Many may be aware of the script kiddie group called Kryogeniks for their recent antics which have gathered media attention. If not, here's some reminders:
17 year old arrested for AOL 'Hacking'
and
Comcast DNS Hijacking
Two separate incidents warranting public attention for big bad illegal hacking. From the way the media portrays these events, one would conclude that these attackers posses the technical skills of elite super-hackers. In truth, these kids are starter-level social engineers who couldn't write a HelloWorld, make any real use of access, and fail at keeping their spoils. How could I speak on this with such broad confidence? Because I have had the unfortunate luck of having to communicate with these kiddies from past exposure. (Truthfully it is embarrassing that I even know them, given their lack of knowledge and competence).
Don't go and misquote me now, for saying that social engineering is not effective -- it is effective. Very effective. In fact, to quote one of Murphy's Laws of Combat:
"If something is stupid, but it works, it isn't stupid."
Having gotten that out of the way, social engineering is the art of a conman. These kids are no more hackers than those behind the Nigerian check fraud scams that come in via email; just because you use technology to lie to someone does not make you a hacker. I am not excluding social engineering from hacking, or the obvious fact that deceit in general is a huge component of hacking. I am merely stating that this kids are not hackers.
Why does any of this matter? Because the media influences the public, and the public ultimately influences the security industry. When the media fails to distinguish between kiddies and real skills, the result is that these kids become classified in the same category as people like HD Moore or Kostya Kortchinsky. The reverse association causes the public to then think that people with real skills are the same brainless morons who deface comcast.net with a social engineering phonecall that you're grandmother could have performed.
No wonder no one seems to take this shit seriously.
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment