No honor amoung hackers

You will never know the best hackers in the underground. They stay quiet and never get caught. They don't do it for the exposure, or to impress their friends. They may misguide and redirect you from what they are really up to, but they never are sloppy and talk about recent hacks. And they don't befriend other hackers and brag about anything that may have transpired. You would not notice them in a crowd, as they try not to stick out.

Why? Because trust is to fragile in this world. In a mere moment, your best friend can become your enemy. This has never been more true than David Smith (the Mellisa worm writer) who broke down and helping the FBI catch other virii writers only weeks after his own arrest. I have no clue if he got a reduced sentence, but within no time he turned on Jan DeWit (Anna Kournikova virus writer) and Simon Vallor ("Gokar" virus writer) by telling the FBI about their exploits, and even recording online conversations.

There is a lesson to be learned here, not just for hackers. In this world there are too many secrets taken for granted. (Oh gawd Sneakers flashbacks... make it stop!) George Bernard Shaw once said "The only secrets are the secrets that keep themselves". And he has never been more right.

More to the point, no one can be trusted. Not your friends. Not your co-workers. Not your enemy. You need to be responsible and assume the worst. It will never stay secret otherwise. "Their" intent may turn on a dime. Want proof of that? How about a trusted Net4U employee who was mad at his boss and posted customer data, including credit card info, on the web. With 70% of intrusions happening internally (A CSI/FBI 2002 stat), its no longer about trusting your own people. Its about seperating roles and responsibilities. Its about applying least privilege. Its about giving information out on a need-to-know basis.

You know, sometimes I wonder if we ran our lives and our businesses modelled after the Bell-Lapadula (BLP) security model, we might be better off.