'New breed' drowning out hacker culture?

A lot has changed in the last 10 years since I first poked my head below the surface of the mainstream computer world into the realm of the computer underground. The thing that most intrigued me about this world, and why I stayed, was the huge body of knowledge and ways of looking at things that wasn't taught in schools and wasn't in any books.

A lot has changed in the last 10 years since I first poked my head below the surface of the mainstream computer world into the realm of the computer underground.

The thing that most intrigued me about this world, and why I stayed, was the huge body of knowledge and ways of looking at things that wasn't taught in schools and wasn't in any books. This incredibly important information about the computers that ran most of the businesses and governments in the world was largely ignored.

The way the information was largely ignored by the mainstream made it "forbidden knowledge." This still holds true today and is a driver for many young people to enter the world of hacking. The way we deal with proprietary systems and computer security as a society leads to this "forbidden knowledge" effect. This has not changed much.

Another thing that hasn't changed is the rebellious nature of teenagers. Having "forbidden knowledge" allows them to rebel against "the man" -- corporations and the government.

Attacks, such as defacing Web sites and denial of service, and "liberating" information, such as credit card numbers, have always been around but they have increased in quantity due to several factors. The quantity of attacks has increased because there are more attackers and they are better armed.

There are more people who have access to computers today and the information and tools to carry out attacks has never been easier to access.

There are more underground Web sites, more underground newsletters, more exploit kits and tools than ever before. This information, now indexed by all the big search engines, can be brought to you in seconds on a DSL or cable modem.

Kids today have it so easy! Back 10 years ago you had to wait hours for your favorite underground BBS phone line to clear. Then you had to scroll through text indexes at 2400 baud (about 1/100 the speed of a high-speed modem) and pick the file you wanted which might take all night to download.

Easy access to tools is only one change in the landscape however. The other major change in the last 10 years is society's reliance on computers. They are not just back behind the counter at the bank or in the data center of a large corporation. They are right in our homes and on our desks at work.

If someone defaces a Web site or takes down your stock trading site, you see it and it impacts your life. This change gives people a new medium to spread their message and has brought the rise of web graffiti artists and "hacktivists." It also brings some level of fame to the attackers.

So now there are more people, with easier access to attack tools and exploit information, able to break into computers and spread their message to more viewers. But the people carrying out all of the attacks are not the people developing the tools or publishing information about computer security vulnerabilities. This new class of attacker has arisen in the past few years and is usually called a "script kiddie".

The script kiddies seem to be everywhere. Their numbers are enormous compared to those who actually have the hacking skills to find the vulnerabilities in a supposedly secure system. You can see this effect at hacker conferences such as DEF CON and Hacking on Planet Earth 2000 (H2K). The number of intelligent people speaking has grown slightly each conference but the audience seems to be doubling each year. There are clearly more consumers of the "forbidden knowledge" whether they are "script kiddies," people trying to secure their own software or computer systems, or more nefarious types out to commit serious crimes.

If you define hacker as one who has the hacking skills required to find computer security problems and write the tools required to demonstrate them, then not that much has changed in the last 10 years.

If you broaden your definition, as the media often does these days, to those who can follow cookbook instructions or run pre-canned scripts to attack a computer then a lot has changed. The effects of the script kiddies are what people see and care about now. They impact more people and have captured the public's image of what a hacker is. So while old school hackers haven't changed much, a new breed has arisen and threatens to drown out the original hacker culture with Web site defacements and denial of service attacks.

Weld Pond is a research scientist working with the security firm @Stake Inc.