------

This article was written in response to an article written by Brian Martin concerning web page defacement, its risks, and its consequences. He asks the eternal question "Is it worth it?" to those who participate in these kinds of activities. Many of the individuals I have talked to have mixed thoughts about the article. Some individuals say it really taught them something valuable. Some said it scared them into considering quitting. Others, including myself, carry a somewhat apathetic attitude toward the whole thing in general. Allow me to explain. A few things need to be established about this defacement culture. One, I believe that this in no way constitutes as hacking. On any level, no matter how you look at it, web page defacement is destructive. In some cases, it can ruin the credibility of a company or a government agency. Two, I believe that web page defacement should carry a "message". When I spoke with Brian earlier, I tried to make it clear that we [as third person onlookers to a defacement] cannot determine this message in some cases. To us, "hack0r x 0ens u in 9d9" probably means nothing at all. To hack0r x, it may have. However, I personally believe that if hack0r x is going to break into this page and disrupt their message, his better be worthwhile. Thirdly, I believe that there is a "whiter" side to defacement. This side operates within definitive ethical boundaries and attempts to make web page cracking as non-malicious as possible. I do my best to have the ability to define myself under this ethical side. I back everything up. I leave the administrator information on how to fix the security hole. I don't disrupt the flow of information - I leave a link to the original page in plain sight. While these factors don't guarantee my immunity, they surely aren't raising any eyebrows and leading people to contemplate my threat to national security. I am not concerned with leaving messages like "fuq da fedz in 9d9 suk0r my nutsaq." That, frankly, is asking for trouble. It also serves no purpose. Why do I do it? There are a few key reasons. I am sure that everyone out there that contributes to this scene has their own. First off, I am seventeen [before I go any further, I am referring to seventeen as "kid", not "a minor and therefore will receive lesser penalty"]. As a young member of society oftentimes I find that my voice goes unheard. In a book titled Rise and Fall of the American Teen by Thomas Hine [NPR broadcast] , the theory is presented that the proverbial "teenager" did not exist until the 1930s. Until that time, teenagers were too busy supporting the family, getting married, and having children. Nowadays, if I were to write my senator, correct my teacher, or start a business, people automatically assume that I am incapable. This is a stereotype that I have not established for myself; other teenagers have given me a reputation unbefitting of who I really am. By defacing a website, people have to listen. The volume of people that visit the site as it is defaced combined with the volume of people that view it mirrored is immense. Therefore, I have effectively gotten my message out, and people can choose to listen to it or not. If this sounds extremely selfish, I agree. The twist comes in the questions that people ask themselves. For instance, one of my motivations is enlightening system administrators. There has been many a case where I have noticed a vulnerablilty, mailed the admin, and his/her cockyness resulted in ignoring my warning. Two or three days later, I see this admin's page on the mirror. Sometimes, the best way to inform someone is to show them. Seeing is believing. The point is, if I can get at least one of the hundred people that see that site, including the administrator, to realize that security isn't all its cracked up to be and change their views, I have done my job. This line of thought is very common in the heads of most defacement practitioners. Second, I am a graffiti artist. I throw burners on walls and trains. I have ran with some infamous crews. I do not represent the "tagging" aspect [for the uninitiated, the equivalent of "b0n3r oenz u" on a defacement]. I strongly feel that graffiti can be very artistic and carry a very strong message if done correctly. People will pass by your piece and either love it or hate it. For that moment they take their mind off of their jobs, their children, their lives and they contemplate what they are looking at. This is very much so the purpose of web defacement in my eyes. Third, I don't care. I can't care. I haven't been raided, haven't stared down a lawman's gun, and haven't been investigated for computer crime. If any of these were to happen to me, I have no doubt in my mind I will see things in a different light. This ignorance is obviously not very healthy. I have weighed the consequences and see very little in favor of me stopping. I will most likely continue to deface until it gets old, I have nothing else to say, or simply don't have time. I would argue that ninety percent of web page defacements fall under this mindset. This is sad, but true. This is not to say that I or anyone else isn't aware of the rules. That assumption is far from the truth. What it means is that we are basically carefree in the sense that we could be arrested and still feel good about ourselves. ;) In a sense, it isn't worth it. There are only a few of us singlehandedly cracking with good intentions. The rest of the scene is too busy talking shit to each other or rm -rfing everything they can that there is a stereotype affiliated. As aforementioned, stereotypes are the ultimate backpedal to anything we accomplish. Just as teenagers are ignored and pigeonholed, everyone who totes a computer and investigates security will be labeled a threat. What does make it worth it? Arguably, the few who carry on the tradition. PHC and Narcissus - using their defacements as a political tool. DHC - putting an interesting poetic twist to their cracks. ULG - for making BIG statements on BIG sites. Last but not least, v00d00 - for his cynical views and unique style. There are others, no doubt, but these guys definately take the cake for originality and style - they have my respect. So next time you see my name or anyone else's pop up on attrition and wonder why we do it, think back to this article. Is it worth it? You decide.

YTCracker (phed@felons.org) (c)1999 YTCracker andseven one nine

                                                                                     - Peace out, slash

P.S. It's worth it baby!!!

    - peace to my homeboyz v00d00 and thesain666

     Links...
     - Attrition.org: Keep up the good work fellows
     - HelpNet Security: The best news site on the net
     - Black Lava Network: BLN for life !!!                                                     

Copyright © slash