If I were a computer hacker...

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!


A week has passed since I started the project under "I Nova Bomb The
Hackers", undertaken in a fit of fury. Now that I have cooled off, I
have decided to try to understand those who choose to hack computers.
This page is an attempt to organize my thoughts upon the topic.
Lonnie Courtney Clay

1) Motivation
What would be sufficient motivation? Boredom alone would be sufficient
for me, provided that I could minimize my expenses and risks. As an
outcast of society, perhaps I could find a unity of purpose with
fellow hackers as they frolic in the darkness. Upon being drawn into a
culture of contempt for the rubes, I might seek to humiliate and rob
those who offended my own sense of justice. With success in the "art",
I would probably be drawn into the battle with those whose business is
the suppression of hackers. Eventually attaining crafts master status,
I would have developed a network of apprentices and  journeymen, to
whom I would feel obligations. Of course I would have upward
obligations to those who provided assistance on my way up. That looks
a great deal like political patronage doesn't it?
Conclusion - if you want to stop hacking, then stop being idiots who
create social outcasts of those with the intellectual capability to
create their own society centered upon technical expertise.

2) Strategy
I would do a brief cost/benefit and risk assessment for each hacking
project, defining the goals and methodology. As the project commenced,
I would monitor the results of my techniques to determine whether less
risky or more lucrative alternatives would improve the situation. I
would ALWAYS be prepared to cut-and-run if the situation warranted
discretion rather than valor. If the benefit was information, then I
would be VERY careful of how I marketed the data, so as not to be
implicated. In the case of the "Wikileaks" crowd, the information
SEEMS to be given away for free. However in reality the payback is
"good" publicity for the hacker community, fostering a sense of
accomplishment in their conflict with the "straights". If the theft
was of money in some form, I would launder it with temporary accounts
from which cashier's checks would be issued marked to "bearer". The
cashier's checks would be laundered through other temporary accounts
used to purchase physical assets, which I would market through ebay or
some other scheme. For example, I might create an "auction" website
which sold bona-fide goods at whatever price the market would bear,
irrespective of the "loss" to me - hear that email spammer "penny
auctions"? FBI take note LOL.

3) Assets
In the beginning I would have just an off the shelf computer of modest
power, and whatever "software" tools were provided by my sponsor/
mentor. My first goal would be development of a "bot" network
operating outside of the territory of my ISP, with which I would
communicate as seldom as possible. Alternatively, I might find a
hacker "friendly" ISP and server provider, with the full knowledge
that eventually the hammer would come down due to the provider being
rubber-hosed into cooperation. Under no circumstances would I keep
anything upon my computers which could land me in jail, instead using
thumb drives to TEMPORARILY load files into a partition which I would
erase after each session. I would have a good hiding place for the
removable media, and be prepared with offsite backups at all times,
considering that I might NEED to destroy my working copies at any
Conclusion - by permitting the hackers to place 50 Gigabytes of data
upon my own computer, I facilitated their hacking. I will keep a close
eye upon my computer in the future, formatting the drive whenever the
situation gets out of hand. See thread "Scrub A Dub Dub"...

I would develop friendly cutouts and expendable patsies in my bot
network. Rather than send out randomly to email accounts or IP
addresses, I would develop intelligence data from the internet so that
my ISP had no record of my data gathering. My first cutout would be a
person with a high speed cable connection who was technically
illiterate. I would setup a stealth account on that person's computer,
from which I would surf seeking my patsies using remote login. As I
acquired patsies, I would install bots upon their computers to do a
profile targeted automatic acquisition of other patsies, concentrating
upon high speed links and installing more bots upon systems which have
gaping security holes, especially Microsoft operating systems. I would
never attack a security capable target until I had developed a network
of at least 1000 bots.

4) Tools
I would constantly study the tools available from my mentor and my own
developing network to use those best suited to my projects. What I
would make top priority, beyond ANYTHING is subversion of an operating
system's reporting mechanisms so that users would not be able to
detect my intrusion. I would farce the log files, the task monitors,
the preference interfaces, the file explorer, and of course the web
browser. Along the way to doing that, I would install bogus antivirus
(or in the case of MS products, registry "repair") software. I would
of course capture or hack the user account passwords, then once firmly
entrenched gain the master account password by installing a bogus
query to operator for permission to do something. Just as an example,
I could entice a user to download something, and in my perfectly
legitimate installation package, popup what APPEARED to be, but was
NOT a system query for master account password...
Conclusion - this section would run for pages if I talked about
everything which I have observed, and I have not even made a formal
study of computer security.

5) Bot Machines
My bot machines would belong ONLY to technically illiterate owners,
nevertheless I would treat each of them as though they WERE capable
while in the process of subverting them. A bot machine would have
subverted everything possible, installing malware clones to all
privileged applications, before I ever used it for a project. A top
priority to be done ASAP would be subversion of the tasks which
performed operating system and antivirus upgrades. I would have a
cutout server which provided all of the legitimate ones which had no
effect upon system security, but installed malware lookalikes for the
security fixes. An easy way to do that would be to replace the icon or
shortcut which the user clicks, so that rather than going to the
official site, it went to my cutout server...
Conclusion - want to fix this problem? See thread "I nuke the

More to come...

Lonnie Courtney Clay

Site Timeline