| From: | shadowrn@*********.com (Tzeentch) |
|---|---|
| Subject: | [Matrix] Background Info on Decker Groups and Decking |
| Date: | Tue Mar 20 13:40:01 2001 |
expanded and cleaned up. Looking for comments since this material will be
expanded even more for my "Virtual Realities^3: Matrix Technology Handbook
2062 Edition" net.book. Use and abuse and lemme know what you think I should
add or change.
A DECKERS PARADISE
(>) Some of this was touched on in the Target: Matrix compilation but hey,
we could only place so much in the document before it threatened to start
crashing some of the users systems.
(>) Captain Chaos
(>) Seems you can't turn around these days without bumping into some nasty
hiding in the shadows. If you believe half of what gets posted to Shadowland
these days there is a worldwide conspiracy under every rock! Come on folks,
if you're going to post lurid details of your oh-so-scary Immortal Elfs ran
by Kurt Cobaine who lives on Saturn with the founders of Echo Mirage while
they chat with Gerry Garcia uber-conspiracy at least give a nod to the
Matrix side of the house.
(>) Kzeentch
In order to understand a decker you must understand one thing. We're
criminals. We don't usually run around with the big bang-bangs playing Mr. I
'm Such a Tough Sammie, but what can do will get us geeked just as fast as
raiding the Lone Star headquarters by yourself, naked. And prison? Don't
make me laugh. The corpers and governments have been itching to try out
their newest developments in pain therapy on someone just like us. If I didn
't know any better I would think it was a conspiracy against us humble
defenders of the datasphere! Oh the angst!
So is it any wonder that deckers use pseudonyms to hide their identities? Or
that many (including myself) would rather gnaw off their legs then meet a
Johnson in the flesh? Your privacy and anonymity is the deckers biggest
tool. Once a decker forgets that he might as well get his will in order and
draft up his obituary notice. I see a lot of obituary notices these days.
A smart decker will never use their home commcode to deck, and will avoid
any personal contact with their Johnson's, clients, and even other teammates
unless absolutely necessary. A successful decker is a paranoid decker. Their
one few advantages is they can obfuscate their identities. Even a deckers
closest personal friends on the Matrix will probably not know his or her
real name, have met in the flesh, or even really know what sex the other is.
This is not paranoia per se, but just the way things work in the
underground - it's seen as either foolhardy or a show of skill to have your
name be public knowledge.
A common misperception of the decker underground - no doubt fed by endless
streams of "expose" trideo programming on the subject - is that deckers give
one whit about information wanting to be "free." Most deckers are by nature
selfish, owing loyalty to themselves, their close personal friends, and then
the decker underground - in that order. We don't risk our lives every day in
order to educate the populace, that's the newscasters jobs, we don't care
about freeing information to the masses, the sheeple would not know true
knowledge if it hit them on the head. It is important to remember that as a
general rule we somewhat pity the common users of the information networks -
and in some cases feel the need to prove our superiority in various ways.
This can range from "harmless" pranks such as crashing a system for no
reason, to Black Hammering a hapless user trying an ASIST interface for the
first time. To deckers anyone but another decker is a nonentity - no more
real then a enemy in a VRCade game.
Which is not to say that we're all necessarily anti-social (although one
could easily get that impression from watching us for any length of time).
Although generally lacking in any sort of "real-world" interaction skills,
in our element (the Matrix) we are almost different people. In some cases
the differences manifest almost as a schizophrenic disorder. Deckers are a
very tight knit group of individuals and live separate lives entirely on the
Matrix - being the hunted "rebels" of the modern information golden age
tends to have an a consolidating effect on the subculture.
DECKER GROUPS
One of the most important aspects of decker culture are the various "groups"
in the underground. Most groups are composed of like-minded individuals who
support each other. These groups are usually purely Matrix-based with the
members most likely having never met in person.
GROUP TYPES
Most decker groups can generally be categorized into the following
categories:
Script-Kiddy
Script-Kid groups are generally formed by younger decker wannabes. Although
not as big a threat as some of the more cohesive decker groups, the
script-kiddies typically engage in various criminal deeds including Matrix
extortion, software piracy, information vandalism, and even physical
breaking and entering on poorly guarded telecommunication company property
(typically to steal equipment).
Most kiddy groups are composed of between 3 and 14 members, but they
typically fall apart after short times either due to apathy, internal
dissention, or law enforcement agents infiltrating them. But perhaps the
most important currency to script-kiddy groups is not money or even
paydata - much like meatworld gangs, these individuals go to great trouble
to get a "Rep", or reputation. The Rep of the group is its standing in the
chaotic social structure of the script-kiddy underground. As the group
performs public acts of data sabotage or creates a new variation of an old
dataworm, their Rep grows.
A perfect example of a script-kiddy group is L0cK, or the "Legion of Code
Kidz". They claim to have members throughout the world, and have taken
credit for both the Averson System's hack (that eventually forced the
company to bankruptcy) and various new varieties of dataworms that have
proven to be persistent nuisances, most notably they claim to have developed
the Ringworm viral code.
Successful script-kiddy groups typically "graduate" to a more formal
organization if they can manage to stay together and out of jail.
Phrackers
The phrackers are something of a throwback to the early days of the computer
revolution. They value the thrill of discovery and the pursuit of knowledge
more then attaining a "Rep" or making money (although they are not averse to
making a few nuyen if they can get away with it). The term "phrackers" comes
from the old 20th century terms "hacker" and "phreaker". Which are the
ancestors of the modern decker.
Most phrackers are quite educated in the technology behind modern
telecommunications systems. Many are in fact engineers or computer
professionals when not engaging in their more . illegitimate hobbies. The
computer renegades do not see themselves as "deckers"; they assign much more
noble intentions to themselves, and will treat most other decker groups with
a mild air of disdain. Even so, all but the most vitriolic decker groups
consider the phrackers on their side versus the forces of the Evil Empire.
Although there is no formal "phracker" organization, it is usually the
phrackers who maintain most of the well-known shadownet publications (if not
the sites themselves). Several well-known phracker groups (who consider
themselves something of "white-hat" deckers) sponsor the yearly DeckCon
convention for deckers to get together, swap war stories, and play "Spot the
Feds."
White-Hat Deckers
This is the term applied for deckers who (at least technically) work within
the bounds of the law - applying their skills to protect systems or track
down illegal usage. White-Hat deckers are usually employed as systems
administrators, security personnel, or work in law-enforcement - tracking
deckers moving through the Matrix and locating and fixing security
vulnerabilities.
White-Hat deckers seldom refer to themselves as such, unless explaining how
they are different from data hoodlums and bandits (although at times the
differences are simply a matter of where you work). Although white-hat
deckers consider themselves agents of the law, or at least law-abiding, the
standards for what is lawful can vary wildly. For example, most corporations
treat information crime on their own servers with Draconian severity - but
have no problem with sabotage of a competitor's system. In fact, that
activity may even be rewarded!
An interesting point is that some white-hat members are deckers from the
underground who got tired of the risks and went legitimate. These are
perhaps the most dangerous opponents a decker can face, since they know all
the tricks and may even still have friends and contacts in the underground
that they can call on if necessary.
Black-Hat Deckers
When most people mention "deckers" these are the folks they have in mind -
highly trained computer hackers who defile, steal, and destroy data for
personal profit. To most people a decker is akin to a Toxic Shaman, but
worse. They usually portrayed as vicious, backbiting, and lacking in basic
hygiene (hey, who said that all public opinions were wrong?) when a "decker"
shows up on the trid, and the government and corps have a field day when
they catch one of us. Getting a fair trial as a decker is pretty much out of
the question - if you're caught expect to be sent to prison or worse. Why
the attention? While a person can go their entire life without seeing a
magician, computer specialists are a mundane part of everyday life, and
almost everyone knows someone who "knows a friend" that is a decker. Thus,
they are seen as almost superhuman beings who can destroy credit ratings,
blow up computers, fry people's brains, and potentially bring society to a
crashing halt if allowed to run rampant. The Crash of 2029 is still fresh in
many policymakers' minds, and the public image of deckers as irresponsible
agents of chaos is encouraged by both the corporations and governments.
The end result is that the decker culture, which has existed since computers
first were developed (starting with those individuals who stole time on the
punch-card driven machines), has been driven even further underground.
Perhaps the only good thing to come from this is that we have been forced to
cooperate in a manner that would probably greatly surprise someone
knowledgeable of the underground circa early 2000. Well, aside from idiots
like Bash trying to run their own little fiefdoms.
InfoTerrorists
These are the extreme varieties of black-hat deckers, and the ones that tend
to give all deckers a bad name. Usually they are either "hired guns" or
simply psychopaths who enjoy causing problems. At best they are so-called
"white-hat" deckers working against competing interests, and at worst they
are simply depraved criminals looking for users with ASIST interfaces to
Black Hammer or poorly guarded public utilities systems they can crash and
burn.
InfoTerrorists come in all flavors, from groups of script-kiddies running
extortion schemes to corporate-or government-backed professionals out to do
their part to destabilize and destroy enemy information networks. Most
shadowrunners are lumped in with InfoTerrorists, and depending on their
actions, may even find themselves outcasts from the more "moderate"
black-hats (especially if they are known for causing damage that results in
far-ranging "meatworld" effects). Nothing will get even the most famous
decker blacklisted faster then doing a run that results in stiffer computer
laws being passed or other deckers being hurt or killed for no reason.
Warez
Those groups specializing in pirating software. Most specialize in a
specific area (such as graphics programs, IC, attack programs) of the
"Scene" - the nebulous term applied to everyone involved in pirating
software. Surprisingly, despite decades of crackdowns and technical
improvements the warez scene has remained remarkably stable. Minor groups
are constantly forming, breaking up, or getting busted, but the two main
groups Fairlight and Myth have been around for literally decades.
Most warez groups work for "Rep" much like script-kiddies but also are big
on trading "favors" - typically by selectively releasing newly cracked
software to select individuals in exchange for future concessions or help.
Most software is essentially just given away though, as hard as that may be
to imagine. Once out of the groups hands you never know what you'll get
though. Some special corp teams are specialized in "nuking" warez by
embedding dataworms or corrupting the data. For archaic reasons these
individuals are known as "deleters" and are distinctly unpopular in the
decker community if discovered (and survive). Along with the actual groups
who release the software are the "courier" groups, typically script kiddies
employed to spread the software as far and wide as possible in exchange for
being some of the first to get the software. Many of these couriers hoard
thousands of Mp's of software they will never use as some sort of bizarre
fetish.
An interesting facet of the warez underground is how they get the software
to begin with (sometimes weeks before public release). Warez group members
work for magazines, chip pressing plants, and sometimes within the companies
themselves and thus have access to software long before its actually
released. Some are involved for fun, for fame within the Scene, or even
revenge.
FAMOUS GROUPS
Some decker groups stand out from the rest and have become (in)famous for
their actions or reputed abilities.
JOINT TASK FORCE EPSILON
JTF Epsilon is the UCAS militaries cyberspace "commandos" that were formed
at the breakup of the Echo Mirage project. They are all hand picked from the
information management sections of every branch, upon which they are sent to
an so-called "Information Warfare boot-camp" at the NSA headquarters.
Although closed to outside observers it is know that the task force operates
closely with other UCAS intelligence agencies, and is also rumored to have
contacts in the decker underground (although no self-respecting independent
decker would admit to helping the government).
The task forces' activities are unknown, but some suspect they are involved
in various activities to destabilize the NAN and various megacorporations.
The group is well known to be quite ruthless and amazingly difficult to
beat. It is rumored that they have mages with various Increase Attribute
spells on tap before they jack in.
CULT OF THE UNDEAD BOVINE (CUB)
The Cult has been a mainstay of the decker scene for almost 70 years now,
always adapting to the changing times while maintaining their trademark good
humor. In current years they have been laying low, it is rumored they are
working on something big, something that will revolutionize decking for
years to come. When questioned about their activities, most Cult members
will refuse comment or laugh maniacally. This has done nothing to slow the
rampant rumors surrounding this supposed project. Some maintain that it's a
joke by the Cult on the decker community. In any case, the Cult will have
the last laugh.
L0PHT INDUSTRIES
Sort of an odd mix between white and black hat deckers, L0pht is famous in
the decker community for both releasing incredibly powerful utility code as
well as fixes for new security vulnerabilities. L0pht is also very active in
the political arena, at least in the UCAS, but has been banned from the PCC
and CAS because their programs have been used with devastating effect on
those who don't pay attention to their security vulnerability reports.
L0pht is well known for their opposition to all neurological damaging code,
and has been active in researching newer and better ASIST filtering
algorithms and hardware.
MATRIXSTORM
Matrixstorm is the largest "white hat" decker group in existence.
Essentially a clearinghouse for security fixes and alerts, it also has
become infamous for leading several of the large corp and government-backed
efforts to shut down several of the smaller data havens. They have also been
tied to the release of trojan horse attack software and the dataworm
program.
PHREAK
Phreak is not so much a group as a small ad-hoc staff that produces the
pre-eminent decker e-zine, "Phreak," now on its 300th issue. Phreak contains
various news items relating to deckers from around the world, technical
articles on various hacks, source code for new utilities, and as much
insanity as they can fit in an issue. The zine is distributed widely and can
be found in even the lowliest warez BBS.
2600
2600 is somewhat of a mixed bag between a legitimate news agency and
policlub and a source for decker information much like Phrack. But unlike
Phrack, 2600 is careful enough to appear legitimate that its publications
are available commercially over the the Matrix and even as hardcopy
magazines throughout the world.
2600 also sponsors various events in the decker community, including
DeckCon.
HACKING IN THE SIXTH WORLD
Although the advent of cyberterminals has greatly altered the techniques of
computer criminals, sometimes the old ways are best. Most of the techniques
listed below are assumed to already be used by all deckers, and generally
are not given any special rules, they are simply "flavor."
SCRIPT ATTACK
This is essentially the most common attack, since in essence half of what a
decker does is compile known security vulnerabilities into his utilities and
essentially is not involved after running them. He has to have some input at
some stages (notably when entering passcodes) but the program code is the
one exploiting vulnerabilities, scanning connections, and suppressing all
logging of system activity.
Rootkits
A rootkit is an piece of software that greatly simplifies a deckers life,
and is so critical it can be assumed all deckers have one already built into
one or more of their larger utilities. These are essentially complex scripts
that automatically delete all traces of the deckers intrusion from the
system logs, replace critical access control files with trojan-horse
versions, and perform all the necessary "cleanup" for the decker when he
leaves.
Satans
These are generic terms applied to special programs that essentially
automate the hacking process. More advanced versions of these software
packages are used by deckers when building smartframes and agents. Satans
are extermely popular with script-kiddies because they require even less
knowledge to use. Most let you enter a commcode and the program will run
through a large database of exploits.
The disadvantage to satans is that most of them are well known and most
decent hosts will block satan attacks, or in some cases "honeypot" the site
so they can easily run a trace on the users connection.
Most usable satans designed for inclusion in agents and smartframes come
from L0pht Industries or the Cult.
SPOOFING
Spoofing is the term applied to any technique that uses false or forged
commcodes to send traffic from (or at least appear to). This can include
both decking the local telco to create a fake commcode the decker can use,
to forging his datastream to make it appear as if he was using a different
commcode. Although as a general rule this is already abstractly handled by
the existing system, but for information purposes some various spoofing
techniques are detailed below.
Active Spoofing
This involves creating fake commcodes that the decker is actually monitoring
and receiving traffic to. This is the hardest kind of spoofing, since it
requires a lot of preparation on the deckers part. However, it is considerd
to be the "default" for all savvy deckers when they mask their datatrails.
Blind Spoofing
This involves altering the decker's outgoing data packets so that responses
are sent to an invalid commcode. Although this sort of attack is only one
way, it has its uses since it is by far the easiest attack to conduct. And
for many transactions such as logging onto a host the decker will know ahead
of time what information the host is looking for and can send data to the
host "blind" with a reasonable chance of success. In this manner a smart
decker can log on, perform system operations, and leave, without ever having
received any information from his persona loaded on the host.
Smurf Attacks
Smurf attacks on the old Internet involved sending data packets to "ping"
the broadcast address on a local network. All of the machines on the network
would respond to the ping - potentially overloading the spoofed source in
the packet. This no longer works on the current Matrix architecture, but the
term still applies to any attack that causes massive amounts of data to be
sent to an forged source destination. Most large networks have systems that
protect against this sort of attack, but on others it could potentially open
up weaknesses on the system, or even cause a host shutdown.
DENIAL OF SERVICE (DoS)
One of the factors that drove the current Matrix standards were the
excessive exploits available on the previous networks. Perhaps the most
notable were several high-profile Denial of Service attacks launched against
various government and private interests between 2005 and 2007. These
attacks overwhelmed the target machines with connection requests, data
packets, or even forged ping replies. In some cases, the hosts were shut
down or unavailable for weeks.
Modern DoS attacks are much more difficult to pull off. As a general rule
the only effective way to overload a hosts bandwidth is to have multiple
bogus accounts connected to the site, all running with high persona
bandwidths. And since most locations use dedicated lines for host-only
traffic even a successful attack will not bring down the site, but it will
prevent new users from logging on. As a general rule the cost for such an
attack is prohibitively expensive and risky, since the machines must remain
connected for long periods of time. And typically the affected location will
take immediate countermeasures, such as launching Trace programs on the
connections and contacting the originators LTG or MSP to invalidate the
account.
Nuking
These are denial of service attacks aimed at the operating system running
the system, as well as the actual MXP protocol software running on the
machine. This is often used in conjunction with hijacking a connection in
order to bombard the system with meaningless responses to data requests or
even specially configured return data that will cause the system to lock up
or allow access.
HIJACKING
In most cases this sort of attack involves both denial of service and
spoofing. In a typical situation a decker will monitor traffic between a
host and client. When he attacks he attempts to launch a denial of service
attack on the client while at the same time sending spoofed data that
appears to come from the client. If successful, the client will crash or be
unable to respond while the decker takes over the already-authenticated
connection. In any case, the client can no longer access the host. The
decker then usually reconfigures the datastream to reroute to his own
commcode, otherwise the decker is stuck in a non-interactive connection
(since the response data is not reaching the client).
This sort of attack is very popular with deckers since it is fairly easy to
accomplish and quite effective.
Kenneth
"Carpe diem, quam minimum credula postero."
*Seize the day, put no trust in tomorrow.*
- Horace, Odes
