[ISN] Interview with an ex-hacker

From: InfoSec News (isnat_private)
Date: Sun Feb 03 2002 - 22:32:08 PST

  • Next message: InfoSec News: "[ISN] Microsoft taps former DOJ cybercop for top security slot"

    http://www.computing.vnunet.com/News/1128889
    
    By James Middleton [01-02-2002]
    
    According to the defacement archive at Alldas.de, the hacker group
    known as the 'sm0ked crew' only terrorised websites throughout
    February of last year.
    
    But that was maybe enough for one member of the crew, Splurge, who
    decided to call it quits and go straight in the security industry.
    
    Eighteen-year-old Splurge, who withheld his real name, contacted
    vnunet.com to tell us his story. What prompted him to switch from a
    life of box breaking and defacing, to the somewhat more acceptable
    career of a security consultant selling denial of service (DoS) filter
    systems?
    
    "It's not the feds you have to worry about, it's always the other
    hackers that bring you down," he said. "They love to fight each other.  
    They'll nark on you to the FBI just to get you off the scene."
    
    Splurge has had one such call from an FBI agent. "He just turned up on
    my doorstep. Just the standard agent type, he didn't really know
    anything.
    
    "But I'm worried because I've been falsely accused of stealing
    $500,000 worth of software, which I didn't do, it's some other hacker
    who's pinned this on me," he said.
    
    Splurge would not elaborate on this case, as he said it could still go
    to court.
    
    He said that the FBI has honeypots set up all over the internet, just
    to catch hackers. "I got tricked through five boxes," he said with a
    touch of humour. "That's how they caught me."
    
    But sometimes, said Splurge, hackers do get the Hollywood treatment.  
    "Another hacker I know, going by the name of Darkness, broke into
    NASA. Next thing, his door was being kicked down by agents waving guns
    all over the place."
    
    But apart from getting arrested, Splurge assured us that the hacking
    and defacing scene is nothing like in the movies.
    
    "Films like 'Hackers' aren't even close," he said. "I got out of the
    scene because the crew was breaking down, there was too much
    in-fighting, and the danger of getting arrested was becoming more and
    more real."
    
    Although Splurge didn't know any other members of the sm0ked crew
    except by their screen name - "it's safer that way" - he maintains
    that someone else in the hacker community set him up to get him off
    the scene.
    
    "After we hacked Intel for the third time running, I had a visit from
    one of their security guys who had managed to trace me back. He
    offered me a job as some sort of pen tester in a startup security firm
    he was going to launch, but it didn't sound too ethical so I refused.  
    Then he warned me not to touch Intel any more or he'd turn me in. It
    was about then I realised I wanted to get out."
    
    The stereotypical image of hackers is pretty accurate, according to
    Splurge. "It's really just a bunch of really smart kids trying to
    prove themselves. I know I was," he said.
    
    "They're not misfits, they're just trying to make their mark. Defacing
    is an easy way to get on the news."
    
    "It's almost as if they want to get caught," he added. "Obviously they
    don't want to go to jail, but they want to be known for their
    actions."
    
    But Splurge sounds like he's had a change of heart. "Anyone who leaves
    an insecure box attached to the net deserves it. But anyone who
    actually damages data should do time," he said. "We always left
    backups of any sites we defaced.
    
    "It's not hard to secure a box. An operating system is only as secure
    as the admin makes it. I use Linux all the way because I think it's
    easier to secure, but any operating system can be secured, even
    Windows.
    
    "Filtering out IPs that shouldn't be accessing certain servers
    eliminates 99 per cent of problems, and getting a decent firewall
    helps," he said.
    
    "People think defacers just use canned scripts to break sites," he
    continued, "but this is not necessarily true. A scanner is just a lot
    of hard work. I would go to a big site and just wade through each IP
    on the block looking for vulnerabilities."
    
    Most of the misinformation about hackers is propagated by the media,
    according to Splurge.
    
    "If the media stopped glorifying hackers, we wouldn't have this
    problem. They wouldn't be trying to make front page news. And they
    won't stop, either. For every one arrested, five more go free," he
    said.
    
    So what does a hacker do when he's done with making the news? "I work
    for a filtering firm. We stop denial of service attacks taking out
    networks like with Cloud 9, Tiscali and Donhost this week. But I'd
    like a better job in the security industry."
    
    And is there honour among data thieves? Not really. "As we speak, I'm
    just tracking someone who's hit one of my own personal boxes. I'm
    confident I'll get him, and when I do, I'll turn him in. I've no
    problem with that."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Feb 04 2002 - 02:33:27 PST