This was an editorial I wrote a while ago for WarpedReality, when the Denial-of-Service attacks were going on. Yes, I know the difference between Hackers and Crackers :) but the medium required Hacker as the operative term.
I'm an old school hacker. My definition of old school is pre-Internet availability, in the days of BBS's. Unfortunately that actually places me in the ancient school category, as I've been hacking on boxes since 1977, when I was able to access the source codes in a hidden directory for a bunch of text-based games on the PRIME mini-mainframe we were connected to in high school.
I am a hacker. I am not a criminal.
To lump me into a category of miscreants who willfully damage systems and software is rude and scurrilous. I don't break into other people's property to be a nuisance. I do break into systems when I am asked to by the rightful owners in order to help determine what security measures need to be taken to protect their property.
Am I against "script kiddies"? Short answer -- no. Long answer -- if you've been running around for longer than one year using other people's tools and ideas, and you've contributed nothing in return except destruction and defacement, then you're not a hacker. Some folks get into hacking via the "script kiddie" route, and there's nothing wrong with that. I look upon it as a stepping stone to a greater knowledge. Some folks learn better by example, and if you've done more than one of the following, you're on your way:
- Written a program in C, C++, VB, Modula-2, assembly, Java, or any language except BASIC.
- Modified any source code, excluding BASIC and HTML, substantially enough to improve the original code.
- Learned another operating system excluding Microsoft or Mac (Double points for Unix. Triple for Oberon).
- Read more than four technical books in the past 12 months, excluding the For Dummies series.
- Learned or read any reference materials concerning networking or TCP/IP, and know what 192.168.X.X is.
- Understand the classes of IP addresses, and how to figure subnet masking.
- Learned how to write in your native spoken language without resorting to numbers or high-ASCII (for example, 3£337).
- Set up a website to disseminate information and help others out.
- Helped another individual with a complex computer problem or program, excluding cracking tools.
True hackers are well-read individuals. They are constantly reading the latest news on sites such as HNN or Slashdot. They contribute new programs, ideas, texts and solutions to the scene. They are either working on learning developing technology before it is released or are contributing to it. Do you know what IPv6 is?
True hackers do not fuck with other people 'just because they can'. They do have the ability to install NetBus on your system if you attempt to Back Orifice them or hit them with a port scanner (hello to Dmitri, 220.127.116.11 : bolgar-13.dialin.datanet.hu on 21JAN2000, you wonder why your .DLL's were renamed to .D11?). They don't mail bomb or listserve-of-death people because they make honest mistakes.
Hackers don't destroy things, they create them. I don't consider folks who deface websites without telling the owner how it was done or leave out a link to the original index.html from the cracked page hackers. I don't consider folks who continue to deface pages after six months starting from the first site they cracked to be a hacker.
A hacker does not go around shouting from hacked websites how '£337 they are. Hackers are subtle. They command respect -- not because their words, but for their actions. Think of all the truly famous hackers on the net. Folks like Mudge, Jericho and Mitnick. You've never seen website pages hacked by them. There are no businesses who have lost large sums of cash replacing their e-commerce sites or shutting down from a distributed denial-of-service attack because of them. Are they Gods, Perfect Hackers? Nope, and they'd be the first ones to say so. The only differences between most of the self-proclaimed hackers and these three examples are experience, reliability and an unquenchable thirst for knowledge. They want to know, but not at the expense of others. Mitnick had huge inventories of information, but he never sold it or gave it away. Do I think he deserved to be jailed for years? No. Do I think he deserved time for being caught with the information and phreaking? Yes, maybe 30 days and 2 years probation requiring him to complete college and find suitable employment, and to let the admins know how he waltzed into their systems virtually undetected. The big outcry was not that Mitnick was innocent, but that he was unjustly imprisoned for years with wanton disregard for the founding principles of our country. Are these three guys Elite? In my opinion -- no, simply because Elite is a hypothetical goal to strive for. Technology evolves so damn fast (for example, Moore's Law) that even if one person attained the status of Elite, it would be fleeting. Figure it as king for a day. These three guys are just damn good, deserving respect and admiration for the hard work they used to assemble their vast knowledge base and how they apply it.
Now, about these DDoS attacks against major net companies... I don't think there's a single true hacker that would condone, let alone sympathize, with the actions taken by these criminals. If there was a rhyme or reason for the attacks, like DDoS'ing a company because they use cheap child labor (such as Iomega using Malaysian factories) or because they were for or against abortions and they hacked related sites, I would be more lenient, even if I didn't agree with their message. But this huge DDoS attack falls into the 'because we can' category, and that removes it from the realm of hackers. Their message (if any) was killed by their medium.