Duo Labs Presents: Hackculture
Along with the flurry of major tech news articles and proclamations of a potential “Cyber Pearl Harbor,” every mass vulnerability announcement seems to usher renewed debate around the ethics of releasing zero-day.
Since part of my position as Duo Security’s resident Security Historian involves examining current events through a historical lens, I think it’s interesting to look at the contextual history behind vulnerability releases.
Before bug bounties and vulnerability sale opportunities existed, the online hacking culture had a different feel. Releases of vulnerability details weren’t consumer or corporate-facing - being the first to disclose a vulnerability was a chance to contribute to the community and win some bragging points.
Looking back on milestone releases like Aleph1’s Smashing The Stack For Fun And Profit in Phrack 49 and Mudge’s How to Write Buffer Overflows, these are technical guides directed at peer audiences. These articles and many others highlight the desire of early hackers to disseminate and spread information.
Even during the earliest days of modem connections, dedicated BBS, or Bulletin Board Systems, existed where users adopted pseudonyms and shared their knowledge of phones and computers -- and their weaknesses.
Over time, the information from many of these boards was adapted for publication in zines which also served to spread all kinds of exploits, hacks and private information. It was during this period that phone phreaks and computer hackers began to be seen as counter-culture pioneers.
This mainstream recognition is partially due to the rapidly expanding home computer market, sensationalized reporting on the pursuit of Kevin Mitnick, and feuds between hacking groups like the MOD and the LOD.
In the coming weeks, we will be writing a series of blog posts covering some highlights of the zine era, taking a look at how hacking norms, language, and culture have changed over the years.
Do you have a question you want us to cover? A favorite issue of Phrack we should look at? An old flame war you want us to dig up? Let us know by emailing us at labs@duosecurity.com!