As an information security professional, lately I've become quite bored. The state of hacking today seems to be almost solely employed by the spammer-class of miscreants looking to make as much money as quickly as possible. It's big business now. As such, they continue to exploit the same weaknesses, again and again, and simply lack the spirit and ingenuity of previous generations of hackers.
It is in this environment that the latest issue of the underground hacking magazine Phrack has been written after a long hiatus and under a new team of editors. If the document was a disappointment, it is because of the promise it has failed to live up to. As someone who has a notorious attitude problem, a healthy disrespect for authority, and a marked David complex, I have some sympathy for their underground and anti-authority tendencies, though I've not participated in the underground.
That said, the current issue of Phrack looks like it is written more by disgruntled teenagers trying to be nostalgic for a long passed era which they never even participated in. Much like the anti-war protesters, who continue to try to relive their glory days of the '60s, Phrack is an attempt to live the hacking glory days of the '80s and '90s. The problem with both is that those days are gone. "You can never go home again."
Hacking has been commoditized. With spammers running the show whose bottom-line is money, information security threats have become quantifiable, systemitizable, and predictable. Occasionally there are some really neat new security hacks, the WMF exploit and the ANI exploit come to mind, but by and large, it's the same old stupid tricks done and redone. This is because they continue to exploit the weakest link, the unsophisticated PC user who will still fall prey to 419 scams after all these years. Upwards of 80% of people will click on phishing e-mails if the message looks "good" enough, such as through a social networking site. Any idiot can own hardware now… and they do. It's quantity over quality.
At the same time, many of the old school hacker groups have sold out. Instead of continuing to work on their craft, they've gone to work for the highest bidder. As a result, the old hacking vitality has been lost. The Phrack editors are fond of saying that the information security guys need hackers, or they wouldn't exist. It's true. I wouldn't be doing the job I do if it weren't for hacking; the problem is that you're boring the hell out of me.
Article comments
1 - GM Roper
Well done John, very well done.
2 - phrack supporter
I don't agree with you. Your text is quite fatalist. Apparently, you didn't read all the good comments posted on the webpage. You don't participate to the underground but you judge it. It's a little pretentious.
About the old school hacker groups, if you don't participate to the underground, I don't know how you can say that they have sold out.
I'm really happy that some people are trying to resuscitate the old spirit and at the same time publishing nice quality articles.
3 - tiago
good pointing; clear wording.
--tiago