Weblog

May

07
May
2011
Categories: Meetings

Another fun meeting. During the initial gathering at EC4, it was really interesting to take a look at a copy of Steve Jackson Games' GURPS Cyberpunk. The historical significance of this manual is that Steve Jackson Games was raided by Secret Service during their investigation of Loyd Blankenship also known as The Mentor. During the raid Secret Service seized a manuscript of GURPS Cyberpunk which they called a "handbook for computer crime." Naturally, it was a huge stretch to call anything written in Cyberpunk remotely practical hacking; however, it does contain interesting descriptions of phreaking, encryption cracking, trashing, and in a typical 80s cyberpunk fashion - a howto on breaking ICE.

We have moved to Elephant and Castle later that evening. There was an interesting discussion on the Playstation Network Hack as well as the role that Anonymous Group may or may not have played in the attack. The discussion has progressed to "voluntary botnet" organized by Anonymous in order to launch the DDOS attack against Sony. The primary tool of choice used in this attack was LOIC which was voluntarily used by individuals to participate in the act equivalent to a classic civil disobedience tactic. Interestingly, the tool (intentionally or unintentionally) has very predictable attack patterns susceptible to detection and filtering.

Another memorable discussion during the meeting (before beer content reached critical levels) was the discussion on the use of computer science methods such as formally proving the correctness of a security system and problems you might encounter in dealing with today's complex systems. If you are interested in learning about current research in this area, be sure to check out Towards a formal theory of computer insecurity: a language-theoretic approach presentation.

Posted by iphelix
01
May
2011
Categories: History, Meetings

I came across an interesting San Francisco Chronicle article titled Outlaws on the Cyberprairie published on April 02, 1995. The article is interesting from a historical perspective as it captures one reporter's view of San Francisco 2600 meetings of more than a decade ago. Let's look at the article and see how much have things changed in 15 years.

Near a row of pay phones in an Embarcadero Center plaza, the early birds are hovering over white picnic tables wedged between a Mrs. Fields and a wine bar.

Today, the meeting still takes place in Embarcadero 4 plaza. However, pay phones have long made place for wall advertisements. There are no longer any picnic tables and a wine bar is long gone.

Mostly young men, they wear the grunge fashions of plaid shirts, ski caps and baggy pants. They show off cellular phones, hand out copies of pirated software and swap stories about how to add value to a BART card without paying. A few older men sport survivalist wear -- army fatigues and fly-fishing jackets. The men with natty blazers and polished shoes are computer security specialists.

The audience haven't changed much in years, most attendees are in their teens and twenties with a few older members. Although most of us have jobs and prefer regular jeans to baggy pants and army fatigues. People are still showing off their cellular phones loaded with the latest and greatest iOS, Android, and other variety. There is no longer any need to exchange pirated software as most of the interesting titles are available for free with complete sources. The "men with natty blazers and polished shoes" no longer attend 2600 meetings to learn about the latest and greatest attacks on their networks. The security industry has grown exponentially since mid-90s. Today's security professionals have their own professional information security conferences (RSA) and meetings (baysec).

In keeping with the anarchic hacker ethos, the meeting has no agenda. Conversation among the 25 hackers turns to one of their own who made it to the front page of the New York Times: Kevin Mitnick, the reputed "Billy the Kid" of the Internet...

The number of attendees stayed roughly the same and so did the agenda - everyone is free to share whatever topic they are interested in.

An hour into the hackers meeting, the information begins to flow like beer at a keg party with little concern for legality or ethics -- or whether a cop mingles with the throng. A high-tech show-and-tell begins spontaneously. Some refer to textbooks they've brought along: "Introduction to Computing" and "Cellular Phone Principles and Design." Security experts trade information with young hackers.

While there is indeed a free flow of information over the years the topics tend to steer clear of something outright illegal or unethical. This is partially due to the learning to hack process no longer requiring "borrowed" powerful computers from corporations. Today an entire complex network of systems can be virtualized on a single reasonably powerful desktop computer. Hacking has never been more about the pursuit of knowledge as it is today.

At the end of the hackers meeting, a few head out to Harry Denton's for post-meeting drinks. Others go home to parents for dinner or to their bedroom computer to try a few new tricks. As they bade each other farewell, an Embarcadero security guard in a brown uniform cleaned up the litter of milk cartons and cigarette butts.

We call it 2621 aka 2600 for 21+ year olds, but the idea is the same. I have never seen anyone drink milk during the meetings, but then again times have changed ;-).

The article has some hints of sensationalism especially in its coverage of Kevin Mitnick saga; however, in retrospect this serves as another pointer of the long gone era.

Posted by iphelix