| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 6 Oct 2008 12:32:57 +0300
From: srl <security.research.labs@...il.com>
To: funsec@...uxbox.org, full-disclosure@...ts.grok.org.uk,
botnets@...testar.linuxbox.org
Subject: Re: pause for reflection
Frank Zappa long time ago, has written a little song about Gadi Evron and
his blog.
http://www.youtube.com/watch?v=VpfX_2G9i6w
On Sun, Oct 5, 2008 at 11:32 AM, Gadi Evron <ge@...uxbox.org> wrote:
> I started answering an email an hour ago, and it was important enough to
> spend time on. It also ended up being too long, so I dumped it in a blog
> post if you prfer reading in a web browser.
> http://gadievron.blogspot.com/2008/10/time-for-self-reflection.html
>
> Time for self reflection
> In case you don't read any of what I have to say below, read this: I have
> dual
> citizenship. Along with my homeland citizenship, I am of the Internet, and
> see
> it as my personal duty to try and make the Internet safe.
>
> Atrivo (also known as Intercage), is a network known to host criminal
> activity
> for many years, is no more.
>
> Not being sarcastic for once, this is time for some self reflection.
>
> I wish I was one of those who sleep soundly tonight. Being clear in my
> conviction that Atrivo should be out of business, and being positive my
> decision to help that happen was sound--While I would do it again, I am
> sad.
>
> I won't sleep soundly tonight, as that company, criminal and abusive as it
> clearly and contemptuously was, still sustained quite a few families in
> several
> layers of employment, from sysadmins sitting in the US of A all the way to
> minor low-level fraudsters employed by their clients' clients.
>
> I will however, be able to look myself in the mirror for my part in the
> effort to get rid of them--and even gloat some. My conscious is as clear to
> me
> as my sadness is crystal. We may not have changed the wall of battle in the
> long term and whenever one criminal falls, another jumps up to the
> opportunities of the land of the free--the Internet. But for once, just for
> a
> while, we halted the machine. We stopped the wheels of evil, even if only
> for a
> fortnight.
>
> While doing so, ee also touched some lives in a destructive fashion. The
> criminals'.
>
> No villain ever sees himself as the bad guy, as the saying goes. A friend
> recently showed me Russian language comments written on Brian Krebs' recent
> Washington Post story. In them, the posters ask: "why do you take our bread
> away?"
>
> In a lecture during ISOI 5, some folks just didn't understand the meaning.
> Their bread. Their bread. We in the Western world, behind the cultural
> divide
> speak a different language. Their culture isn't poorer than ours, it is
> unequivocally different.
>
> We can not truly comprehend what it means for some folks in Russia to no
> longer
> be able to feed their children this month. Nor can we understand that by
> sending email, we made those children starve. Cheap theatrics on my part,
> you
> say? You got that right. It doesn't make it any less true.
>
> Cyber crime is a war waged against the Western world. At first, no one even
> noticed and it was a niche.. an art. While the artists still exist, they
> are a
> minority, the hackers. For the criminals however, motive is as irrelevant
> as
> nationality. Whatever actions are taken, be it a political defacement,
> fraud or
> spam, the unavoidable secondary impact remains the same: damage to the
> Western
> economy and security in an exponential growth which will become ever
> clearer in
> the coming years.
>
> Yes, my friends. I would do the same again. I feel sorry for Atrivo, but
> they
> were harboring the equivalent for the Internet of active missile launchers
> firing on Israel from the Gaza strip. They are human beings who hit a curve
> in
> the road to their success. Cyber criminals, however, establish such growth
> as
> parasites and whatever I may feel for needing to resort to the end game
> weaponry, these people need to be smacked down like cockroaches.
>
> Ten years ago they were a pride to their parents, today they are a scourge.
> What will they be in ten years?
>
> If all reasonable and even some unreasonable approaches fail. That does not
> mean I don't have to feel sorry for them, and me. But it also doesn't mean
> we
> don't need to fight back.
>
> Not even a hundred years ago, disastrously, war was business and an
> acceptable horrifying part of life. A few years later, in 1918, war was
> unthinkable. In the century since we who live in or are influenced by
> Western culture made war no longer an option we can publicly stomach, while
> facing those who would play us like children because of it.
>
> War is horrifying and evil, it is also a last resort in a world not as
> ascendant as we would like to think. The Internet has its own "liberals"
> and I
> am proud to be one of them. However, I am also practical and see that
> wishing
> for a world we once had is not. A world where I could host files on my
> neighbor's servers openly, where children could happily use pocket
> calculators
> and go to libraries for their school work rather than Google and read
> Wikipedia. You did so, do your children?
>
> This new world has its price, and that price is a complete loss of public
> privacy, and a culture of ineffective security.
>
> We are reliant on our Auntie Jane's computer knowledge for our own
> security,
> and while not many would follow us to our bathrooms to infringe on our
> personal
> privacy, online we have no privacy, however much it helps us to lie to
> ourselves that something we do publicly (read, on the Internet) is private.
>
> I accepted that, but that is because I am in the trenches for years. Others
> live better not knowing. But it doesn't mean I won't work diligently to
> make it
> remain.. functional.
>
> Indeed, taking a step back from my niche in security, and seeing how bad
> things
> truly are--people can still surf for porn, and argue over who the best Star
> Trek captain is. Cyber crime, in all its immense activity of billions of
> incidents an hour, is background noise. But the background noise
> continually
> increases. When will it overflow?
>
> All I really want is to maintain the functionality we have, regardless of
> the
> abuse. And yet... Going back to Atrivo, they made enough money by now. And
> regardless once more, their criminal clients are already back online
> elsewhere--in some places possibly hosted by what seems like Atrivo, only
> under
> a different name.
>
> We did not win, but boy does it feel good to have a victory once in a while
> for
> morale's sake. We halted the machine, even if only just for a short time.
> That,
> my friends, also has strategic implications as far as our ability is to
> influence networks running clean on the Internet, although only time will
> determine if I am right on that.
>
> Enough whining though. Who is next on the target list? :)
>
> More seriously, why do I care so much? I have dual citizenship. Along with
> my
> homeland citizenship, I am of the Internet, and see it as my personal duty
> to
> try and make the Internet safe.
>
> Gadi Evron,
> Of the Internet.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists