http://www.nmrc.org/pub/report/sn-dc-2003.html Have you noticed the change? Do you remember where you were when you first felt the change? I am talking about the change in the security community, especially the underground community. Less trust. More control. Less truth. I'm not talking about society since 9-11, although most certainly looking at things like USA Patriot and DSEA one can certainly see less trust, more control, and less truth. I'm talking about the underground closing ranks. The emergence of Richard Thieme's third generation hackers. The holy trinity of hackers -- trust, control, and truth. Typically the purest form of knowledge -- the facts -- are what hackers refer to as truth. A wisp of falsehood or lie will cause a hacker to bristle. With the nature of hacking being to learn the true nature of something, the truth is an important commodity. Trusting a truth. An important item on the hacker checklist. Can a "truth" be trusted as really being true? Crawling through the ether, keeping enemies as friends, encountering the unknown, a hacker needs to know not only who to trust but what. And it is never a glass that is half empty or half full, it is a swirling and ever-changing fishbowl filled with truths and lies, all swimming together and influencing each other. Finding the truth needle in a haystack of disinformation -- the marching orders of the new millenium hacker. Hackers need to be able to not only understand the control mechanisms that surround a truth, and the nature of those controls, but to understand the responsibility that comes with exercising control over a truth. Also, knowing when and how you are being controlled and manipulated, be it by pervasive means or just the fact that you are aware your actions are being monitored. Having your actions monitored can influence your behavior substantially. Between TLA-driven Carnivore-styled systems to enemy hackers with dsniff to nosy ISP admins, the tilting game board has not just shifted the controls, but the mere threat of controls have changed hacker methods drastically and permanently. There are hackers -- white hat types -- that have removed code from their web pages simply because of the threats posed by such things as DMCA. Talk about Sun Tzu tactics -- many coders removed their work from the net without any laws being used against them. That's a serious control mechanism right there. The new millenium hacker has seen this landscape of unknown enemies in unknown numbers, circled the wagons, and lives a multi-layered life behind layered walls of security, disinformation, and distrust. Two years ago I gave a talk at DefCon 9 that was in my opinion the highpoint for Simple Nomad 1.0. I received a lot of positive feedback from this talk, mainly along the lines of agreement that society is heading for a suppressive human rights hell in a handbasket cleverly disguised with a transnational conglomerate cloaking device. It was a call to arms that things were going from bad to worse. After DefCon 9, September 11 happened, and all of my exaggerated claims -- as well as the claims of many others -- began to happen. Claims of the coming neo-Hooverism began to usher forth starting with the passage of USA Patriot and followed by a series of Presidential directives and legislation currently in various stages -- some passed into law, some pending before a willing congress -- that seriously attacks the hacker and hacker culture. What came of that so-called warning, that call to arms? Nothing. Why? Because I trusted in my own logic. I assumed that everyone at DefCon was just like me, and would react the same way I did. Rather than assuming the "Russ Cooperesque" title of Cassandra of the Internet, and blame my audience, or assume I was simply an old schooler talking to a jaded generation beyond my reach, I tried to think things through. Hopefully I've learned a thing or two about trust and a bit about control. So this brings us quite naturally to aliens and UFOs. Give me a moment to explain.... How many people have seen, or know someone who has seen a UFO? My guess pretty much everyone here. I find this to be very compelling. For years, we have been taught that to utter a belief in UFOs, admit seeing a UFO, or confessing in a belief that aliens are trading antimatter reactors to our government for porn, is to stand up and say we are crazy. The media has very effectively taught us this. *This* is a control. However it is human nature to talk about the weird and bizarre, so eventually a fringe element proclaims whatever truths they can find, they are easily led astray with disinformation, but they manage to make enough noise to get at least parts of society to acknowledge some of their truths. Their truths become almost a religion. And now, after several years, it is ok to acknowledge in public, or at least among friends, to admit that you or someone you know and trust has seen a UFO. With careful encouragement from the media, it becomes ok, and is even a relief, to acknowledge this because you *aren't* crazy, in fact you are normal. What is interesting is that the government can keep up its denial of UFOs, we can keep confessing to each other and get a warm fuzzy, and because of the nature of humans to *want* to be accepted above all else, the "truth that is out there" remains just that. Out there, not here. We think we are one up on the government, when in fact we are not. Instead of continuing to "fight the good fight", we actually become more docile. That is a *meta-control*. Remember, we live in a world where the slime marketeers understand that everyone thinks they are one of those 10 percenters. You know, "only the cool people buy our stuff, its not for everyone." Yet everyone buys the product. Simple math says not everyone can be in the 10%, but if you create the illusion.... Are we all so amazing that all of us are among the 10% best athletes, best drivers, best lovers, best hackers? At DefCon 9, I spoke from a perceived vantage point that I was among the fringe element, and I assumed that I and the audience were within that 10%. Instead I encountered a meta-control. In spite of the fact that right after 9-11 we all knew shit like USA Patriot was on the way, there apparently was nothing we could really do about it, or if there was, we were content to get that warm fuzzy by simply sharing our concerns with each other. The call to arms was nothing but a warm fuzzy. It has taken me two years to understand that I hit a meta-control, that I was not in the 10%, in fact the existence of the 10% was probably an illusion anyway. But it was the understanding of a truth. The realization that a new millenium hacker was emerging from within my limited 1.0 view of the world. I watched myself morph, adapt and change to my world. I literally watched myself circle the digital wagons. And in doing so, I watched the air-gap between nym and psyche -- between the virtual world and the physical world -- disappear. To understand the truth about something like a computer is to not only understand how the components fit together, how they interact, when they can be bent or broken, when you can exploit sublevels of trust between components to bypass a control -- it is also about understanding that computer's placement within a network of others. Understanding that the computer, whether placed in the home or in the office, is a reflection of the user that stores their data on it. Understanding that the data itself, when coupled with other computers on the network near it, tell such interesting stories, like who controls the company, who hides the company secrets, or who controls the cash flow. Hacking business processes, hacking corporate culture, controlling the flotsam and jetsam in the digital flow. And hacking becomes meta-hacking. Imagine tying companies within the same industry together at this level, then industries, then governments and nation states. Is that too big? No. We cannot think in those terms anymore. Like it or not, hacking has changed. We have to think big. Hacking is not just about seeing the limits of a computer system, or even the limits of the political world that has risen up around the modern-day hacker. Hacking is about understanding the system, the complete system. You must hack yourself. Not the digital self, because there is truly no division anymore. We are plugged in, and there ain't no going back. We *have* to hack ourselves. Not just the surface tension that is wrapped in a nym, but the core of your hacker self. Explore mental ring zero. Live to hack, and hack to live. This is the future of meta-hacking, not just controlling the operating system, but controlling and influencing what the operators of that system do -- whether those operators do what they do for good or ill, and whether that system is a computer, a political set of ideals, or your own thought processes. This is why we are pursued through cyberspace by USA Patriot and the other horses of the digital apocalypse. It is our potential. If we turned our hacking skills from the systems we have root on to the data stored on those systems *and what that data represents*, we could possibly discover where that 10% is really at. I am not going to tell anyone what to do anymore, namely because until I fully and truly understand my own truths, and can trust my vision and understand the controls that bind me, I only serve the will of others. Others who wish to control you AND me. I can't tell you where the truth lies, because I refuse to accept the reality shovelled up my ass by the Man. I have to question everything, and while I am not telling you what to do, I *am* inviting you to do the same. Question yourself. Question your questions. Question your lack of a question. Martin Luther King, Jr. said he dreamt of a day when a man was judged not by the color of his skin, but by the content of his character. I dream of a day when a hacker is judged not by the color of his hat, but by the content of his code. I'd like to close with jrandom's infamous paraphrasing from Fight Club: "The people you are after are the people you depend on. We develop your apps, we backup your data. We route your packets, we defend you while you sleep. Do not fuck with us." I thank you, NMRC thanks you, see you next year. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Fri Aug 08 2003 - 01:14:34 PDT