log inhelp

 | 

  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

David

Page history last edited by PBworks 16 years, 5 months ago

 

Drugs and Conspiracy

I was talking to OncoMouse today about the simultaneous appearance of drugs and conspiracy today in Scanner Darkly and Brave New World. In both, unless I misunderstood them (possible), we find out that a prevalent drug, which cannot be resisted once taken, is being used as a form of control. Seems like what we see is something like the trend in psychology that mobius has been talking about in which psychoanalysis became a possible form of mind control, then behaviorist conditioning, then psychopharmacology. In the last instance, the control, though, is more insidious in that it does not operate quite the same way. Even with disciplinary spaces, which can affect anyone and are not therefore only effective on specific targets, as with psychoanalytic brainwashing or purposeful Pavlovian conditioning, the drug sits and waits. Effect ready, just add water. The Matrix is kind of weird in this regard because, in that case, the pills have opposite effects: they either make you forget and buy into the world or free you from buying into it. These two drug effects seem to me to map onto drug-as-perspective-changer and drug-as-slave-maker, and God bless Keanu reeves for, once again, choosing to take drugs in a fun movie. It is worth pointing out that the pill he takes in the Matrix produces psychadelic sensations. I'm just thinking out loud about the drug as tool of conspiracy--in the case of The Matrix, the rebels. It exerts a fascination because it is like the super-psychologist. It produces psychological effects right away.

 

Forms of Resistance?

Data collection is prevalent. The paranoid find reasons to worry about its collection. Others just get irritated at telemarketing phone calls.

 

Liz Pulliam Weston reported for MSN Money that the Federal Trade Commission (FTC)'s "Do Not Call List," created in 2003, was meant to drop certain phone numbers every five years or so. Disconnected numbers and transferred numbers (like new cell phones) would also not appear on the list. As such, the millions who signed up in 2003 would be due to sign up again or receive the calls again. In all likelihood, they would just get the calls and be pissed off. Congress evidently finds this outcome likely, as well, because it is planning to protect the list and make it permanent.

 

What does this have to do with the society of control? Well, in the same story, Weston reports that the list (maintained at DoNotCall.gov) has greatly reduced telemarketing calls for those participating (3 out of every 4 American adults)--and that you can do more.

 

If you want to

cut down on credit card ads coming to you in the mail, OptOut.

get off junk mail lists, see DMAChoice.org.

have a professional service remove you from marketing lists, see StopTheJunkMail.com.

or even freeze your credit report so that it cannot be viewed under most circumstances, see FinancialPrivacyNow.org or TrueCredit.com.

 

Taking yourself off lists and making your information more difficult to use, transfer, or access is possible. Obviously none of these websites limits governmental access to or gathering of information. In the case of governmental interference with commercial marketing, you are actually signing up for a list and giving your information again. That said, we can clearly see that all information is not all information, and that some forms of resistance to information gathering and use are possible. What are we to make of it? If there is no such thing as resistance, what is this? These sites are surely marketed as forms of personal control / resistance.

 

 

 

I am, of course, still laughing about that story. Perhaps the best part is the use of "professionalism." In this instance, it seems no different from "politeness," not saying something, true or false, that might offend a person. Speaking of turning our profession into a group of people whose main concern is not to offend each other, I am currently reading Richard Levin's New Readings vs. Old Plays: Recent Trends in the Reinterpretation of English Renaissance Drama (1979) for another class and found Levin talking about basically the same thing:

Many people undoubtedly also feel that criticizing a critic's approach would be a breach of professional etiquette. Although it is quite acceptable to controvert the work of our colleagues in private conversation and, as was just noted, even in print, briefly (and usually decorously) in our introductions and footnotes, we are not accustomed to seeing a full-scale, systematic investigation directed against them. The prevailing attitude in much of the critical arena today seems to be "live and let live" [. . .] But this attitude is a perversion of true academic freedom, which guarantees us the right to present our findings to the public, but surely does not guarantee these readings the right to escape scrutiny, even impolite scrutiny. If the interpretation of literature really matters--and this is the fundamental faith of all criticism--then it must be important to challenge a dubious interpretation, and still more important to challenge a dubious approach to interpretation. [. . .] I believe that the situation calls for an investigation, for a long and hard look at the methods of interprtation which have brought us to this pass, even if that be considered bad manners. (7-8)

 

That's a long quote, but you really should read the whole thing, especially if you know the story mobius told in class that I am relating this to. The point is that, without challenging our peers on very fundamental, potentially upsetting grounds, we are complicit in their shoddy scholarship--or simple craziness. Mobius's example of the woman asserting truisms about Timothy Leary without the first bit of evidence also makes this point. The woman, challenged to substantiate her claims, ruffled and became irritated. What for? Falsifiability is only so false. Untenable assertions are still disprovable and certainly disregardable (disarrangeable?). The relationship of good manners to critical practice is a dangerous one. While I don't think anyone particularly wants fistfights at conferences or senseless namecalling for its own sake in print, such things are not really useful critical enterprises, anyway. The "bad manners" we are talking about is simply holding a peer accountable for his or her own methods. Doing so is really only upsetting if those methods are shaky at best. A person ought to be able to defend his or her claims, especially those made as a professional at a professional conference. Expecting everyone to solemnly (and boredly) nod their heads while a person speaks and then move on produces conferences in which no conferencing takes place beyond solemn nodding and no listening. &c.

 

At any rate, my objections to the equation of politeness with professionalism are clear, by this point, and so should be the implications. I salute mobius for holding people accountable. Biatch! indeed.

 

Psychoanalyzing Andrew

Some might have noticed that Andrew Pilsch sketches football plays when he thinks. I haven't seen a notebook of his that doesn't have a bunch of these things. Let's see if we can't get inside Andrew's head by studying the graphical representations of football plays. Surely there is a one-to-one correspondence between the two.

 

Fig. 1 Andrew at Peace, Before Thought

 

Witness the above graphic (Fig. 1). Although surely not all thought begins with this lineup, the idea here is that we have formations but no movement. A perfectly calm, stable mental state. Andrew sometimes draws these--but not often. And, one must realize, he often draws movement onto these later anyway. A repressed revisionism? Seems likely.

 

 

 

Fig. 2 A Critical Muddle...?

 

Andrew did not in fact write this play. We will have to make an analogical leap from this particular example to a general theory of Andrew-football-playwriting. In this play, as is plainly obvious, the offensive players are running mostly straight ahead but not for any particularly useful reason. The quarterback (QB) is going to sneak the ball anyway, so who cares? The rest is just a distraction from the QB sneak. The whole play rides on three blockers. If those blocks go well, the QB should get at least five yards, if not more. Assuming that Andrew had written this play, we could say that his thought process at the time involved ostensible clutter that masks a hidden, direct intention.

 

As another example, consider the following example:

 

Fig. 3 The Triple Option Pitch: Or, Third Space Criticism

 

In this play, the QB might hand the ball to either of the backs or just run it up the side himself (herself?). Ideally, the QB will fake a handoff to the back running up past him and then "pitch" it to the half-circle running all the way across the field. The beauty here is that the safety ("SS") should see the QB running up, square off against him, and then turn awkwardly away from the back running to the QB's right. Or not. But either way, one defender and two runners is a decided advantage for the offense. If the QB is free to run, he does so, and the defender is an idiot. If the defender lines up with the QB, the QB pitches the ball to the free man, and all is well. Ideally that guy runs out of bounds before being tackled and stops the clock. All good things.

 

Andrew draws these plays with alarming regularity. What if anything can we say about his cognitive state during such a period? Well, one thing is obvious. He means to keep his options open and leave himself an out should he meet opposition. These plays show him anticipating antagonism. Clearly a figure of much mystery and anxiety. The tripleness of the option ostensibly indicates his ongoing commitment to liminal space studies (I mean, you have barely any peripheral vision with a football helmet on--if that isn't liminality, I don't know what is). Unlike a characteristically structuralist offense, which runs the ball up the middle and simply overpowers the defenders until they are waving white flags and saying, "yes, yes, fine," or a particularly Marxist, dialectic offense, typified by A) passing routes but also B) the possibility a QB would just run with the ball, Andrew's choice of the option triple option offense suggests not an "either, or" offense but a "both, and offense." And of course all these offenses should be distinguished from the poststructuralist offense, which looks like this:

 

Fig. 4 Man Sacks God for a 5 Yard Loss

 

This image should be self-explanatory. If God is the word, but signs are arbitrary, then God is not God, just a word. 5 yard loss. 2nd down. Gotta love him for coming back to play again every Sunday, though.

 

Jesus clearly has o-line trouble. Like the St. Louis Rams. - OncoMouse

 

 

Lib Kooks

I found an interesting book rebuttal (as opposed to a review) on the web in blog form. The writer attempts, as he says, "meet and beat these bastards [i.e. "the lib kooks"] on their own playground." Take a look at http://sayanythingblog.com/readers/entry/a_society_of_control_only_in_the_minds_of_academic_lib_kooks/ for the full article.

 

The book that the blogger objects to is Hardt and Negri's Empire, particularly their reimagining empire in terms of the society of control. I have to say right up front that I don't really understand this guy's argument because he does not define his terms, and I am not familiar with them, if anyone is. He opposes "Empire" and "the society of control" with "the sovereign states model" and "nationalism." I'm not sure why these things are oppositional. In the case of British imperialism in the early nineteenth century, competing forms of nationalism produces different narratives to explain imperial expansion. Thomas Macalay epitomized the Anglicist position in his Minute on Indian Education (1835): "It is impossible for us, with our limited means, to attempt to educate the body of the people. We must at present do our best to form a class who may be interpreters between us and the millions whom we govern; a class of persons, Indian in blood and colour, but English in taste, in opinions, in morals, and in intellect. To that class we may leave it to refine the vernacular dialects of the country, to enrich those dialects with terms of science borrowed from the Western nomenclature, and to render them by degrees fit vehicles for conveying knowledge to the great mass of the population." Rather than fracturing nationalism, as the blogger seems to think empire would do, Macaulay's supremist comments ennoble English culture at India's expense. Thus the self-congratulatory nationalistic bravado authorizes imperial expansion.

 

The heart of the blogger's argument seems to be that sovereign states exist and empire does not, except that he frequently concedes points of the argument he is rebutting. My purpose in posting the link above is to hear what other people think of this guy's rebuttal. Does he make sense to other people? He's on about something, but I lose him when he starts saying that Iran rejects "biopower," something that its administration probably doesn't know about in a strictly Foucaultian sense. Hard to say. At any rate, here's an argument supposedly against sci-fi reading postmodernists. Happy to hear what it's merits are, or even what it is doing.

 

 

Identity Theft is a Marketing Tool

We talked a little today about how credit card companies deal with identity theft but also the kinds of authentication technologies they use during transactions. Marketing strategies put forward by said companies appear to fly in the face of security concerns and fraud protection. If identity theft is really such a problem, why not increase security checks, make authentication more difficult, and attack identity theft head on, rather than focusing on convenient purchasing. Some potential answers come from comparing two aspects of the credit card business: fraud protection and marketing strategies. My examples will come almost exclusively from Chase Card Services, the company with which I am familiar.

 

First, let's talk about identity theft. Chase acknowledges identity theft as a major concern of its cardholders. It pretty much has to, at this point, what with all the commercials promoting the danger of the theft. One of their solutions to the problem is called Fraud Detector. This service, which costs about 8 dollars a month, is essentially a form of insurance, as the Chase site makes clear in its bulleted list of service benefits:

 

What are the benefits with the identity theft insurance?1

 

 

 

The first point on the list might seem unrelated, but it doesn't mean "time off work" in the way that a payment protector service might. It refers not to periods of unemployment but to time you need off work to straighten out the theft issue. Not a bad thing to have. Notice that the insurance covers the costs of disputing identity theft but does not say anything about how you do the disputing. A paragraph defining identity theft earlier in the FAQ hints that telephone agents will help you do so:

 

Identity theft occurs when someone obtains personal information about you, such as your name and Social Security number, and open accounts in your name. Often, it can be many months before the crime is discovered, and by then, your credit can be ruined. With Chase Fraud DetectorSM, our Fraud Advisors help you work with your creditors to restore your credit, and you are also eligible to receive reimbursement for qualified identity fraud related expenses (up to $25,000).

 

 

Unfortunately, the reality of the process is not spelled out here. Assuming that the scenario in this description takes place, and a few months have gone by before a person becomes aware of the fraudulent charges. The usual notification comes not from fraud protector but from collections, as one might guess. By this point, the cardholder's account is past due and requires payment. A telephone agent on a dialer system calls with no knowledge of the account, since presumably no contact has been made before, and therefore no notes exist on the cardholder's file, and the collector ("Customer Support Associate") just right into his or her spiel. On average, full time collectors make (or are supposed to make, anyway) 30 calls per hour and, ideally, talk to 2-3 cardholders, if the account is not too far past due. In other words, the collector's process is automated. The cardholder, not knowing that charges have been made, gets the standard "Hi, make payments on your account" opening and becomes confused. Now the situation gets ugly because the cardholder will respond that he or she does not know about these charges. The collector has obviously heard this one before and is unlikely to believe the cardholder. Without going into too much detail here, we can at least say that the cardholder is now in a process that does not fit his or her predicament, and the telephone agent to whom he or she is speaking is not trained to provide solutions to the problem. Cross department communication is very poor, since the collector would be replaced immediately by the bank if an automated collections machine were possible. Best case scenario: the cardholder sticks to his or her guns that the charges are fraudulent, resists the collectors pressure to make a payment on the past due account, and is transferred to the fraud department (which closes at 5pm). Unfortunately, when fraud opens a case file, they do not take that account out of the dialer system, so the cardholder gets called again the next day, as is company policy. During this period, fees, interest, and negative credit reporting (CBR) continue to take place--all of which, despite what the collector might think or say, can be fixed retroactively, though they almost never are. The beaurocracy involved consists of at least three departments, sometimes more, and a massive amount of misinformation, as is the necessarily the result of a large beaurocratic structure that lacks easily accessed, centralized, updated policy and process information.

 

What a mess. In most cases, the cardholder ends up with charges, fees, interest, and CBR that they are responsible for. If they have the fraud insurance, they are eligible, not guaranteed, to be reimbursed by Chase for the time and materials needed to dispute these things, but they don't get special help doing so and have to deal with collections activity just like everyone else. Usually the collectors are persuasive enough to get the people to pay for the charges and thus assume responsibility for them. If the service doesn't really protect people from fraud or help them resolve fraud related issues, why then does it exist? Because it costs 8 dollars a month.

 

Marketing actually plays a huge role in generating identity theft. Chase blink is their new authentication system that they are compensating retailers for using (such as McDonald's). Blink is basically a chip that authenticates the transaction the way the magnetic strip used to. Gas stations have been using this technology for a while and calling it "pay pass," "fast pass," etc. It was easier for them to introduce because they were the proprietors of their own points of sale (the gas pumps). Getting other people to switch over to blink technology requires bribing them, and customers too. So Chase offers cash back and all sorts of other things if you use one of those cards. Gotta get the technology out there. Blink should probably have the cardholder's picture on it, at least. It doesn't. How come? Wouldn't including a picture be easy? Not as easy as it needs to be. Cardholders mostly do not like having to submit pictures of themselves, particularly in the required formats and sizes necessary, when filling out credit card applications. Most credit card applications are not filled out as part of a larger personal financial strategy so much as in response to affect--marketing materials that promise short-term benefits, online offers made during checkout, or just to get a free tshirt on a college campus. Complicating that process would make sense. Taking out a secured loan (something involving collateral, like a house or car loan) is a pain for a reason. But you can potentially get even more money in the form of a revolving credit loan (the credit card) with a few button clicks. The name of the game is not safely gauging potential cardmember's credit worthiness so much as just disseminating the cards, which are not at all unlike library books: you only make money on them when people mishandle them.

 

So Chase stands to make more money by promoting increases in convenience and decreases in security (read: hassle) at points of sale both in the generation of use and the greater chance of misuse. Credit card companies live and die by their collections departments because they do almost nothing to pick safe investments, cardholders who are likely to stay within the terms of the loan and not incur fees. Why else would such companies happily distribute thousands of dollars of unsecured credit to college students without jobs? Simple answer: they can collect on that money from parents. Credit card companies manage risk through their collections strategies, not through their evaluations of credit worthiness, which are almost all done by computers using factors that determine the terms of the loan. The simple fact is that if you took out a credit card and paid it off before the 29 or 30 days before which interest begins to accrue on the charge, you could effectively enjoy a line of credit at no cost to yourself. You would also generate no income for the bank. Visa or mastercard, as providers of information networks, might make some money from the retailers who had to pay them a percentage of the sale to use the network, but the banks providing the money would not. And even if they did get a piece of the sale, it would never cover the cost of marketing materials, staffing calling sites, paying for phone lines, etc. etc. etc. that go into getting that card into your hand.

 

In other words, identity theft scare tactics are not meant to produce self-policing, informed cardholders. They do however sell fraud protector for 8 dollars a month--a great way to make some money even off those damned people who stay within the terms of the loan and do not incur fees and interest. Identity theft is a marketing tool.

 

 

Hooray for creative commons licenses. I put this one on my page to protect my sweet ramblings from being turned into a major motion picture, novel, soundtrack of a major motion picture adaptation of a novel, etc.

 

Creative Commons License

This wiki is licensed under a Creative Commons Attribution-Share Alike 3.0 License.

 

 

Long Story about How I Got into Hacking and Programming

Part 1: AOL, Proggies, and Script Kiddies

 

I love the Social Engineering FAQ. I know he says not to be technical, but I'll add two points of clarification, for anyone who read that thing and did not understand the terms. A "proggie" is a program, usually a script, used as an exploit. I found out about these when I first started banging around with AOL back in the early 90s before being on the internet was cool or people knew what email was. I mostly hung out in the chat rooms. I was still too young to drive, and the TV advertisements for AOL basically said the chat rooms would put me in touch with everyone in the world, so I liked the sound of that.

 

Turned out the chat rooms were mostly forums for other youngins to behave badly anonymously, and sometimes the "scrolling" (many lines of chat text issued in rapid succession, either to flood/annoy or to make a large, complicated statement) made the chat rooms unusable for chatting. Most times, the scrolling involved an advertisement for a program the person was using that was enabling them to flood, etc. Sometimes you would see a message advertising that a "mass mail" was going out and to type whatever keyword to get your name on the list. Usually you would get 50-200 forwarded emails with attachments. Some were exactly these same kinds of "proggies," some were mp3s, etc. You could distribute anything this way because AOL had you upload your files to their servers when you sent an email, then the file stayed accessible for a fairly long time, and you could set your email to download all attachments overnight while you went to bed.

 

All the proggies were basically AOL addons written in MS Visual Basic. VB is great for making windows addons and requires very little programming knowledge for basic things (hence the name). The addons were all essentially automatized social engineering or system hacking of some sort for various purposes. This bring me to the second term, "script kiddie," which is a person who uses a program but actually has no idea how to do what the program is doing on his/her own. Powerless without the program.

 

Well, the programs and the way they were distributed so randomly created an entire class of people called script kiddies who had pretty much the same power as those who understood how they worked and could do without them. On AOL, this wasn't a huge problem. All the proggies could do was a variety of fairly harmless weapon exploits and some convenience things. You could punt, which involved sending someone a ton of instant messages and laging them offline or locking up their system by exploiting the fact that AOL used to load HTML in an instant message, rather than just reproducing it as code. If I sent someone an IM box full of "

," then their IM window loaded header 3, which took about one-half to a full second to do, over a hundred times per IM. You only had to send like 5 or 6 of these to do the job. These were popular for obvious reasons. You could TOS (terms of service), which meant sending a contrived mail message to AOL Terms of Service about something a person had done. Fill in their name, and the program writes the email. Obviously AOL caught on to these really fast, but they would work in early stages of a program and get people suspended from AOL for a while. A PWS is a password stealer. It looked like a legit AOL program but didn't do anything when you ran it... except load itself into the background and email your password to its maker when you logged in. I used to use these as anti-script kiddie tools by packaging them with a bunch of nonsense DLL (dynamic link library) files and other garbage to make it look like a real program. Everyone knew by this point that PWS files were 24KB and stood alone, so some people would fall for this, and I'd call it a "virus lab," so I was really only hitting people who thought making viruses would be fun. There would also be a silly version of a phisher, which would basically IM someone and claim to need their credit card number or password for something official, very basic social engineering. Really bad idea to do this from your family account because then, when the person reports you for being a fool, AOL "terms" your account, and your mom gets mad at you. Best to use the passwords you got in your email from your PWS and have someone else's account screwed up. AOL didn't log IPs, or if they did they didn't care.

 

Part 2: I Become *.*WoNDeR*.*

Well after a while, the makers of the more popular programs became, in retrospect, absurdly famous. They usually wrote their names in "LeeTo CaPS," which just means capital consonants and lower case vowels. MaGuS was easily the most famous. He wrote FATE, in multiple versions, and it was a "full prog," meaning it did a little bit of everything. Mostly people liked it because its mass mailer was reliable. As time went on, people relied less on FATE because the individual functions were performed better by specialized programs (mass mailers like Soylent Green and Ice Drop, etc.). But he was Michael Jackson famous on AOL. In fact, if you tried to send an email to magus@AOL.com, you risked getting a terms of service violation, and it said that no such name was possible. AOL was not trying to hide its antipathy for this guy.

I actually can't remember how I met wonder. I was in a chatroom for something programming related, and he was in there, obviously not on a screen name that indicated who he was. For a long time, the most effective, dangerous, and popular punter was Apathy by Wonder. He basically made punters famous and was one of the first developers of specialized programs. Before him, people just used FATE or one of the other fulls. Well, he and I get into a conversation about subclassing windows, which was his big claim to fame, and he said that he was going off to college and would not be able to keep up with his AOL life. So, he asked me to take it over for him. I, of course, peed my pants and said yes. I couldn't have been older than 13 and had no idea what I was getting myself into. He said cool and over the next few days sent me his VB files for apathy, so I could continue to develop it, explained how it worked, gave me suggestions for possible new directions, and, most importantly, introduced me to the AOL world as wonder. All the big name programmers used to hang out in NeSS, a chatroom that changed locations every night for security reasons. My first night was lochness, then sadness, happiness, etc. Logging into that room for the first time, I was really happy to have had the real wonder with me because I totally made a fool out of myself. The custom was to put your programmer name as your screen name and just spell it backwards, so that we knew who you were and authorities wouldn't. And I completely freaked out when I saw sugam (magus) in the list. There were others, too, and having them all in one places was overwhelming for a noob like me. The previous wonder introduced me around, explained what was going on, and I found out that this kind of handoff was actually not uncommon. The others offered to help me get my programming skill up to par. It was not unlike having a new editor take over a section of the Norton or a popular textbook or reference. The group could have just let Apathy go obsolete and not find someone to maintain it--same for the persona--but the group valued the continuation of both, which served a purpose, however minor.

 

A few months and lots of books on VB later, I released the Apathy Next (no leeto caps: I was so over that), which was a punter that expanded to have a lot of convenience options (it could even telnet and display image files, which at the time was a hassle to do). Not long after, a new punter came out came out that overtook apathy in popularity for the first time. I can't remember what it was called, but the developer was sinkhole. I remember seeing this thing advertised in chatrooms, so I got my hands on it. Unlike NeSS stuff, this was written in C and did not rely on a lot of DLLs and other stuff. My punter was like 5mbs back when people were using dial-ups. His was 40KB. Elegant, effective, and much less dependent on subclassing (the particular appearance of AOL's windows, which were subject to change and would thus ruin your program), that program pissed me off. So I went looking for this guy. I found out through the grapevine that he hung out on IRC and never came on AOL, so I downloaded the program and figured I would go tell him off (I'm 13ish, remember).

 

Part 3: Reality Check; or, David Gets wtfpwnt

 

AOL had a bunch of "mass mail groups." They had two functions: uploading files to emails and mailing them out. Anyone could upload random crap to emails or forward on emails they already had, but these groups were taking distribution of files through AOL email seriously. At the time, I had no idea how this worked. What did I care? They sent out my program. Good enough. Well, a big reality check was coming. The people who ran a very large, sophisticated, and expensive world of file sharing (called "warez," which is "wares" with a z, not "juarez," as I have actually heard it said) were not in fact AOLers. They lived on IRC (internet relay chat), which I had never even heard of. An important question had never come to mind: how the hell did these "distro groups" get video games, office programs, etc. so soon after they came out (sometimes before) in order to mail them out? I knew that if you joined the chatroom UPSS (the mailing side of the group UPS), you could get added to their mail list and get lots of neat stuff, but I didn't think at all about where THEY got it. Turns out they got their stuff from "0 day warez ftps," or large servers with files available for download the day the programs were officially released. In other words, UPS/UPSS was just the AOL distribution branch of a large file sharing operation, and there were tons of them.

 

Sinkhole was in the IRC channel #legion, which was one of these AOL distro groups. I went in there and got kind of confused because I saw sinkhole, sinkhole-, sinkhole_, _sinkhole, etc. Not sure which was him, I just said something stupid about how I was looking for this a-hole, etc. And a couple of the guys in there laughed at me. After a bit, he said something and politely introduced himself. Not knowing any better, I sassed him, and almost immediately my screen went blue. After pressing "any key," AOL, IRC, all that stuff was no longer open, and I was not online. I thought what the hell, so I rebooted, signed back on, went back into #legion, and bam--blue. Did this at least 3-4 times before I realized going into #legion was pretty much the cause. This was the beginning of David's computer getting raped by script kiddies with real weapons. The blue screen was caused by Winnuke, a completely basic exploit that almost never worked on anyone because only idiots were not patched to resist it. One of the people in legion took mercy on me and explained this, got me the patch, etc. I didn't learn my lesson, though, and went back in there, patched and feeling invincible again, and mouthed off some more. This time, my mouse froze. I preferred the blue screen, at this point. I had just met D00M, another completely patchable exploit that only noobs fell for. Sinkhole just couldn't have been laughing harder by this point. Turns out, he wasn't even the guy who was doing this. Others were. The things HE could do, I later found out, went far beyond typing winnuke.c into a unix command prompt.

 

I guess seeing me get DOSed (denial of service) so many times aroused their pity because people basically told me to shut up and helped me get patched for the basic exploits while explaining what had been happening. On AOL, you can't see anyone's hostname or their IP, both of which are readily available on IRC. Hence IRC was MUCH more dangerous. I was so stunned by this experience, I never really went back to AOL. I stayed on IRC and kissed up to sinkhole shamelessly. He started teaching me to write in C, and we developed a mass mailing program for legion together. Turned out he and his clique hung out with legion mostly as bodyguards and for vanity. On EFNet, the IRC network we used, operator status of a channel could be given or taken away only by an operator, and it required that you be online to maintain. If you signed off or left the room, you lost "ops," which was indicated by an @ sign in front of your name (e.g. @wonder in #legion means I was an op in legion, which never happened, of course). A "takeover group," basically a bunch of hackers with fast lines, could come in, DOS you and your friends, then take over op status, and hold it with their botnet. Then they would set the channel to invite only, and that was that. People would then type /who hacker and see @hacker in your channel, which that person would use for vanity, bragging rights. Needless to say, if you took over #legion, set it +invite, and someone could /who you, and see you had ops there, it meant you had dropped sinkhole and his friends. Very cool. But #mp3, #warez, #trade, and other channels were much more important, and the groups that ran those usually kept them open to show off. Being the group that owned a very popular, high population distribution channel like #leech was huge for a group's vanity. Why does this matter? Glad you asked.

 

Jumping forward a few years, David has learned a lot and is now hanging out with his own group of meanies. Sinkhole and his group are so dangerous at this point that they make their own group called "noname" and hang out in #dweeb. My friends start a group called Chrome and start taking channels away from the established groups. How does one do this? Two answers: hack their botnet, or be a packet warrior (a person who uses high bandwidth denial of service attacks). The class distinction comes into play here. Script kiddies can't hack botnets. They don't know how to hack. But they can type "smurf ip.ip.ip.ip" and wait. IRC was a chat service that required two sides, a daemon, running on a server, and a client program, on your computer. The daemon told all the clients what they should be seeing, etc. But, for the sake of redundancy and load handling, EFnet, which was huge, had a lot of servers that were networked. A few were hubs, most were links to those hubs. So a hierarchy might look like this:

 

Lightning.net

-> cmu.edu

-> psu.edu

-> comcast.net

 

This would mean lightning.net was the hub that linked the others to the network. If lightning's server disconnects, all its links go with it. Heh. So... you have options. Hit cmu.edu, "split it off" from the network, then log into IRC on their network. While it is disconnected, it won't see all the other people in #legion, so it will give you ops. IDEALLY, when it rejoins the network, it will be told by the other servers that, in fact, you do not have ops in #legion and will deop you and show you the people who really do. Too bad it does not work that way. Instead, you keep ops, and so do they. That's when your program that you have set to "mass deop" #legion executes and "takes over" the channel. To pull this off, you basically need a faster connection than anyone else in the room because the bots, which are like automated users that log into EFnet and can be told what to do (mostly just useful for staying online and keeping ops, or sending files), will look for ops they don't recognize and deop them immediately (real handy if your friend tries to give someone ops in a high-security channel). So, for a chatroom that has like 30+ ops, you have to be a superstud to pull this off or have a few friends come with you (much more common). In other words, because of vanity and channel wars among packet warrior takeover groups, every day links to EFnet were getting denial of service attacks, costing them thousands upon thousands of dollars in wasted bandwidth, just so people could exploit this networking error. A bunch of kids, mostly under 18, were blowing millions of dollars in order to say "nyah nyah." A lot of them went to jail, had their stuff confiscated, had to pay big fines, etc. A lot of them are still in jail today. And, if you were notorious enough, the server operators, or admins, would "g:line" you, which was a global ban, and they wouldn't ban your hostname, which you could easily change by logging into another machine or telnetting. They knew all about vanity and would ban your name. /gline *rolex* would make rolex's name impossible because the wildcards before and after it meant _rolex, rolex-, etc were all banned. That gline existed when I was there. Rolex was a huge packet warrior for TnT. It may be there today.

 

The distinction between script kiddies and, well, knowledgeable users is the important thing to draw from this story. The most famous and powerful takeover groups were always afraid of knowledgeable users. One example will illustrate why. Noname was never a takeover group, per se. They were not into vanity. If you did not know chlorine, sinkhole, drmengele, etc., you were just an idiot, at that point. Most of the takeover groups would have oped them anywhere they wanted to go anyway. They were, mostly, students at MIT, CMU, CIT, and other top computer engineering programs around the nation. While youngins used programs they wrote in packet wars, got caught, and disappeared, they went nowhere. They rarely targeted anyone, and if they did, they didn't leave traces of anything illegal. More importantly, they didn't really need packets. Once, #shells got taken over by Tnt, probably the most powerful group at the time. They had the most high-profile channels and a huge botnet of over 100 fast lines. I think rolex had been banned by this point, but they had plenty of good people. Drmengele went into #shells and asked that TnT return it to its previous owner, who had had it for a long time. Their senior people must not have been around because mengele got a bunch of lip from TnT. About twenty minutes later, the massive TnT botnet signed off of IRC--not just leaving #shells but EVERYTHING wide open. But, before it did so, it gave the noname bots ops in its channels. As they logged off, they all did so with a signoff message of "noname," which looks like *** bot1 has signed off (noname). No denial of service attacks were necessary. Mengele had taken over their botnet, redistributed admin rights, and made the members of TnT foreign to their own bots. Essentially, TnT's botnet took over its own channels on mengele's behalf. It had been disasterously easy for him to do. Why? He knew how to hack and how to invent new exploits, not just how to run programs.

 

One last example of why packet warriors, even if they were just adolescents, had to be taken really seriously. The leader of chrome, a guy who went by doors, was one of those guys who relied on knowledge. He was a hacker, though, not a programmer. I, on the other hand, never hacked but wrote exploits that the script kiddies used. I'd find stuff on bugtraq, hfactorx.org, 2600.net, etc. and write it up in C, always a proggie developer at heart. Well, doors and I had a friendly rivalry, and he used to like to hold over me the fact that he was a big packet warrior and had tons of bandwidth, whereas I had none, really. But, because I always masked by IP by telneting before connected to IRC or using a "bounce," which just means using someone else's computer to log into IRC but still through your own IRC client, he couldn't see do anything to me. Well one day, one of my friends let slip that I used MSN for my dial up. He knew I lived in Texas because we were friendly for years, so he found out that uu.net was MSN's backbone in Texas. He wanted to show off by DOSing me but didn't have my particular IP. The solution? Drop the main hub in Houston and wipe out MSN for all of south Texas. I couldn't get on the internet all day, and I can't imagine how much that cost a number of companies--or how many users were denied service as a result. And he had used a Sprint line to do it, which meant Sprint had lost a lot of money, too. AND, he held that router down pretty much all day to make sure I got the message. Not bad for a 16 year old, eh? The internet empowers knowledgeable users. The end. Age doesn't matter. How much money you have doesn't matter. All that counts is what you know. The minute I turned 16 and got a car, I walked away from this world forever. But I look back

 

 

The identity theft benefit provides reimbursement for certain expenses related to identity theft at no additional cost to you:

• Lost Wages as a result of time off from work.

• Notary and certified mailing costs.

• Loan application fee reimbursements for loans incorrectly denied as a result of identity theft.

• Long distance phone charges associated with reestablishing your identity.

• Fees charged by an Attorney if you need one. The attorney will be appointed by the plan.

Biatch!: or, An Affective Challenge to Complacent Critical Practice

 

Comments (0)

You don't have permission to comment on this page.

Printable version