
The Fall of Hacker Groups - atmosx
http://www.phrack.com/papers/fall_of_groups.html
======
alricb
Wouldn't the decline of groups have more to do with a decline of the "scene"
they operated in? "Scenes" were primarily prestige-based, and security work
has been profesionalized, with hackers working in the legitimate or
illegetimate economy instead of mainly vying for symbolic goods. Symbolic
capital isn't dead (disclosing vulnerabilities can be good for career
advancement), but it's not the main driver anymore.

------
escape_goat
This is a ideological/philosophical opinion piece scantily clad as an article
_about_ something. I know that the author doubtlessly regards his premises as
well-founded, but he does not seek to validate these foundations for the
reader; he is writing solely for an audience that already shares his opinions.

Initially he brushes against the notion that hacking may have grown, as an
activity, due to the geometric (?) progression of connectivity, and that the
phenomena he is describing is the demise of the 'collective', as a species,
rather than the demise of hacking itself. This is sort of a bizarre moment in
the essay, because he immediately forgets the notion and plunges into an
ideopathological rumination of the decline of creativity and the destruction
of collective will by a search for unique individual identity under the
oppressive circumstance of the capitalist/existential philosophical apparatus.

I describe it thusly to give the click-to-comments-first reader a flavour of
the essay, and also because I am making fun of him. I am making fun of him
with serious purpose, as he has made the fatal, arrogant error of conflating
ideas with facts; an error that has literally killed millions of people.

It is interesting that the hacker collectives have declined, and this could
have been an interesting essay. It does not seem to me that the raw incidence
of hacking has declined. I have no idea why this person believes such a thing.
Hacking of all kinds and intentions are reported in a flurry these days. What
has declined (I accept his assertion) is the phenomena of the group social
identity of hackers. My first hypothesis about this is that anyone who studies
graphs and networks could explain it to me without a second's hesitation, and
perhaps someone will.

My (largely uninformed: I welcome correction) expectation is that the
explanation will be directly related to the progression of connectivity:
information is no longer rare or exclusive, and so social representation and
status-seeking are no longer necessary parts of the driving activity, which is
the hacking. This precludes the fetishization (in a pseudo-Marxist sense) of
small networks such as the hacking groups. Small networks doubtlessly continue
to exist and function quite well with only a fraction of the awareness of
their collective identity.

I would recommend the Adventure Time episode "Thanks for the Crabapples,
Giuseppe" as good contextual background material.

~~~
jndsn402
> (largely uninformed: I welcome correction)

I like your use of colon rather than semicolon. Was that deliberate?

~~~
escape_goat
It's hard to describe it as deliberate. For me, punctuation is imagined in
terms of vocal tone and pacing; it's very auditory. I listen to the sentence
to make sure that I have phrased it correctly, and decide on that basis.

------
pakled_engineer
I'd say because of money. There's plenty of money in being a professional
hacker working for some nation state or shady corp like VUPEN, there's no
money in smurfing each other and vying for the role as most leet, no time to
go to meets and hacker spaces because money must be made, no time to sit on
IRC either since you need to put together your 'red team' SaaS pentester 3000
tool to shill it at the next security con. Hacking is a business now, you
either join a state connected security corp or risk having your whole crew
being informants and the state coming after you with counter terrorist
bravado. It seemed to have changed right when Shadowcrew forums started in the
late 90s.

------
tptacek
_From CCC in the early 80s to TESO in the 2000s, through LoD, MoD, cDc, L0pht_

With the exception of LoD and MoD, these "groups" (brands, really) have
nothing in common with each other. And none of them had any common purpose.

~~~
lawnchair_larry
Really, CDC and l0pht had nothing in common? TESO had nothing to do with CCC?
No MOD members ended up at X-Force with TESO members? I can draw many lines
across all of those groups.

~~~
dpeck
You could probably connect nearly every group through the early 2000s with
X-Force as the join.

~~~
tptacek
You'd miss a good chunk of w00w00/guild, OpenBSD, and Europe that way.

~~~
dpeck
a quick search shows w00w00 would be connected. Not sure of the others, but I
(and I'm sure you do too) know of at least MoD, TESO, ADM folks who came
through there.

Not saying all groups by any means, but even with being a few years late
getting started in the infosec world of Atlanta there were still a lot of old
guard hackers hanging around when I got out of school and people still felt
comfortable sharing stories from time to time.

------
panzagl
This article totally misses the point, making up a bunch of anarcho-
communal/syndicalist hippie crap for what is really a very simple reason:

They all got old, and new groups didn't form to join them because what was a
lark in the 90's is now considered cyberterrorism.

------
jarcane
_This article discusses why recently we do not see many hacker groups anymore,
and why the ones we do, such as Anonymous and its satellite efforts, do not
succeed in having the same cultural impact as their forefathers._

Umm, what? I'm hardly a fan of Anonymous, but I think that's a pretty
ridiculous statement on its face. The only reason I've even heard of CCC and
the like are because I was a huge nerd who read way too many hacker books as a
kid. About the only one of the classic groups I recall even getting any
mainstream attention was cDc, meanwhile Anonymous routinely make international
news.

~~~
ivraatiems
Anonymous is not a "hacker group." Anonymous is an internet mob which happens
to have some members who are hackers. LulzSec was a hacker group.

I know that might reek of pedantry, but it's an important distinction because
we don't want to contribute to the misconception that everyone associated with
Anonymous is a a sooper geenus power user. Large components of the group agree
with its goals but don't have special knowledge.

~~~
lawnchair_larry
Anonymous has no "members" and isn't a group.

~~~
forgottenpass
Technically, yes. Practically it's a loose collective with pockets of stronger
association.

~~~
syoc
It is practically a identity for any individual or collective to use to it's
own liking. It has long lost it's original meaning.

~~~
wavefunction
Uh, that is its original meaning.

------
anigbrowl

      |=-----------------------------------------------------------------------=|
      |=--------------------=[ The Fall of Hacker Groups ]=--------------------=|
      |=-----------------------------------------------------------------------=|
      |=--------------=[ Strauss <strauss@REMOVEME.phrack.org> ]=--------------=|
      |=-----------------------------------------------------------------------=|
    

Hard formatting for 80 character terminals is just annoying because the
computing world has moved on to working in paragraphs. If you want to draw
boxes then do it properly instead of wasting time doing it in ASCII.

 _Computer networks increasingly made it possible to transmit unlimited and
uncensored information across their geographical extent with little effort,
with little costs, and in virtually no time. From the communication
development standpoint, one would expect that the events that followed the 80s
to our days would lead to a geometric progression in the number of hacker
communities. In effect, hacking has arguably grown. Hacker communities,
definitely not. So what went wrong?_

The answer is in the first sentence. It's so easy to get information now that
you can do it alone in many cases. You don't need a secret society of hackers
to curate and distribute it once you have developed good search engine and
research skills (which many younger hackers learn in school). Also, if you're
in a tech hotspot or even a major metro, it's easy to meet up with other
people for casual hackathons, and there are conferences for everything. things
like Defcon are large commercial enterprises these days. I bet within 5 years
there'll be a 'leakyworld' for people who follow Wikileaks. It's easy to join
or abandon forums, whether on the open web or on the deep web via Tor (which
feels a lot like the early days of the WWW to me).

------
sumedh
I used to be what real hackers called a "script kiddie" using programs like
subseven, back orifice to control my friends computers. Those were the good
old days where I was the most popular kid in my group because I had these GOD
like powers to control other computers.

So if the creators of Subseven, Back Orifice are reading this, I just want to
say thanks.

------
debacle
It's easier to be a black hat than a gray hat these days. Much less public
scrutiny.

~~~
tptacek
What's a "grey hat"?

~~~
debacle
Black hat -> That Romanian teenager that just stole 10k credit card numbers
with CVVs from an insecure eCommerce storefront.

Gray hat -> Snowden, most of Anonymous's antics, CCC, Schwartz, etc.

~~~
tptacek
I asked because I figured you'd give a different definition than the one I'm
familiar with.

Black Hat -> Using vulnerabilities to break into other people's computers.

Gray Hat -> Using information gleaned from breakins to other people's
computers to find new vulnerabilities.

 _or_

Gray Hat -> Finding vulnerabilities and supplying them to people who break
into other people's computers while retaining deniability about the actual
breakins; ie, supplying your friends without wanting to know what they're
doing with the exploits.

The 1990s "gray hat" would be the guy using leaked SunOS 4.1.3 source to find
vulnerabilities.

Your distinction isn't invalid; these "hat colors" have always been confusing.

~~~
OvidNaso
That's a fairly large ethical gap between those two Gray Hat definitions.

As a, fairly well read, outsider, Black Hat, to me, always implied actualy
damage, financial or otherwise.

Gray Hats, on the other hand, still might break in and exploit
vulnerabilities, but made certain not to cause any damage.

I suppose this partitioned people based on _primary_ motivation. Black Hat's
were in it for personal gain or evil, White Hat's for protection, and Gray
Hat's for intellectual pursuit. Much easier to categorize and rationalize the
romanticism associated with the culture when your "team" is the Gray Hat's.

------
canvia
The meatspace maker/hacker scene is booming:

[http://hackerspaces.org/wiki/List_of_Hacker_Spaces](http://hackerspaces.org/wiki/List_of_Hacker_Spaces)

~~~
2close4comfort
not quite the same thing...

------
rasz_pl
I dont know guys. NSA, GCHQ, SEA, GOP, all pretty l33t and active hacker
groups.

------
at-fates-hands
While I agree with most of what was said in the article, it leaves out some
important factors in why hacking groups are less visible today.

1 - The role of government. Once the laws caught up to the hackers, and the
CFAA was passed in 1986, it gave the government a lot more teeth to federal
laws targeting computer crime. Shortly thereafter, you have what some refer to
as the "Hacker Crackdown" from 87-90 which went after LOD, MOD and smaller
groups. Some went to prison, others went or tried to go legit. I think hackers
realized groups tend to have more visibility with the feds and you're more
vulnerable to getting caught compared to just working by yourself.

2 - Size and structure. Since most of the groups are pretty closed by nature,
when a group is disbanded or law enforcement breaks them up, there's never
enough "new recruits" to take the flame and continue on. Look at LulzSec. They
had a huge run, but once Sabu flipped and turned most of his crew into the
feds, there wasn't anybody else left would/could carry torch any further. So
even when you have a high profile group, once it takes a hit, it's rare for
them to bounce back. Anonymous is the exception to this rule, but it seems
they like the decentralization approach their structure since it assures the
group can carry on if/when the feds start to arrest its members.

3 - Knowledge transfer. Not only does size affect the lack the groups today,
but also the lack of knowledge transfer. Back in the late 90's I knew a bunch
of college guys who were hackers. You could ask them anything and most of the
time, they'd let you in on how they hacked email, how they found open servers,
etc. Nowadays, somewhat because of law enforcement, somewhat because people
now see their hacking techniques as trade knowledge, they're much less open
about how they ply their trade. This means every kid who wants to learn how to
hack is on his own. There is no MOD or LOD or LulzSec to prove yourself to, to
get entry into the club and get higher levels of knowledge. Hackers, are now,
left to their own means to seek out and find their own knowledge. As such, the
cycle perpetuates itself because now instead of wanting to share this
knowledge, they have the attitude, "I found this by myself, go find it on your
own." which makes people less likely to form a group to share knowledge.

