Arrests Offer Glimpse Into Hacker Culture

There's a wealth of information out there for hackers, or "black hats," as they are also called. The arrest last Thursday of alleged Zotob writer Farid Essebar, 18, who went by the name Diabl0, has shed some light on the thriving underground culture, but much remains a mystery.

The hacker underworld in which Essebar participated comprises numerous informational and networking resources -- and not all come from the world of virus writing and malware design.

"In general, black hats learn their tricks the same way that everybody else does: through a network of informational Web sites, magazines, conventions and advice from peers. There's even hacker radio," Ed Moyle, president of SecurityCurve, told TechNewsWorld.

Hacker Conventions, Community

Moyle listed the 2600 print magazine, The Hacker Quarterly, Phrack eZine and 2600's "Off the Hook" radio show as well-known sources of hacker information and support.

Defcon, which held its 13th annual conference in July in Las Vegas, and Hackers on Planet Earth (HOPE), which holds a conference about every other year, are both geared toward the hacking community.

But hackers don't just hold their own conventions -- they often attend those of IT security experts.

"There's also usually a black hat contingent at most mainstream security conferences. Since information security and hacking are two sides of the same coin, many hackers go to security conferences and many security professionals go to hacker events -- neither community seems to mind," Moyle said.

Telltale Sign

Atilla Ekici, who used the nickname "Coder" and was arrested the same day as Essebar, is suspected of being part of a credit card fraud ring in Turkey. Authorities there are now investigating 16 more suspects and a potential connection between hackers and scammers.

Malware experts at Sophos believe that the teen-age Essebar may have created as many as 20 variants of the bot worm that infected Windows systems of major corporations and media outlets two weeks ago. That belief is based on a "signature" left within the code, but even that is not proof positive, one analyst said.

"In addition to Zotob, Diabl0 is probably the author of some Mytob variants and some MyDoom variants," Moyle said. "It's a bit unclear which ones he is or isn't responsible for, because although the moniker 'Diabl0' is embedded in much of the malware (probably an Essebar calling card), the source is available on the Internet, and that makes it difficult to know which variants are him and which are just copied and pasted versions with the calling card accidentally left in."

For Money or Pleasure?

Essebar is suspected of selling his worm for a profit, but Moyle speculated that there are many other reasons hackers ply their trade.

"Some just find it to be an interesting topic ... they would never go out of their way to cause damage to anybody," Moyle said. "A number of security professionals, for example, first became interested in the topic by reading information about hacking, phreaking (hacking with telephones), reverse engineering or malware authoring."

"There are other people who do it because they get a power trip from being able to cause damage or gain control of other people's machines," the analyst continued. "And then there are other people who enjoy the feeling of community -- the hacker scene is a very inclusive subculture, albeit less so now than it used to be."