Re: Virus Writers Here to 'Help'

[InfoSec News <isn () c4i org>]

Forwarded from: Robert G. Ferrell <rferrell () texas net>

> "Better that you find out about a hole in your system through my
> virus, than through some unethical cracker smashing into your
> machine and stealing all your so-called private data," said a worm
> writer who asked only to be identified as CAT (for "Criminal and
> Anonymous Terrorist").

I'm really tired of this sorry excuse for an argument.  Releasing
malicious viral code as a "public service" is the equivalent of
walking down a neighborhood street with an axe and chopping at every
door you pass.  If the door collapses, you then explain to the angry
resident that they need a stronger door, and that you were only trying
to point out their flawed security.

"Better that you find out about a weak door through my axe, than
through some unethical burglar smashing through your door and stealing
all your so-called private property."

Allow me to point out some things that I seldom see brought up in
discussions about this sort of 'reverse vigilantism:'

1) My security, be it strong or weak, is my business, not yours. If I
get broken into by an "unethical cracker," I'll deal with it.  Keep
your unsolicited advice to yourself.  The world is a much more
complicated place than you can imagine.  Perhaps, if you're lucky,
you'll grow up one day and see this for yourself.  Simply being able
to use exploit scripts, or even mastering 0-day exploit creation,
doesn't confer either the necessary wisdom or the moral right to force
your notion of security on other people. Just because you're smart
enough to build a gun from scratch doesn't mean it's okay to shoot
people with it.

2) The 'noble quest for knowledge' that I see so frequently quoted as
a rationalization for breaking into other people's systems (badly
paraphrased from "The Hacker's Manifesto") is a myth.  The only
knowledge to be gained from cracking a system in the vast majority of
cases is knowledge about personal details stored on the system in
question, be it corporate or private, and this knowledge is definitely
none of your business, either.

Let's just drop this whole "public service" charade and tell it like
it is:  malicious code writers and Web page defacers are emotional
adolescents with poorly developed social consciousness and very, very
skewed morality.  They get a cheap adrenalin rush from running up
behind people when they aren't looking and hitting them with a brick.

This isn't a service by any definition of the word, and nor is it
doing someone a favor.

It's just simple assault.

RGF

Robert G. Ferrell
rferrel () texas net





-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.