I read something really interesting.. which i hope some of our "neophytes" would learn from..


Interview with an ex-hacker

By James Middleton [01-02-2002]

According to the defacement archive at Alldas.de, the hacker group known as the 'sm0ked crew' only terrorised websites throughout February of last year.

But that was maybe enough for one member of the crew, Splurge, who decided to call it quits and go straight in the security industry.

Eighteen-year-old Splurge, who withheld his real name, contacted vnunet.com to tell us his story. What prompted him to switch from a life of box breaking and defacing, to the somewhat more acceptable career of a security consultant selling denial of service (DoS) filter systems?

"It's not the feds you have to worry about, it's always the other hackers that bring you down," he said. "They love to fight each other. They'll nark on you to the FBI just to get you off the scene."

Splurge has had one such call from an FBI agent. "He just turned up on my doorstep. Just the standard agent type, he didn't really know anything.

"But I'm worried because I've been falsely accused of stealing $500,000 worth of software, which I didn't do, it's some other hacker who's pinned this on me," he said.

Splurge would not elaborate on this case, as he said it could still go to court.

He said that the FBI has honeypots set up all over the internet, just to catch hackers. "I got tricked through five boxes," he said with a touch of humour. "That's how they caught me."

But sometimes, said Splurge, hackers do get the Hollywood treatment. "Another hacker I know, going by the name of Darkness, broke into NASA. Next thing, his door was being kicked down by agents waving guns all over the place."

But apart from getting arrested, Splurge assured us that the hacking and defacing scene is nothing like in the movies.

"Films like 'Hackers' aren't even close," he said. "I got out of the scene because the crew was breaking down, there was too much in-fighting, and the danger of getting arrested was becoming more and more real."

Although Splurge didn't know any other members of the sm0ked crew except by their screen name - "it's safer that way" - he maintains that someone else in the hacker community set him up to get him off the scene.

"After we hacked Intel for the third time running, I had a visit from one of their security guys who had managed to trace me back. He offered me a job as some sort of pen tester in a startup security firm he was going to launch, but it didn't sound too ethical so I refused. Then he warned me not to touch Intel any more or he'd turn me in. It was about then I realised I wanted to get out."

The stereotypical image of hackers is pretty accurate, according to Splurge. "It's really just a bunch of really smart kids trying to prove themselves. I know I was," he said.

"They're not misfits, they're just trying to make their mark. Defacing is an easy way to get on the news."

"It's almost as if they want to get caught," he added. "Obviously they don't want to go to jail, but they want to be known for their actions."

But Splurge sounds like he's had a change of heart. "Anyone who leaves an insecure box attached to the net deserves it. But anyone who actually damages data should do time," he said. "We always left backups of any sites we defaced.

"It's not hard to secure a box. An operating system is only as secure as the admin makes it. I use Linux all the way because I think it's easier to secure, but any operating system can be secured, even Windows.

"Filtering out IPs that shouldn't be accessing certain servers eliminates 99 per cent of problems, and getting a decent firewall helps," he said.

"People think defacers just use canned scripts to break sites," he continued, "but this is not necessarily true. A scanner is just a lot of hard work. I would go to a big site and just wade through each IP on the block looking for vulnerabilities."

Most of the misinformation about hackers is propagated by the media, according to Splurge.

"If the media stopped glorifying hackers, we wouldn't have this problem. They wouldn't be trying to make front page news. And they won't stop, either. For every one arrested, five more go free," he said.

So what does a hacker do when he's done with making the news? "I work for a filtering firm. We stop denial of service attacks taking out networks like with Cloud 9, Tiscali and Donhost this week. But I'd like a better job in the security industry."

And is there honour among data thieves? Not really. "As we speak, I'm just tracking someone who's hit one of my own personal boxes. I'm confident I'll get him, and when I do, I'll turn him in. I've no problem with that."

http://www.vnunet.com/News/1128889