[ISN] Confessions of an Error-Filled Tome

From: InfoSec News (isnat_private)
Date: Sat May 04 2002 - 04:18:13 PDT

  • Next message: InfoSec News: "[ISN] Shades of gray at security conference"

    [This was grabbed from another list I'm on, I should also mention that 
    we're currently reading Mr. Verton's book and expect to have a full 
    review in the near future.  - WK]
    ---------- Forwarded message ----------
    Date: Thu, 2 May 2002 14:10:58 -0400 (EDT)
    From: Jason Scott <jscottat_private>
    To: intel0202at_private
    Cc: dc-stuffat_private, jerichoat_private, veggieat_private
    Subject: Confessions of an Error-Filled Tome
    Mr. Verton:
    As a researcher working on a historical documentary and a collector of
    what some would call "hacker history", I am often told about
    interesting or relevant books and articles that come out. I was
    directed to your book by an incredulous IRC denzien who was crowing
    about the numerous errors in your book, errors that even an "outsider"
    shouldn't have missed. I wanted to see for myself, and purchased a
    copy (used) of "Confessions of Teenage Hackers (2002)".
    The tipster was correct; your book suffers, even on a cursory glance,
    from glaring errors. I figured you have high hopes of a second edition
    being printed, so I wanted to pass them along to you. Keep in mind
    that these are just from a cursory glance; I've not had the
    opportunity to read the book cover to cover.
    Page 196: "A nationwide hacker crackdown nabs teenage members of the
    notorious hacking groups known as the Masters of Deception (MOD) and
    the Legion of Doom (LOD). The teen hackers are responsible for the
    famous Martin Luther King, jr. Day crash of the AT&T long-distance
    telephone network. The hackers would be indicted in 1992."
    ..this is false. The Martin Luther Day crash of 1990 was caused by a
    bug in the AT&T switching software (often reported as a "wrong BREAK
    statement in the C code"; analysis of the software bug in question is
    out on the internet), which caused a cascading failure and the outage.
    No hackers were at all involved.
    Transcription of AT&T Report on the Bug:
    Lumping MOD and LOD together as some sort of super-team causing this
    crash is an additional error; I was not privy to exact member
    politics, but it's generally known and reported elsewhere that the two
    groups were not fond of each other, and regardless, none of them were
    involved in the crash. What DID happen is that members of MOD were
    raided shortly after the crash occurred, very likely the result of
    turned-up heat from authorities trying to show results for a major
    infrastructure loss. In March, Eric Bloodaxe and The Mentor (both of
    LOD) also were raided, along with a number of other folks, as part of
    a continued effort by the FBI. In all cases, the crimes they were
    ultimately accused of (and for some indicted on) were not related to
    the AT&T crash.
    What bothers me here is the use of the phrase "hacker crackdown",
    which is the title of the Bruce Sterling book that makes the entire
    situation of blaming hackers on a problem they didn't cause its
    central thesis! That is, you mention the title of the book and get the
    facts wrong entirely and completely when they're recounded within the
    first chapter. I'm of the opinion you didn't actually read it.
    >From the hazy vantage point of a decade, I could understand some minor
    slip-ups, but this entire situation was researched and written about
    perfectly by another author. You are perpetuating a myth, a myth
    easily researched and dismissed.
    Page 203: Your bibliography/listing of Hacking-related articles begins
    in 1994. That is fundamentally disturbing. I have to assume this is
    the extent of your research outside of web page listings, and if so,
    you're working with a lopsided, heavily sensationalistic bombardment
    of fearmongering. Most of the coverage of "defacements" attaches an
    extreme amount of weight to the process, when it mostly consists of
    the modfication of text and image documents on an often unrelated
    server, separated from the actual day-to-day functioning of a
    government in corporate entity. Once the Internet became a "hot topic"
    in 1995 with the advent of Netscape and AOL/Microsoft forays into it,
    desperate media outlets, lacking in solid information, grabbed onto
    any subject they could, and defacements recieved a foolish amount of
    coverage. Your biblography indicates you have bought into it
    Page 207: "John Vranesevich - www.antionline.com/jp - The website of
    the founder of the hacking Web site AntiOnline.com, thought to be one
    of the best hackers in the world."
    Goodness, by who? Certainly by Mr. Vranesvich and yourself, I suppose.  
    This isn't my fight, but I find your classification of him
    particularly ironic since you thank Jericho of Attrition for
    assistance with defacement history, and somehow neglect his many
    months of research into Vranesevich as a charlatan:
    Page 208: "Cult of the Dead Cow (now @Stake) - www.l0pht.com - The
    Cult of the Dead Cow (cDc) is best known as the group that authored
    and distributed Back Orifice, an open-source software product that
    allows a hacker to take over a remote computer. However, the group has
    since gone legitimate under the auspices of @Stake, a security
    consulting firm.  That's there you'll end up with this link."
    I'm completely confused where you got this information. L0PHT was a
    group of Boston-based hackers and technical folks who had a permanent
    space rented in downtown boston and later outside boston, hence, a
    loft (l0pht).  Many folks visited them and were friends and
    associates, including members of the Chaos Computer Club and the Cult
    of the Dead Cow. But to combine them like they were all the same
    people... that's just bizzare.
    The Cult of the Dead cow was a textfile writing group founded in
    Lubbock, TX in 1984. They released writings on BBSes and later the
    Internet, well into the present day, and still have occasional
    releases. They gained the attention of the media in the early 1990's,
    and delighted in being called upon for media interviews, many of which
    they used for their own purposes. In the mid 1990's, they started
    releasing programs, including the much-touted Back Orifice tools, and
    gained notoriety for that as well.  Currently, they are affiliated
    with a movement called Hacktivismo, which calls upon hackers to use
    their efforts to better the world for freedom and human rights. This
    is a positive thing, so I understand why you would be unaware of it.
    The L0pht gained notoriety for their programs from the start,
    releasing exploits and programs to show flaws in Windows and other
    commercial products. They were acquired by @Stake and dropped the
    l0pht name some time afterwards, although the name still appears in
    various locations, more as a hint or a reminiscince than anything
    This is also an ironic mistake, as no two groups have earned as much
    airtime and column space as these two in the second half of the 1990s,
    which falls smack into your obvious area of focus. To combine them
    points to incompetency.
    This was minimal effort to find these mistakes. If you intend to
    correct them in a second edition, please let me know and I will send
    you more. If you are not interested and have already turned your
    efforts to other mistake-ridden tomes, I will bother you no further.
    - Jason Scott
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Sat May 04 2002 - 07:20:17 PDT