Sophisticated, Targeted Breakins Uncovered

Ichabod writes "Sophisticated computer criminals stole data from Unisys, Booz Allen, L-3 Communications, Hewlett Packard, and Hughes Network Systems. It sounds like they used a combination of social hacking and undetected low-profile malware (reportedly NTOS.exe) to steal and encrypt sensitive data, and compromised Yahoo accounts to store and retrieve it. An international investigation appears imminent. And yes, unfortunately Reuters calls the criminals 'hackers,' further besmirching the once-revered title."

Another day another break-in

[Anonymous Coward]

Security is only as good as it's implementation. These articles seem to get the same responses everytime. I would love to see /. act like a think-tank sometime and really come up with some solutions.

Re:Another day another break-in

[ringfinger]

According to the article, they used social engineering by "seducing employees with fake job-listings". This is interesting because it targets those employees that are most disgruntled. Offer them a chance at another job and they'll give you a username/password that probably is the same one they're using to access the corporate account system.

I agree, we should somehow pool our collective knowledge and accumulate it somewhere. There's an idea for /. to pull it back up on par with digg.

Re:

[prelelat]

on par with Digg? I think Slashdot is still better than Digg. The articles aren't always some top ten games of all time, top ten country albums of all time. I think you can get allot more technical responses from Slashdot users on average, and you don't get as much "I'm l33tz ur 5ux0rz" I do see good comments at both places, and good stories at both, but if it's a slow news day at Digg you can expect to see allot more useless drivel then on Slashdot. At least if you filter out one particular editor...

Ei

Re:

[djdavetrouble]

off topic but i agree. I get sick of the idiotic comments there and the low
quality of the copy on submissions. It is like being inside a teenaged male's brain,
not a good place to be.

Already known. Just not implemented.

[khasim]

The solution is to establish a pattern of what account at what workstation accesses what information from what servers at what times.

Then any deviation from that pattern is flagged and investigated.

Why is Alice in Accounts Receivable searching the HR server?
Why is Alice logged into Bob's machine in HR?
Why is Alice logging in at 1am?

Re:Already known. Just not implemented.

[Kadin2048]

The problem is that this, like most other effective security schemes, is expensive.

Companies won't implement more security than is cost-effective. Their decision making process is going to be driven directly by the perceived odds of being broken-into, times the cost of a possible breakin. They're not going to spend more money than that.

I doubt there are really going to be any serious (multi-million or -billion dollar) consequences for any of the companies involved. Maybe a few people will get fired and some new procedures will get written into some document that nobody reads, but there's not going to be a major bloodletting. (These companies run the government, in the most literal sense.)

When you see a F500 company absolutely taken to the cleaners -- totally bankrupted -- due to an IT-security mishap, then you'll see real security implemented. But until then it's just going to be a lot of after-the-fact patching-up and good 'ol "security theater." And a lot of blaming the messenger. That's always cheap.

Not that expensive. Just requires planning.

[khasim]

You're right, there won't be any serious consequences. There usually aren't.

But the only problem with my proposal is that it takes THOUGHT and PLANNING. It cannot be retrofitted to an existing network. (unless you're really lucky)

The networks have to be constructed so that each point can be monitored. Instead, most networks grow "organically". As connections are needed, they're added. Without any plan. Just get the connections in now.

The same with servers. The last place I worked had a server in the DMZ cab

on par with digg?

[xzvf]

Quality on par with digg? I don't even know how to respond. Maybe you wanted to Quantity on par with digg. The moderation and answers here are far more insightful and not nearly as biased as the ones on digg.

The only thing I find strange..

[i8myh8]

..is that they'd use Yahoo! Mail to retrieve the data. Gmail offers more space. Hrm. Poorly researched.

Re:The only thing I find strange..

[jojoba_oil]

Actually, the so-called hackers thought that "Do No Evil" was a command to those using Google's services. As such they went elsewhere.

In all seriousness, I'd be willing to bet that they used compromised Yahoo! accounts for a few reasons: yahoo users are generally less computer-savvy (read: easier to compromise), they probably use gmail accounts themselves so they didn't want to draw attention there, and google has been rumored before to keep e-mails even after being deleted from the account.

Interesting new avenue for social engineering...

[ringfinger]

Put job ads in front of disgruntled employees and ask them to create accounts to apply -- then watch as they merrily type in their favorite usernames/passwords into your cracker system. Easy as pie...

Not strange at all

[CrazyJim1]

Yahoo offers "unlimited" mail storage. Maybe not with new accounts, but several of mine do.

Re:

[Hoi Polloi]

Plus gmail has mail content sensitive ads. So are they getting ads for credit card number websites and rootkits now?

Re:

[jandrese]

I find it amazing that they feel the need to compromise someone else's yahoo account. Yahoo literally gives those things away for free, and it's not like you can't sign up from a compromised machine to mask your IP address. It just seems like extra effort to compromise those accounts and the only thing it buys you is a greater chance of detection when the real yahoo user logs back into his account and sees it full of credit card numbers or whatnot.

frequency

[HomelessInLaJolla]

The article is rather light on details. My first thought is to wonder how, after all this time, they finally managed to figure out that their systems were compromised.

My second thought is to wonder if it's even true or if this is just spin-hype for Trend.

My third thought is to objectively note that this is probably not an isolated incident. If this particular incident is this big then, in all likelihood, there are hundreds or even thousands of other compromised systems which haven't been diagnosed.

My fourth thought is "Haha!"

Re:frequency

[pegr]

You want details? This trojan appears to be a variant of this nasty little bugger [securescience.net]. (Warning: pdf). The link is to a detailed technical report on how it works, what it does, and how to decrypt data it encrypted. It was authored by Secure Science Corporation back in November of 2006.

They told you all you need to know. M$ Again.

[twitter]

FTFA:

Hackers only targeted a limited group of personal computers, which kept traffic down and allowed them to stay under the radar of security police who tend to identify threats when activity reaches a certain level.

In this case, we are safe assuming "personal computers" == Windoze. Big dumb companies put that crap on people's deskstop.

The lesson learned again is that corporate security is only as strong as it's weakest link. If you let Windoze retrieve your data you have no secrets.

Proven theory

[HomelessInLaJolla]

And you didn't figure THAT out until today? LOL.

You must be new here.

Give it up

[IndustrialComplex]

I don't think you have to worry about the term 'hacker' being besmirched any more. It, like several other terms have entered the mainstream vernacular. If you really care about the terminology that much, invent a new term for what was the original 'hacking'. It is far too late to close the barn door on the hacker misconception.

Re:

[morari]

And while we're at it: I'm not a Trekkie, I'm a Trekker! Geeze.

Re:

[elrous0]

The funny thing is when trekkies/trekkers/whatever are asked to explain the difference between the two terms, they always give either meaningless, nonsensical, or contradictory answers. It all boils down to a bunch of trekkies getting all pissed off back in the 70's/80's that the name had such a negative connotation and thinking that a few changed letters would hide the fact that they were still virgins wearing Starfleet uniforms.

Re:

[Fred_A]

I thought trekkers just went on long hikes...

Re:Give it up

[Jack Pallance]

I guess you could say, this issue needs more than a "Band-Aid" for a solution.

Get it?

Band-Aid!!

(OK, It was a term that used to be used exclusively to mean a specific brand, but has now changed its meaning over time to mean something broader. I don't know why I even try with you people...)

Re:

[elrous0]

You mind if I put a Xerox of this post up on my office bulletin board?

Re:

[treeves]

I think I need an aspirin.

DoT is on the list..

[dotpavan]

and "A Department of Transportation spokeswoman said the agency couldn't find any indication of a security breach." awesome!

Booz Allen = privatized US government services

[schwaang]

Good one.

But from reading TFA, you might think "*yawn*, some big companies got hacked, who cares."

I don't know about DoT, but a lot of government services are being run by Booz Allen and other contractors. I called up some Federal agency hotline a while back and got a greeting like "Welcome to the US Dept. of XYZ hotline, run by Booz Allen. Please call back [during a time of day that is impossibly inconvenient in your time zone]." Think of them like Halliburton, only in Washington D.C. instead of Iraq.

If

Re:

[moosesocks]

Welcome to America.

By the time the general public catches on to how terribly and horribly bad this is, it'll be too late to do anything about it.

There's been talk of selling or leasing our interstate highways to overseas investors as a source of tax money. I believe it's already been done in Illinois, and there are talks of doing the same for the NJ Turnpike.

The incident a year or so ago about port security being run by an overseas corporation also didn't sit well with me at all. I'm all for international

"to steal and encrypt sensitive data"

[InvisblePinkUnicorn]

See, hackers get a bad rap. These folks were kind enough to encrypt the sensitive data they found, so that no outside parties could get a look at personal records.

No, it was never that way

[Henry V .009]

"further besmirching the once-revered title"

Revisionist history a little?

Re:No, it was never that way

[sconeu]

Yes. See the Jargon file. The term "hacker" has a long and distinguished history, before it was hijacked by the asshats who are "crackers".

Re:

[u-bend]

Yes. See the Jargon file. The term "hacker" has a long and distinguished history, before it was hijacked by the asshats who are "crackers".

Yes, but therein lies the problem I've always seen with the term that the tech community would prefer people use, i.e. that "cracker" already has a slang definition, and most people in the world will have reactions ranging from confusion to effrontery at the notion that their computer system was compromised by a bunch of rednecks.

Re:

[It'sYerMam]

Or that their system was compromised by a thin, crispy biscuit.

Re:

[Killjoy_NL]

That would be social engineering at its best :D

meanings

[falconwolf]

Yes, but therein lies the problem I've always seen with the term that the tech community would prefer people use, i.e. that "cracker" already has a slang definition, and most people in the world will have reactions ranging from confusion to effrontery at the notion that their computer system was compromised by a bunch of rednecks.

I don't think there's much of a chance people confuse someone who's proficient with something like a computer and a white Southerner or redneck. Hack also has another meaning,

Re:

[wamatt]

Perhaps its irrelevant what it once was. A hacker now is a bad guy. Trying to re-educate the massive public mindset for the sake of some historical correctness, seems like a futile experience. Eventually 99% of the population won't know or care the origin.

It's like complaining about the word "gay" being used by teenagers and not referring to a homosexual or when people say "Mac O.S.X" instead of Mac OS Ten

Re:

[Anonymous Coward]

You do know that OSX was programmed entirely in roman numerals, right?

Re:

[fenodyree]

Asshats!

Now there is a title. Hackers gone, White Hat never made it. Enter Asshat.
Today I asshatted a Big Corp's main server, so I emailed their admin to fix the hole. I am such an Asshat.

Re:

[Penguinshit]

I prefer the term "honky", thankyouverymuch...

Re:

[Stormie]

Yes. See the Jargon file. The term "hacker" has a long and distinguished history...

...and the Jargon File has a lot and distinguished history of passing off the vernacular of Eric S. Raymond and his circle of friends as some sort of universal language used by All True Computer Hackers everywhere.

Re:

[Himring]

No, no. They meant "rappers."

Re:

[Frequency Domain]

It's not revisionist. The term "hacker" has a history going back more than 50 years at MIT. Although its use has changed over the years, it definitely carried a connotation of using skill, imagination, and wits [mit.edu].

Re:

[_Sprocket_]

Revisionist history a little?

I'm curious - did you first become aware of the term "hacker" after watching WarGames [imdb.com] or Hackers [imdb.com]?

"further besmirching the once-revered title"

[falconwolf]

Revisionist history a little?

There is no revision of history when someone points out hackers ARE NOT criminals nor that they intentionally damage systems. The first tyme "hacker" was used derogatorily was in the 1980s, before then Hacker [fiu.edu] meant "simply referred to a person who was capable of creating hacks, or elegant, unusual, and unexpected uses of technology."

The concept of hacking [berkeley.edu] entered the computer culture at the Massachusetts Institute of Technology in the 1960s...
But there are standards fo

If you have a problem with the term hacker

[pembo13]

contact the editors [reuters.com] about it politely.

From Webster

[Shihar]

Main Entry: hacker
Pronunciation: 'ha-k&r
Function: noun
1 : one that hacks
2 : a person who is inexperienced or unskilled at a particular activity
3 : an expert at programming and solving problems with a computer
4 : a person who illegally gains access to and sometimes tampers with information in a computer system

I am pretty damn sure that the thieves in question meet both #3 and #4, hence they are 'hackers'. I probably would not waste time bothering Reuters to complaining that not all hackers are evil. They used the word correctly.

Re:

[Waffle Iron]

I would only have a problem with the term "hacker" if my mind were too feeble to grasp the concept of a homonym.

Re:

[Fulcrum of Evil]

What's that got to do with anything? You are aware that a word can have many meanings?

Re:

[Waffle Iron]

You are aware that a word can have many meanings?

That's exactly what I was pointing out.

Re:

[Fulcrum of Evil]

No, a homonym is two words that sound the same. In English, when you spell the words the same, it's the same word.

Re:

[arashi no garou]

True, however I'd be willing to bet the average straight guy with a smile on his face would be confused for at least a few seconds if someone said to him "Wow, you sure look gay today!"

Social engineering

[athloi]

At least in the old days [textfiles.com], we used to call it "social engineering" and hacking meant any kind of programming outside the obvious. That included getting machines to fork over security credentials, but that meaning was a subset of the broader term, which meant both a cheesy quick fix ("what a hack!") and a dancelike circumnavigation of inherent limitations to produce a semi-elegant but sturdy fix ("kernel hackers drink coffee black").

Better writeup at WaPo

[wiredog]

The Security Fix Blog [washingtonpost.com]

Re:

[BobMcD]

You'd think so, yeah, and I was going to mod you up for it, but some one here has their wires crossed...

Reuters story: Hackers steal data, moving it in encrypted form to their own servers.

A Department of Transportation spokeswoman said the agency couldn't find any indication of a security breach

WaPo/Kaspersky story: Hackers sew up customer data in encryption, leaving behind a ransom note asking $300 for the key.

Those are similar, down even to the list of companies. But I wonder, if all the DoT's data is encrypted, and there's a ransom note, how they failed to detect that?

In seriousness, I wonder what the truth

Don't use windows on Secure networks.

[LWATCDR]

I know the pro windows crowd will jump up and down but I hope they will hear me out.
1. Windows is the most popular OS on the planet. Just for shear number of systems it is most hacked.
2. Windows is harder to lock down than most other OSs. That is often because software expects to be running with admin rights.

I am trying to figure out how no one noticed these programs trying to make connections to the outside world. My guess is that they where not expecting a Trojan. Heck we got hit by a worm at my office. It didn't get through our firewall at all. Somebody brought a notebook in and connected it to our network.
It only infected three machines but it was a good cheap lesson for us.

Re:

[BobMcD]

My guess is that they where not expecting a Trojan ...especially coming from their own, presumably patched and up-to-date, boxes.

Don't rule out the social engineering aspect here. They sought out security employees that wanted to leave the company.

Genius, really.

wow

[nomadic]

I know the pro windows crowd will jump up and down but I hope they will hear me out.

Uh....the huge pro windows crowd on slashdot?

Re:

[rbanffy]

Don't forget /. is getting increasingly digg-ish.

Expect a huge amount of Windows vict^H^H^H^Husers here.

Re:wow

[cecille]

Gah, not to get into a huge flame war here, but I seriously don't understand why there's this association of liking/using windows and being some kind of computer moron.

Let me put it right out in the open here - I like and use Windows. In fact, I'd wager that a large number of /. people do, and either downplay it or deny it. Now I'm not saying that unix type OS's don't have their place - I use solaris and linux at work for coding and my servers generally run openBSD. BUT I want my personal box to be as easy and hassle free as possible so I run windows and only windows. I don't consider myself to be a windows victim and it's not a choice I made just because that's what came with the box. Say what you want about bloatware, but it's nice to buy a piece of hardware and have it just work. It's nice to install a program without having to recompile the kernel. It's nice to have a box I can actually buy decent games for. And no...I haven't reinstalled every two weeks since I bought it and yes, it is still working and not overflowing with disease and spyware.

Look, I'm not trying to defend every aspect of the OS - clearly there are some issues. But as I get older and more impatient, I'm starting to see windows as the more attractive option simply because there are some things that they got very, very right. Namely the fact that they put so much emphasis on usability.

Anyway, my long winded point is that not all windows users are stupid or just stumbled upon windows by accident. I know it's fun to bash things senselessly, but let's grab a little perspective here. Windows is not the devil, it's just not perfect. Nothing is.

OSes

[falconwolf]

I want my personal box to be as easy and hassle free as possible so I run windows and only windows.

Sounds like you want a Mac.

Say what you want about bloatware, but it's nice to buy a piece of hardware and have it just work.

I've bought 4 new PCs for myself running some version of Windows, two were from Gateway, one from HP, and the other one is from Microway [microway.com]. The one from Microway is the only one of the four that I did not have trouble with either the hardware or the OS, which is NT4.0. One of the

Re:

[jlarocco]

Anyway, my long winded point is that not all windows users are stupid or just stumbled upon windows by accident. I know it's fun to bash things senselessly, but let's grab a little perspective here. Windows is not the devil, it's just not perfect. Nothing is.

The "problem" is that the vast majority of Windows users are stupid and they are using Windows simply because it came with their box.

Of the hundreds of millions of Windows users, maybe 0.5% are actually computer savvy and chose to use Windows. Of

Re:

[acherrington]

...Or you can use the NSA's Security Guide to provide a standard model of security. Sounds like you need to look at the configuration guides for router's switches and Operating Systems. http://www.nsa.gov/snac/downloads_all.cfm [nsa.gov]

OS security

[falconwolf]

1. Windows is the most popular OS on the planet. Just for shear number of systems it is most hacked.

Yea, I went into a Mac store, not an Apple store, and asked about antivirus and firewall programs and the worker I talked to said Macs don't get infected and don't get broken into. I tried to tell him the only reason is because the people who do such things target OSes with big market shares and that when Macs get big enough a share they will be targetted. He just kept saying OSX is immune.

While I like

Evil FBI at it again.

[N8F8]

Using their evil databases to identify trends and patterns.

more data please

[scolbert]

Wouldn't it be nice if we could get more data on these security breeches? The articles are so lite weight. What technique? What data? I think the more we learn about these problems, the more bullet proof we can make our systems. We are at a disadvantage in that the criminal understands the vulnerability and can exploit it over and over again.

Sammy at IT/Personafile [personafile.com]

Not Sophisticated At All

[neoshroom]

"What is most worrying is that this particular sample of malware wasn't recognized by existing antivirus software. It was able to slip through enterprise defenses," said Yankee Group security analyst Andrew Jaquith, who learned of the breach from Morris. "This is a serious threat. It shows how sophisticated hackers have become," Haro said.

This is not sophistication.

1. Take any virus/trojan that is recognized by antivirus software.
2. Put it through an executable compression package [wikipedia.org] to make its code vary from what it used to be on the hard drive or in memory.
3. Viola! Your malware is now stealthed from any antivirus program.

Either that was rather simple or I am a seriously dangerous hacker.

Re:

[TClevenger]

At least in the olden (DOS) days, when McAfee came upon a pklite'd executable, it would unpack and scan the unpacked executable. I would hope that current antivirus programs would do the same.

No Hope Allowed

[neoshroom]

At least in the olden (DOS) days, when McAfee came upon a pklite'd executable, it would unpack and scan the unpacked executable. I would hope that current antivirus programs would do the same.

Even if the virus scanner scans for pklite'd executables, you can always write your own unique executable compressor or modify an existing one until your executable is non-detectable.

Virus scanners are like front door locks. Any serious cat burglar is just going to grappling hook to the roof and cut a hole through str

Re:

[CastrTroy]

Virus scanners are like front door locks. Any serious cat burglar is just going to grappling hook to the roof and cut a hole through strait into the attic bypassing the door lock entirely.

That has to be the worst analogy I've ever heard. Cutting a hole in the roof is akin to having a virus that displays a giant message on the screen saying "I'm a virus, delete me". Do you think nobody is going to notice you throwing a grappling hook and climbing onto someone's roof? Or are the people in the house not g

Re:

[BobMcD]

I believe the sophistication is question is the combination of the targets, the undetectible malware, and the delivery method. Not the malware itself.

This was a concentrated attack "seducing employees with fake job-listings on ads and e-mail" and was only directed at specific targets, rather that the entire world at once.

Likewise they used a website that was unlikely to be blocked to warehouse the data, instead of somewhere in Russia, etc.

No, this seems a bit above the bar to me.

I See

[neoshroom]

I believe the sophistication is question is the combination of the targets, the undetectible malware, and the delivery method. Not the malware itself.

So the sophistication was the delivery method -- email! Now my Grandma is a hacker too!

This isn't true

[TheReckoning]

I have watched both BitDefender and Kaspersky open those executable compression packages. I don't have BitDefender in front of me, but during scans it logs the quantity of "packed" files that it has unpacked. It seems reasonable to assume that most of the rest of the AV companies do the same.

It's arguable that the AV products are always able to open up every variation of these things, but it's incorrect to say that simply enclosing your malware inside one automatically makes it undetectable.

Re:

[Fulcrum of Evil]

what happens if I send a 100k worth of gzipped zeros through your scanner? Will it open up the whole thing? Feel free to substitute an appropriate quantity of gzipped zeroes.

Re:

[idontgno]

cat /dev/zero | gzip -c | mail -s "Unpack this, beeotch" fulcrum@evil.org

Re:

[icydog]

How did you get modded +5 Insightful? From the link you posted:

Also, some older virus scanners simply report all compressed executables as viruses because the decompressor stubs share some characteristics with those. Most modern virus scanners can unpack several different executable compression layers to check the actual executable inside.

Because It Is Insightful!

[neoshroom]

What is not insightful is pointing out that modern virus scanners can unpack some forms of executable compression. I promise, there are easily made custom forms of compression they are not familiar with unpacking, which is the whole point -- only takes one hole to sink the ship and only takes a person with a blunt instrument to make a hole.

Everybody's happy!

[ingo23]

From the article:

A Department of Transportation spokeswoman said the agency couldn't find any indication of a security breach.

See, it's a win-win situation - the criminals did everything smoothly without leaving a trace, and at DoT it looks like nothing happened!

Use of "hacker"

[Matt Perry]

Reuters calls the criminals 'hackers,' further besmirching the once-revered title.

Get over it. Seriously. This romanticism for some obscure meaning of a word being understood by the general public is really getting tiresome. Words can have multiple meanings depending on the context and hacker is no different. We just have to live with it. There's no way to change the meaning of the word in the public consciousness without some type of huge marketing campaign. Saying you are a Perl hacker is going to be interpreted the way you want by the audience you are targeting with that phrase. If someone thinks you are breaking the security of Perl then they probably don't know what Perl is and aren't the audience for your use of that word. Likewise, when I talk about forking and killing children I'm not talking about murdering babies (contrary to what the marketing woman thought, whose office was near my cube, when she reported me and my co-worker to HR 10 years ago).

Re:

[Bill, Shooter of Bul]

true enough. We should just come up with a new word that means the old thing. Hack is a type of saw, and I can see some 'hacks' that could be accomplished by it. However, much cooler 'hacks' could be made with a chain saw. So I now consider myself to be a chainer. Then there would be no confusion when talking about unorthodox modifications to subprocess prior to termination, or colloquially, After the children have been forked, you have to chain them before you kill them. Duh.

Re:

[_Sprocket_]

There's this notion of 're-claiming' the word for geeks instead of the 'bad guys' that's ahistorical and revisionist at best. The word 'hacker' has long been used by people who are interested in doing interesting things with technology. It has also long been used by people who want to cause harm or find gain by their technological skills.

While you've got a really good point, I'd also add that there's another distinction in between the two. Some of the "doing interesting things with technology" often involved bypassing access controls. Part of that is simple understanding of a system to the point of being able to defeat it. Part of it is being able to do something you're not supposed to be able to do - very much part of the hacker ethos and what better way to exercise it than counter something specifically designed to stop you from doing

Re:

[obi]

You wrote the comment I was going to write. I echo the feeling this "reclaiming" is revisionist. The only time I heard the term "cracker" really being used was wrt "software cracking" to bypass its (copy) protection of some sort. And the people that did it happily referred to themselves as crackers, too.

Like you say, the ESR "cracker" is really an ex post facto invention - and basically a pejorative term. Well, RMS used "cracker" in 1983 too, iirc - but there too it was a conscious and artificial attempt at

"Sophisticated, Targeted Breakins"

[Pluvius]

I didn't think it could get more sophisticated than the classic Breakin 2.0: Electric Boogaloo. Bravo, hackers!

What's with the whining about the word "hacker," anyway? Talk about beating a dead horse.

Rob

Security Answer

[Cytlid]

I have the solution to all of our security concerns.

  There are two types of people in the world:

  - those who care about computers
  - those who don't

Chances are the first group are experts (of varying degrees). The second group are most likely the "vulnerable" ones (in terms of social engineering).

My solution -- never let group #2 touch a computer again. Ever.

Re:

[Chineseyes]

My solution -- never let group #2 touch a computer again. Ever.


Congratulations you just put group #1 out of work.

puzzel

[Fuzzums]

hacker : criminal :: freedomfighter : __________

Re:

[multipartmixed]

hippie!

hippie!

[falconwolf]

Yeap! A relatively long haired one. I even like The WELL [well.com].

Falcon

Favorite (and most telling) quote:

[idontgno]

"Internet security firms began to release patches to fight the malicious software on Monday night."

"Hey, dammit, don't close that barn door now, we're trying to put the horses away!"

hax0rz

[Eil]

And yes, unfortunately Reuters calls the criminals 'hackers,' further besmirching the once-revered title."

You mean after they've been doing this for 20 years, there's still somebody left who cares about it?

Re:

[plague3106]

Hormel is amused with the term spam for junk mail. I guess you've never looked at their site huh?

Re:

[Attila Dimedici]

"Hormel is amused with the term spam for junk mail. I guess you've never looked at their site huh?" That may be now, but a few years ago they sued a number of people for violating thier trademark by using the term for junk email. They lost but the gist of their argument was that people were implying that Spam was undesirable thus damaging the value of the brand that they had built up.

Re:

[the_greywolf]

As much as I hate what's become of the title "hacker," I still love it when I'm walking down the street wearing my "hacker." t-shirt from ThinkGeek.

On sidewalks, I'm given a wide berth.

In stores, I'm carefully watched, but all the clerks are extremely friendly and very helpful. (I can usually get retail shopping done quicker and more efficiently.)

Even restaurants and fast food places seem more concerned about my personal satisfaction.

These people are scared of hackers.

Re:

[secolactico]

As much as I hate what's become of the title "hacker," I still love it when I'm walking down the street wearing my "hacker." t-shirt from ThinkGeek.
On sidewalks, I'm given a wide berth.

Are you sure it's not just B.O.?

Re:

[Farmer Tim]

These people are scared of hackers.

Whereas if you wore a T-shirt with "Cracker" written on it, all you'd get is derisive laughs from people of a certain ethnic extraction.

Re:

[Fulcrum of Evil]

Nah, the official cracker uniform is a stained wifebeater and a meshback hat with a big 3 on it.

Re:

[evil_Tak]

Linux, except for RHEL is neither FIPS, nor Common Criteria certified.

So what you're saying is that RHEL is Common Criteria certified [atsec.com], so the OS is more secure, and SOMEONE doesn't have to worry about going to prison.

Re:

[PitaBred]

So is proper capitalization and punctuation, yet, somehow, it doesn't happen very often...

Re:

[SL Baur]

This battle was lost ages ago, yes I actually used to care about it, too. Why? I have no idea. It's clear from context what the word means. Context includes who you are talking to, what you're talking about, etc.

True the battle was lost a long time ago, but context is cultural too. I've given up trying to explain the difference to my wife who is not a native English speaker. I do consider it a big deal though and I will make sure my kids know the difference.

Why do you care so much about these things?

Because it was our word first. There was an idiot no-name blogger who had an article posted here a few months ago who was trying to coopt the term "superuser" as a synonym for virus writing criminal who should be shot, IMO.

Why do you care so much about these things?

[falconwolf]

Because it was our word first

If you mean first for technolgy and computers, yes, but "hack" had been used for a long tyme to mean someone else. In the 1920s, I believe, "hack" [wikipedia.org] meant someone who was a journalist, reporter, or writer. I'm not sure but I think "hack" was used in the 1941 movie "Citizen Kane" [imdb.com] , meaning reporter.

Falcon

Re:

[SL Baur]

Merriam Webster http://mw1.merriam-webster.com/dictionary [merriam-webster.com] says that variant of hack dates from the 1600s and comes from the British word `hackney', or taxi driver.

Language abuse is a serious matter. Example: `Rugby' in my wife's culture is the brand of glue of choice for those who would abuse such things, hence `doing rugby' means sniffing glue not playing a team sport with a ball.