
Ask HN: Technologies created by (evil) hackers - jgrahamc
I got asked an off the wall question by a technology journalist today.  Are there any technologies that we use today that were created by (evil) hackers?  i.e. is there anything that's come out of the computer underground that is now considered mainstream.<p>Would love to hear this group's suggestions.
======
cruise02
Probably not exactly what you're looking for, but anyone who worked on
cryptography back in the 1970s (and who wasn't working for their government)
was being fairly subversive. Steven Levy wrote a great book about the people
involved called Crypto: How the Code Rebels Beat the Government Saving Privacy
in the Digital Age. [http://www.amazon.com/Crypto-Rebels-Government-Privacy-
Digit...](http://www.amazon.com/Crypto-Rebels-Government-Privacy-
Digital/dp/0140244328)

~~~
drawkbox
Another recent one is PGP encryption. Read about Phil Zimmerman's decade of
fun with the DOJ for creating it and not allowing a NSA backdoor.

<http://www.philzimmermann.com/EN/faq/index.html>

I have done some crypto work for financials and trust me if you aren't using
an RSA algorithm then you get lots of questions and notice.

The NSA can neither confirm nor deny that they have trapdoors/backdoor access
into RSA encryption. But if you don't use it they get very anxious to know
what you are up to. <http://www.rsa.com/rsalabs/node.asp?id=2316>

_As the premier cryptographic government agency, the NSA has huge financial
and computer resources and employs a host of cryptographers. Developments in
cryptography achieved at the NSA are not made public; this secrecy has led to
many rumors about the NSA's ability to break popular cryptosystems like DES
(see Section 3.2), as well as rumors that the NSA has secretly placed
weaknesses, called ``trapdoors,'' in government-endorsed cryptosystems. These
rumors have never been proved or disproved. Also the criteria used by the NSA
in selecting cryptography standards have never been made public._

They came down on Zimmerman to help dissuade others from creating more
encryption algorithms. This could be because they have control over others or
they simply want to limit the resources needed to break each type of
encryption.

------
dugsong
I'm guessing you mean non-security technologies? How about consumer P2P?

See Joseph Menn's book on Napster for the backstory behind MP3 file sharing
(many of us w00w00 folks were involved, including guys like "minus", who stole
the Winamp source code off my friend Ian Rogers' laptop).

Other example I can think of - anakata and The Pirate Bay, which is sort of
mainstream, I guess (!)

------
HomeySan
I'm thinking l0phtcrack.

The original SATAN scanner from Dan Farmer; the concept, though. Bad guys had
a bag of tricks that they'd use to get in. He compiled a list and built an
automated tester of those tricks.

Some of the concepts that evil hax0rz/crackers used to obfuscate code in
viruses have migrated into the mainstream as a method of protecting
intellectual property.

------
ax0n
The technology used to help attackers find wireless networks is now used in
many corporate wireless network platforms, to detect and block rogue access
points.

There's an entire litany of examples where initially subversive technology
became useful for defending against the same. The first vulnerability scanners
were written to help attackers target vulnerable systems. They were quickly
repurposed to help people find and protect vulnerable systems.

The whole "evil hackers" thing is kind of a joke. Hackers are typically clever
and often self-serving. By definition, they fabricate tools for themselves
which, like anything we have, can be used for good things and bad alike. Many
of those tools come into popular use. It's difficult to know what, actually,
the intention was behind the tool's creation.

------
peterwwillis
Mostly security and forensics tools which aren't mainstream. There aren't many
practical, mainstream uses for "evil" hacker tools. Metasploit, Nmap, Nessus,
Netstumbler, l0phtcrack, Aircrack, SATAN, Snort, Honeypot/Honeynet, John The
Ripper, p0f, Ethereal/Wireshark, Hping2, Netcat, Dsniff. Like others have
mentioned, any copyright-breaking tools like MPlayer, DeCSS, rtmpdump but
there's no way to say these were written by "evil hackers" (more like hackers
who just wanted to watch their own DVDs or download free public videos)

------
mbrubeck
The Apple computer?

(It wasn't created _for_ cracking/phreaking, but it was created _by_ phreaks.
Woz and Jobs' first venture was selling blue boxes.)

------
hmac
Most of the Win32 assessment s/w I used in the good/bad old days of NT (take
your pick) was straight-up blackhat tools - because that's what was availble.
Blackhats are also responsible for a lot of proof of concept work that results
in changes in core protocols - if not new protocols. I think you should
reframe the journalist's question to reflect this kind of symbiosis.

------
stuartjmoore
Some [evil] hackers go on to start security companies (Kevin Mitnick, Frank
Abagnale Jr.), so any of the company's techniques could work (though not
mainstream or probably even known).

------
sakebomb
Could you consider the creation of clustering created by blackhats? They did
start out with botnets which started the foundation for clustering and cluster
management.

~~~
ax0n
Clustering has existed for a long, long time before black-hats were doing
botnets. The practice of breaking up workloads so that more than one computer
could process it has been around almost as long as computing itself.

~~~
eru
Including human computers.

------
J_McQuade
Depends on the definition of 'evil' - I used DeCSS for a while and, according
to the MPAA, the guys who made that were basically Satan with a modem.

------
presty
how about "remote desktop software" that became popular after the attacks from
trojans like back orifice?

