Ask HN: Technologies created by (evil) hackers

13 points by jgrahamc ↗ HN
I got asked an off the wall question by a technology journalist today. Are there any technologies that we use today that were created by (evil) hackers? i.e. is there anything that's come out of the computer underground that is now considered mainstream.

Would love to hear this group's suggestions.

15 comments

[ 2.8 ms ] story [ 38.9 ms ] thread
Could you consider the creation of clustering created by blackhats? They did start out with botnets which started the foundation for clustering and cluster management.
Clustering has existed for a long, long time before black-hats were doing botnets. The practice of breaking up workloads so that more than one computer could process it has been around almost as long as computing itself.
Including human computers.
Depends on the definition of 'evil' - I used DeCSS for a while and, according to the MPAA, the guys who made that were basically Satan with a modem.
I'm thinking l0phtcrack.

The original SATAN scanner from Dan Farmer; the concept, though. Bad guys had a bag of tricks that they'd use to get in. He compiled a list and built an automated tester of those tricks.

Some of the concepts that evil hax0rz/crackers used to obfuscate code in viruses have migrated into the mainstream as a method of protecting intellectual property.

The technology used to help attackers find wireless networks is now used in many corporate wireless network platforms, to detect and block rogue access points.

There's an entire litany of examples where initially subversive technology became useful for defending against the same. The first vulnerability scanners were written to help attackers target vulnerable systems. They were quickly repurposed to help people find and protect vulnerable systems.

The whole "evil hackers" thing is kind of a joke. Hackers are typically clever and often self-serving. By definition, they fabricate tools for themselves which, like anything we have, can be used for good things and bad alike. Many of those tools come into popular use. It's difficult to know what, actually, the intention was behind the tool's creation.

Probably not exactly what you're looking for, but anyone who worked on cryptography back in the 1970s (and who wasn't working for their government) was being fairly subversive. Steven Levy wrote a great book about the people involved called Crypto: How the Code Rebels Beat the Government Saving Privacy in the Digital Age. http://www.amazon.com/Crypto-Rebels-Government-Privacy-Digit...
Another recent one is PGP encryption. Read about Phil Zimmerman's decade of fun with the DOJ for creating it and not allowing a NSA backdoor.

http://www.philzimmermann.com/EN/faq/index.html

I have done some crypto work for financials and trust me if you aren't using an RSA algorithm then you get lots of questions and notice.

The NSA can neither confirm nor deny that they have trapdoors/backdoor access into RSA encryption. But if you don't use it they get very anxious to know what you are up to. http://www.rsa.com/rsalabs/node.asp?id=2316

As the premier cryptographic government agency, the NSA has huge financial and computer resources and employs a host of cryptographers. Developments in cryptography achieved at the NSA are not made public; this secrecy has led to many rumors about the NSA's ability to break popular cryptosystems like DES (see Section 3.2), as well as rumors that the NSA has secretly placed weaknesses, called ``trapdoors,'' in government-endorsed cryptosystems. These rumors have never been proved or disproved. Also the criteria used by the NSA in selecting cryptography standards have never been made public.

They came down on Zimmerman to help dissuade others from creating more encryption algorithms. This could be because they have control over others or they simply want to limit the resources needed to break each type of encryption.

Most of the Win32 assessment s/w I used in the good/bad old days of NT (take your pick) was straight-up blackhat tools - because that's what was availble. Blackhats are also responsible for a lot of proof of concept work that results in changes in core protocols - if not new protocols. I think you should reframe the journalist's question to reflect this kind of symbiosis.
The Apple computer?

(It wasn't created for cracking/phreaking, but it was created by phreaks. Woz and Jobs' first venture was selling blue boxes.)

Some [evil] hackers go on to start security companies (Kevin Mitnick, Frank Abagnale Jr.), so any of the company's techniques could work (though not mainstream or probably even known).
Mostly security and forensics tools which aren't mainstream. There aren't many practical, mainstream uses for "evil" hacker tools. Metasploit, Nmap, Nessus, Netstumbler, l0phtcrack, Aircrack, SATAN, Snort, Honeypot/Honeynet, John The Ripper, p0f, Ethereal/Wireshark, Hping2, Netcat, Dsniff. Like others have mentioned, any copyright-breaking tools like MPlayer, DeCSS, rtmpdump but there's no way to say these were written by "evil hackers" (more like hackers who just wanted to watch their own DVDs or download free public videos)
I'm guessing you mean non-security technologies? How about consumer P2P?

See Joseph Menn's book on Napster for the backstory behind MP3 file sharing (many of us w00w00 folks were involved, including guys like "minus", who stole the Winamp source code off my friend Ian Rogers' laptop).

Other example I can think of - anakata and The Pirate Bay, which is sort of mainstream, I guess (!)

how about "remote desktop software" that became popular after the attacks from trojans like back orifice?