cDc bores two thousand people at once
And other way kewl tricks
Defcon 08: by wireless
The Cult of the Dead Cow -- authors of Back Orifice and BO2K and the undisputed glam rockers of the hacking underground -- amazed the crowds at Defcon with an hour of shallow meditations on site defacements, network security, and themselves.
We knew we were in trouble at the opening, as member Tweety Fish kicked off the long-anticipated festivities with the disclaimer, "Just to let you guys know, um, we were pretty much perfectly aware that, that, that, we were not going to top last year? So, we're not going to try? So, we're just going to talk to you a while."
And things proceeded rapidly downhill from there.
At last year's presentation, Tweety noted, he had given "a little bit of a speech that was directed towards some of the younger members of our audience? And their habit of putting dumbass, pointless, misspelled shit on other people's Web pages? And I didn't tell people not to do it last year? .... But I've been following it for the past year, and, um....you can stop now. It's just not going to be cool."
And then things proceeded further downhill, as a totally unrehearsed, unprepared cDc continued to wing it for the masses.
"It's sad to think of this as the high point of the year," one enervated audience member remarked to us.
We stuck around only long enough to hear member Deth Veggie explain that our expectations of an interesting presentation were extravagant because, "We're not a software company?"
All right, fair enough. No one said they had to be a software company. But no one asked them to convene for an hour with two thousand expectant people in a hot room when they had nothing of interest to say, either.
Later, during a press conference, Tweety Fish reminded us that "people shouldn't expect a new tool from us each year, because....we're not a software company?"
Perhaps we left the hot room a bit too early. Sir Dystic, we learned, did write a tool which exploits a few long-standing NetBios protocol weaknesses, enabling a user to kill a network running NetBios by commandeering and otherwise manipulating machine name assignments. The tool is available from cDc, and the software patch to defeat it is now available from Microsoft.
As for what cDc has been occupying itself with this year -- since they haven't been hacking out the code to any newsworthy extent -- we are not quite sure. "I think that the thing we're most focused on right now is trying to get people involved....in developing a theory of what hacktivism actually is," Tweety suggested during the press conference.
We thought this could be an exciting development, but Tweety was less than encouraging. "I don't think it has evolved enough, and I think there are too many people who have [merely] talked about it....it just hasn't happened yet," he said.
A good example of 'real' hacktivism, Tweety reckoned, was Bronc Buster's hack of October 1998 which defaced the official, government-controlled Chinese Society for Human Rights Studies Web site with a substitute page claiming "I simply cannot believe the total bullshit propaganda on this Web site," and linking to critics of China's authoritarian regime, such as human rights group Amnesty International.
Another might be hacking "a corporate Web site for a clothing manufacturer that had crazy, unfair labour practices in some part of the world, and revealed information about that which you couldn't get any other way."
And that, we reckon, is a very promising seed well worth cultivating. Thus far, the cDc Web site has made a small start with its Hacktivismo page, which contains little more than a couple of links and some text borrowed from the electrohippiesWeb site.
If the cDc had the grace to sit this Defcon session out and quietly put their efforts into developing such a concept, exchanging ideas on their Web site, networking with other crews, coming up with some appropriate tools, and presenting it all as a coherent, tangible proposal, we would have had the pleasure of writing a very positive, perhaps even flattering, article.
Maybe next year. We will see. ®
Sponsored: 2016 Cyberthreat defense report