Do Hackers Contribute to Information Security?
Author: Jerry Benton

Do you remember your school bus rides back in junior high school? I’m sure just about every school bus has the geek up at the front, the kids just trying to get by in the middle, and the real hellions at the back. I have to admit, I was at the back of the bus. I’m not sure about the front of the bus, but at the back of the bus the typical conversation consisted of trying to “one-up” each other with something better. “I know you are, but what am I?” would eventually come down to “My dad can beat your dad.” or something similar. Of course, there is always the one guy you never mess with on every bus. On my bus, the guy’s name was Elvin. Then there was the girls we tormented for no real apparent reason. For the record: Ronda, I would like to apologize for throwing gum in your hair in 1987. I’m not sure why we did the things we did, but I am guessing it was some kind of adolescent attention competition.

Fast forward to today. If all the kids I grew up with were on the same bus right this moment, I doubt we would be trying to “one-up” each other and my gum would probably not be airborne.  If you did see a school bus full of middle aged people acting like twelve-year-olds, I would have to guess your reaction would be pity and assume the bus is on its way either to or from their mental institution. So if your average adult can grow out of this, why can’t the hackers of our day do the same? Yes, I am stating that their mentality and culture is typically childish from my point of view. Why? I’m glad you asked. What kind of adult refers to their computer organization as “The Grand Imperial Dynasty” and claim to have invented the first electronic publication when they clearly didn’t? (cDc, 2005) We know they have at least a fair amount of intelligence since a hacker is required to use a computer system beyond the point of frantically mashing a fire button on a game console. So why do they openly act like children? Do these “hackers” really contribute anything to the field of computer science beyond being a threat with their childish antics?

To try and answer this question, I examined three popular hacker web sites to see what they were printing and how useful the information was to the computer science industry. The first site I examined was 2600.com (2600.com, 2005), the second was Phrack.org (Phrack.org, 2005) and the third was Cultdeadcow.com (cDc, 2005). Before diving into this adventure, I assumed there would be some interesting content from at least a technical standpoint. I hate to put a spoiler in here, but I was sadly disappointed in all but one of the sites.

2600.com

Of the three sites I explored, 2600.com was the most “mature” site. It seems that since the last time I looked at it several years ago, 2600.com has made a large shift to posting most of its material in audio format. The organization also prints a quarterly magazine for USD $20 a year and has a weekly radio talk show about hacking.  If you combine the site, the talk show, and the magazine content, you come up with what I would classify as a “virtual political debate” about hacking. The majority of the content is benign and more of an opinionated statement. For example, I know that 2600.com used to actively protest the release of one of their heroes, Kevin Mitnick, before he was released from prison in 2000. The original poster boy of 2600 is Emmanuel Goldstein, but Kevin Mitnick has surely earned a life-long free membership to 2600. He is mentioned on the site quite often and seems to be painted as some kind of hacker folk hero. 2600 as an organization also actively takes place in and even sponsors numerous events and also organizes protests for a vast array of issues related to the industry. Overall, 2600 has the most mature attitude towards industry change and, for the most part, acts legally and in an organized manner.

Phrack.org

Phrack.org also has its own magazine, but, unlike 2600.com, has a strong focus on the technical aspect of hacking. If you are looking for the basics on how to hack a firewall, Phrack.org will tell you how. If you are looking for the details on exactly how to hack Windows CE, including code examples, Phrack.org can help. In short, Phrack.org provides the computer science community with the technical details. The articles are well written in the sense that they do not use “hacker-speak” by implementing such nonsensical words like “r0Xx0rs” or “e|33t”. The writers do have an open dislike for the U.S. Government, but it doesn’t seem to stem from a desire for total anarchy, but rather a strong dislike of what appears to be close monitoring by government agencies. Some of the articles do make for what I would consider fun reading. The articles are full of geek wit and the editor always has me rolling in laughter. The writing shows a sort of nutty personality, which I can easily identify with since all of my colleagues are convinced I am insane. (It comes with the territory.) Overall, I found that Phrack.org does significantly contribute to the computer science field with the technical information they freely share. Unfortunately, Phrack.org will no longer be publishing their periodicals as announced in their latest issue.

Cultdeadcow.com

Of all three sites, Cultdeadcow.com contained the absolutely most horrid content I have ever been forced to read. Frankly, I would have rather read the instructions on an air sickness bag for an hour than read the drivel I found on cDc’s (cultDeadcow) website. In the opening paragraphs I was comparing hackers to adolescents. If you are wavering on agreeing with this hypothesis, a quick read of cultdeadcow.com will change that. They call their organization a “Grand Imperial Dynasty”. They make claims to have been the first to freely distribute media via the mp3 format, which sounds a lot like they are claiming credit for inventing it. It is a good thing Al Gore already claimed to have created the Internet, or these guys would probably try to take credit for that too. (Wolf Blitzer, 1999) The only creditable contribution I found is Back Orifice (BO2K), which is a tool to totally remotely control the Microsoft Windows operating system. If this were more of a “legitimate” program, it would make an amazing tool for administrators. The interface is intuitive and provides an amazing amount of granular control that even Microsoft does not provide with its administrative tools. However, cDc appears to be resting on its laurels with BO2K. The rest of the content published on the cDc site falls into the “look at me” context. They boast of “owning” various systems, but contribute no information on the technical details of the event. In short, I found the site painfully useless to the computer science field. However, it would probably make an excellent Petri dish for a psychologist.

So the question of “Do hackers contribute to the field of computer science?” still remains at hand. Overall, I believe that they do. Today, programmers are more security conscious of the code they write because they know that it will probably be attacked in some way. Hackers also help point out flaws in released software, which decreases the response time for developers to fix the code. If you can sort through the adolescent drivel and find the real meat behind the topics, hackers provide us with an enormous amount of information regarding information security. As a security professional, the hacker is my antagonist. It would be foolish not to learn from him.

Wolf Blitzer, CNN. (1999). Transcript: Vice President Gore on CNN's 'Late Edition' (March 19, 1999). Atlanta, GA. Retrieved October 8, 2005, from CNN Web site: http:/​/​www.cnn.com/​ALLPOLITICS/​stories/​1999/​03/​09/​president.2000/​transcript.gore/​

Phrack.org. (2005). Retrieved October 8, 2005, from http:/​/​www.phrack.org

2600.com. (2005). Retrieved October 8, 2005, from 2600.com Web site: http:/​/​www.2600.com

cDc. (2005). Retrieved October 8, 2005, from The Cult of the Dead Cow Web site: http:/​/​www.cultdeadcow.com

Back to Articles and Tutorials