==Phrack Magazine== Volume Seven, Issue Forty-Eight, File 2a of 18 Phrack Editorial by Erik Bloodaxe This may very well be my last Phrack editorial, since I'm no longer going to fill the day-to-day role of editor, so I figure I ought to close out my crusade to piss everyone off. I don't like most of you people. The hacking subculture has become a mockery of its past self. People might argue that the community has "evolved" or "grown" somehow, but that is utter crap. The community has degenerated. It has become a media-fueled farce. The act of intellectual discovery that hacking once represented has now been replaced by one of greed, self-aggrandization and misplaced post-adolescent angst. DefCon IV epitomized this change in such amazing detail, that I can only hope to find words to describe it adequately. Imagine the bastard offspring of Lollapalooza and a Star Trek convention. Imagine 300+ people out of their homes, and away from Mother's watchful eye for the first time in their pathetic lives. Imagine those same people with the ego of Rush Limbaugh and the social skills of Jeffrey Dahmer, armed with laptops loaded with programs they can't use, and talking at length to reporters about techniques they don't understand. Welcome to DefCon. If I were to judge the health of the community by the turnout of this conference, my prognosis would be "terminally ill." It would seem that "hacking" has become the next logical step for many people looking for an outlet to strike back at "something." "Well, gee, I've already pierced every available piece of skin on my body and dyed my hair blue...what on earth can I do now to shock my parents? I know! I'll break some federal laws, and maybe get my name in the paper! THAT WOULD BE COOL! It'll be just like that movie!" I hate to burst everyone's bubble, but you are so fucked up. In this day and age, you really don't have to do anything illegal to be a hacker. It is well within the reach of everyone to learn more, and use more powerful computers legally than any of us from the late 70's and early 80's ever dreamed. Way back then, it was ALL about learning how to use these crazy things called computers. There were hundreds of different types of systems, hundreds of different networks, and everyone was starting from ground zero. There were no public means of access; there were no books in stores or library shelves espousing arcane command syntaxes; there were no classes available to the layperson. We were locked out. Faced with these obstacles, normal, intelligent, law-abiding adolescents from around the globe found themselves attempting to gain access to these fascinating machines through whatever means possible. There simply was no other way. There were no laws, and yet everyone knew it wasn't strictly kosher behavior. This fact added a cheap rush to the actual break-in, but the main drive was still simply to learn. Now, with the majority of operating systems being UNIX-based, and the majority of networks being TCP/IP-based the amount of knowledge to be gathered has shrunk considerably. With the incredibly low prices of powerful personal computers, and the free availablity of complex operating systems, the need to break into remote systems in order to learn has been removed. The only possible needs being met by remote intrusions would be a means to gather specific information to be sold, or that base psychological rush from doing something forbidden and getting away with it. Chasing any high only leads to a serious crash, and in the case of breaking into computers, that only leads to jail. There is absolutely nothing cool about going to jail. I know too many people who are currently in jail, who have been in jail, and some who are on their way to jail. Trust me on this, people. You will not be respected by anyone if you act rashly, do something careless and end up being convicted of several felonies. In fact, all of your "friends," (those who didn't get busted along with you, and turn state's evidence against you) will just think you were a moron for being so sloppy...until they also get nailed. Get raided and you will almost certainly spend time in jail. Even once you are released, you will lose your passport and your ability to travel freely, you will lose your ability to do business in classified environments, you will become unemployable by most companies, you may even lose your rights to use computer or networking equipment for years. Is is still worth it? I break into computers for a living, and I love my job. However, I don't kid myself about just how lucky I really am. Don't fool yourselves into thinking that it was easy for me to achieve this, or that anyone else can easily slip into such a role. Staking out a claim in the information security industry is a continual battle for a hacker. Your past will constantly stand in your way, especially if you try to hide it and lie to everyone. (Read the recent Forbes ASAP article and spot the hacker from Garrison Associates lying about his past, although he was raided for running the Scantronics Publications BBS in San Deigo just a few short years ago. Shame on you Kludge.) I've never lied about anything, so that can't be held over my head. I've never been convicted of anything either, although I came closer to jail than hopefully any of you will ever experience. The ONLY reason I avoided prison was the fact that law enforcement was not prepared to deal with that type of crime. Now, I've taught many of those same law enforcement agencies about the nature of computer crimes. They are all learning and not making the same mistakes any more. At the same time, the technology to protect against intrusions has increased dramatically. Technology now exists that will not only stop attacks, but identify the attack methodology, the location of the attacker, and take appropriate countermeasures all in real-time. The company I work for makes it. I've always said that anything that can stop me will stop almost anyone, even through I'm not anywhere close to the world's best. There simply aren't that many things to monitor, once you know what to look for. The rewards have diminished and the risks have increased. Hacking is not about crime. You don't need to be a criminal to be a hacker. Hanging out with hackers doen't make you a hacker any more than hanging out in a hospital makes you a doctor. Wearing the t-shirt doesn't increase your intelligence or social standing. Being cool doesn't mean treating everyone like shit, or pretending that you know more than everyone around you. Of course, I'm just a bitter old sell-out living in the past, so what do I know? Well, what I do know, is that even though I'm one of the few screaming about how fucked up and un-fun everything has become, I'm not alone in my disgust. There are a bunch of us who have reached the conclusion that the "scene" is not worth supporting; that the cons are not worth attending; that the new influx of would-be hackers is not worth mentoring. Maybe a lot of us have finally grown up. In response, expect a great many to suddenly disappear from the cons. We'll be doing our own thing, drinking a few cool drinks someplace warm, and reflecting on the collective pasts we've all drawn from, and how the lack of that developmental stage has ruined the newer generations. So those of us with that shared frame of reference will continue to meet, enjoy each other's company, swap stock tips in the same breath as operating system flaws, and dream about the future of security. You're probably not invited.