Interview with an ex-hacker

[s0nIc]

I read something really interesting.. which i hope some of our "neophytes" would learn from..


Interview with an ex-hacker

By James Middleton [01-02-2002]

According to the defacement archive at Alldas.de, the hacker group known as the 'sm0ked crew' only terrorised websites throughout February of last year.

But that was maybe enough for one member of the crew, Splurge, who decided to call it quits and go straight in the security industry.

Eighteen-year-old Splurge, who withheld his real name, contacted vnunet.com to tell us his story. What prompted him to switch from a life of box breaking and defacing, to the somewhat more acceptable career of a security consultant selling denial of service (DoS) filter systems?

"It's not the feds you have to worry about, it's always the other hackers that bring you down," he said. "They love to fight each other. They'll nark on you to the FBI just to get you off the scene."

Splurge has had one such call from an FBI agent. "He just turned up on my doorstep. Just the standard agent type, he didn't really know anything.

"But I'm worried because I've been falsely accused of stealing $500,000 worth of software, which I didn't do, it's some other hacker who's pinned this on me," he said.

Splurge would not elaborate on this case, as he said it could still go to court.

He said that the FBI has honeypots set up all over the internet, just to catch hackers. "I got tricked through five boxes," he said with a touch of humour. "That's how they caught me."

But sometimes, said Splurge, hackers do get the Hollywood treatment. "Another hacker I know, going by the name of Darkness, broke into NASA. Next thing, his door was being kicked down by agents waving guns all over the place."

But apart from getting arrested, Splurge assured us that the hacking and defacing scene is nothing like in the movies.

"Films like 'Hackers' aren't even close," he said. "I got out of the scene because the crew was breaking down, there was too much in-fighting, and the danger of getting arrested was becoming more and more real."

Although Splurge didn't know any other members of the sm0ked crew except by their screen name - "it's safer that way" - he maintains that someone else in the hacker community set him up to get him off the scene.

"After we hacked Intel for the third time running, I had a visit from one of their security guys who had managed to trace me back. He offered me a job as some sort of pen tester in a startup security firm he was going to launch, but it didn't sound too ethical so I refused. Then he warned me not to touch Intel any more or he'd turn me in. It was about then I realised I wanted to get out."

The stereotypical image of hackers is pretty accurate, according to Splurge. "It's really just a bunch of really smart kids trying to prove themselves. I know I was," he said.

"They're not misfits, they're just trying to make their mark. Defacing is an easy way to get on the news."

"It's almost as if they want to get caught," he added. "Obviously they don't want to go to jail, but they want to be known for their actions."

But Splurge sounds like he's had a change of heart. "Anyone who leaves an insecure box attached to the net deserves it. But anyone who actually damages data should do time," he said. "We always left backups of any sites we defaced.

"It's not hard to secure a box. An operating system is only as secure as the admin makes it. I use Linux all the way because I think it's easier to secure, but any operating system can be secured, even Windows.

"Filtering out IPs that shouldn't be accessing certain servers eliminates 99 per cent of problems, and getting a decent firewall helps," he said.

"People think defacers just use canned scripts to break sites," he continued, "but this is not necessarily true. A scanner is just a lot of hard work. I would go to a big site and just wade through each IP on the block looking for vulnerabilities."

Most of the misinformation about hackers is propagated by the media, according to Splurge.

"If the media stopped glorifying hackers, we wouldn't have this problem. They wouldn't be trying to make front page news. And they won't stop, either. For every one arrested, five more go free," he said.

So what does a hacker do when he's done with making the news? "I work for a filtering firm. We stop denial of service attacks taking out networks like with Cloud 9, Tiscali and Donhost this week. But I'd like a better job in the security industry."

And is there honour among data thieves? Not really. "As we speak, I'm just tracking someone who's hit one of my own personal boxes. I'm confident I'll get him, and when I do, I'll turn him in. I've no problem with that."

http://www.vnunet.com/News/1128889

[5150]

a great eye opener. thank you for that.

[{P²P}Apocalypse]

Interesting article. A lesson taught is a lesson learned.....

[gold eagle]

good post. There is something I would like to point out about splurge's interview.

He says "Anyone who leaves an insecure box attached to the net deserves it.

I could not disagree more strongly. There are those who should know better. However most users, disrespectfully labelled lusers or something to that effect, don't understand this crap and maybe can't. Does that mean they should be victimized by some puke with some hot tools that someone far more senior likely wrote? Let's follow this logic.

Does visiting you mom and leaving you car, in a nice neighborhood let's say, in her driveway while you have lunch with her mean you should deserve to get it broken into?

Does going for a walk downtown after a movie mean you deserve to be attacked and robbed because you were there?

Does a girl who wears a nice outfit and goes out with friends deserve to be attacked because
she "was asking for it".

Should some kid be blamed for walking home from school if they get abducted?

Of course not in all cases. Period.

I could go on but you see where this logic goes. It is based on a false premise. Taking reasonable precautions ARE encouraged but often someone does not understand.

It is time some in the hacker community grow up. <puts on heavy duty anti flame suit>

peace.

[zion1459]

gold eagle: nice point and very true...
now my comments:
It's a great post and can teach many script kiddies some good things but yet again I see the word hacker being abused.
Splurge is probably the last person on earth I'd call a hacker. A cracker, maybe but still this word doesn't fit him (at least not after he stopped breakÃ*ng the law).
He could never be a hacker, and why? ethics, it's all about ethics... the hackers origin, what a hacker really is... not some "cyber-warrior" but just a clever person who knows more about security and 'puters than a priest knows about God. And not only knowledge, it's a feeling too. The joy of building great software or just loving to sit hacking into a linux-kernel (this being on ur own machine...). That's a real hacker... Just take Linus Torvalds as an example and don't look at Kevin Mitnick, he's a cracker... a good one but still a cracker.

[Terr]

I would say that althought it is difficult to make any judgements on exactly what category the interviewee falls into, the whole bit about the media glorifying "hacking" rings true to me. I swear, a majority of all the "teach me how to hack" people seem to want to do nefarious deeds just for bragging rights among their less-saavy friends.

[Tedob1]

i agree w/gold eagle

and go a step further.
With computer companys targeting the general public and SOHO's, selling them 'secure systems', its they who should be held accountable.
There's preasure on small biz, to get on the net. "Don't you have a web site?"and "id rather order on-line". Not every one can afford an $80k admin. on the payroll, or has the time to learn all the ins and outs of making a system secure, so they buy systems from so called reputable companys and wind up getting hacked.

[ThePreacher]

Originally posted by gold eagle
good post. There is something I would like to point out about splurge's interview.

He says "Anyone who leaves an insecure box attached to the net deserves it.

I could not disagree more strongly. There are those who should know better. However most users, disrespectfully labelled lusers or something to that effect, don't understand this crap and maybe can't. Does that mean they should be victimized by some puke with some hot tools that someone far more senior likely wrote? Let's follow this logic.

Does visiting you mom and leaving you car, in a nice neighborhood let's say, in her driveway while you have lunch with her mean you should deserve to get it broken into?

Does going for a walk downtown after a movie mean you deserve to be attacked and robbed because you were there?

Does a girl who wears a nice outfit and goes out with friends deserve to be attacked because
she "was asking for it".

Should some kid be blamed for walking home from school if they get abducted?

Of course not in all cases. Period.

I could go on but you see where this logic goes. It is based on a false premise. Taking reasonable precautions ARE encouraged but often someone does not understand.

It is time some in the hacker community grow up. <puts on heavy duty anti flame suit>

peace.

Gold eagle, you are a wise person, and I agree with you. I had the unfortunate unpleasure of being hacked years ago when I was naive. I didnt ask for all my data, info, and personal stuff to get erased. It gives you true perspective though after it happens. Never again. I guess this is what the hacker in the article is trying to say. If he breaks in someones house because the door is unlocked, they will never leave it unlocked again. Maybe he feels that he is in a sort of backwards way, teaching them security.

[antihaxor]

Originally posted by s0nIc
I read something really interesting.. which i hope some of our "neophytes" would learn from..

Interview with an ex-hacker

By James Middleton [01-02-2002]

"It's not the feds you have to worry about, it's always the other hackers that bring you down," he said. "They love to fight each other. They'll nark on you to the FBI just to get you off the scene."

This is an important point. Its why I believe in "unity among brethern" NEVER snitch on your friends.Its why I find it hard to find someone to trust , who will not sell you out to save his own neck

[8*B@LL]

Originally posted by antihaxor

This is an important point. Its why I believe in "unity among brethern" NEVER snitch on your friends.Its why I find it hard to find someone to trust , who will not sell you out to save his own neck

hate to break it to you, but this idea is just plain out-dated. the only people you can trust are yourself, and very close RL friends. anyone you meet on the net is un-trustworthy. anyone you havent known for years and years will give you up.

this type of thinking is where 90% of criminals(those that partisipate in social crimes, such as selling drugs and hacking in groups) make their mistakes. if you sell drugs, you shouldnt be trusting everyone you meet with personal knoledge...cause as soon as they get cought they are gonna give you up to save their ass, and the same goes for hackers.