2011 has been an exceptionally... dense.. year for major events. As we careen into the fourth quarter of the year with the death of one of the world's most well-known dictators, after his 42-year reign ends, I'm left thinking how this entire year has been a perpetual cycle of events of significance, one blending into the next with ne'er a moment to analyze inbetween.
Now, to cut to the chase, I think it's almost unarguable that 2011 has seen the true, society-shaping effect of the internet; we spent two decades speaking about its potential to alter the flow of human civilization once it reached ubiquity, then a decade watching that promise happen. 2011 because critical mass for the awakening of unhappy citizens, united by ubiqitous communication in the knowledge that they are not alone. One by one, the empires burned, the flames of each one fueling the next.
And the dictators tried their best to shut down the internet, and assistance came in from around the rest of the world; not from governments or military at first, but from individuals, providing alternative infrastructure, carrying messages and stories in and out while the communications embargo strained to contain them. The genie is not just out of the bottle, he',s running a full-blown magic show here, fueled by the dreams of his own audience.
Anonymous, Tor, Twitter, Tahirir Square, Tunisia, Libya.... Wall Street...
Ubiquitous global communication has given people the knowledge they are not alone, and taken away that greatest of social control tools, the lie that, if you act now, your efforts would be wasted: now people know just where and when to act in unison.
Security breaches (I've seen a few), Global Conflicts (they've come and gone), Uprisings and cries of "no more".. People died.. things ended...things began.
It all sounded a little familiar.. something else i knew of, yet not directly first-hand... the year of 1969. There's one that went down in people's memory all right, considered the apex of an era... and I started thinking "Is 2011 my generation's 1969?" ...is it comparable? are there connections?
I think so..
I think the first comparisons are ridiculously easy to make. New advances in technology give new opportunities to disenfranchised people (the internet and the pill have already both gone down in record as species-altering events for humanity). Riots in the streets, feelings of hope and change, and great dissatisfaction among the people.
But now, it's time for something more fun, those curious uncanny parallels the human brain loves to find hidden meaning in.
In 1969
- Rupert Murdoch Buys the News of the world.
- Muamar Quadhafi leads the uprising in Librya
- The Space Shuttle Program underwent its initial feasability studies
- The first version of UNIX was released
- Steve Jobs meets Steve Wozniak for the first time
- First medically-reported AIDS death
in 2011
- Rupert Murdoch shuts down the News of the World (after phone intrusion scandal)
- Quadhafi is killed with his own gun
- The Space Shuttle program is mothballed
- Dennis Richie, the first of the three creators of UNIX to die.
- Steve Jobs dies
- First AIDS vaccine reported with 90% success rate.
I'm not going to try and make the list encyclopedic, as I'm sure there are more than enough 'odd correlations' between these two years; also it would be amiss for me to point out that, yes, there are 42 years between 1969 and 2011. The human mind does love to find patterns wherever it can..
Still, the idea of 2011 being my generations 1969? I dunno, most of my generation ("Gen-X") are approaching middle age now, 42 years, after all, is quite some time; this one perhaps belongs to the Y'ers... The great gen freed the world for the baby boomers to shape it into something new, the X'ers built a new world for the Y'ers to shape once again?
I can't say for certain, looking from the inside. I'm sure most folks during 1969 felt that something significantly, irrevocably world-changing was happening that year, to them as well, but only with hindsight was that ever proved. Punk grew out of the failed promises of 1969 however. Irrevocable change has rarely been the kind of change you hope for or predict.
let's see what this decade brings; the veil is lifting for humanity every day as we gain greater insight into what we, as a species, are capable of and represent, and very specifically, all the mistakes we have made so far.
Whatever your thoughts on patterns of synchronicity however, it seems apparent that many things that started in 1969, came to a close of sorts, perhaps more of a finale, in 2011, that "the cycle has turned" once again.
Due to a few people requesting this during Defcon, I'm posting up a full writeup of my talk from Skytalk from Defcon this year. The talk itself was truncated due to time constraints, so this version is expanded to accommodate all the material I didn't get to cover during the actual live talk.
For your further consideration, I present:
When the Going Gets Weird, The Weird Turn Pro
In the 1970's, there was one man whose name was tied to the myth of Las Vegas, not the bright lights, big dreams, glamour and glitz Vegas, the Vegas-as-beacon-of-our-weirdness Vegas. That man was Hunter S. Thompson, a man who saw into our dark, weird hearts and saw that the only way to escape our fate in this weird world we had created, was to embrace it whole-heartedly.
When the going gets weird, the weird turn pro.
But what of that word.. weird ? we use that word plentifully and fancy-free in the modern day, but that word, I do not think it means what you think it means...
Wyrd is an Old-English word, you encountered it in it's true meaning in Shakespeare's *cough*The Scottish Play*cough*. From the Oxford English Dictionary (the only real Dictionary, thank you very much, *ahem*).
Weird: (Noun): the principle, power, or agency by which events are predetermined; fate, destiny
Weird: (Adjective): having the power to control the fate of human beings
Who here was a weird kid ?
So, next week at Defcon Skytalks (an unofficial extra track of talks at Defcon, operated by 303, for off-the-record talks at Defcon), I'll be opening up the track with "When the Going Gets Weird, the Weird turn Pro", where I'll be trying to entertain (however many hung-over `con attendees manage to make it there in time for its 9am start) with tales of my life as an infosec dweeb, how the world we live in once rejected us as weird, only to become so weird itself that we weirdos ourselves must harness and finesse our own weirdness just to stay ahead of the curve now. I'll be handing out tips and encouragement on how not to become one of the Pinks, while still putting yourself out there to steer the flow of our weird world from within the maw of the beast. Terrible jokes will be provided throughout; those with underdeveloped senses of cynicism or heart problems are advised not to attend.
You don't have to be crazy to work here, but it helps.
as Defcon 19 lurks just around the next corner, the 20th anniversary of one of the worlds top three most famous hacker conferences is now just over the horizon of the year. Anniversaries are a good cause for celebration, and reminiscing, with a touch of disbelief that we've really been doing this all for this long.
As a good friend of mine once quipped at defcon itself, almost a decade ago now :- "You know how you become old-school? you wait!". I know more than a few people who've been in this microcosm of weirdness called Information Security and the Hacker Culture for these past 20 years or so, that would shake their heads alongside me, to consider that we are the Old School now. Certainly when I first discovered this world in late 1990, I quickly saw much evidence that the Golden Years had come and gone, and all the major events, and most interesting people, were things I would only ever experience in historical accounts.
How wrong I was.
Although I'd missed many of the legendary firsts of the time, the coming decade brought more than enough activity of its own with the explosion of the internet out to consumer-access, and security, far from getting better, careened around the corner and over the hill into a wild descent of complexity, hyperbole and the pursuit of the quick buck. Robert Morris Jr's Internet Worm, was not the great educator that would happen merely once to demonstrate the risks, that everyone would then engineer out of further possibility, but the harbinger of dark times down the road.
And perhaps, if I had been less of a naive kid during those times, I may have even set myself down a different career path instead...
(...oh, who am I kidding? I wouldn't exchange this one for anything; just the people you meet in this field alone, make the whole thing worth it).
Back in 1992, when the first DEFCON was put on, with a handful of friends (in comparison to the multitudinous hordes of today), I was making my own first steps towards fame and notoriety, putting together a new Amiga Demoscene group with fellow friends from my hometown in the North of England: NERVE AXIS. The Demoscene had ties to the hacking/infosec scene, with a common turf of being on the 'computer underground', there was some crossover at various points, especially in the phreaking area (remember, this is pre-public internet access, so access to long-distance modem calls was a staple of keeping the scene's underpinnings of distribution of our productions alive). The Demoscene however, had much more focus on the 'maker' aspect of the term hacker, we developed software, we wrote music, drew graphics, and produced A/V demo's that still stand on their own rights as engrossing productions in the modern day.
Many of the people from the Demo scene, have gone on to become big names in the video game industry, having cut their teeth on complex matrix math transforms, on a 1mhz CPU, or creating some of the best images seen, on a 320x240 screen. Likewise from the hacking scene, people who 20 years ago were cracking video game copy protection code, are creating entire reverse engineering application suites today.
And soon the end of the decade, and fin de siecle came upon us, the DotCom boom coming at the perfect time for many of us to find high paying employment well beyond our years at the time, but not always beyond our experience. The explosion of the internet and the need for people with a security background, far outstripped the number of people with any formal education in the subject and those with formal education largely lacked the applied experience to deal with the rapid rewriting of the threat space occurring in lockstep with the technological evolution. Threats that were purely hypothetical (and often sounded ridiculously distant from reality), could reach viability within a year or two at the most; adapt or die soon became the prime mantra.
As the decade rolled in, we saw the brief era of massive self-replicating works: blaster, slammer, l10n, nimda, code red (all red-letter days to those of us that were on the job, when these hit); none of them however, carried (by today's standard) a particularly destructive or malicious payload, they were like proof of concept, load-balancing tests - case studies in digital epidemiology, providing future data for both defenders and attackers alike. Early Rootkit techniques and technology soon began to find a wider audience beyond the scope of the elite few - corporations that dealt in that most annoying (but essentially harmless in comparison now) of software, Adware, soon began to realize that if they could make their surreptitiously installed software that much more difficult to remove....
So i just watched Mikko's talk at TED, introducing a lay audience to the fun that is actor-attribution in cybercrime; very much an introductory session, but at the end of it, he touched on a subject rather near and dear to me: the issue of education and economics as a driver of criminal activity, and how it has taken an interesting twist in the modern world.
So, full disclosure, a little about me.. a looong time ago (ok, not that long, it was the early 1990's), I was what would today, be considered a "Black Hat" hacker (but compared to today's Black hats, would be much more in the 'Gray hat' camp)... I pirated software, I cracked copy protection systems, oh, and I was part of a very creative group of people called the Amiga Demo Scene, that created fantastic audio/visual demonstrations on hardware that would be considered archaic today. I was young, I was a rebel, I read Mentor's Hacker's Manifesto and, although I had some philosophical arguments with it, I took it as a sign of the world to come....
... and then, before the end of the decade, the wild, fun, creative days were over, because Organized Crime started moving in on my rebellion. Here, I'll say it now , that before 1996 "I used to be a cracker until organized crime started moving in and taking my fun away". In truth, being a black hat back then, is more like what we would call 'gray hat' today: cracking systems for monetary gain was extremely rare in comparison to today, and was largely frowned upon in the community. When organized crime started realizing there was money to be made, that's when much of the glamour started to fade from the glory days of hacking, and with the onset of cheap personal computer systems and broadband in the home, many of the old justification were no longer necessary - who needed to crack a companies FTP site to act as a distribution point for transferring pirated software, for instance, when you could just as easily set up your own FTP server from your own cable internet access. The conditions that made our ethically-questionable activities necessary in those days were removed. It's hard to find anyone these days who was around during that era, that didn't get involved in one aspect of another of the 'good old days' of hacking, it's even more difficult to find any of us now that aren't middle-aged, responsible law-abiding citizens, fighting against the wave of confusion and pollution that is the modern information security theater.
Organized Crime's move into the digital age was slow and incremental at first (but then started reaching critical mass around 2002) - individual cases made the news, and started to have chilling effects amongst the underground. When we heard the story of what happned to Tron (http://en.wikipedia.org/wiki/Tron_(hacker)) and his all-but-certain death as a result of dealing with orgcrime, several of us put together a T-shirt in his honor, reading:
"If You're So `Leet, Why Aren't You Dead?"
It was around this time that the dotcom boom was, well, booming, and myself and many many many others, all decided that from here on out we were utterly legit; we took the experience we'd accrued over the years, pursued rewarding careers in Infosecurity.... in the face of more dangerous bad guys than we had ever been, we became the good guys. The High Plains Drifter puts on the Sheriff's badge and settles down to look after a local town. By the mid-90's my days as a rebel on the borders, were over and done with.
Unfortunately, my story is not universal; I remember my time in the Amiga Demoscene very vividly, we had no access to the internet, but we still managed international communication. The BBS scene was alive and strong, but many of us could not even afford a modem, we used, horror of horrors, the postal system. I learned a lot in those early days, my first exposure to a truly international culture. No longer did my world stop at the limits of the small English mining town I grew up in; The Amiga Demoscene cast a wide net, throughout all of Europe.. including the parts that weren't part of the EU yet; And back in those early days, I made contact, and friends, with many people in Eastern Europe; at the time, the fallout effects of the civil wars in Yugoslavia and Czechoslovakia were still ongoing (yes, those names were still the names of those countries back then, barely), and for the first time, this was not just something on the news, but real people, with real lives, I was talking with; of course, they had time to engage in their own pursuits, war was not a day to day reality for them any more by this time; but, they were Eastern Europeans, in their late teens, early twenties, with a solid education, a passion for technology.
I've been raiding the archives of previous versions of 1211.net, sorting and reindexing, Will be bringing up a lot more material back online here in the weeks before I leave for Defcon. The Museum section especially has been a journey down memory lane for me: much of this content was assembled before the days of wiikipedia (and individually-created websites on specialist subjects were the only source of information about some of these people). In many ways, I think a lot of this old content of mine is going to be reborn as something of my own tribute to some of these subject. After all, this is my website, and I'm not subject to wikipedia's rules about Neutral Point-Of-View, now am I ?!
So I recently discover http://www.opensiem.com. they've got a good notion, getting the siem community together and talking some more in public, sharing correlations, log info, etc. Head on over, sign up and start talking.
So Hacker News Network (www.hackernews.com) closed shop (for the second time) this week. Sad to see them go, I enjoyed the well-produced video format (podcasts are nice and all, but HNN filled a slot that no one else has ever occupied to my knowledge). Well, it got a good 2+ year run after its resurrection, and I enjoyed every minute of it, Tam and SpaceRogue made a damn good little production there, and I'll miss Rogue's snark, and his, err 'distinctive' spelling and pronunciations of things :).
And the shades, everyone should present shows while wearing shades.
Well, I hope someone else takes up the mantle and produces an infosec videocast to fill the vacuum left by HNN's passing. Yes, I admit that I considered HNN more entertainment (in a good way) than information; everyone deserves their own targeted programming, even infosec people. Ahh well, my wednesday nights just got a little less entertaining.
In related musings, Infosec Daily goes from strength to strength, and has essentially become my new favorite podcast now. (until one of the others buys my favor by inviting me on - ISD, you can beat others to the punch here, hint hint!)
On that note, back to working on things worthy of people's interest...
Indi has posted the final speakers list for BSides LV 2011 up to the BSides page (http://www.securitybsides.com/w/page/37015560/BSidesLV-2011). Interesting stuff all around, definitely indicative of the growing movement within the infosec community to bring ourselves out of the dark ages and evolve infosec from voodoo to alchemy. A major theme, and one close to my heart, is the idea of infosec evolving to align and interface with management more, and provide more value to the business (Adam Ely's scheduled talk : "Exploiting Management For Fun and Profit or Management is not stupid, you are"). Now as a stats-and-metrics nerd, I've been grinding an axe over how infosec has access to data that can seriously empower Business Intelligence, for the better part of a decade, but I know that's really just the tip of the iceberg for what I think we're going to see people identify as ways that infosec can empower and enable other business units and processes. The great thing about being in this community, there's no shortage of truly great ideas coming out of left field here; like all good hackers, we see a need and build a solution that we'd want to use ourselves.
Of course, SCADA and Cloud make their customary appearance as topics here too, no surprise, they're receiving a lot of press, and a lot of hyperbole and spin. SCADA is old as the hills, and Cloud is old as the hills too, but both are moving into new areas in the traditional manner of "Build first - test later", and there are serious questions about both that are being ignored, or just fly right over the heads of the powers that be. New Technology has always been about introducing unforeseen risks. As William Gibson once prophetically wrote - "The Street Finds its own use for Technology".
Now I've got some more free time, and a few eager suckers willing to collaborate on a project or two, it's time to get the TRAC pages for them setup over at http://projects.1211.net/ - starting out with them private at first while I get the basics up and running, but I'll open up some of them to the public shortly.
Teaser alert; one of them will be an XBox Indie Game project.
