[ISN] Simple Nomad's DefCon 11 Rant

From: InfoSec News (isnat_private)
Date: Thu Aug 07 2003 - 23:00:21 PDT

  • Next message: InfoSec News: "RE: [ISN] Ehrlich Orders Voting System Security Study"

    http://www.nmrc.org/pub/report/sn-dc-2003.html
    
    Have you noticed the change? Do you remember where you were when you
    first felt the change? I am talking about the change in the security
    community, especially the underground community. Less trust. More
    control. Less truth. I'm not talking about society since 9-11,
    although most certainly looking at things like USA Patriot and DSEA
    one can certainly see less trust, more control, and less truth. I'm
    talking about the underground closing ranks. The emergence of Richard
    Thieme's third generation hackers.
    
    The holy trinity of hackers -- trust, control, and truth.
    
    Typically the purest form of knowledge -- the facts -- are what
    hackers refer to as truth. A wisp of falsehood or lie will cause a
    hacker to bristle. With the nature of hacking being to learn the true
    nature of something, the truth is an important commodity.
    
    Trusting a truth. An important item on the hacker checklist. Can a
    "truth" be trusted as really being true? Crawling through the ether,
    keeping enemies as friends, encountering the unknown, a hacker needs
    to know not only who to trust but what. And it is never a glass that
    is half empty or half full, it is a swirling and ever-changing
    fishbowl filled with truths and lies, all swimming together and
    influencing each other. Finding the truth needle in a haystack of
    disinformation -- the marching orders of the new millenium hacker.
    
    Hackers need to be able to not only understand the control mechanisms
    that surround a truth, and the nature of those controls, but to
    understand the responsibility that comes with exercising control over
    a truth. Also, knowing when and how you are being controlled and
    manipulated, be it by pervasive means or just the fact that you are
    aware your actions are being monitored. Having your actions monitored
    can influence your behavior substantially. Between TLA-driven
    Carnivore-styled systems to enemy hackers with dsniff to nosy ISP
    admins, the tilting game board has not just shifted the controls, but
    the mere threat of controls have changed hacker methods drastically
    and permanently.
    
    There are hackers -- white hat types -- that have removed code from
    their web pages simply because of the threats posed by such things as
    DMCA. Talk about Sun Tzu tactics -- many coders removed their work
    from the net without any laws being used against them. That's a
    serious control mechanism right there.
    
    The new millenium hacker has seen this landscape of unknown enemies in
    unknown numbers, circled the wagons, and lives a multi-layered life
    behind layered walls of security, disinformation, and distrust.
    
    Two years ago I gave a talk at DefCon 9 that was in my opinion the
    highpoint for Simple Nomad 1.0. I received a lot of positive feedback
    from this talk, mainly along the lines of agreement that society is
    heading for a suppressive human rights hell in a handbasket cleverly
    disguised with a transnational conglomerate cloaking device. It was a
    call to arms that things were going from bad to worse. After DefCon 9,
    September 11 happened, and all of my exaggerated claims -- as well as
    the claims of many others -- began to happen. Claims of the coming
    neo-Hooverism began to usher forth starting with the passage of USA
    Patriot and followed by a series of Presidential directives and
    legislation currently in various stages -- some passed into law, some
    pending before a willing congress -- that seriously attacks the hacker
    and hacker culture.
    
    What came of that so-called warning, that call to arms? Nothing. Why?  
    Because I trusted in my own logic. I assumed that everyone at DefCon
    was just like me, and would react the same way I did. Rather than
    assuming the "Russ Cooperesque" title of Cassandra of the Internet,
    and blame my audience, or assume I was simply an old schooler talking
    to a jaded generation beyond my reach, I tried to think things
    through. Hopefully I've learned a thing or two about trust and a bit
    about control.
    
    So this brings us quite naturally to aliens and UFOs. Give me a moment
    to explain....
    
    How many people have seen, or know someone who has seen a UFO? My
    guess pretty much everyone here. I find this to be very compelling.
    
    For years, we have been taught that to utter a belief in UFOs, admit
    seeing a UFO, or confessing in a belief that aliens are trading
    antimatter reactors to our government for porn, is to stand up and say
    we are crazy. The media has very effectively taught us this. *This* is
    a control.
    
    However it is human nature to talk about the weird and bizarre, so
    eventually a fringe element proclaims whatever truths they can find,
    they are easily led astray with disinformation, but they manage to
    make enough noise to get at least parts of society to acknowledge some
    of their truths. Their truths become almost a religion. And now, after
    several years, it is ok to acknowledge in public, or at least among
    friends, to admit that you or someone you know and trust has seen a
    UFO.
    
    With careful encouragement from the media, it becomes ok, and is even
    a relief, to acknowledge this because you *aren't* crazy, in fact you
    are normal.
    
    What is interesting is that the government can keep up its denial of
    UFOs, we can keep confessing to each other and get a warm fuzzy, and
    because of the nature of humans to *want* to be accepted above all
    else, the "truth that is out there" remains just that. Out there, not
    here. We think we are one up on the government, when in fact we are
    not. Instead of continuing to "fight the good fight", we actually
    become more docile. That is a *meta-control*.
    
    Remember, we live in a world where the slime marketeers understand
    that everyone thinks they are one of those 10 percenters. You know,
    "only the cool people buy our stuff, its not for everyone." Yet
    everyone buys the product. Simple math says not everyone can be in the
    10%, but if you create the illusion....
    
    Are we all so amazing that all of us are among the 10% best athletes,
    best drivers, best lovers, best hackers?
    
    At DefCon 9, I spoke from a perceived vantage point that I was among
    the fringe element, and I assumed that I and the audience were within
    that 10%. Instead I encountered a meta-control. In spite of the fact
    that right after 9-11 we all knew shit like USA Patriot was on the
    way, there apparently was nothing we could really do about it, or if
    there was, we were content to get that warm fuzzy by simply sharing
    our concerns with each other. The call to arms was nothing but a warm
    fuzzy. It has taken me two years to understand that I hit a
    meta-control, that I was not in the 10%, in fact the existence of the
    10% was probably an illusion anyway.
    
    But it was the understanding of a truth. The realization that a new
    millenium hacker was emerging from within my limited 1.0 view of the
    world. I watched myself morph, adapt and change to my world. I
    literally watched myself circle the digital wagons. And in doing so, I
    watched the air-gap between nym and psyche -- between the virtual
    world and the physical world -- disappear.
    
    To understand the truth about something like a computer is to not only
    understand how the components fit together, how they interact, when
    they can be bent or broken, when you can exploit sublevels of trust
    between components to bypass a control -- it is also about
    understanding that computer's placement within a network of others.  
    Understanding that the computer, whether placed in the home or in the
    office, is a reflection of the user that stores their data on it.  
    Understanding that the data itself, when coupled with other computers
    on the network near it, tell such interesting stories, like who
    controls the company, who hides the company secrets, or who controls
    the cash flow. Hacking business processes, hacking corporate culture,
    controlling the flotsam and jetsam in the digital flow. And hacking
    becomes meta-hacking. Imagine tying companies within the same industry
    together at this level, then industries, then governments and nation
    states.
    
    Is that too big? No. We cannot think in those terms anymore. Like it
    or not, hacking has changed. We have to think big. Hacking is not just
    about seeing the limits of a computer system, or even the limits of
    the political world that has risen up around the modern-day hacker.  
    Hacking is about understanding the system, the complete system. You
    must hack yourself. Not the digital self, because there is truly no
    division anymore. We are plugged in, and there ain't no going back. We
    *have* to hack ourselves. Not just the surface tension that is wrapped
    in a nym, but the core of your hacker self. Explore mental ring zero.  
    Live to hack, and hack to live.
    
    This is the future of meta-hacking, not just controlling the operating
    system, but controlling and influencing what the operators of that
    system do -- whether those operators do what they do for good or ill,
    and whether that system is a computer, a political set of ideals, or
    your own thought processes.
    
    This is why we are pursued through cyberspace by USA Patriot and the
    other horses of the digital apocalypse. It is our potential. If we
    turned our hacking skills from the systems we have root on to the data
    stored on those systems *and what that data represents*, we could
    possibly discover where that 10% is really at.
    
    I am not going to tell anyone what to do anymore, namely because until
    I fully and truly understand my own truths, and can trust my vision
    and understand the controls that bind me, I only serve the will of
    others. Others who wish to control you AND me. I can't tell you where
    the truth lies, because I refuse to accept the reality shovelled up my
    ass by the Man. I have to question everything, and while I am not
    telling you what to do, I *am* inviting you to do the same. Question
    yourself. Question your questions. Question your lack of a question.
    
    Martin Luther King, Jr. said he dreamt of a day when a man was judged
    not by the color of his skin, but by the content of his character. I
    dream of a day when a hacker is judged not by the color of his hat,
    but by the content of his code.
    
    I'd like to close with jrandom's infamous paraphrasing from Fight
    Club: "The people you are after are the people you depend on. We
    develop your apps, we backup your data. We route your packets, we
    defend you while you sleep. Do not fuck with us."
    
    I thank you, NMRC thanks you, see you next year.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Aug 08 2003 - 01:14:34 PDT