Intersections’ Consumer Security Adviser Neal O’Farrell joins us today with a fascinating look at hackers, hacktivism, and hacker collectives. Read on and enjoy!
As notorious hacker collective Lulz Security claims to be sailing off into the sunset, pursued and taunted by other hacker groups like the A-Team and Web Ninjas, many are wondering who will fire the next salvo in the hacker wars and who will be the next casualty.
And while many were surprised at how quickly Lulz appeared and disappeared, hacker collectives and hacktivists have been living, working, and hacking amongst us for nearly two decades. It's now nearly ten years since I gave a hacker from notorious hacker collective Cult of the Dead Cow a plane ticket to attend the DEFCON hacker conference in Las Vegas and report back on his thoughts about the differences in thinking and culture between hackers and security professionals — at least those hired to protect.
Cult of the Dead Cow, also known as cDc, is credited with coining the word hacktivism. I was writing at the time for a publication called SearchSecurity.com and working on a story that compared the security skills of hackers to those of the security professional being paid to protect us.
cDc may have been the birthplace of the hacker collective, and that birthplace was a slaughterhouse in Texas in the mid-1980s. cDc eventually launched the careers of many of the world's most famous and competent hackers, who interestingly enough eventually became some of the most respected and respectable security industry executives.
cDc had a simple goal and slogan at the time – Global Domination Through Media Saturation — and its activities ranged from hacking the Church of Scientology to distributing their own music. OK, they did a lot worse than that but we have only so much space.
Like many hacker collectives, cDc either spawned or embraced a number of other hacking groups, and some of its members went on to create other, equally notorious hacking groups.
For example, cDc hacker Mudge later launched L0pht, another high profile hacking collective active in the 1990s. Unlike many of today's hackers, L0pht members were pretty much out in the open and even had their own Boston headquarters they hung out in. They famously testified before Congress that if they really wanted to they could take down the entire internet in less than 30 minutes.
And where are they now? Surprisingly legitimate and well respected. L0pht eventually merged with a security consultancy @stake which was later purchased by security firm Symantec. L0pht hacker "Weld Pond" is now Chief Technology Officer of respected security company. "Kingpin," whose real name is Joe Grand, now lives in San Francisco and hosted the Prototype This program on the Discovery Channel.
And whatever happened to Mudge? His real name is Peiter Zatko, who later went on to serve as an adviser to President Bill Clinton on cyber security and now works for the U.S. Department of Defense Advanced Research Projects Agency (DARPA).
I've always maintained that most security professionals can easily be outsmarted by good or even average hackers. It's not about competence, it's more about culture. Hackers by their nature are usually more inquisitive and creative, less worried about failing, and of course don't have corporate security rules or federal guidelines holding them back.
Will we ever see members of Lulz or Anonymous give up their rebellious ways and use their obvious security skills to protect the greater good? Will we ever see one of these hackers emerge as the head of security for a major corporation, the kind of security head these hacktivists say they despise?