Review: Phrack Vol. 64 A Shell of its Former Self
As an information security professional, lately I've become quite bored. The state of hacking today seems to be almost solely employed by the spammer-class of miscreants looking to make as much money as quickly as possible. It's big business now. As such, they continue to exploit the same weaknesses, again and again, and simply lack the spirit and ingenuity of previous generations of hackers.
It is in this environment that the latest issue of the underground hacking magazine Phrack has been written after a long hiatus and under a new team of editors. If the document was a disappointment, it is because of the promise it has failed to live up to. As someone who has a notorious attitude problem, a healthy disrespect for authority, and a marked David complex, I have some sympathy for their underground and anti-authority tendencies, though I've not participated in the underground.
That said, the current issue of Phrack looks like it is written more by disgruntled teenagers trying to be nostalgic for a long passed era which they never even participated in. Much like the anti-war protestors, who continue to try to relive their glory days of the 60s, Phrack is an attempt to live the hacking glory days of the 80s and 90s. The problem with both is that those days are gone. "You can never go home again."
Hacking has been commoditized. With spammers running the show whose bottom-line is money, information security threats have become quantifiable, systemitizable, and predictable. Occasionally there are some really neat new security hacks, the WMF exploit and the ANI exploit come to mind, but by and large, it's the same old stupid tricks done and redone. This is because they continue to exploit the weakest link, the unsophisticated PC user who will still fall prey to 419 scams after all these years. Upwards of 80% of people will click on phishing e-mails if the message looks "good" enough, such as through a social networking site. Any idiot can own hardware now… and they do. It's quantity over quality.
At the same time, many of the old school hacker groups have sold out. Instead of continuing to work on their craft, they've gone to work for the highest bidder. As a result, the old hacking vitality has been lost. The Phrack editors are fond of saying that the information security guys need hackers, or they wouldn't exist. It's true. I wouldn't be doing the job I do if it weren't for hacking; the problem is that you're boring the hell out of me.
Here is the environment that Phrack is working in, trying to resuscitate a likely dead horse. They're hoping they can succeed, but I doubt it. With all the poor spelling and grammar, it's not likely they are up to the task. How can you try to teach people the syntax of shellcode when you don't have a basic understanding of the syntax of the English language? There is a difference between the cutesy-31337 h4×0r speak and sloppy writing. Phrack 64 was pock-marked with the later.
To be fair, there is some good info in this issue. I found the RDS-TMC article informative and full of fun little tricks I'll have to try on my friends. Some articles rank along the lines of a digital fecal toss. "The Revolution will be on YouTube" was so pointless and insipid I got dumber having read it. Pages are marked with Phrack trying to convince people they are important. Let me introduce Bambenek's Second Law:
If you have to convince people you are (still) relevant, you aren't.
The demise of the hacking underground is a familiar story when capitalism comes to town. While communism is an economic, political, and social theory; capitalism is only an economic theory. When it gets applied as a political and social theory, dysfunction occurs. In the case of the hacking underground, some sold out, others hopped in, and the wheel moved forward with the profit motive, and the fine people at Phrack are disgruntled because they've been left behind.
Blogging is another example. Take the earliest bloggers; they all knew each other and there was a great spirit to it. Now it's been commoditized by splogs, been left behind by those who sold out, and the media has created their own. There are a few good blogs still out there (such as Blogcritics Magazine which is more online magazine, and my own blog of course), but the signal-to-noise ratio is quite low.
Phrack is a relic of the past and a shell of its former self. It has managed to break out of obscurity with new editors and perhaps they can make it into a solid technical magazine once again, but the underground they represent is dead and will remain so. Likely, when the editors figure that out, they'll go on to something else too.
Related Posts:
There is no such thing as shellcode syntax, however the underground is very much alive, just hidden. Phrack isn’t an underground e-zine as it’s publicly available.
I do have to admit that “The circle of lost hackers” sound lame but it’s not they who make phrack happen, it’s the submitters (article writers). And their English skills has nothing to do with phrack itself. I know a Russian fellow whose English is tarzan-like but he’s a brilliant assembly coder, one of the best if you ask me.
Perhaps you’re not amused by something new because the current underground doesn’t publish their “neat tricks” for the open public because the ‘evil IT ’security professionals” will take advantage and kids will cause chaos around the internet.
Comment by anon | June 6, 2007