some #antisec tl;dr thoughts
i wrote this while i was bored at the airport yesterday morning.
just throwing my two cents into the #antisec youtube video debate and gibsons in general. sadly, i do not have wordpress comments enabled, but you can always weigh in on my facebook comments or on twitter or take out an ad on a billboard.
let me preface this entire entry by saying that i have been fucking owned COUNTLESS times. i have had everything under the sun happen to me – credit cards stolen, utilities shut off, boxes of unsavory sex toys carded to my house, you name it. i have been both the natural target of l33t hacker war as well as merely collateral damage. most recently, in march (during sxsw), my friends at kryogeniks (i really mean this, it was more of a prank than anything, DFNCTSC) socialed at&t into disabling my SIM card. they put new equipment on it and texted my registrar password to my number and stole my domains temporarily. the rest is history.
personally, the most common misconception i find people have about what constitutes hacking by the general public is they feel it requires some exceptional and unique technical prowess. in reality, hacking is all about PEOPLE. every system designed thus far, hardware or software, was created by human hands. if history has taught us anything significant, it is that the human race sucks at doing anything right in the long run.
i would say 85% of what actually constitutes hacking is the exploitation of human emotion, stupidity, laziness, or ignorance. the technical ability that comes with your run-of-the-mill script kid can easily be taught, and the higher echelon of the security community that actually provides advisories and PoC enables that culture to flourish.
(you could argue that hacking is 100% people if you assume the position that an exploitable hole was technically left by human error and therefore human incompetence, but i digress. penis.)
for instance, to analogize from a game programmers’ standpoint, building a gaming graphics engine like crysis or unreal or doom ][ requires extensive knowledge of things that aren’t just a programming language, like vector mathematics and physics modeling. code efficiency and optimization is incredibly important. having awesome glasses is incredibly important. being mentally ill is incredibly important. there may be many people that can “program computers,” but there are only a relative handful that have the scientific background to crank out brilliancies with any regularity. for the rest, they are forced to stand on the shoulders of giants and license game engines to make their own dreams come true.
what lulzsec is doing might seem like complete anarchy to you, and i see people complaining about how “innocent people” are being affected by these leaks, but the truth is, these people that are getting their facebooks hacked into are not getting their passwords stolen from facebook, they’re using THE SAME PASSWORD across multiple sites. when people are getting their facebooks and paypals and what not logged into using the credentials in the released databases, it is proof positive that these “innocent people” are not following best practices.
is it morally correct? probably not. is it effective? i would hope so. an informed public is a stronger public, and with every time that **i** got owned or ran the wrong exe outside of my VM or someone socialed me, i learned from it. no one is above getting owned – the shit happens to EVERYONE in the game one way or another. no shame in it either – think of it like the show jackass where you really are around more people that want to hug you than hurt you, but it is funny when you get hurt.
no, the government probably won’t pass more laws as a result of this. no one here is trying to bankrupt companies and shoot for world domination. yes, companies are embarrassed. hopefully they learn and grow. yes, people are embarrassed. hopefully, THEY learn and grow. there ARE people trying to take over the world, but they aren’t putting it all out on front street. there are chinese and russian state-sponsored hackers 90 billion times more leet than anything we have over here in the states, and frankly. until we get an informed public through whatever means (even tough love) those guys will outgun us at every opportunity.
what a bunch of rambling bullshit – fuck you ytcracker.