Hacker Proud of Program, Denounces Web Attack Use
This week’s attacks on a number of popular Web sites have prompted hand-wringing by security experts, law enforcement and millions of Internet users.
But nobody claims to be more dismayed by the attacks than the hacker who likely enabled them, a 20-year-old German computer expert who goes by the name “Mixter” and who last summer wrote the program that many believe was used to devastating effect this week.
“The fact that I authored these tools does in no way mean that I condone their active use,” Mixter said Friday in an e-mail interview. “It seems that the attackers are pretty clueless people who misuse powerful resources . . . just because they can.”
Mixter declines to reveal his identity, though experts say his work is well known in computer security circles.
Mixter insists he was not behind the attacks this week and has done nothing wrong. He rightly points out that merely writing and distributing potentially harmful computer code is not illegal--just as making a gun is not illegal but using it in a crime is.
Indeed, today’s hackers often build their reputations by creating programs capable of causing devastation, not by inflicting it.
His conflicted position reflects the moral ambiguities of the computer underground. It is a triangulated world of cat-and-mouse involving the hackers who create the weapons, the so-called “script kiddies” who often use them and the security professionals who spend their careers scrambling to keep ahead of both.
Hackers like Mixter occupy the murkiest territory. Enablers and defenders, they often insist that their work benefits the security community even as they arm its enemies. Douglas Thomas, a professor at USC who studies the hacker community, says that Mixter’s ethical high-wire act is typical.
“I routinely find in them a mixture of technological sophistication
blended with a kind of naivete,” said Thomas, author of an upcoming book on hackers. “To them, that somebody would use their tools to bring down a large portion of the Net [seems] such a waste.”
They insist that they create their programs solely to point out weaknesses in computer systems before they are taken advantage of by criminals. Mixter even argues that the computer industry “is going to benefit a lot” from this week’s attacks because “they’ve been brought back to [the] reality” that the Internet is still very vulnerable.
If that constitutes public service, some in the computer industry say they could do without it.
“I don’t buy into that at all,” said Gregory Hawkins, chief executive of Buy.com, one of the sites targeted in this week’s attacks. “To suggest that they’re helping us is a little bit of a reach. To the extent that we understand flaws in the system, that’s a good thing. But to do it in a way that allows people to exploit . . . I’m not sure how I feel about that.”
Mixter appears to fit the hacker profile. He is male, is deeply interested in computers--Mixter says he has been working with them since age 6--and is on the cusp of adulthood.
He said that he lives in Germany, “finished school approximately half a year ago” and is interested in becoming a computer security professional.
He is the acknowledged author of a program called “Tribe FloodNet” or “TFN,” which he and others believe was used to launch the electronic bombardment that crippled such Web sites as Yahoo and Ebay this week.
He said writing the program was “not very difficult” and that he decided to do it because he considered it “interesting from a technical perspective.” There was already a similar piece of software in circulation at that time called “trinoo,” but Mixter saw an opportunity to improve it.
Security experts say they have no doubt that Mixter is the author of TFN. Long before this week’s attacks, he posted copies of the program to a number of security professionals’ Web sites, including a Sept. 21 posting to a site operated by Packet Storm, a Palo Alto-based security firm.
“He is the author,” said Gia Threatte, director of Packet Storm. “Nobody has ever met him. But he submitted this program to us through his own e-mail, and he’s been submitting updates.”
In fact, Mixter even won $10,000 from Packet Storm in a recent security contest. Mixter’s winning entry, she said, was a lengthy treatise that described “step by step” how to protect large networks against the type of attacks that took place this week. The check was mailed to a German address Mixter specified.
He represents a new generation of the computer underground. The hackers of the 1980s, whose culture was depicted in the movie “War Games,” learned and earned their reputations by penetrating the private networks operated by phone companies, the government or corporations. They often dived into dumpsters for training manuals, and their online forays were almost always a form of trespass.
By contrast, today’s hackers operate in an environment where reputations are made less by actually breaking into a network than by figuring out how to do so and then posting the instructions on the Web. Often, the hackers form loosely connected bands with menacing-sounding names to coordinate work on, and claim credit for, such breakthroughs.
One of the best-known groups is L0pht, which got its name from the South Boston warehouse loft in which its eight original members first gathered in 1992. The group is best known for creating a 1997 program called L0phtcrack, which was capable of thwarting password security systems built into Microsoft’s Windows NT program.
Weld Pond, the handle of one of the original members of L0pht, says the group never wielded the program to harm anyone because forcing Microsoft to admit flaws in Windows NT was the primary goal.
“This was at a time when Microsoft was saying it would take 5,000 years to crack Windows NT passwords,” he said. That Microsoft was forced to issue a patch for that hole, Pond said, shows that L0pht performed a valuable service.
Mixter also argues that his work was designed to force security experts to confront vulnerabilities.
The early versions of the software used in this week’s attacks “weren’t totally anonymous and untraceable,” Mixter said. “I saw the possibility that security people would waste their time trying to find ways to track the attacker,” rather than shoring up their defenses.
But such claims of nobility have been complicated by the exploding popularity of the Internet, because now virtually every suburban kid has a computer, a modem and access to the tools that Mixter, L0pht and others create.
The authors of these tools argue that they have to post them on the Web so that every security professional can access them and prepare measures to counteract them.
“Everyone can be a potential victim of weaknesses,” Mixter said, “therefore it should not only be disclosed to a small round of some security professionals.”
But the rise of the Internet has also led to the proliferation of a new generation of high-tech vandals derisively dubbed “script kiddies” because they troll the Net for “scripts,” or programs, that they may not be technically skilled enough to create but can wield against others to cause harm.
The tension between the groups has prompted debate over the very definition of the word “hacker,” which traditionalists insist refers only to computer enthusiasts who explore systems out of curiosity and abide by an unwritten rule never to commit harm.
“Many security professionals appreciate” these so-called white-hat hackers,” Threatte said.
Their free labors lead to security improvements in networks and upgrades to software products used by everyday consumers. In fact, many of these hackers go on to become security professionals themselves. In fact, one security company, Atstake.com, effectively absorbed L0pht last year, enlisting its members as employees and researchers, even though they still won’t publicly reveal their names.
Even Mixter says he is fielding offers, though he acknowledges the publicity could become a problem.
“I already have a good job offer, and I don’t have a real need for the . . . publicity. I hope the positive result of all this trouble will be that people will really start caring about security issues and international cooperation in a better way.”
*
* UCSB ROLE IN HACKING
UC officials found evidence linking one of their computers to the attacks on Web sites. C1
