hH? - controversy '96

Second article relating to Controversy '96...

Security Party Poopers

Hacking used to be almost respectable. No longer, says Michael McCormack

ON A cold Friday night in Manchester, 50 of Britain's leading computer hackers joined forces with their international counterparts for a night of drinking, tale-swapping and, of course, a bit of electronic mischief.

That mischief saw the Labour Party sharing the hackers' hangover, as its Web site was given extensive - and unauthorised - alterations. Tony Blair's image was replaced with that of his Spitting Image puppet and muppets were substituted for the shadow cabinet.

Between that exploit and other, less public online amusements, the hackers found time to discuss their concerns about the changes in the British hacking scene.

What worries them most is their chance of making a career in computing. The majority of hackers are in their late teens and early 20s, some completing degree courses in IT. They worry that the computer-security knowledge they have gained will go to waste, as employers increasingly refuse to hire candidates they suspect of hacking.

One veteran hacker explained: "Until fairly recently, computer-security professionals and hackers had similar backgrounds. Most of them had been hackers themselves at some point and most of us have worked with them on projects. Now that's changing."

"The new breed of security professional is all classroom-taught, they wear suits and ties and they think of us as the enemy. They're not really part of the culture of hacking at all. It used to be that your paper qualifications when you went for a job mattered less than what you actually knew, and everybody understood where you picked up the knowledge. Now it just comes down to where you were trained and whether or not you fit the company mould."

A leading British security consultant, who asked not to be named, argued that there were compelling commercial reasons for this: "There is a huge potential for liability that wasn't there before - the commercial losses a company can sustain now from an online information leak are immense. Also, the nature of the security business has changed. We have to work with people at all levels, educating them about what they need to do to stay secure. Most hackers that I've met don't have the patience or the social skills to do that." Hackers are predicting the increasing lack of sympathy between their community and the security men will lead to more malicious hacking, and some are concerned that hackers' already poor reputation can only get worse.

One hacker, currently semi-retired after a close brush with authority, said the next generation of hackers especially worried him: "When I was learning how to do this, there was still an ethic that it was fine to explore and learn but wrong to go in and do damage. I'm no angel, but I wasn't destroying files. The new kids don't seem to play by the same rules."

To repair their image, British hackers want to work together more often to commit what they describe as "socially responsible hacks". The Labour hack, promised to be the first in a series aimed at British political parties, is an example of what they intend to do.

Hackers are also talking about setting up a consultancy, where security professionals could turn to get the most up-to-date information on hacking methods and security flaws. Paranoia about law enforcement interest and the more general problem of getting these essentially solitary young men organised have so far prevented the proposal moving forward.

Disclaimer: All the info given here is incomplete, there's always something missing. This is basically to cover our own backs, but for someone with a bit of sense it shouldn't be too hard to fill in the blanks. The authors of this page and the carriers do not take any responsibility whatsoever for any action you may carry out as a result of you reading or using this information. Any documentation provided is given for research purposes only.