how to capitalize it. They seem motivated more by curiosity than anything else. And most importantly, they're rare; he estimates there are about 100 truly 1337 hackers, and about 5,000 true hackers.

Anyone able to expand on this, maybe even speak from experience?

[Kagetenshi]

SR doesn't depict hackers at all, with the possible exception of the old Neo-As.

~J

[Ranneko]

Put quite simply, it doesn't. It never has and it never will.

Accurate hackers are not that interesting, especially since SR doesn't have accurate computers.

[Konsaki]

SR Hackers are script kiddies on steroids. You cant do shit without a program, but if you have the right one at a high enough quality, you can take down government computers.

[Wounded Ronin]

[hobgoblin]

about as accurate as their depiction of firearms (if the 10001 threads about the topic is anything to go by)...

[Konsaki]

[emo samurai]

What are RL hackers like, then?

[Frag-o Delux]

Just like any other person that is really into any other sub culture. Really wrapped up tight in their hobby and very passionate about it. Nothing special.

[Ancient History]

Well, the popular image of a "hacker" is a teens-to-twenty-something whiteboy breaking into bank computers, releasing viruses on e-mail, and committing identity theft.

Those are pretty few. For one thing, as Bruce Sterling points out in the book, the vast majority of computer criminals are crackers (yes, they tend to be Caucasian) who crack protection software to copy and meddle with programs and websites. If you're not a big corporation, you're probably not going to lose any money (and, indeed, you may save money by buying or downloading a pirated program - at your own risk).

There are a range of amateur-to-semiprofessional criminals (no doubt the Administration calls them computer terrorists, gah) engaged in malicious activity, such as identity theft, credit card fraud, transferring funds from bank accounts, stealing and selling sensitive data, etc. Generally, these people need a certain level of skill above crackers to operate effectively (i.e. make cash and not get caught), and there is probably some crossover with other criminal activities, like breaking-and-entering.

Then there are the darkside hackers, or compsecurity guys whose basic jobs are to keep people out of protected systems. Naturally, these are the same guys who have the skills to penetrate other system defenses (and indeed, some compsec guys and gals are hackers who decide to cash in and get a real job where they don't face prison if they fuck up).

Pursuers of electronic music, cryptography, game design, mathematics, computer engineering, deep programming and similiar fields tend to have a lot of cross-over with the people who have the legitimate skill and know-how to be a hacker or a cracker, hence the reason those areas are sometimes regarded as the domain of hackers - it's a recognition of trends (skills + interests == higher probability of hackers present). By comparison, the hacker subculture is based off of movies and popculture representation of hackers, which is based off of fictional representations of hackers, which are (loosely) based off of real hackers - and of course the hackers and crackers join in, so there is always a minority of hackers and crackers in the hacker scene.

[Backgammon]

I'm currently following a Software Security class as part of my Engineering degree. My current lab consists of having to hack into a comouter.

It's fucking HARD, tedious and boring. First you gotta find open ports. That's easy enough. But next you gotta find what version of what service is running on each port. Then you have to painstackingly (sp) research those services, of that exact version, and look for a exploit to get in. It's boring, boring research and analysing. Not to mention you have to cover your tracks or else you go to jail, Bleh, it's definatly no fun.

[emo samurai]

But if you were a hacker, you'd already know that stuff. I guess you become a hacker only if you enjoy doing that research. How do you research an exploit, anyway? Do you just go on the internet, or do you download source code?

And how many schools involve hacking a computer? Is that a normal part of any computer security course?

[hyzmarca]

Most cracking is actually done through social engineering. Call up the IT department and say "This is Steve in Accounting and I forgot my password." It works.

[emo samurai]

How often?

[Kagetenshi]

Often enough.

~J

[emo samurai]

Well, it works for my college; I still don't think it should work that well for research labs and stuff.

[Frag-o Delux]

Some exploits are also found by accident. NT4 had a bunch of them and you could just easily stumble onto them. A few friends and I were in class, well it was before class playing video games. The head of that department didnt want us playing in that room so he had us locked out of the network on those terminals. We bet our programming teacher that if we could gain access to the network and get access to the computers again can we play games again. He accepted and we sat down to go to work. In less then 30 minutes the 3 of us were in the system and resting passwords and permissions. 20 minutes after that we were back to playing games. Im not a hacker wont claim to be, but I learned a few tricks from old hackers.

A lot of hackers pick up these things from people they know. One of my friends is the child of two prgrammers. They were prgramming when punch cards were the only way. Then on to Cobol and all that stuff.

The information is out there, but today if its out there and easy to find you can bet its probably taken care of with a security patch. You can still try that way, because suprisingly a lot of admins are bad at updateing security especially on Windows servers, they fear the security releases. So they run them on a test server for a few days to make sure its not going to crash their networks and cause a lot of trouble ont eh real network. Some are just lazy or really dont have a clue.

You can try reverse engineering the software, or you can just try things in general. If you are into computers like the real hackers are you will know how the things work in such minute detail they sometimes just try things that theoretically would work and see what happens.

Like I know of a specific commercially availibale router that is sold everyday and is rather popular that does VPN and has a very major problem with the "Security" of this service. The VPN works, and it work like its suppose to. But if you telnet into the back of the router (which is relatively easy) you can then see the VPN and use it to ride into the other computer using the same VPN connection. Since you are on a VPN and its authenticated the other computer wont stop you. Its funny when routers are allowed to set up VPN connections through NAT IP addresses.

Oh, did I mention the engineers were told and they said "ok, well get to it when we have the time."

[Backgammon]

[Backgammon]

[emo samurai]

But when you finally hack the computer, you'll think it's cool, right?

[TheNarrator]

Sure, up until the FBI Computer Crimes Division kicks down your door.

[Vaevictis]

[SL James]

[Vaevictis]

They don't usually do that unless they think you might be armed.

[hyzmarca]