FastCompany says they have hacker motives all figured out. They report that attacks on Gawker, McDonald’s, and DeviantART suggest a “Massive Hacker Race for Glory”

While seeming ominous, the series of attacks might be nothing more than a giant pissing contest among different individual hackers or groups of hackers. And if that’s the case, it probably won’t end until we, the media, lose interest.

Hackers break into sites for one of two reasons: money or glory.

That is it? All the motives in the world and they can only think of these two? That is unfortunate. In fact, I would say they have confused consequences with motives. Some hackers may get money or glory from breaking into sites, but that is definitely not all that motivates them.

Motives are hard to understand but limiting ourselves to see only two makes our defenses weaker, as I have discussed before in my post “How to Make Quality Technology”.

Companies should always prepare themselves for far more than just the obvious financial-reward types and styles of attacks. This was a key tenet of my RSA presentations on the top 10 breaches, where I explain that financially motivated attackers actually end up in an anti-collaborative position, whereas socially, politically and culturally motivated attackers develop intent that is highly-collaborative (regardless of potential for glory).

Steven Levy gave a list in Chapter 2 “The Hacker Ethic” of the 1984 book called “Hackers: Heroes of the Computer Revolution” that should make it obvious why there may be more than two motives.

1. Access to computers – and anything which might teach you something about the way the world works – should be unlimited and total. Always yield to the Hands-On imperative!
2. All information should be free.
3. Mistrust authority – promote decentralization.
4. Hackers should be judged by their hacking, not bogus criteria such as degress, age, race, or position.
5. You can create art and beauty on a computer.
6. Computers can change your life for the better.

FastCompany bases their analysis on a single security expert from Hollywood and Beverly Hills of southern California — an area known for money and glory as motivation — who used to work for MySpace. They may have found one view, but there are others…as Anais Nin once said “we don’t see things as they are, we see things as we are.”

An exploit called ABftw.c was posted on full disclosure, September 15, 2010, under the title Ac1dB1tch3z Vs Linux Kernel x86_64 0day.

This exploit has been tested very thoroughly over the course of the past few years on many many targets.

Thanks to redhat for being nice enough to backport it into early kernel versions (anything from later August 2008+

That backport comment might be a reference to a CVE-2007-4573 regression (September 24, 2007), which is the cause of the vulnerability.

Mitre’s description of the problem (CVE-2010-3081) from August 20, 2010 says the include/asm/compat.h files in a Linux kernel prior to 2.6.36-rc4-git2 on 64-bit systems had a userspace memory allocation flaw. The 32/64-bit compatibility layer implementation missed a sanity check, so a local, unprivileged user could elevate their privilege level by abusing a length argument.

A couple months have passed as various Linux distributions patched, and now VMware has announced their patch as well.

This patch updates the Service Console kernel to fix a stack pointer underflow issue in the 32-bit compatibility layer.

They appear to rate it as less critical than the other vendors, most likely because local users on ESX Server 4.x have far less exposure to risk than a typical Linux host.

Ksplice offers a tool to detect “the CVE-2010-3081 high-profile exploit”.

Here is sample
output for a system that has not been compromised:

$ wget -N https://www.ksplice.com/support/diagnose-2010-3081
$ chmod +x diagnose-2010-3081
$ ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit — Ksplice, Inc.
(see http://www.ksplice.com/uptrack/cve-2010-3081)

$$$ Kernel release: 2.6.18-194.11.3.el5
$$$ Backdoor in LSM (1/3): checking…not present.
$$$ Backdoor in timer_list_fops (2/3): not available.
$$$ Backdoor in IDT (3/3): checking…not present.

Your system is free from the backdoors that would be left in memory
by the published exploit for CVE-2010-3081.
$

The Bay Area Hackers Association has a call out for speakers.

When: Sunday, January 9th, 2011
Where: Noisebridge, 2169 Mission St, San Francisco, CA

Charter:

…give those interested in learning and teaching about security topics a forum to do so. This is mostly about computer, application, network security and cryptology, but I don’t see a reason to strictly limit discussion to those topics. For example, there may be widespread interest in anonymity, privacy, relevant legislation, physical security, locksport, and so on.

Mailing List