[Full-disclosure] pause for reflection
security.research.labs at gmail.com
Mon Oct 6 10:32:57 BST 2008
Frank Zappa long time ago, has written a little song about Gadi Evron and
On Sun, Oct 5, 2008 at 11:32 AM, Gadi Evron <ge at linuxbox.org> wrote:
> I started answering an email an hour ago, and it was important enough to
> spend time on. It also ended up being too long, so I dumped it in a blog
> post if you prfer reading in a web browser.
> Time for self reflection
> In case you don't read any of what I have to say below, read this: I have
> citizenship. Along with my homeland citizenship, I am of the Internet, and
> it as my personal duty to try and make the Internet safe.
> Atrivo (also known as Intercage), is a network known to host criminal
> for many years, is no more.
> Not being sarcastic for once, this is time for some self reflection.
> I wish I was one of those who sleep soundly tonight. Being clear in my
> conviction that Atrivo should be out of business, and being positive my
> decision to help that happen was sound--While I would do it again, I am
> I won't sleep soundly tonight, as that company, criminal and abusive as it
> clearly and contemptuously was, still sustained quite a few families in
> layers of employment, from sysadmins sitting in the US of A all the way to
> minor low-level fraudsters employed by their clients' clients.
> I will however, be able to look myself in the mirror for my part in the
> effort to get rid of them--and even gloat some. My conscious is as clear to
> as my sadness is crystal. We may not have changed the wall of battle in the
> long term and whenever one criminal falls, another jumps up to the
> opportunities of the land of the free--the Internet. But for once, just for
> while, we halted the machine. We stopped the wheels of evil, even if only
> for a
> While doing so, ee also touched some lives in a destructive fashion. The
> No villain ever sees himself as the bad guy, as the saying goes. A friend
> recently showed me Russian language comments written on Brian Krebs' recent
> Washington Post story. In them, the posters ask: "why do you take our bread
> In a lecture during ISOI 5, some folks just didn't understand the meaning.
> Their bread. Their bread. We in the Western world, behind the cultural
> speak a different language. Their culture isn't poorer than ours, it is
> unequivocally different.
> We can not truly comprehend what it means for some folks in Russia to no
> be able to feed their children this month. Nor can we understand that by
> sending email, we made those children starve. Cheap theatrics on my part,
> say? You got that right. It doesn't make it any less true.
> Cyber crime is a war waged against the Western world. At first, no one even
> noticed and it was a niche.. an art. While the artists still exist, they
> are a
> minority, the hackers. For the criminals however, motive is as irrelevant
> nationality. Whatever actions are taken, be it a political defacement,
> fraud or
> spam, the unavoidable secondary impact remains the same: damage to the
> economy and security in an exponential growth which will become ever
> clearer in
> the coming years.
> Yes, my friends. I would do the same again. I feel sorry for Atrivo, but
> were harboring the equivalent for the Internet of active missile launchers
> firing on Israel from the Gaza strip. They are human beings who hit a curve
> the road to their success. Cyber criminals, however, establish such growth
> parasites and whatever I may feel for needing to resort to the end game
> weaponry, these people need to be smacked down like cockroaches.
> Ten years ago they were a pride to their parents, today they are a scourge.
> What will they be in ten years?
> If all reasonable and even some unreasonable approaches fail. That does not
> mean I don't have to feel sorry for them, and me. But it also doesn't mean
> don't need to fight back.
> Not even a hundred years ago, disastrously, war was business and an
> acceptable horrifying part of life. A few years later, in 1918, war was
> unthinkable. In the century since we who live in or are influenced by
> Western culture made war no longer an option we can publicly stomach, while
> facing those who would play us like children because of it.
> War is horrifying and evil, it is also a last resort in a world not as
> ascendant as we would like to think. The Internet has its own "liberals"
> and I
> am proud to be one of them. However, I am also practical and see that
> for a world we once had is not. A world where I could host files on my
> neighbor's servers openly, where children could happily use pocket
> and go to libraries for their school work rather than Google and read
> Wikipedia. You did so, do your children?
> This new world has its price, and that price is a complete loss of public
> privacy, and a culture of ineffective security.
> We are reliant on our Auntie Jane's computer knowledge for our own
> and while not many would follow us to our bathrooms to infringe on our
> privacy, online we have no privacy, however much it helps us to lie to
> ourselves that something we do publicly (read, on the Internet) is private.
> I accepted that, but that is because I am in the trenches for years. Others
> live better not knowing. But it doesn't mean I won't work diligently to
> make it
> remain.. functional.
> Indeed, taking a step back from my niche in security, and seeing how bad
> truly are--people can still surf for porn, and argue over who the best Star
> Trek captain is. Cyber crime, in all its immense activity of billions of
> incidents an hour, is background noise. But the background noise
> increases. When will it overflow?
> All I really want is to maintain the functionality we have, regardless of
> abuse. And yet... Going back to Atrivo, they made enough money by now. And
> regardless once more, their criminal clients are already back online
> elsewhere--in some places possibly hosted by what seems like Atrivo, only
> a different name.
> We did not win, but boy does it feel good to have a victory once in a while
> morale's sake. We halted the machine, even if only just for a short time.
> my friends, also has strategic implications as far as our ability is to
> influence networks running clean on the Internet, although only time will
> determine if I am right on that.
> Enough whining though. Who is next on the target list? :)
> More seriously, why do I care so much? I have dual citizenship. Along with
> homeland citizenship, I am of the Internet, and see it as my personal duty
> try and make the Internet safe.
> Gadi Evron,
> Of the Internet.
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.