Tuesday, October 06, 2015 Login · Register


Remember Me

Not a member yet?
Click here to register.

Forgotten your password?
Request a new one here.


    Users Online
  • · Members on IRC: 0   
  • · Total Members: 21,783
  • · Newest Member: faizxenvy


        Related Ads



        Top 10 Forum Posters
    Null Set883   


  • iExploit

  • iExploit

  • WeChall

  • Thisislegal.com


        Related Ads

    View Thread
    Security Override The Articles Section [ General ] Articles
    The Current Underground
    Register FAQ Members List Today's Posts Search

    Print Thread
    01-26-2014 09:02 PM The Current Underground

    |=-------------------=[ The Underground Myth ]=------------------=|
    |=------------------------=[ By Anonymous ]=-----------------------=|

    1 - Hacker's Myth
    2 - The Security Industry
    3 - Black Hat, Two Faces
    4 - Technology
    5 - Criminals
    6 - Forgotten Youth
    7 - The Forward Link

    Hacker's Myth

    This is a statement on the fate of the modern underground. There will
    be none of the nostalgia, melodrama, black hat rhetoric or white hat
    over-analysis that normally accompanies such writing.

    Since the early sixties there has been just one continuous hacking
    scene. From phreaking to hacking, people came and went, explosions of
    activity, various geographical shifts of influence. But although the scene
    seemed to constantly redefine itself in the ebb and flow of technology,
    it always had a direct lineage to the past, with similar traditions,
    culture and spirit.

    In the past few years this connection has been completely severed.

    And so there's very little point in writing about what the underground
    used to be; leave that to the historians. Very little point writing
    about what should be done to make everything good again; leave that to
    the dreamers and idealists. Instead I'm going to lay down some cold hard
    facts about the way things are now, and more importantly, how they came
    to be this way.

    This is the story of how the underground died.

    The Security Industry

    Then in the U.S. music scene there was big changes made
    Due to circumstances beyond our control... such as payola
    The rock n roll scene died after two years of solid rock
    - The Animals, circa 1964

    There is little doubt that the explosion of the security industry has
    directly coincided with the decline of the hacking scene. The hackers
    of the eighties and nineties became the security professionals of the
    new millennium, and the community suffered for it.

    The fact is that hackers, mostly on an individual basis, decided to
    use their passion as a source of income. Whether this is good, bad,
    or just pragmatic is completely irrelevant. Nearly all the hackers that
    could get jobs did. For the individuals that decision has been made (for
    better or worse), and in general there's nothing that will change this.

    This was a hacker exodus. What really mattered was not the loss of any
    individuals, but the cumulative effect this had on the underground. The
    more hackers that left the underground for a corporate life, the fewer
    that came in. And those who stayed became entrenched, increasingly

    Collaboration in this new age of career hackers has all but ceased to
    exist. Individuals are now obsessed with credit. For their career, for
    their standing in the community, it must be absolutely clear who this
    research, this vulnerability, or even this opinion belongs to.

    There is no trust in this corporate community; an underground issue
    greatly amplified by corporate motivations. A single person can go months
    or even years without telling anyone exactly what he is working on, and
    whats more, will be genuinely worried about someone "publishing" their
    results before him. There is no respect for the information he holds,
    no belief that information should be free, no belief that research should
    be open. All that matters is credit; all that matters is fame and money,
    their career.

    This is purely the fault of the security industry, who has exploited
    and cultivated this culture, designed it for their needs. The truly sad
    thing is that the corporate security world hasn't realized that they are
    sitting on a gold mine, and as a result the mine is likely to collapse;
    and likely to take their industry down with it.

    The security industry uses information as its sole commodity, information
    about insecurity. Who has the information, and who doesn't is what
    makes this economy work. Whats more, the economy has been founded on
    the continued output of a finite group of hackers. For the most part,
    founded on those hackers that came out of the underground scene at their
    technical prime.

    But these hackers are not going to continue their production
    indefinitely. They will lose their technical edge, move on to other
    industries, perhaps climb the ladder up to management, and then
    retire. The question is, then what? Then it will be up to the new wave
    of young security professionals, whose motivation is as much financial
    as it is passion for the technology and the thrill of the hacking game.

    To imagine that these new wave office workers, university trained and
    disinterested, can match the creative output of a genuine hacker is
    laughable. The industry will stagnate under these conditions. The rapid
    technical advancement we have seen will end, no more breakthroughs:
    no more new security products or services. Just the same old techniques
    being rehashed again and again until the rock has been bled dry.

    I am trying to show you the symbiotic nature of the security industry
    and the hacking scene. Industry needs insecurity to survive, there is
    no doubt about this. A secure and stable Internet is not profitable for
    long. Hackers provided instability, change, chaos. So the industry became
    a parasite on the hacking scene, devouring the talent pool without giving
    anything back, not thinking of what will happen when there are no more
    hackers to consume.

    For this reason, the security industry, much like the hacker underground,
    is doomed, perhaps even destined for failure. But for now, all that
    matters is that we have a thriving industry and...

    A hacker underground proclaimed to be dead.

    Black Hat, Two Faces

    It would be easy to lay the blame squarely on the shoulders of the
    security industry. A lot of people have. Unfortunately, its not that
    simple. Perhaps the underground could have survived without the lure of
    a six figure job, but one thing should be made clear. The self-proclaimed
    black hat movement does nothing to help.

    Various black hat groups have claimed to be the voice of the underground,
    but the black hat scene was only ever a pale imitation of the actual
    underground. The underground wasn't at all interested in public
    self-aggrandizement, but this is all the black hats ever did. All that
    their various rants and escapades accomplished was to show how desperate
    they actually were for fame and recognition.

    But whats worse, while they often talk a big game, they very rarely have
    the pedigree to back it up. This is mostly because these self-proclaimed
    black hats are really just as self-serving as the white hats they pretend
    to detest. With few exceptions, those black hats that aren't already
    working in the security industry are those that don't have the skills
    to cut it.

    The entire anti-security theme was simply embarrassing. This was just the
    black hat movement admitting that they couldn't step up and represent
    in an increasingly technical world. Where once hacking skill commanded
    respect, now the black hats were promoting misinformation in order to
    make what few hacks they managed to pull off easier. They couldn't step
    up to a challenge, they couldn't outsmart the white hats they so detest.

    This ineptitude and misguided fervor of the black hat scene had a
    massive negative impact on the hacking underground. The true voice of
    the underground was lost behind the noise and drama, until the voice
    became a whisper.

    And then eventually fell silent.


    The very nature of technology, a dynamic and intractable force, had a lot
    to say in the demise of the hacking world. In many cases, if a black hat
    had been active 5 or 10 years earlier they would have been technically
    competent and may well have contributed significantly. This is because
    with the utmost respect, and despite all the nostalgia, hackers of the
    past had it easy.

    In the early years, the problems hackers faced were largely related to the
    availability of information. Isolated groups of people had their tricks
    and techniques, and sharing this information was problematic. This is
    in direct contrast with the situation today, where there is an excess
    of information but a void of quality.

    As a result of many differing factors, the world is becoming aware of the
    threats posed by lax security. When there is money at risk, steps will
    be taken to protect those assets. We see now an increasing move towards
    technical security mechanisms being employed as part of a defense in
    depth strategy, and as a result, to be a hacker today requires immense
    technical ability in a broad range of disciplines. It takes years of
    individual study to reach this level.

    But unfortunately, fewer and fewer people are willing, or indeed capable
    of following this path, of pursuing that ever-unattainable goal of
    technical perfection. Instead, the current trend is to pursue the lowest
    common denominator, to do the least amount of work to gain the most fame,
    respect or money.

    There has also been an increasingly narrow range in what is published. In
    part this is because of the lack of accessibility of certain systems
    (through obscurity or price), but this is also increasingly dictated by
    fashion. In a desire to fit in with the community, to be accepted in
    to conferences, to be seen doing the right things in the right places
    with the right people, researchers are all too happy to slot in to this
    pattern of predictable and narrow progress.

    And even then, the standards of what makes acceptable research, or for
    what makes a vulnerability interesting, drops with every year. The gap
    between offensive research and defensive implementations continues to
    grow, to the point where public vulnerability research has become a
    parody of what it once was, a type of inside joke.

    There is no creativity, no sense of arcana anymore.


    From Operation Sundevil to cyber terrorism. The criminalization of
    computer hacking and, by association, computer hackers had a devastating
    impact on the underground. Hacking was criminalized in two ways, both
    of near equal importance: by legislation of computer crimes, and by the
    new trend of genuine criminals using hacking as a method for fraud.

    There should be a clear separation between these two things. The fact
    that the underground collectively became criminals under the law for
    what they had been doing for, in some cases, decades. And the fact that
    in public perception, even among professionals that should know better,
    there was very little distinction between a genuine hacker and those
    criminals using hacking purely as a method for profit.

    Indeed, little of what organized crime and terrorist/activist groups
    are doing could justifiably be labeled hacking. It is simply convenient
    to make this simplification, in media and in industry. The security
    industry knows the difference, but they have no economic interest in
    there being any clarity on this point. Any sort of hacking, anything
    they can sensationalize enough to scare their profit margin up suits
    them perfectly.

    For the underground, these issues largely affected individuals, not the
    broader structure of things. Each person had to make a personal decision
    on whether it was worth 1) being seen as a criminal under the law and
    2) being seen as a criminal in public perception. Why should the hacker
    face this when such an easy, safe, respectable alternative is available
    in the security industry?

    Even the term black hat has been twisted into something more closely
    aligned to organized crime. For all their faults, black hats were not
    (in theory) motivated by this type of money.

    It comes down to an aging hacking population deciding, on an individual
    basis, to settle down with their families, their material possessions,
    their careers. No one can argue that there is anything wrong with this. It
    is just a fact that these hackers left the scene behind.

    Leaving a void too large to be filled.

    Forgotten Youth

    The forgotten aspect of this whole story is, without doubt, the importance
    of new talent entering the world of hacking. Historically, hacking has
    belonged to the young. With every passing year, the average age of hackers
    collectively increases. Some would claim this is a sign of a maturing
    discipline. For surely, what could youth possibly contribute in this
    technological landscape? They call them kids, dismiss them as irrelevant.

    Despite all of the issues facing the underground, if hackers had managed
    to get this one aspect right, if they had recognized the importance
    of those who would come after them, if they had given them something
    to aspire to be, if they had directly or indirectly taught them the
    accumulated wisdom that so often separates a hacker from the crowd;
    then perhaps there still would be a hacker underground.

    Nearly all of the situations surrounding the disestablishment of the
    underground were circumstantial, there was nobody to blame, and nothing
    that could be done. But one point for which this was not true was the
    underground's obligations to young hackers. An entire generation of
    talented hackers have lost the opportunity to become a part of something
    bigger than themselves by participating in a functioning hacking
    community, simply because hackers were too self-absorbed to notice.

    The decline of the underground scene happened relatively quickly, and
    also relatively quietly. The hacker who left the underground behind
    for his new life was unlikely to justify or explain his choices. In
    fact it was more likely he would deny being changed at all. It's likely
    he'd even continue to have contact with his fellow ex-hackers, in some
    imitation of the underground scene. This only helped to obscure what
    was actually happening.

    Today's youth, for the most part, have no true understanding of hackers
    or hacking. They have no knowledge of the history, no knowledge that
    a history even exists. Their hacker is the media's hacker, the cyber
    terrorist, the Russian mafia. This is unfortunate, but the real trouble
    begins for those few that somehow become interested enough to look a
    bit deeper.

    The average person requires some form of role model, something to aspire
    to, to imitate and to an extent, to idolize. At this time, the only
    visible efforts were the white hat researchers, the black hat horde or
    various other technically inept self-proclaimed 'experts'. There is so
    little inspiring research, and even less inspiring hacking, that anyone
    new to the world of hacking is almost invariably left with a skewed
    impression of things.

    Indeed, for a lot of the young people that managed to acquire the
    necessary technical base, hacking was seen as simply an interesting career
    path. There is no passion in these people, no motivation to extend and
    create. A competent professional, valued employee.

    But no longer a hacker.

    The Forward Link

    The hacker underground has been systematically dismantled, a victim of
    circumstance. There was no reason for this, no conspiracy, no winner. A
    conquered people, but with no conqueror, no enemy to fight. No chance
    of rebellion. Conquered by circumstance, if not fate.

    At first this would seem to be a bleak message. What is the point of
    even trying anymore? Why practice a dead art? But the truth is that the
    art is not dead, just the circle that brought the artists together. The
    hacker underground is broken, but the hackers are not.

    Casualties have been high; but there still exists a scattered,
    marginalized, and misrepresented people who are the hackers. Hackers,
    not black hat nor white, not professionals, not amateurs (surely none
    of this matters), are still out there in this world today, still with
    all the potential to be something great.

    The question is not then how to artificially group these people into a
    new underground movement. The question is not how to mourn the passing of
    the golden days, how to keep the memories alive. There are no questions
    of this sort, no problems that can be solved or corrected by individual

    All that remains is to relax, to do what you enjoy doing; to hack purely
    for the enjoyment of doing so. The rest will come naturally, a new
    scene, with its own traditions, culture and history. A new underground,
    organically formed over time, just like the first, out of the hacker's
    natural inclination to share and explore.

    It will take time, and there will be difficulties. Some will not be able
    to let go of the past, and some will fail for not remembering it. But
    in the end, after everything has been said and done, the equilibrium
    will be restored.

    A new world, at the frontier of cyberspace, belonging to the hackers
    by right.
    07-27-2014 06:57 AM RE: The Current Underground
    08-09-2014 06:22 PM RE: The Current Underground
    Where is the underground?
    08-10-2014 03:03 PM RE: The Current Underground
    The underground has no location really. The question you should be asking(since you seem new) is what is the underground.

    Some people may disagree with me or point out other things, but heres my rendition:

    The underground in this context is essentially the hacker culture. Not the infosec culture, but the hacker culture. It dates back to oh say the 60s or so, but didnt really become what we know it today till closer to the late 80s early 90s. Just a bunch of computer, electrical engineers, and phone geeks that started sharing information on quirky things they found in technology. The rise of the internet lead to a boom in the hacker culture and where we really start to see networked hacks taking place. People banded together, made groups, and traded more and more information. Oftentimes the only way to find out what you wanted to know was from a BBS board or an irc chat room, as back in the day there wasnt this plethora of books, articles, and training courses. The above article, originally posted in the legendary phrack magazine discusses the downward spiral of the underground culture.

    Theres a LOT more history to it that I personally find a bit fascinating, like the hacker wars in the 90s with groups like the Cult of the Dead Cow, the morris worm and Smashing the Stack for Fun and Profit creating the exploit boom, tales of the Iceman taking over the carder scene, the antisec movement and the activities of groups like Ac1db1tch3s, h0h0, zf0, etc. Or the lesser known escapades of the group d33ds who targeted the carder community with some pretty novel techniques(not technical ones, but in methodology).

    In essence, if the infosec culture is the culture of the modern day professionals, corporate hackers/security consultants, government agencies and the like, then the underground is the other half of the coin, the keyboard cowboys, the black and grey hats, white hats without organizational affiliation, etc. And of course many people double dip into both sides, much like the not-so-secret-uncomfortable-fact that many security professionals moonlight as black hats and vice versa.
    dmr, September 9, 1941 October 9, 2011

    Never Forget
    08-10-2014 04:17 PM RE: The Current Underground
    I wasn't around for the 80s, 90s hacker scene. I only know it as it stands today (black hats/infosec industry), I remember watching a documentary about the iceman and the carder market. Reading about the exploits of Kevin Mitnick, and fantasizing about the opportunity to be apart of something so creative, and fun. Unfortunately you describe today's scene as it stands. A weird conglomerate of governments/corporations/infosec-freelancers. When do we see the rise of the "new world at the frontier of cyberspace, belonging to the hackers by right." ?

    I have joined the EnigmaGroup, and here in hopes of meeting some of the brightest up and comers in the new world. And be apart of it myself. I don't want to be reminiscent, and stuck in the mindset ("IF only I was born earlier"Wink. Hopefully I will learn, and see it for myself. When they talk of the present years, as we talked about the 60s-80s.
    08-10-2014 05:51 PM RE: The Current Underground
    Dont get it mixed up, I didnt write the article lol someone else did and submitted it to phrack. I thought it was important enough to make sure it got some visibility here.

    I wasnt around for the early 90s either, but I think the point of the article is that trying to revive the old school style of the underground is a fools errand, that instead we should be trying to embrace a new underground. And to do that we simply do what comes naturally. We explore, learn, teach, and just have fun.
    dmr, September 9, 1941 October 9, 2011

    Never Forget
    10-26-2014 01:47 PM RE: The Current Underground
    Thanks for posting it madf0x, one of the best articles i've read in awhile and gives a clearer pic for those of us who wondered where everyone had went...
    Jump to Forum:
    Forum powered by fusionBoard