Tiny Recap on Early Systems Compromise History

Karl gmkarl at gmail.com
Thu Jun 10 13:33:08 PDT 2021


1.  The internet started in academia.  Everybody trusted each other and
there was no security and no systems compromise.  The word 'hacker' came
into use to mean a very skilled engineer.

2.  The internet became commonplace and children started using it
everywhere.  These children came to know it better than almost anybody
else.  A widespread culture grew of people who would control computers to
accomplish tasks nobody else could do.  This culture had a subculture of
people who would break into the systems of others, mostly to show off their
skills than accomplish anything else in particular.

3.  The internet became the way to do things.  Businesses and governments
started using it for everything; mostly inexperienced people who didn't
understand how it worked.  A group of skilled professionals were
responsible for keeping these operations safe, and they mostly did this by
personally watching them as they ran.

Regarding systems compromise, the professionals and skilled individuals
broke themselves into groups unfortunately called "blackhats", "greyhats",
and "whitehats".  They mostly identified as white men, so there may have
been a little racism.  How dark the color was related to how much time was
spent doing things that seemed a little wrong.  Spying or changing data.

So in my inexperienced opinion, a whitehat may still compromise the system
of another, but they are going to be the people surreptitiously removing
the viruses from other's systems to calm situations down, rather than the
people directing those viruses.  A blackhat was the kind who would break
something, but many did so in order to help the public understand the
severity of the problems with digital security.

Most viruses around the start were things made for fun.  They might spread
or destroy things, but again they were mostly just people showing off,
because computers weren't running anything important yet.

The cultural norm was that your skill as a hacker was how your system was
defended.  If your system wasn't defended well, it was your fault and the
intruder was helping shore your defenses up.  This is because most of these
people were childhood computer wizards with lots of free time and
incredible ease finding a job, not people struggling to make things work.

3b.  It was well-known that students and new hires had far more skill at
computers than their teachers or bosses.  However, academia and business
wanted to get on the technology bandwagon fast, and started offering degree
programs and careers around hacking.

Unfortunately, the people running these things were far behind the
education curve, as they were pushing out graduates and selling products,
and in order to save face had to claim they were experts.  So a lot of
professionals were churned out who simply believed things that were false,
unfortunately, and these professionals then trained other people.

4.  As governments and businesses got more involved in hacking, they ended
up hiring, imprisoning, disrupting, and hounding into hiding the hackers,
severely changing things.  Policies and economics changed to reduce the
personal power held by hackers, of any whiteness or blackness.

One thing I've noticed is a sense of military spy agencies still using that
chest-beating "gotcha" regarding system vulnerabilities, but hounding
people out of their careers and homes instead of _helping_ them secure
their systems, the latter of which was the norm.  It reveals that groups
have been hired to pretend to be hackers in order to destroy them, because
they don't understand the reasons for the chest-thumping.

The pattern of reflecting disrupting behaviors on people, that people have
expressed towards governments and corporations, is a common and highly
effective one, because individual people do not have the resources of a
government or corporation, and feel bad when they experience harm at the
behaviors they may have engaged in themselves.  It additionally ends up
being inhuman, because such people can suffer so much.

In the 80s through 2000s, one of the most exciting things systems people
tried to enter was schools, governments, and banks, because these things
could give them so much power, and doing so was easy in the early days
because the people running them could never cognitively compete with people
who had spent their whole lives learning their internals.

These disruption left governments and corporations with a lot of fear and a
lot of injury, that likely stimulated the harsh lashbacks over the past
couple decades.

The thing to remember is that hackers know how to secure systems, and are
trying to make them all be secure, to protect everyone: but rather than
learning these things, the people whose systems were compromised have
persecuted them via the crackers' own techniques.  The cracker culture
didn't originally understand how scared people felt when these things
happened, because they were used to cracking other hackers, not normal kind
people.

"cracking" means compromising the systems of others
"hacking" means very skilled engineering, usually of software or electronics

5.  Now most cracking looks like it is done by international groups with
ties to governments and corporations who can defend them.  I think of them
as military spy agencies, but I don't really know anything about them.

Somebody who has to work a job, isn't going to have as much skill as an old
hacker had.  But if you're the only people doing it, then you're basically
in charge.  Luckily, all of hacking is derivable from engineering and there
are many disciplines studying it.

Unfortunately, we have a situation now where everything is incredibly
insecure, because the people who understood security were attacked when
they tried to talk about it in the language they knew, for many years.

Back to 3 and 4:
The way to make something secure is honestly to spend weeks completely
understanding and developing it in your basement because it's what you do
for fun.  This takes a lot longer than corporations want to pay for, and
often is done best by people who don't know how to smile or wear a tie.

So, since marketing makes so much money, products were made that were known
insecure, marketed as secure, and dispersed everywhere, and this is still
done today.  If you bring a computer to a repair center, they will make it
work, usually ignore the underlying cause of the issue, and give it back to
you quickly, which makes them more business when you return.

6:
That's a good chunk of what I've got, starting to have my psychotic amnesia
again now.  Thanks for reading.

I infer the norm of this list was to ask people to learn to be a hacker in
order to really get involved.  I also infer that people have so much
security need now, compared to the time needed to learn to be a hacker
yourself, that something else will develop.

With strong AI out there, it's hard to know what is needed, and in what way.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 8238 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20210610/66b5f8d5/attachment.txt>


More information about the cypherpunks mailing list