Where Have The Philes Gone?
by Glutton
In the good 'ole days of hacking and phreaking, a neophyte learned his techniques from a variety of sources: experimentation, friends' advice, and last but not least, text files.
These philes were accumulated like treasure on bulletin boards and by more experienced hackers, often without regard to their worth or accuracy. They contained theories, instructions, exploits, even snippets of hacking history.
Where are the philes now?
Well, those old documents are still around. Use file-sharing sites and search engines and you can find a plethora of guides on how to hack and phreak, filled with obsolete lore like ASCII-illustrated box diagrams and the dial-up phone numbers of military bases and colleges. The entire run of Phrack can be found on phrack.org.
But what about new ones?
Where are the philes of today? For starters, you won't find them in the form of text files, recent issues of Phrack notwithstanding. Now you use a search engine to search web pages and (less and less common) USENET posts for snippets. Technical details are gleaned from company sites and support forums, loopholes are described in white papers and weblogs.
So, why have things changed? The sharing of information is a dangerous game.
There is something different today. Maybe there's something missing now, like the innocence of teenagers exploring a system unbeknownst to the stodgy grown-ups who created it. Perhaps 20 years of busts have convinced us to be more circumspect.
Gone is the idea that all learning efforts are pure and worthwhile. Now theoretical questions are greeted with suspicion. I was part of a discussion the other day about mailbombing. One guy was asking about it, and the others were flaming him and threatening him with mailbombing. There was a time when hackers loved sharing. If someone wanted to know about X, let him as (presumably) a competent being decide whether it's moral or not.
Part of the problem is that the authorities have caught on to computer crime. Investigators and civilian techs pore over hacker sites like every day was an Operation Sundevil, sniffing for exploits.
As a result, most hackers practice some level of censorship, whether censoring their own discussions or slapping down lamers desperate to crack that Hotmail account. Self-censorship isn't new.
For instance, Phrack refused to publish credit card numbers or phone codes. It appears that caution was warranted - remember the E911 file that nearly put Knight Lightning in jail for 31 years? Even quasi-legal or plausibly legal materials can get you into trouble these days.
When Bernie S. was busted, the authorities allegedly used the contents of his library as "proof" of sinister motives. Cops are mindful that Timothy McVeigh learned how to create his truck bomb from plans found on the Internet. Even in the hallowed realm of journalism, 2600 writers add disclaimers in the hope that they won't get in trouble if the article offends someone in law enforcement.
Whether written under a handle or one's real name, it never hurts to be cautious. And even if what something does is not illegal, you can still get in legal trouble.
Remember how 2600 got sued for linking to sites offering DeCSS?
My final point is that legitimate press that covers hackers are light on detail to the point of nonexistence. Most books and articles on hacking are written by non-technical people, and it's understandable that they would want to cover the "human element" rather than a technical one they do not understand.
But even authoritative sources like The Art of Intrusion by Kevin Mitnick do not divulge specifics of exploits. Whether it is because they do not want to propagate exploits or for fear of being sued, who can say?
Lawyers, cops & criminals have collectively ended the free and open exchange of information that flourished back in the day. You'll have to decide for yourself if this is good or bad.
There is a new lack of respect for "noobs." Some blame hackers' troubles on the depredations of "crackers," "black hats," and other boogeymen. Others blame a new generation of laymen with just enough technical knowledge to follow directions they read on the Internet. Script kiddies aren't hackers. Spammers aren't hackers. But their actions are blamed on hackers.
The fact of the matter is that it's easier than ever to "hack" (using the media's definition). With numerous offshore sites full of scripts and basic knowledge of the Internet's architecture fairly widespread, all it really takes is time and interest.
With the resultant devaluing and misrepresentation of the hacker set comes a backlash where those in the know tire of sharing their knowledge with those who don't want to work hard to learn it themselves. In some respects this isn't a new phenomenon. When phreakers began exploring the phone system, street hustlers caught on to their techniques and began selling long-distance out of phone booths. While we might appreciate their willingness to sock it to the profiteering gluttons running the phone company, simultaneously some disapprove of their blatant misuse of hacker-gained knowledge for purposes of profit. Today's equivalent of those hustlers are spammers and script kiddies.
It's easy to sympathize with them because we all were once noobs and we can respect their thirst for knowledge. Furthermore, it is a fact of modern life that there is more to learn than any one person can absorb. In many respects, we are all noobs when it comes to something related to our area of knowledge. There are always more programming languages to learn, more technologies to master.
Nevertheless, it is human nature to be disgusted with those who want to "learn" by being told exactly how to do whatever, rather than figuring it out on their own. And with more and more amateurs feeding off the proofs-of-concept of real programmers, it's easier than ever to not want to contribute.
Final Thoughts
The web has simultaneously enriched the exchange of data while making it tremendously more complicated.
In a lot of ways, the philes of 2006 are more ephemeral, intriguing, and subtle than ever. Now you need to read 20 documents to find your answer, but a search results in 1000 article hits.
In the old days, all you had to worry about was someone posting a phile of false info. Now there are fake articles written by mean-spirited authors with links to spyware sites, or which contain malignant executables. There are deliberately misleading articles and dummy files to download.
And with so much data on the web, there is no prestige in sites offering hoards of knowledge. You don't need to keep a copy of the The Anarchist's Cookbook or the complete Phrack series. If you want it, you can have it within seconds.
No longer are text files the preferred medium, sites like cryptome.org notwithstanding.
Weblogs, discussion forums, and PDF white papers are king now. And with the higher visibility comes an increase in accuracy and timeliness as each article is critiqued and evaluated, while the false and obsolete info fades into the dusty recesses of the web.
Well, sometimes.