Original: http://www.hackernews.com/bufferoverflow/99/stateofnet.html

The State of the Net...
if hackers were smart.

	You sit down at your work computer, ready for another day of work
and Internet. Logging into your secure Windows NT machine, you check the 
daily mail and see that everything is smooth. No users forgot their 
password, no security alarms were tripped. You fire off mail to your boss 
ensuring him that sending the financial plans via email for next year 
is safe. No one but you and the other CEO can see it. Opening a 'telnet' 
session, you log into a partner companies  server to check things out. 
Thanks to the time tested security of the TCP/IP protocol and no snooping 
eyes, your work day is assured to be stress free. 
	Now you are ready for another day of browsing the web. Logging into
Hotmail you want to see if your buddy mailed you. Your password of "blinky" 
is yours and yours alone. No mail from Frank, just your monthly bank statement.
Netscape takes you to another auction site where you safely type in your credit 
card number and address over secure 40 bit encryption layer. Sheesh, who needs 
a full *40* bits!

	If hackers were smart, this might be a real scenario.

        Hackers? Crackers? There would be no distinction. No articles
in main stream press like CNN, Forbes, Wired or NBC. No hacker specials
on 20/20 or MTV interviewing shadowy figures with muffled voices.
No security books written by 'anonymous' claiming to be the end all
reference on security. No hysterical rantings from law enforcement
claiming hackers will shut off phones, down power grids, and turn off
airplane flight towers. If hackers were smart...
        The dozen or so defaced pages in 1995 that are so well known
(Nation of Islam's home page, MGM's "hackers" prank), to the over
600 hacked web pages in the first half of 1999 would be mostly 
unheard of. Since defacing a web page leads to hackers losing system 
access, that would serve a counter purpose to the smart hacker. 
Occasionally you might see defaced pages on child pornography servers, 
political messages with no signature left on other high profile servers, 
but it would be infrequent at best. If hackers were smart...
        Bugs in Cold Fusion (1), count.cgi (2), Novell Netware (3),
Internet Explorer (4), Solaris (5), Irix (6), Sco (7), several IDS
products (8) and more, would all stay mostly undiscovered. Consumers
would go on using products with the illusion of security. Highly
vulnerable Operating Systems would litter every corporation and every
desktop, all presumably secure. The amount of advisories released from
security companies would be cut in half if not more. A good half of all
reported bugs would never be talked about, or filed away in corporate
security databases. If hackers were smart...
        Almost any software could not truly be trusted. Well known public
archives like Tucows would not have been defaced. Instead, smart hackers 
would have backdoored hundreds of popular downloads ranging from netscape 
to ICQ to shareware games. Commercial operating systems like Sun Microsystems 
(Solaris), Cisco (IOS), or FreeBSD would most certainly contain hacker spawned
backdoors. These would allow full control over your machine, and you would
never know. Every key you press would be read by these smart hackers.
        Machines on just about every subnet would be compromised. Each would
contain subtle and difficult to remove backdoors. Hackers could move around
on the machine and never be discovered because of the depth of their
penetration. Large servers, routers, dedicated home machines would all
be under the control of someone else. Every unencrypted keystroke would
be silently logged elsewhere, ready to be used later by these silent
intruders. The backbone routers that control some 90% of Internet traffic
would become monitor points for your activity. If hackers were smart...
        If one hacker wanted onto any of these machines, it would be a
matter of one polite request. The flow of information about servers, logins
and passwords, tools, tips and methods would all be openly shared. New
vulnerabilities would circulate quickly so that the network of hackers
could compromise a few of the servers left on the "we don't own" list.
Each hacker would control so many systems, giving up a dozen here or there
would make no difference.
        Machines would have a lot less downtime, and a lot less problems
in general. Most hackers are quite familiar with systems and know how to
run them. Systems with problems tend to be noticed by the legitimate
administrators. In an effort to keep prying admin eyes away from these
machines, the hackers would take care of administrative problems and
keep the servers running quickly and quietly. The legitimate admins
would enjoy stress free lives and enjoy that myth called "free time".
If hackers were smart...
        Each and every machine that has been compromised would be rigged
for high end remote distributed computing applications. Challenges like
the RC5 Cracking would find itself with over ten times the computing
power it currently enjoys. Imagine over half the Internet all working
toward a handful of computing goals and the power behind it. If hackers
were smart...

        I think it is fair to say that the state of the net doesn't quite
match the description above. There are a handful of talented hackers out
there capable of everything I described. These individuals bring new
meaning to "one with technology". But, for the most part, the hacker scene
is a cesspool of little ignorant kids, hiding behind a legendary veil 
called 'hacker'. They have problems compiling exploits written by other
people. Sheer luck allows them to break into domains you never knew
existed. They run around defacing no name web sites with poorly written
flames against other hacker groups you've never heard of. Their HTML
is full of errors causing the page not to load sometimes.
	Or maybe these supposed "kiddie" web defacement groups out there 
right now are only there to distract you from the real hackers.. the smart 
hackers. They are out there, silently doing everything I described above 
and more.



Brian Martin Copyright 1999 Brian Martin 99.05.15
Reference 1. Cold Fusion Bug 2. count.cgi Bug 3. Novell Netware Bug 4. Internet Explorer Bug 5. Solaris Bug 6. Irix Bug 7. SCO Bug 8. IDS Vulnerabilities -EOF