This article spawns from a conversation on the nature of the “Deep Web” and/or the “Dark Web,” and what is the difference and why.
The “why” is “Why does it matter to me the reader?” It should. It’s your Internet. To quote William Gibson in Neuromancer: “Cyberspace. A consensual hallucination experienced daily by billions of legitimate operators, in every nation, by children being taught mathematical concepts… A graphic representation of data abstracted from banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the non-space of the mind, clusters and constellations of data. Like city lights, receding…” Your Internet contains parents, children, teachers, students, terrorists, criminals, corporations, entrepreneurs, and of course hackers.
Hackers. I am a hacker. I’m a console cowboy. I’m not the modern definition of said occupation, which has taken on the most disgusting overtones and pejorative connotations. The origin of the word hacker really arose out of one location…The Massachusetts Institute of Technology (MIT) Tech Model Railroad Club.
Prior to the advent of computing, the club dealt with “switches” in terms of trains and control systems in relation to analog control systems related to power. Later, “The club’s members, who shared a passion to find out how things worked and then to master them, were among the first hackers. The atmosphere was casual; members disliked authority. Members received a key to the room after logging 40 hours of work on the layout,” according to Stephen Levy in his book “Hackers: Heroes of the Computer Revolution”.
This is also why I work with my local Hackspace now. According to the TMRC Dictionary, a dictionary created to collect the jargon that arose out of the culture, a “hack” is “1) an article or project without constructive end; 2) work undertaken on bad self-advice; 3) an entropy booster; 4) to produce, or attempt to produce, a hack (3).” Remember, information should be free.
I hack on my free time, and I do it on my “box” or console. I got friends out there too. If you can think of a certain patriotic hacker, you probably have heard of him as well. I also hack for the United States Government. That’s part of my R&D function. I use expl01ts, vulns, scripts (I code in Python), and Linux. I use the aforementioned tools against data, and I create simulated/virtualized environments to test “hacks.”
A good example of this is MetaGooFil. Per their webpage, “Metagoofil is an information gathering tool designed for extracting metadata of public documents (pdf,doc,xls,ppt,docx,pptx,xlsx) belonging to a target company.” This information then gets input into high-end analytic programs, separately, to take the data I retrieve to the USG. No. I do not work for the NSA. Yes, I am immoral. In summary, I use tools that would otherwise be used to exploit vulnerable computer systems against massive amounts of data because current tools are not meeting specific goals. I could be buying a Lotus in ten days or less.
“Case had always taken it for granted that the real bosses, the kingpins in a given industry, would be both more and less than people… He’d seen it in the men who’d crippled him in Memphis, he’d seen Wage affect the semblance of it in Night City, and it had allowed him to accept Armitrage’s flatness and lack of feeling. He’d always imagined it as a gradual and willing accommodation of the machine, the system, the parent organism. It was the root of street cool, too, the knowing posture that implied connection, invisible lines up to hidden levels of influence.” ― William Gibson, Neuromancer
KungFuCharlie deleted_10984539_Virginstateofmind Charlie, Coriolanus, For the record, the spoofed broadcast ICMP exploit was NOT my doing. I'd dropped that particular alias years earlier (although I still have a lot of the mail domain address accounts reserved). I consider it a case of some old 'friends' making fun of me in their own weird way (i.e. in a manner they knew would annoy me, as I'd used the same alias in the 1980's, as well as the 00's). Most of the contributions under that tag on the official Macintosh boards are mine. That's the appropriate forum to go gripe over prematurely released software/hardware… Apple's cynical management style regarding premature releases of beta's, and attempt to get 'free' debugging done by Mac-heads to save money is widely hated. Sadly, it's a practice that pretty much guarantees platform instability following every major upgrade, and seems to have been widely adopted across the industry. I have nothing to comment on regarding flashing p-ram or the use of 'root kit' exploits. People should always instal firmware passwords, and upgrade their machines firmware security level… I don't have a good link on this book-marked on this machine, but if another contributor does, I'm sure other readers would appreciate the info. Best, A. Scott Crawford
KungFuCharlie Coriolanus There is a "national plan"… the Cyber czar at the WH gave a speech on the current Admins definitions within the last month. None of us would probably agree with the course the WH has chosen, or even accept his concept of 'offensive' as remotely serious. It's a train wreck waiting to happen, that has no place for top 1%, A++ skilled hackers aside from prison, or deportation under the guise of extradition (where instead of Prison, one will be given the option of working AGAINST the U.S. for new masters, with a new identity). Look, all of us on this thread probably already know what L3 Communications servers in Chicago do, and for whom. Trace your own replies for yourselves, and draw your own conclusions.
MR151 ArcticWarrior Coriolanus (Huge sigh!). The SOFREP readers aren't really going to appreciate this, but: there's a massive difference between a top 1%, A++ "hacker" and the next level down, skill-wise. There's currently a shared consensus among cyberwar VIPs that our inability to attract or recruit this tier of cyber- talent is one of our top problems. To a great extent, A++ types can't be 'taught' or trained or created, especially in terms of 'offensive' categories of cyberwar. A lot of these types of guys have spent the majority of their lives being punished in an arbitrary way by people in positions of authority for nothing more than telling the truth. It's a problem with a complex cause: IT corporate culture, DoD procurement culture, U.S. Law enforcement attitudes, a widespread misunderstanding regarding 'risk', a lax approach to embedding hardware protections as mandatory, on the assumption non-technical people will follow 'best practice', and etc. I've been reading dozens of articles about 'Chinese hackers' over the last couple of months, but haven't seen Joel Brenner's name mentioned once (he was the first Director of the NCIX, and a former IG at the NSA). In other words, the old Men, or decision makers in the DoD and U.S. government, opted to go with policies years ago, that stemmed from one faction of the 'cyber' debate, and largely ignored other factions, despite the fact that doing so carried a much greater downside if 'their' faction wasn't correct. Their faction wasn't correct… in truth, it was horribly flawed and based on demonstrably false first principle's from the beginning. Yet it's STILL the faction that has the most authority in civilian cyber efforts. Moreover, because so MANY government databases have already been compromised, and the current policy is to downplay the existing liability, the 'risk', related to the eventual exploitation of these databases, the political 'blowback' alone practically guarantees that our U.S. ship of state in terms of Cyber-warfare, which is currently running aground, will maintain it's current course. It short, without a drastic overhaul, we've (the U.S.) basically already lost. On the bright side, It's my opinion that the protections adopted relating to the grid, are good enough to limit the 'risk' of a cascading failure to a regional level. (There a program at *#$# that constantly attacks utilities portals looking for vulnerabilities, and a protocol for reporting problems…). Anyway…. A. Scott Crawford (formerly GrouchySmurf…. and etc.)
Catching up on articles and just finished this. FANTASTIC!!! Welcome back Cori!
Simply one of the best articles I've seen on the subject. Makes my GI Bill + CpE degree plan seem more and more like a solid idea.