Interview with Hacker (the anti-MPAA web defacer)
By: madirish
If you follow HNN or Attrition.org's defaced pages list you've no doubt noticed the website defacer Hacker. and his work. In a rallying cry against the MPAA Hacker. has posted the DeCSS code on his defaced sites and is attempting to bring greater awareness of what the MPAA is doing. In a rather unorthodox move for Hack in the Box I decided to contact Hacker. and pose a few questions that I thought our readers (that's you folks) might be interested in. Not only were Hacker.'s responses intelligent and thoughtful, he may be one of the few crackers I respect, based on his answers. But don't let me color your views, read on and decide for yourself:
Madirish: Would you care to expand on your cause, given the hype surrounding the
MPAA and the widespread disapproval of what's going on, what else would you
like to add? Do you think the case is not getting enough attention?
Well, I am gonna say that the case has a lot of attention, its just more-so that
people don't really care who the MPAA is or what they are doing.
Madirish: Given that most of the people that will see your defacements are people
who follow attrition's defacement mirror (hackers, crackers, etc), do you
feel that defacements will bring a larger audience?
Actually, I have been getting a lot of attention surrounding the recent
defacements. A lot of people go to attrition, but you're right, most of my audience
is hacker/cracker based. I would like to someday reach the MPAA.
Madirish: Do you think the pro-Napster defacement of WMATA (the Washington, DC
metro system) website (reported here by the Washington Post) did
anything to raise awareness of digital media causes?
To tell you the truth, I am actually really good friends with pimpshiz (the
napster-hacker). He said that his hacks made a WHOLE lot of difference to the
media world. People I knew were talking about it at skewl and were thinking of
getting napster just to support him.
Madirish: I've noticed that your defacements are tasteful and artistic. Do you do
your own creative artwork/layout, or do you have help?
I usually use different versions of graphic software combinations to get the
right graphic. The one with the GatCat was fan-submitted and I've been getting
a lot of those lately.
Madirish: How did you learn to do web defacements? Did you teach yourself or did
you have any sort of mentor?
Defacements are a whole lot easier than the actual coding part. I'm part of a
group (very small, but we code our own exploits, then test them.), and I'm the
tester of a number of exploits. You can see how well they work. So basically I'm
learning as I go.
Madirish: How do you choose your targets? Are they chosen for their site traffic
or their vulnerability or both?
Say I wanted to do MIT, I would get every IP in the .mit.edu host, then exploit
as many as I can.
Madirish: (this is more of a personal question from me to you) Would you be
interested in writing for Hack in the Box about some of the techniques you
use to get at index.html's?
It would be easy to explain the technique, being that I use homemade perl and c
scripts (oh-days you might say) to do the trick. But yea I could do an article
sometime for you.
Madirish: Would you like help in your crusade? If so, how could more people
support you?
I would just like any defacers out there to just say something about the MPAA in
their defacements. That would help.
Madirish: Given that you've hit a lot of websites recently, are you worried about
any sort of law enforcement retribution?
Yes. Very. I don't expect to get away with doing these things forever.
Madirish: Has the fame/infamy you've received of late
helped/hurt/inspired/worried you?
A lot of it has helped me to keep going. For a while there I was worried about
law enforcement, but not one mail I have gotten has been hatemail, even from the
defacees. Its great.
Madirish: Would you care to deliver any special message to newbie hackers that
look up to you and what you are doing?
#1. NEVER GIVE UP. You may be thinking that your NEVER going to deface a site,
but just keep going my friends, and it will happen. #2. GET *NIX. It makes quite
a difference. #3. Learn a coding language. This will help a lot too.
Madirish: How would you respond to the challenge that hacking web sites is lame
script kiddie behavior?
I think that if you have a message you feel strongly about, and defacing is your
best way to get the message out, go for it. But on the same token, make your own
script to do it.
Madirish: Do you damage the sites you deface in any way?
No. I always back up the files I replace.
Madirish: Putting together a network and web server is difficult and generally a
labor of love. Does it concern you at all that you are destroying someone
else's work and potentially jeopardizing their job?
Errr...that is a question of ethics which I have been getting a lot lately,
even from my group. hehe I dunno...I do feel bad about it, but I don't think I'm
going to stop. Hopefully I'm helping that website get better security. Also- Most
the sites I do are college based, and are probably just some campus-nerds lousy
excuse for wanting to be a security-consultant someday. Hopefully he learns more
from how I got in.
Madirish: Given that HITB has a pretty wide audience, would you like to deliver
any personal message to our readers?
Everything I have done has been well worth it. If you're gonna do what I do, have
no regrets. Cover your tracks. Have good ethics.
Peace,
1.) Interview
with Hacker (the anti-MPAA web defacer - madirish
2.) Dreamcast
Hacking - 101bytz
3.) Setting Up
Your Own Mail Server - madirish
4.) A look at
DNS (part 1) - L33tdawg
5.) PC Be With
You - Joel Garreau
