The Anti-Security Movement

Para maniak underground di Indonesia mungkin pernah ada yang mendengar tentang istilah Anti-Security Movement, atau pr0j3ct m4yh3m, dsb. Sebagian tahu mengenai masalah ini, namun sebagian lain belum tahu kejelasan nya dan penasaran tentang ‘apa itu project mayhem dan anti-sec movement?’. Berikut ini akan diberikan penjelasan singkat dari stryfe mengenai hal tersebut, penjelasan (they called it, speech) tersebut di record oleh salah seorang anggota underground juga pada site nya, versi asli bisa ditemukan disini. Dan sebagai informasi, stryfe merupakan salah satu anggota kelompok underground pendukung pr0j3ct m4yh3m.

--------------------------------------------- Begin -----------------------------------------------

This is a speech by a good friend New7yp3 in an IRC chatroom about the Anti-Security Movement…
His Screen Name in the IRC is Strayfe:
The tags are voided out by the stupid filter so I’ll only show N3w7yp3s speech… the questions will follow

strayfe: okay
The speech is starting now
Okay, to quickly recap some definitions
For the duration of my talk, the following definitions will apply:

Blackhat: someone who hacks for a hobby, does not post exploits publically, does not work for a security company

Whitehat: works for the security industry, gets paid to legally hack in into systems, may also audit code for a company like CORE SDI, ISS, etc.
I’d like to amend that by saying they also post exploit code on sites like milw0rm.packetstorm/securityfocus/etc/etc

Now, the security industry is evil.
They lie to their clients, the public and the media
They don’t care about computer security at all; they just care about money.
They *want* the world to be insecure.
After all, if the world was completly secure, they wouldn’t have a job now would they?

So, as I was saying, if the world was prefectly secure, they’re out a job.
They’d have no place in the world.
They directly contribute to insecurity and they feed the script kiddies.

Look at it logically. The whitehats post fully functional exploit code to widley known web sites, exploit code that can be downloaded by anyone and immedatly used to start owning boxen.
If the whitehats would stop doing this, the script kiddies would have *far* less ammo then they used to.
They’d eventually die off (even though very slowly)
Now, the whitehats don’t want this to happen.
Because, again, they’d be out a job.
So, the whitehats perpetuate the cycle. They work to get the exploits into the hands of script kiddies, so a lame company get a box or two owned, and then call a security company to get a pen test done.
And the security company walks away with a new bundle of cash
Eventually certain people got tired of this.
And they started what’s known as the anti-security movement.

-More stupid Crap…prolly distracting-

The idea here was to stop posting exploits, stop feeding the whitehats, and stop all communication between what was left of the hacker “underground” and the security industry.
Bear in mind this was circa 2000ish, when there actually still was a very active “underground”
The anti-security movement was intended for people who took the moderate stance. People who didn’t like how things were working out, and wanted to try to change things. Oddly enough, some whitehats even adopted it, seeing the truth behind it.

There was another idea that also started however. It’s a bit more widley known. pr0j3kt m4y3m was started by el8 in an attempt to destroy the security industry.
To destroy it by force.
The idea was to own all the whitehats you could, drop their d0x, steal their 0days (if they had any) and rm their box.

After all, if a whitehat can’t protect their home LAN (which one would expect to be a bastion of security), who would hire them for a pen-test and expect them to do a good job?
pr0j3kt m4yh3m was intended to shake the confidence of the IT industry in the security industry.
Eventually it moved away from el8 and spread to #phrack@EFNet after #phrack@EFNet was taken over by a group calling themselves the Phrack High Council
They were sort of a front group for pr0j3kt m4yh3m, publicly prompting it’s values through their site phrack.ru (which as down now as crg gave the domain to shiftee and xtx has to get it back)
Jim Jones picked up on pr0j3kt m4yh3m and spread it to the hack.co.za channel #darknet
later Jim Jones changed his nick to The_Unix_Terrorist, left #darknet and became affiliated with GOBBLES. Hew gave the famous “wolves among us” speech with GOBBLES and silvio at DEFCON X
For a speech that essentially made all the points I made earlier about whitehats, it was quite well received by the audience, most of whom were in fact security professionals themselves.
Today, in many sites like HTS, HBH, etc etc, blackhats are regarded as script kiddies, while it’s cool to be a whitehat and they’re regarded as the “real hackers”
Why should we all become whitehats? What has the security industry ever done to benefit the internet at large? They post public exploits for the script kiddies, they spread lies and propaganda about hackers, they’ve turned a fun hobby into a get rich quick scheme were if you have a CEH people think you’re qualified, and they work to destroy the underground that gave birth to them.
Look at the Honeynet Project for a moment.
The idea is to set up networks of “research honeypots” to entrap the blackhat community and “study” their motives and tactics.
All the honeynet project catches are the really dumb, lame script kiddies
the kinds who have trouble with ./configure && make
Really, who else goes around mass brute forcing SSH logins or scanning /8’s and /16’s for vulns that are 3 or 4 years old?
they catch kids who still use that old rpcstatd overflow FFS
They never produce anything worth reading and yet the beg for funding and complain when they can’t get it.

Hmm, I wonder why? It’s such a feat to catch botnet herders from the .ro or .br.
Take a look at Phrack magazine really quick. While it is getting better, for a while every article in an issue was written by a corporate whitehat.
Phrack founded itself upon the principles that it was “for hackers by hackers”
How do things like sebek fit into that category? sebek is intended to spy on hackers, and while it can be subverted to be a rootkit in the traditional sense of the word, there are better ones avalaible.
But yea, sebek was the the honeynet project’s idea to spy on the hackers they trap. Too bad it was easy to detect for any one who had a small understanding of computers.
It hooked the read and write syscalls, and replaced them with it’s own versions. It also messed up the distance between them and it was easy to write a small C program to detect sebek.
So much for their “undetectable” solution.
The worst are the people that were “underground” hackers at one time and then turned their backs on the scene and their friends and sold out to the corporate side

They work against people who are exactly like they are.

They decry people who illegally enter systems when a few short years ago they were doing exactly the same thing.

They work against their former friends. They ruin perfectly good exploits by thoughtlessly posting them on Full-Disclosure in an attempt to make a name for themselves.

They post crappy code in the public domain in an attempt to make a name for themselves.

what they used to do for free they put a price tag on.

They sold their souls for money.

The security industry is the single biggest fear mongering market on the planet.
They use fear of hackers to motivate people to buy their services and products.
Now, a lot of the bigger companies like Symantec, CORE SDI, ISS, etc etc have active 0day research and development teams
They have teams of highly skilled individuals who audit code for a living, finding vulns in popular applications that are in the public domain.
Things like Apache, OpenSSH, the Linux kernel, IIS, etc etc
They then use these exploits in what special “0day penetration tests”
After they own the clients network they impress upon them the fact that it was very easy to do so and that there are 0day exploits actively circulating amongst the blackhats, and they could just as easily own the network.
They charge a huge amount of money for 0days tests, usually at least $15,000
When it comes time for their mitigation report, they have to offer a solution besides “don’t use the vuln service”
Usually it’s along the lines of “buy this product of ours, for a mere $20,000 you can be completely protected”
Then they go a publish a new vulnerability, come back and tell the client “oh yes, a new exploit was discovered and is public, now you need to pay for a service upgrade.”

It all comes back to the fact that they don’t want secure computers.
They thrive on a state of insecurity and fear.
Every new major exploit (recently safari and IE exploits) and very new worm or virus undergoes the predictable media hype

they just care about the quarterly return.
the share holders
and the vacation homes of their CEO

Why should you help those who don’t help you?

Why help those who want to destroy you?

Why help those who would love to use you as an example to strip up media hype to drive up their quarterly gains?

:::::QUESTIONS:::::

Revolt: hasn’t the phrack magazine ended?
strayfe: no
phrack 64 was just released recently
Revolt: ah ok
and project mayhem?asdf: strayfe, is project mayhem still active? (cba to type it out with numbers and shit)
Revolt: did they get a load of whitehats?
strayfe: yes and yesRevolt: 1 more question
strayfe: yes
and go ahead
Revolt: you said the underground was active at like ~2000
isn’t it very active now?
and if not..do you know why?
Strayfe: not compared to what it once was
because of the whitehats.
sites like HBH tell people it’s evil to go actually hack
and they listen and never develop and real skills.
Revolt: i c

lesserlights: so could you name some groups that were active in the underground ~2000 and some active currently, for comparison?
Strayfe: They never delve down into the lower levels of programming and learn about things like adjacent memory overflows, and innovate new techniques

---------------------------------------------- End ------------------------------------------------