A Former Script Kiddie Puts LulzSec in Perspective

Betabeat team back in the 90s

This a guest post from Brandon Diamond, who blogs at Your Startup Sucks

For one reason or another, everyone on the Internet is talking about LulzSec — the latest and, well… latest cracking sensation. Think Zero Cool meets 4chan for a very twisted, very inappropriate playdate.

Since the whole lulzy affair started, coverage has gradually increased both in frequency and righteousness. And now that LulzSec has since “abandoned ship” (crawling begrudgingly upstairs to bed without Xbox privileges for a week or longer), bloggers everywhere are suddenly locating their respective gonads.

But it’s too little, too late: the attention paid to LulzSec — a group of variously skilled crackers with a proclivity toward anarchy — is disgusting. And dangerous.

The single, key difference between LulzSec and most script kiddies is that the members of LulzSec (whom many purport are indeed youths) have been indulged by a group of “technologists” who know nothing of technology and who have indisputably encouraged all sorts of copycat dickery at the expense of everybody else.

These technologists (bloggers, writers, journalists, podcasters, youtubers, tubers, potatoes) continue to call the shots without pausing to do a lick of research or — be still my heart — bothering to learn a goddamned thing about how tech works.

Sensationalism. That’s all it amounts to. Stories are delivered by neckbeards fawning over iPads and Twitter who couldn’t even begin to explain the difference between a DDoS attack and a buffer overflow. But who really gives a shit? As long as an article generates hits and traffic and revenue, it’s all good.

But it’s not — especially to the younger members of groups like LulzSec.

Teens act out. Tech-inclined teens act out online. They make up handles, hang out on IRC, bot their Facebook friends, and swap “dox” on one another. Are these really the behaviors we should be promoting?

We’ve all been young. We’ve all made mistakes. We’ve all sought power over something small to prove that those bad grades or that fight we had with our parents doesn’t mean we’re not important.

It’s a healthy, psychological need that tends to be satisfied in an unhealthy way… if not nipped in the bud by a caring, invested support network. It’s about self worth and self confidence — and that’s it.

Which is why LulzSec is a tragedy in two parts.

First, the senseless coverage belched forth by the blogosphere has without question supercharged the script kiddie egos trying to ‘sploit — and then fuck over — the companies that we depend upon every day. Shame on Sony for having an unpatched version of Procmail on a production machine but more shame on the crackers who release the sensitive, personal information of thousands of innocent people for a quick tweak from Gawker or TechCrunch.

Second, the members of LulzSec, both youths and adults alike, will eventually be caught and will eventually face very real, very serious consequences. These crackers — though misguided — are still intelligent, capable people. That they turned their attention to virtual gangbanging is a symptom of a larger problem: we’ve created and sensationalized an image of hacking that is both immoral and dangerous.

This is a loss and failing that all technologists must confront together. We can and must build a better culture that outshines the technologically and socially backward fairytale “hacking” projected by the media.

Betabeat at work on our new machines

For a long time, I made many of the same mistakes: rooting, trojaning, ping-of-death-ing. I fancied myself a pretty elite hax0r — and my buddies on IRC generally agreed. We were all wrong, of course.

Around age fourteen, I hooked up with a researcher named “RH” at eEye — a noted security firm — and implored him to serve as something of a hacker mentor. What he taught me was the polar opposite of what I’d expected to learn: RH helped me understand just how twisted my view of the world had become. He dubbed me script kiddie and offered to plot my course to rehabilitation were I still interested. I was.

Over months of swapped emails, coding assignments, and a hefty number of O’Reilly books, I finally came to understand how to fill the void* in my heart: and it wasn’t by chortling at a system administrator with egg on her face.

No: my goal was far loftier, far less accessible, yet far sweeter. I learned to appreciate the simple beauty of a clever hack — to satisfy my curiosity by exploring and observing — to solve problems thoughtfully and with a patient hand. Most importantly, I learned to respect others and in so doing, I learned to respect myself.

The cracking scene may soon pay a steep price for what amounts to a misunderstanding of what it really means to hack. Unless we change the way we view, cover, and experience technology — that price might be ours to pay, as well.

A Former Script Kiddie Puts LulzSec in Perspective