
Inside the Billion-Dollar Hacker Club - oBeLx
http://techcrunch.com/2014/03/02/w00w00/
======
tptacek
2000 words of post-hoc fallacy about an IRC channel.

We're discussing here a group of people who started their careers dead smack
in the middle of the dot-com bubble, practically all of them in
software/network security, a field that has stayed valuable since its
inception. _Of course_ they've done well for themselves.

This would be interesting if the denizens of #w00w00 had, say, invested in
each other's companies. But as I understand it (I was a #!r00t person; our
biggest win was ISSX) that's not at all what happened.

Sorry to sound pissy. I'm just hoping to forestall another goofy HN conspiracy
theory; the idea that w00w00 is, like, the Internet's "Skull & Bones". No.

Also, I suspect the stories about w00w00 as a "hacking group" that broke into
people's machines: total BS.

~~~
davidu
Gotta disagree with you on this one. Lots of folks in w00w00 worked together.
In that sense, they did invest in each other (with time and effort, if not
cash).

Also, back in the late 90s defcon days, w00w00, CdC, New Hack City, each had
an entrepreneurial spirit. w00w00 perhaps more than most. I remember when CdC
launched BackOriface, it was just as much a startup launch as anything.

Note: I don't claim to be a member of any.

~~~
tptacek
I was there. I'm friends with several w00w00 people, and worked for 4 years
with Dug. I wasn't in w00w00 because I was in a "rival" channel (by the way,
it sounds weird to mix TESO and ADM up with IRC channels like #w00w00 and
#!r00t and #guild).

We were all of us entrepreneurial, but being in w00w00 didn't get any any
support from, say, d0b.

I'll do you one better: #!r00t'ers started a bunch of companies together.
Other than WhatsApp (WHICH I ADMIT BLOWS THE CURVE), were there a lot of
multiple-w00-person companies?

~~~
mrspin
I wrote the article and, yes, I probably conflated TESO and ADM with w00w00 on
one level, though I did a ton of research and those other hacker groups were
routinely mentioned in comparison.

"Gotta disagree with you on this one. Lots of folks in w00w00 worked together.
In that sense, they did invest in each other (with time and effort, if not
cash)." \-- that's correct and a good way of putting it.

~~~
tptacek
Well, two of those are vulnerability research teams, and one of them is a
social club, but sure, I guess you can use them all in the same sentence. ;)

------
swang
Shawn Fanning was part of tons of "crews" on EFNet. Just like anybody else who
was on irc at the time.

Before WhatsApp's purchase, the "napster on irc" byline was, #winprog taught
him all he knew about winsock programming and without #winprog napster would
never have been made.

Now suddenly it's "without #w00w00, napster would never have been made"
because this combined with WhatsApp's purchase lets someone write some 1500+
word article about nothing.

I wonder what would have happened if TetriNET ended up selling for millions
back in the day, would that have suddenly become the irc hackers made
bajillions byline?

And surprise surprise, people who used one of the more technical
communications medium back in the 90s end up being technical people when they
grew up.

~~~
tptacek
As you can probably tell from upthread, I agree with you. I'll point out a
difference between #winprog and #w00w00 though: #w00w00 had the con scene ---
#w00w00 people would see each other every year at DefCon and Pumpcon and,
later, CanSec. Also, a lot of these people wound up working in the same city
(say, Atlanta, or Columbia MD --- I get ISS, Monkey, and w00w00 mixed up).

------
csl
As an aside, do anyone here still use IRC regularly? It seems some open source
projects have permanent channels, but I don't know how active these are.

Haven't really used IRC since the mid-90s, but perhaps it's a good way to
connect to other developers? Is there a representative YC channel?

~~~
spindritf
Absolutely. All day, every day.

There is no better way to coordinate. Clients for every platform are
available. You can have new tickets, bugs, announcements piped into the
channel. Discuss everything instantly and in real time, while leaving a log
for those who are offline, highlighting them when necessary.

Running your own server is perfectly feasible. And if you connect to a known
ircd with SSL forced, it's reasonably secure. There are even OTR plugins for
many popular clients (♥irssi♥). There's also FiSH but that's on the
inconvenient end of the paranoid spectrum.

It is perfect if people you're going to communicate with are proficient
computer users.

~~~
mtrimpe
How do you handle travelling between devices though? I find it virtually
impossible to function on IRC with the gaps in between from when I'm offline,
but still haven't found a workable way to keep a persistent session going
across devices (work, home, mobile.)

------
mitochondrion
What if I want to join the modern-day equivalent of this group's beginnings?

~~~
atmosx
Hello,

I was in two 'crews' as they used to call them in the early 00s. I'm not sure
if you would _really want join them_. I think I prefer my current networking
(twitter, github, blogposting, hacker news, stack overflow, etc.)

Back at the time, there was no StartUp culture (where I lived, not talking
about Silicon Valley), everything was _closed_ and there was a huge debate
over full disclosure (I'm not even sure how it ended... I remember tf8,
antisecurity.is and the rest...).

There were a few skilled people around and almost everybody knew them. WEB 2.0
didn't exist (twitter, facebook, etc.) the web was a totally different
place...

I'm not sure it was better though, it seemed way more exotic IIRC. But the
general behaviors of the communities (linux communities, hacker communities,
etc.) was awful: You were getting your fair share of curses every day. Some
IRC networks were wild, with DOSSes (flood, nuke and other shit which could
disconnect a 56k easily) flying around. Exploits were flying around, some
private some not-so-private.

Security was not an _industry_ and the required skillset was not so extreme as
it is today. I mean, you could do quite some damage without being very
technical. Things changed after 2002-3 (you can see this in the Phrack
articles, turning suddenly extremely technical).

Then the web-based internet came out, everything start requiring PHP+SQL and
XSS was born. Then Java and after that JavaScript... Which created a new, less
sophisticated attack vectors.

Then the era were officially sponsored cyberwars came into play arise. Stuxnet
was the most prominent example of this era, with the NSA revelations and
China's cyber-army giving a clear view of how the security industry is shaped
nowadays.

Today there are no _crews_ like Team TESO (I'd like to read about the story of
their members...), ADM, etc. I still remember 's0ftproject[1]' back in the
days in Italy. Some members can still be found involved in the Tor project.

Anyway, things have changed for the better or worst. Better keep up with the
times...

ps. Today's world should be considered a kinder-garden for a security
professional. Way more attacking vectors (so more protection needed) and a
huge amount of companies which understand the importance of computer security.
Back in the 2001 telnet was still widely used...

[1] [http://www.s0ftpj.org/](http://www.s0ftpj.org/)

~~~
tptacek
Security wasn't an industry before 2002? Huh? Security made millionaires out
of half of #!r00t and (I assume) #w00w00 before 2000, mostly due to ISS. It
professionalized in the mid-1990s.

~~~
atmosx
Hm, _security made millionaires_ you say, I'm not sure about that. WhatsUp is
not the kind of application that I would expect from a former
w00w00/TESO/MoD/ADM/Gobless/LSD-PL/whatever. Most of them are into security I
assume and I don't recall anyone becoming millionaire, in the sense that no
story made headlines to my knowledge.

But you probably know better, since you're on the field.

~~~
tptacek
People have been selling security companies for 8-9 figures for the last 13
years or so, more or less continuously. And when we're talking about #w00w00 /
#hack / #!r00t, you also have to contend with ISSX, which was an extremely
successful IPO. So, yeah: reevaluate that thought.

------
dangrossman
It's weird the way like-minded people somehow all find each other. There are
several HN members along with myself who have ended up running bootstrapped
SaaS businesses to make their living, who all played the same MUD (the text-
based precursor to MMORPGs you could telnet into) in the 1990s/2000s. Creating
"zmud triggers" to automate parts of that game was probably some of the
earliest programming we all did.

~~~
jorgeortiz85
Which MUD were you on?

------
rachellaw
my co-founder and myself met similarly through IRC, but we never exchanged irl
names. Much much later, by coincidence, we ended up in the same grad school
program and that's how we started our company

I think at a certain age/time, you tend to spend more time with friends rather
than family and that's when it begins to happen. For non-hackers it's when
they develop lifelong friends in work or school, for hackers/internet-people
that's when you start thinking of your ICQ/IRC/fandom/LJ/pick your ancient
platform as your true friends even if you've never met in person.

------
msie
After hearing about WhatsApp's security problems I gather that Jan didn't
learn much about security from w00w00.

~~~
zboralski
People may be better off using a notoriously insecure app like WhatsApp and
not use it for anything sensitive. I believe that "Secure" products can only
give you a false sense of security, an illusion of safety.

Security should be about planning for failure and not about trusting a
marketing blurb that says "100% secure". Just look at the Apple gotofail bug,
the RSA/NSA fiasco, the Debian fuck up, the ssh crc32 bug...

I'll finish by quoting Theo de Raadt : "You are absolutely deluded, if not
stupid, if you think that a worldwide collection of software engineers who
can't write operating systems or applications without security holes, can then
turn around and suddenly write virtualization layers without security holes."
*

* You can replace 'virtualization layers 'with 'secure messaging protocol' or any other piece of code.

~~~
omarrasheed9
#interestingly deep

------
thom
Can't wait to find out who'll be the first alt.teens billionaire, but I
suspect we were just wasting our youth.

~~~
pcurve
I think we are forgiven for wasting our youth on navigating alt.binaries.* on
Lynx. It was wild wild west where everything was still nebulous.

------
joewee
1/2 of my full time employment opportunities came from other w00w00 members. I
was also a member of ADM.

I was 17 and managing servers during the first dotcom boom when you needed
more than just smarts to create a startup. You needed a boatload of VC money.

If w00w00 was formed in present day, half of us would have been funded by YC.
We were just smart and young people at the start of this internet thing. Not
surprising we went on to make internet companies.

This article does leave out a lot of people and includes someone that
shouldn't be included.

~~~
mrspin
It was difficult to list everybody.

------
danielweber
> _$_ 19 billion _dollars_

Great editing standards.

~~~
jmduke
I think this is a minor flaw of an article with much greater ones -- then
again, I'm biased, as I make this mistake regularly. (In my defense, it's
incredibly easy to pass over without noticing: I didn't even notice it in the
article until you pointed it out.)

------
kartikkumar
Am I the only one that senses a Hollywood movie in the making?

------
pothibo
Kinda shows how important your social circle is to your future success even at
lower age.

It's not mandatory but it surely helps.

~~~
jnazario
similar to what university you choose. (only i didn't figure that out until
much later.)

------
kayoone
i literally spend years on irc in the late 90s/early 00s but it was mostly
gaming related (quake). Still have some contacts from that time though and
since a few years i use irc again for several open source projects, which is
often great to get quick feedback on questions.

------
steeve
Upvote if you used SoftIce and W32Dasm :)

Ahhhh, the memories!

------
kclay
reminds me of the paradox days,good times.

------
joshlegs
hey can i join the channel? what's the pw? .....

