Dial-a-Word
by Barrett D. Brown
Cyberspace has changed drastically in the past three decades, and hacker culture has changed with it.
In the beginning, we obfuscated our on-line identities with handles like "h3r0" and "$up3rm@n" so that we could work with other hackers in cyberspace without our true identities being discovered. Groups were formed, such as the Legion of Doom, Cult of the Dead Cow, and L0pht.
It was all fun and games, until people started to get hurt. Some hackers got busted and gave other members of their groups up to the authorities; some set up other hackers in order to avoid focusing trouble on themselves; still others just plain sold out to corporations. The U.S. Secret Service's Operation Sundevil brought about the end of the infancy of computer hacking.
It is now almost twenty years later, and the current state of affairs includes the NSA sucking down all net traffic, Google retaining records of all actions, ISPs pushing for a tiered Internet that they can manipulate, the EU implementing security provisions, the Chinese government maintaining its "Great Firewall," and the FCC allowing very few entities to control the media landscape.
The list goes on and on...
Hacker nicknames are a quaint anachronism, and the concept of a hacker group is destroyed. Still, we find budding computer explorers christening themselves L0rd_p00p00@gmail.com while records of their home IP address and every search and email they ever send or receive are retained.
It is my opinion that nicks have outlived their usefulness. These days, the only security comes in complete anonymity.
Sorry, folks: no more clubs, no more bragging rights, and no more defaced web pages with "L0rd p00p00 pwnd U" on them.
Those days were wonderful and fun, but their time has passed. Just using a nick is a red flag which gives hacker hunters something to search for, even if you do so from different computers, through web proxies, with Tor, encrypted with your PGP key, and on SILC.
If continued secret communication with others is required, I recommend rotating media and using pass codes. The only safe and useful hacker collaboration these days comes in the form of open and free communication on projects that have no reason to be hidden. If you have an intense desire to get into some private database, you should do it alone. Once you've completed your task, never mention it again.
In 2003, the White House published The National Strategy to Secure Cyberspace, which presents cyberspace security as a facet of Homeland Security. Not long after that, in December, 2005, the United States Air Force officially added "Cyberspace" to its area of focus; in 2006, it set up the Air Force Cyber Command (AFCYBER) to "Provide both defensive and offensive computer network weapons."
If you are getting visions of Black ICE and Kuang Military Grade ICE-breaking programs from one of Gibson's novels, so am I, and there is no doubt that we are well on the way. This military command attempts to actively monitor all attacks and scans upon government computers. Clearly, we are no longer living in the age of fun nicknames and clubs named after comic book characters.
Since 2001, the U.S., U.K., and German governments have reported that "Chinese hackers" are engaged in an active and systematic program of computer system infiltration aimed at government computers, including the unsecured e-mail of the U.S. Secretary of Defense and nuclear weapons laboratories. Because of the nature of computer networks, there really is no way to know whether China is involved or not other than to use old-fashioned human intelligence agents.
Even if the computers which attacked these networks were located in China, they could have been pwned by anyone, anywhere, including forces within the U.S. with a desire to frame China. Regardless of this fact, the hype circulating among the military and media makes it sound like we are in the middle of the world's first Cyber Cold War.
On another side of the Cyberwar frontier, we have the phenomena of botnets, whose power was witnessed in the massive DoS'ing of Estonia in 2007, which was largely referred to as Cyberwar I.
Unlike gaining unauthorized access to protected systems, using a botnet takes very little skill. It is largely rumored that botnet time can be easily purchased on the black market. The media initially framed this "cyberattack" as an act of aggression from "Russian hackers."
They again popularized the image that we were dealing with a massive international cyber battle. Much later, a very small article came out which traced the Estonia attack to a single 20-year-old Estonian college student. Was it an act of government warfare, or was it one pissed-off college student?
We may never know. To date, no one has yet publicized who owns and control the botnets. Some bot herders of small nets have been caught, but the herders of the largest nets still remain unseen. If the scant media attention given to these nets is any clue, we won't be finding out any time soon.
By the very nature of computer networks, national borders are now blurred. When the Internet was unleashed upon the world, it created a level playing field for all. We had truly entered an age where a single person could have the power to affect an entire nation not by voting, but by direct action.
This must terrify governments in the extreme, and many are making every effort to control the Internet. These efforts include recruiting hackers that governments catch, coercing hackers who work for them to recruit others at events such as HOPE and DEFCON, and tricking hackers into doing work for them through proprietary corporations or IRC chat rooms.
I completely support hacker conventions and always enjoy them, but we must be aware of what is occurring. Hackers have the direct power to change the world, and certain entities wish to monopolize and control that power. We communicate with each other in all countries on an equal footing. We respect knowledge and information and disdain outmoded forms of control. Our best defense is open collaboration in all fields; if executive measures must be taken, then they should be taken alone and never shared with another.
I predict that government entities will continue to intensify their media portrayals of cyberspace as something divided into countries engaging in cyberbattle with each other. Most citizens will believe these portrayals. We must continue to educate our fellow humans about open-source software, loss of privacy, information security, the tyranny of tiered Internet services, and the power that every individual has access to. If we don't, we may wake up one day to find that we do not have internet freedom any more.
"Please encrypt your data, people. If you don't, evil will take over the world." - Thomas Jefferson, well-known Dutch Author.