In support of Vin's case, it is not unusual for hackers to claim noble
motives for their actions that are completely refuted when their private
communications come to light. A key example of the type being Kevin Mitnick
whose protestations of having never intended harm are contradicted by the
hate filled and on occasion racist emails he exchanged with his accomplices
(see the Markoff book for details).
It is strange that so many vandals go boasting about the damage caused by
their exploits on IRC and then claim to have 'never intended any harm' when
they get caught.
My belief, right or wrong is that the best means of discouraging folk from
causing malicious damage for whatever reason is the threat of substantial
jail sentences for the few who get caught. If folks don't want to go to
prison then the simple answer is don't go arround hacking other folks
systems.
Civil disobedience has its place, but hacking attacks look more like
terrorist thuggery than Ghandian passive resistance to me.
When cypherpunks was founded, most of the readers on the list were actively
involved in computer security. I strongly suspect that most readers of the
list today are hacker 'wannabees', certainly this was the case when I
stopped reading the list on a regular basis two years ago (although much of
the material posted by the people I used to follow on the list is
crossposted or forwarded to me so in effect what I do read probably closely
resembles the original.)
Hacking needs to lose the mistique that the media have created for it.
Rather than presenting hackers as heros and role models they should present
them in their true colours - somewhat pathetic teenage thugs.
Equally I think we need to be very carefull about ideas like full
disclosure, lest they get hijacked and become a license for hacking by
proxy. The folk smart enough to develop attacks are these days smart enough
to let fools do their dirty work for them. My strong suspicion is that the
dolt who set off Trinoo against Yahoo et. al. was not participating in a
stock fraud. Anyone smart enough to set up the fraud is probably smart
enough to realise that all they can achieve the same effect placing the
tools in some dweebs hands.
What we need is to reduce the status acquired by downloading an attack tool
from a Web site and setting it off. At the moment the lamer who does this
thinks that they are 'Elite' rather than what they really are - the patsy
for the guy who wrote the tool.
Putting my propaganda analyst hat on for a moment, the most effective method
available for such a status reduction available would be an appropriate
label for the behaviour that would make explicit the fact that it is 1) not
particularly clever and 2) being used by the author of the tool. A term like
the good old fashioned AI lab term 'Luser' but conveying more of an insult.
Perhaps the term 'drone' would serve, since it means both an insect with few
braincells that does no work and a pilotless aircraft under the control of
another person. Another fact about drones is that they only get sex once in
their entire life.
Phill
