Two things pissing me off today. First: Vitriolic and audacious comments on this otherwise awesome article about hackerspaces in STL Today. Some excerpts from the comments:
The authorities need to keep a close watch on these people. Perhaps their source of funding will be hacking bank accounts.
Trying to include teenagers can get complicated. Personally, I feel open access to tools for cyber hacking, learning how to steal passwords, and other mischief can be inappropriate at that age. Even university students get caught up trying to make a name for themselves. [ . . . ] I was a founding member of CCCKC but these are reasons I chose to leave the group. I don't want to be labeled a cyber hacker by association.
Fortunately, there's some sanity and fact-checking in the comments, too.
And then there's news about Forskningsavd (a Swedish hackerspace) getting raided for something completely unrelated to the hackerspace. Further, the seizure of property seems completely bizarre given the stated reason for police intervention.
So, I'm feeling ranty. Here's some background on how my local hackerspace deals with "Cyber hacking and other mischief"
Shortly after CCCKC's grand opening, a series of courses were taught on cyber-security. These four sessions were very popular, covering the basics such as understanding the difference between hubs and switches, and eventually covering powerful tools such as nmap, Hamster & Ferret, Metasploit, and Maltego. The courses provided enough demonstration to scare people into being more cautious while teaching them how to avoid being victimized. Nothing was covered that hasn't been hashed over online a thousand times already, but it was very cool to get a guided tour through the maze of cyber-security and to be able to tinker around in a hands-on lab environment.
Around the same time, locksport also took off. A solid-core door got drilled out, had eye-screws put into it, and became a standing board of different locks to play with. The Lock Picks & BBQ series was also a big hit. People would come out, grill some meat, and then learn about the mechanics of simple locks.
Critical thinkers absolutely love to explore dynamic boundaries, and very few boundaries are as controversial and exciting as the enigmatic balance of attack resistance vs. usability in both physical security (locks and surveillance) and information security (firewalls, encryption and vulnerability exploitation). It's no wonder some of the worlds most intelligent people have dabbled in security. Richard Feynman, for example, picked locks at Los Alamos for fun and pranks.
Now, several hackerspaces are uniting with an international VPN that's going to be much like a digital Capture The Flag game. We're calling this effort "The Warzone Project" and it'll give people a safe, isolated environment to practice their skills in information security systems.
The thing is, there's already a lot of very detailed information on the web and in books when it comes to breaking all kinds of security systems. Demonstrating them in a lab environment gives people a safe place to "get it out of their system" much like Grudge Night at the local drag strip gives teenagers a safe place to race their cars so they aren't endangering people on public roads. The lab environment also allows people to legally learn about more aspects than they could in their own homes, and to take a shot at mastery in defense by understanding both sides of an attack.
"Hackerspaces are about learning, sharing and collaboration."Folks, every hackerspace takes on a personality of its own based on what the members are interested in. Some hackerspaces focus on electronics or take an art, metal/woodworking and maker approach. Some tend to focus on programming microcontrollers or building robots. Others are busy tackling so many eclectic projects that they don't even have a core focus. They all have some things in common, though: Hackerspaces are about learning, sharing and collaboration.
Writing the code and creating the control infrastructure for a botnet takes dedication and lots of work. Poring through source code, looking for bugs and creating a working exploit is no small feat. It can take years to fully master exactly how locks work and how to manipulate the parts inside. Indeed, learning in a lab environment teaches patience. It teaches respect for the systems. Learning is hard, but it's good for you.
Compare that to the modern criminal reality: Right now, anyone in the world can rent a cadre of botnet computers for just a few dollars and use them to send spam, to host fake bank websites, to obscure their attacks or to use in a massive denial-of-service attack. Anyone can look up the latest zero-day exploits and use them for bad things. Anyone can buy a bump key and start opening about 30% of the locks that key will fit into. Subversion is easy.
If subversion is your goal, you would be silly to waste your time learning all the minutiae of systems from hackerspace denizens. Cyber criminals already know this. Apparently, some people still don't get it.
I thought I'd share a quick list of things we've worked on and had talks about lately at CCCKC:
- Assisting JayDoc, a not-for-profit medical charity for the needy
- Joined more than a dozen hackerspaces live via webcam for the synchronous hackathon.
- Projected a game of Tetris onto a wall in downtown KC
- Building, studying and using the MakerBot
- Ran tech support and helped make BarCampKC 2009 a success
- Built a Twitter-bot (that's currently on the fritz)
- Set up a silk-screen lab for emblazoning logos onto things.
- Got good press in INK KC
- Set up a MIDI music workstation
- Built a compressed air T-shirt cannon
- Got a bunch of people familiarized with Arduino programming
- GPSes, computer interfaces for them, and Geoc... "finding things people hid somewhere"
- Search engine optimization
- Hacking the car-buying process
- Intro to Craps (the casino game)
- Server/telecom racks
- Radio Controlled Toys
- E-Textiles (like gloves that work with touchscreens, LED embroidery, etc)