[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]


..[ Phrack Magazine ]..
.:: International scenes ::.

Issues: [ 1 ] [ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ] [ 18 ] [ 19 ] [ 20 ] [ 21 ] [ 22 ] [ 23 ] [ 24 ] [ 25 ] [ 26 ] [ 27 ] [ 28 ] [ 29 ] [ 30 ] [ 31 ] [ 32 ] [ 33 ] [ 34 ] [ 35 ] [ 36 ] [ 37 ] [ 38 ] [ 39 ] [ 40 ] [ 41 ] [ 42 ] [ 43 ] [ 44 ] [ 45 ] [ 46 ] [ 47 ] [ 48 ] [ 49 ] [ 50 ] [ 51 ] [ 52 ] [ 53 ] [ 54 ] [ 55 ] [ 56 ] [ 57 ] [ 58 ] [ 59 ] [ 60 ] [ 61 ] [ 62 ] [ 63 ] [ 64 ] [ 65 ] [ 66 ] [ 67 ] [ 68 ] [ 69 ] [ 70 ]
Current issue : #67 | Release date : 2010-11-17 | Editor : The Phrack Staff
IntroductionThe Phrack Staff
Phrack Prophile on PunkThe Phrack Staff
Phrack World NewsEL ZILCHO
Loopback (is back)The Phrack Staff
How to make it in PrisonTAp
Kernel instrumentation using kprobesElfMaster
ProFTPD with mod_sql pre-authentication, remote rootFelineMenace
The House Of Lore: Reloaded ptmalloc v2 & v3: Analysis & Corruptionblackngel
A Eulogy for Format StringsCaptain Planet
Dynamic Program Analysis and Software ExploitationBSDaemon
Exploiting Memory Corruptions in Fortran Programs Under Unix/VMSMagma
Phrackerz: Two TalesAntipeace & The Analog Kid
Scraps of notes on remote stack overflow exploitationpi3
Notes Concerning The Security, Design and Administration of Siemens DCO-CSThe Philosopher
Hacking the mind for fun and profitlvxferis
International scenesvarious
Title : International scenes
Author : various
                              ==Phrack Inc.==

                Volume 0x0e, Issue 0x43, Phile #0x10 of 0x10

|=-----------------------------------------------------------------------=|
|=----------------------=[ International scenes ]=-----------------------=|
|=-----------------------------------------------------------------------=|
|=------------------------=[    By Various     ]=------------------------=|
|=------------------------=[ <various@nsa.gov> ]=------------------------=|
|=-----------------------------------------------------------------------=|

Look at the last Phrack issues.
Look at 2010 security CONs.
Look at any kind of public activities involving hackers.

West Europe, North America, Asia are shining. No need to run an agency to 
see that and sharing informations with the according scenes is child's 
play. But what about sharing with other countries?

For the 25th birthday of Phrack, we're very proud to present you two 
oustanding scene philes. One will describe you the hacking scene of the
amazing India which can't be ignored anymore on the IT playground. The 
other one will describe the Greek scene. Yes you've heard of them through
blog posts, CONs and even Phrack. You simply didn't pay attention ;)

Enjoy the reading of this phile.

                                        -- The Phrack Staff


                                    ---

                         The Indian Hacking scene
                   Unofficial memoirs of the Desi h4x0rs
                     By anonymous null community member

1. Preamble
2. Introduction
3. Hacker Groups
4. Hacker Cons
5. Memoirs of the underground
6. Future

--[ 1 - Preamble 

Jai Jawan Jai Kissan
(no it has nothing to do with the song Jai Ho :-P, just felt like writing 
something in Hindi). This article is a composition of interviews with/text 
directly taken from the hackers in the Indian underground (and the 
above-ground :-P). If it offends the reader in anyway.........feel free to 
complain to your mom about it:-P.

--[ 2 - Introduction

Before I start I must admit that we have been really really late in the 
hacking scene as a whole. Some say it has to do with the cultural ethos and
the prevalent business culture in India, while some propose  that Indians 
culturally have been known as non aggressive & peace loving (Doh! Yeah 
right..Like the F#@$ing stereotypical dumb Indian characters in hollywood 
movies) and focus has been on ethical hacking and creation of software to 
benefit world at large rather than cause destruction. The activities of 
hacker groups started to emerge with the beginning of year 2K.

--[ 3 - Hacker Groups

There have been many hacker groups in India since 2k. Some are noted for 
their notorious behavior.

1.  Indian Snakes. Indian snakes was a closed underground community of 
    hackers who were on the top of the scene in the early 2000s. They are 
    also noted for the YAHA worm that they had written.
2.  hacking-truths.net (2005-2008) stopped because of personal problems. 
    Restarted in 2010. Activities malware dev/hacking. 
3.  h4cky0u. It started around 2003 Website: h4cky0u.org. The activities 
    included defacing, exploit dev, botnets etc. It died in 2006 due to 
    some personal differences between the staff. It was reopened as 
    h4ck-y0u, sadly h4ck-y0u also stopped after one year of its existence 
    due to cyber crime activities, financial issues. H4cky0u was started 
    again by an American who went by the handle "Big Boss" and we haven't 
    heard much about it after that.
4.  n|u (null security community). It started in 2008 and has spread to 6 
    cities in India namely Bangalore, Pune, Delhi, Mumbai, Hyderabad and 
    Bhopal. Their activities include vulnerability research, exploit dev, 
    projects, disclosures, nullcon hacker conference. It is more of an 
    OWASP style community sans the limitation of only web app security 
    research. It is also registered with the Govt. Of India as a non-profit 
    organization.
5.  Andhra hackers. Started in late 2000s. It is a forum like portal. 
    Activities include sharing security information.
6.  ICW (Indian Cyber warriors) is an off-shoot of Andhrahackers and 
    started around 2008. This is a hactivist group with activities 
    including defacing Pakistani websites.
7.  Securitytube.net. It is not a group per se. It is a portal that has 
    lots of security videos, question/answer section much like 
    stackoverflow. It was started somewhere around 2008 or 2009. 
8.  Indishell. It started in 2009. The main guys behind indishell are 
    Lucky, mr. 52, jackh4xor, silentp0sion. It is again a hacktivist group 
    and majorly into defacing pakistani websites. It was recently stopped 
    due to some unknown issues and has re-emerged at the time of writing 
    this article. Activities include defacing websites. 
9.  ICA (Indian Cyber army) is an off-shoot of Indishell with mostly the 
    same staff as Indishell. It is also a defacer group. Noted for defacing 
    sites including Pakistani ISP national telecommunication corporation 
    pakistan (Defaced page http://www.ntc.net.pk/news.html)
10. Fake ICA. There is yet another ICA (cyberarmy.in) which is announced as
    fake ICA by the actual ICA group. One glance at the website content 
    tells you that there is some truth to what the actual ICA(indishell) 
    guys and other say and reminds you of the infamous plagiarism cases 
    (Ah! Any Indian h4x0r's favourite topic when they feel like bitching 
    about something :-P)

--[ 4 - Hacker Cons

1.  ClubHack. http://clubhack.com The first in the series of hacker cons. 
    It is held in Pune, one of the software hubs in India. It started in 
    2007 and is running it's 4th edition this dec (2010).
2.  nullcon. http://nullcon.net The first community driven hacking 
    conference, organized and managed by null community members. It started
    this year and the next edition is in Feb 2011. It is held in Goa. The 
    party hub of India.
3.  Cocon. http://www.informationsecurityday.com/c0c0n/ 1st edition held in
    Aug 2010. earlier held as part of information security day. It is held 
    in Cochin.
4.  Owasp + Securitybyte Appsec Asia http://securitybyte.org. More of a 
    corporate conference with the suited people around :-).

--[ 5 - Memoirs of the underground - By dot


=[ Past.. that's where all the nostalgia and fun lies :)

So it all started sometime during late 2001 when a new variant of Yet 
Another "Hello World" Application spread rapidly via mostly social 
engineering mails and Outlook Express invalid MIME type exploit (similar to
Klez.?). AV technology was not really matured back then, Kaspersky was not
there with its PDM modules or its emulation heuristics, Symantec did not 
conceived SONAR or its Reputation Technology, it was practically open 
season for anybody with some programming skills to write and spread a 
successful worm. But amazingly a very nice and simple HTTP ping module was 
built into the program which used infected systems to ping (simple GET /) 
certain government website across the border towards the friendly 
neighbourhood creating a DDoS condition. News !!! News !! News !!! Cyber 
War between two countries.. Beware! iNDian sNakes are here !!! Hackers 
hacking each other's websites. Unicode double escape? Front Page is cool, 
lg7 (but where is the pass? :P)? dtspcd?  little they knew, early stage 
script kids playing with public tools and little common sense without basic
computer science background.

I don't speak for the unknown elites before me who might be able to 
represent the scene in a much better way than me leaving me to a 
1337-wannabe state.. I don't even speak for the Indian Snakes guy(s) who 
taught me quite a lot during my early days but I think we started quite 
late. Aleph1 had already written about how to smash the stack, Solar 
Designer had already found and exploited a heap overflow bug, Format String
exploitation technique was also known among multiple circles, the world was
filled with 7350*.c.. But fortunately Security Industry was not there yet 
or at least not so prevalent in this part of the world. We are lucky to be 
driven by the curiosity hormones to explore the black arts of hacking which
ofcourse later turned out to be obvious computer science with a bit of 
innovation and passion to solve difficult problems. I remember playing with
some MSN Trojan to steal passwords, I remember installing Barok in various
Cyber Cafes, I remember installing Red Hat 6.2 and feeling elite after I 
could connect to my dial-up internet and browse the web, infact I remember 
doing almost everything for being a perfect script kid. I also remember 
finding myself neglecting everything in life and reading Phrack during all 
those sleepless nights.. Smashing the stack, Voodoo Malloc Tricks, Once 
upon a Free.. Then after sometime actually solving PTP/0xbadc0ded 
exploitation challenges and hanging around with those awesome and nice 
people in their IRC.. but that was kind of late, a bit surpassed the prime 
time for ideal initiation. 

So getting back to the history part, here is how it goes: If you write a 
worm and leave an e-mail address in messages it drops, you are bound to get
a lot of fan/hate mails. It is actually a good methodology to build a 
community of rebels (??) or oh well people who liked Fight Club :) I think 
the creators of Yaha did not initially expected to build a community, their
entire purpose was to retaliate to web defacer groups like G-Force, AIC 
etc. but they actually ended up building a small and highly closed/private 
community and am happy to have known few of them. Although we had some 
Israeli friends (hi root, hi dak :)) the privateness of the group actually 
created a problem, we were starved ! Defacing seemed boring, writing 
exploits for public vulnerabilities were fun but quite challenging at that 
time, their weapons were old and obsolete. So we decided to look around and
the obvious result was #darknet :)) Haha.. dvdman, nolife and the massive 
list of ops there. Immediate learning from #darknet was to idle in #phrack 
as well for possible 0day drops :P.. Next learning was to read ~el8 and be 
an anti-establishment, anti-security-industry h4x0r !! Armed with newly 
made l33t friends and their dropped exploits (yo! we had 0days..) it was 
time to restart the so called cyber war in retaliation to multiple groups 
spreading anti-India propaganda via defaced websites.. thus born "Indian 
Hackers Club" :) Along with a new group name, an IRC server was created on 
a box with 128kbps or so ADSL line at a friend's (hi rex) work place (truly
BoFH) which later got shifted to a .il server. We began meeting like minded
individuals and groups... came across with Cyber Yoddha, Hindustan Hackers 
Organization (IIT had massive resources for hacking huh? :P), Emperor (baap
of all h4x0rs? :)), Nirvana (our own govboi :D) and slowly our IRC idlers 
list grew. Just like any other similar IRC, we began exercising power, 
control and ego... Ops were considered to be l33t, +v dudes were considered
decent and the rest were considered to be wannabe creatures for the 
operator's show off needs.

Then came the day of IIS WebDAV vulnerability: Kralor probably wrote the 
first public exploit which we took, modified it to support different 
shellcodes, tested it extensively and developed an internal kiddie friendly
version and so began a moderate scale defacing of friendly neighbourhood 
websites and confrontation with FBH (Federal Bureau of Hackers later turned
Federal Black Hats (too much PHC influence?)). Netcraft was used to find 
suitable targets then instant connect back shells and tftp in the backdoor
and defacement page :) Later I learned FBH guys also used the similar 
vulnerability to deface Indian websites during that time however they 
either wrote or managed to obtain a mass rooter version of it. 
Unfortunately (perceptions change with age though) we didn't really have a 
lot of CVV2s back then else we could have also used techniques like: buy a 
shared web space on target box and use kernel exploits (ptrace_kmod fun!) 
to root and deface for l33t show off. But yes, we would like to laughingly 
say we pwned r4t's brand new shell server before the h0no guys using 
trojaned exploits.. err oh well, we pwned a lot of funny people with 
trojaned/fake exploits. I remember once dec0der @ #ukr (or something i 
forgot) told me that I change boxes like he change underwares considering I
was logging in from brand new boxes every other day. 

Later on many of us made friends with people at #darknet, #m00, #c/c++ and 
even some old timers from #phrack. One of the funny moments happened when I
was working for an .eu company along with another guy hired by them and 
after working for a few days I found that guy is dvorak.. and we had a nice
laugh.

So all in all, during my time, the underground here in India was very small
and pretty much a closed group. Although we saw a couple of guys popping up
with security forums or websites once in a while we never really interacted
too much. We made a lot of friends world wide but the state of underground 
here during those days was no way significant compared to .eu or .us.


=[ The evolution.. Towards sanity

The Last Stage of Delirium (LSD-PL) changed many of us! The 5th Argus 
Hacking challenge, the Solaris LDT bug (reminds me of http://git.kernel.org
/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=dc63b52673d71f9d
49b9d72d263a9f32df18c3ee) exploitation writeup, Win32/Unix Assembly 
Component Development, JVM Vulnerabilities etc were awesome and inspiring 
(yea I remember GOBBLES too :)) We decided its time to grow up and learn 
something real. Enough of (0xc0000000 - blah blah) type local stack 
overflows, enough of exploitation challenges (PTP was good.. ok!) and thus 
we created a so called Research Team with a website and a bunch of exploits
written for public vulnerabilities. Proving lighthttpd header folding bug 
to be exploitable was an interesting achievement (Securityfocus initially 
ranked it as DoS only). Learning about exploitation techniques for NULL 
pointer dereference kernel bugs from an .eu friend and realizing the 
obvious sometime before the first public exploit posted on DailyDave list 
was also something to remember. Goin a bit back in the history, one of us 
worked on a hobby OS project (based on Bach's Design of Unix OS) which 
actually made rest of us (at least me) learn a lot and spend a lot of time 
on websites like osdever.net etc to learn something real, learning to debug
an OS kernel was something which helped me solve a lot of problems in later
days. Finally reached a state where the Intel Manuals seemed to be useful.

Starting from 2005 onwards or so, Security Companies started getting 
prevalent here, through various contacts an IPS startup contacted many of 
us for job offers. It was my early college days back then so I could not 
consider but others went ahead and that was probably the first time many of
us learned to go ahead with bigger and better things in life like having a 
full time security job or in other words hack even when it doesn't makes 
you happy, although yes much later we learned hacking at workplace on a 
daily basis is an opportunity which is not easily achievable not just in 
India but throughout the world... oh I must also mention, by now we learned
to use the word "hack" in a bit more "generic" and "abstract" sense :D


=[ Present.. The era of selling out..

Just like anywhere else, Security Industry is pretty much here now. A lot 
of security startups and moderately matured companies has been developed 
here working on consultant driven pentesting to security products 
development etc. Most of the old guys are either working either for some 
Security company or working as programmers in some software development 
company. As far as I know, there is no significant underground here 
although there are people who are pretty much involved in interesting stuff
but at a different scale in multinational groups. Web Application Security 
is so hot these days that I see most of the younger people are focusing 
totally on Web Application security vulnerabilities without looking into 
lower level software security.

--[ 6 - Future

The recent shift in the mind set of some of the Govt. intel agencies 
towards opening up to the hacker community has brought about a lot of 
changes in the hacker scene in India. This collaboration is only going to 
increase the moral of the hacker community and thereby also helping the 
govt. in it's own way. As I mentioned we started a little late which is 
applicable for the Govt. as well, but as they say - better late than never.
Things have started to pick up and we will see more of intel-hacker 
collaboration in the future which may prove to be good/bad for some, but 
yes the intent is to establised  cyber warfare strategies and action plans,
which we will start to see in the next 5 years.

---------------------------------------------------------------------------

          An overview of the Greek computer underground, part 1
      by two (not really) anonymous G(r)eeks - anonymous_gr@phrack.org


--[ Table of contents

1 - Introduction
2 - Present
  2.1 - GRHACK
  2.2 - Meetings
    2.2.1 - 0x375
    2.2.2 - AthCon
    2.2.3 - 2600
  2.3 - Online forums
  2.4 - Controversial groups
  2.5 - Demo scene
  2.6 - Pentesting community
  2.7 - Open source related events
  2.8 - Academia
3 - Conclusion, what does the future hold
4 - References


--[ 1 - Introduction

In this brief article we will attempt to give an overview of the current
state of the Greek computer underground scene. However, since the strictly
underground scene in Greece is very small, we will also include some
information about other active IT security related groups and forums. There
is a going to be a second part to this article at a future issue in which
we will present in detail the past of the underground Greek scene in all 
its gory glory.

Before we continue let's get something out of the way. We know that a lot
of people act offended when they hear the words "Greek" and "scene" in the
same sentence. They flat out reject that anything is currently happening
in the Greek underground and mumble about how much better things were
during the past years. We are sure that the exact same behavior exists in
the scene of other countries as well. We do not agree with this behavior.
Yes, the present Greek "scene" is small, obscure, full of ignorant and
incompetent people. But that was also the case in the past. But there were
and there are exceptions. If you are part of the scene (Greek or
international) you probably know the exceptions. We need to focus more on
what is good and try to bring that forward. Yes, that means you too.

--[ 2 - Present

In this section we will introduce you to the present and recent past of the
Greek hacking scene, roughly from 2005 to 2010. We will avoid mentioning
nicknames and handles of specific people since we feel that this has led to
fragmentation of the scene in the past. Instead we will only mention group
names.

----[ 2.1 - GRHACK

One of the most interesting things to note about the Greek underground
scene, was the fact that although there were plenty of skilled
individuals, no one ever tried to unite them. Most of them used to work
alone, isolated from the rest. It was obvious that something had to be
done to help those individuals come together, exchange ideas, cooperate
and contribute. It was then, about two years ago, when two guys from
the Engineering school of A.U.Th. (Thessaloniki, Greece) grabbed a bunch
of redundant boxes, set up a CVS server, a website, an IRC network and
published an open invitation [GRH]. GR Hack was born. The fact that
Greek Universities are modern sanctuaries and the fact that academics
are protected by asylum laws, made the location an ideal place for a
hacking community.

Although not a team in the strict sense, the GR Hack community is still a
very active think tank composed of well known and respected Greek hackers.
Members and friends of GR Hack have published work in Phrack ([ARG], [ITH],
[HUK]), have participated in security conferences like AthCon and Black Hat
and have had a great time meeting in real life, drinking alcohol and
sharing knowledge. The core of the community consists of a circle of
trusted individuals (software analysts/reverse engineers, old school
hackers, administrators etc.) who are more than willing to cooperate with
other people that take security seriously and have a passion for hacking.

----[ 2.2 Meetings

------[ 2.2.1 0x375

The need for an event came as no surprise. Everyone agreed that the local
underground scene had been inactive for quite a long time and that a
meeting (preferably with a catchy name!) would be the ideal motive for all
those who were willing to share their ideas but never had the chance to.
The place was Thessaloniki, and the name was picked to be Thessaloniki
Tech Talk Sessions or just TTTS. Since TTTS was not cool enough, the final
name for the meeting was chosen to be 3TS and was later settled to 0x375
(almost overnight!). During 0x375 meetings people give presentations
on technical topics, have an open discussion and an afternoon full of
fun. Currently, the Greek underground scene is preparing for 0x375 0x03
but the lack of people willing to contribute has made the whole process
a difficult task. 0x375 material is published at [375].

------[ 2.2.2 AthCon

Following the classic naming convention of other "cons", three people from
Athens decided to organize AthCon, an IT security conference that would
take place in Athens, Greece. The AthCon staff announced an open call for
papers and promised everyone that it was going to be a cool event. And,
yes, it was. The first ever AthCon took place in June 2010 and was actually
the first "con" to take place in Greece. The event featured a capture the
flag contest, a closing party and cool presentations. It's interesting to
note that AthCon attracted a lot of people active in the international
security scene [ATH] both as speakers or as part of the audience. AthCon
was the perfect place for everyone to meet in real life and have fun. We
would, definitely, like to see more security conferences taking place in
Greece in the near future.

------[ 2.2.3 2600

According to the official Greek 2600 site [260], 2600 meetings started
taking place in Athens back in 1999 and, as far as the authors know,
they are still frequently organized. During 2600 meetings various people,
mainly young inexperienced ones (and that doesn't really matter), meet to
have a drink and talk about technical matters. Although we haven't
personally attended any of those meetings lately, we believe that they
serve a good purpose.

----[ 2.3 Online forums

We live in the, so called, "century of information" and it seems that
Greek hackers have kept up with the pace information travels. Fortunately,
Greeks are quite active when it comes to setting up discussion forums and
blogs. P0wnbox [PWN] is such a discussion forum. Although most of its
members are freshmen (in a good sense), there are some interesting
discussions on that board from time to time.

Hey, we are pretty sure you already know xorl's blog, right? It's probably
one of the most famous security blogs around and it's mostly dedicated
to vulnerability analysis. The pace by which xorl posts stuff may cause
you vertigo! Xorl is doing a great job and it's obvious that he spends
a quite fair amount of his daily free time on posting things. His blog
[XRL] is well worth visiting if you don't already know it.

----[ 2.4 - Controversial groups

In the recent past there have been a number of groups doing defacements and
fighting each other with childish insults. One of the most high profile
cases of this is the CERN defacement. There are tons of articles on the
Internet about the CERN incident and the events associated with the
defacement of the lxplus.cern.ch web server. We will merely state the
obvious. The content of the CERN defacement put blame on the same behavior
that itself was perpetuating.

Another recent trend in the Greek web defacement "scene" is the emergence
of extreme nationalistic groups. These groups attack web sites associated
with neighboring countries and deface them with nationalistic content and
messages. One of these groups uses a name (Greek Hacking Scene) quite
similar to a historic Greek hacking group (Greek Hackers Society). Their
reasons for using a similar name are quite obvious. We personally believe
that what nationalism stands for goes against the spirit of hacking, and we
will leave it at that.

Last but not least, Hack4Fame was a self-proclaimed hacking group
supposedly composed of blackhat hackers from various countries including
Greece. However, it was obvious to most of us who the single person behind
Hack4Fame was. In February 2010, Hack4Fame used standard media tricks to
publish data that were supposedly stolen after a hack in a Greek bank. The
data, which in reality were circulating the Greek underground scene for
more than 8 years, belonged to other individuals who either hacked the
aforementioned bank in the past or had performed fully legal penetration
tests. We don't know what the motive was for Hack4Fame but we definitely
disagree with his behavior, especially when it comes to publishing third
party private material belonging either to a company or to individuals.

----[ 2.6 - Demo scene

The demo scene has always been very closely associated to the hacking scene
having forked from it. While in the past the demo scene in Greece was quite
active, several demo parties were organized in a yearly basis with the most
famous one being The Gardening [GRD], it is currently in a state of
hibernation. An example of this sad state of affairs is that the past
Greek demo scene online home is now a web page full of advertisements
[DMS].

However there is one Greek demogroup that isn't just currently active, but
is also transcending the borders of Greece and is successfully
participating in international demo scene competitions [ASD]. Andromeda
Software Development (ASD) were formed in 1992 and participated for the
first time in a Greek demo party in 1995 (The Gardening 1995). They
originally developed demos on MS DOS with Borland Turbo Pascal and inline
16-bit assembly. In 2003 they competed for their first time in an
international event (Assembly 2003) and in 2005 they won that year's
Assembly demo party. Since then they regularly compete in international
demo scene events and have won many times [AWP].

----[ 2.6 - Pentesting community

Although we all like to pretend that the commercial penetration testing
community has little to do with the underground, we all know that it
actually has much to do with us. In Greece many, surely not all though,
pentesters that work for security companies come from an underground
hacking background. Others try to become part of the hacking scene in
order to leech technical know-how, code and sometimes even ready-to-use
weaponized exploits. Lately we have seen the emergence of a particular
community of people that do a security MSc degree at a semi-respectable
UK university (no need to mention it by name, it is well-known in security
circles), return to Greece and pretend to know everything there is to know
about "hacking". These people fail to understand the importance of the
underground and their leeching behavior actively contributes to the demise
of the already weak Greek scene. We all hope that Greek security companies
will start to publish tools, give talks and generally support and
contribute back to the underground hacking scene that has taught them so
much in their early days.

----[ 2.7 - Open source related events

The open source movement has seen a certain degree of acceptance and has
gained several followers and evangelists in Greece. As part of this
movement there have been several communities that have and still are
organizing technical talks and events. Although these events are not
primarily focused on security topics, there have been interesting security
talks from time to time. The Software Libre Society at the University of
Piraeus [SLS] deserves a special mention since it has been meeting on a
regular basis and most talks presented there are of an acceptable to high
technical level.

----[ 2.8 - Academia

Last but not least, it's quite encouraging that Greek universities
have recently started dealing with security more seriously. There are
several opportunities for a student to do some serious research for
a thesis, an MSc or a PhD that focuses on security both formally and
practically. This is good news since a couple of years ago the phrase
"applied security research" sounded alien to most academics. Namely, the
Electrical and Computer Engineering Department of A.U.Th. (Thessaloniki,
Greece) and N.T.U.A. (Athens, Greece) as well as the CS department of the
University of Piraeus (Piraeus, Greece) are currently some of those places
where one can treat security more academically.

Another academic institute that is actively doing security research is ICS,
FORTH in Heraklion, Crete [ICS]. Among their research topics are large
scale malware analysis, the monitoring of Internet for malware traffic and
malware epidemics. They have developed their own honeypot/honeynet software
which runs on a host machine and binds several well-known ports that aren't
used by the host. All the traffic that comes to these ports is forwarded to
their own backend infrastructure for further analysis. Furthermore, they
have recently started doing research on GPU-hosted malware.

Unfortunately, due to certain narrow minded extremists that represent
various political (and mostly partisan) views, Greek universities are still
quite far from doing some real, valuable research and even further from
collaborating with the very few capable security companies. Analysis of the
Greek educational system is a very interesting topic that may teach you all
how to respect the fact that you were born in a more civilized country :-)

--[ 3 - Conclusion, what does the future hold

The near future seems debatable for the Greek computer underground scene.
The fact that it is so small means that it is flexible and adaptable, but
also means that fragmentations and grudges between individuals can wound it
gravely. The Greek scene cannot be forcefully resurrected, that would only
lead to more mindless zombies with no motivation and no passion for
hacking. We would like to conclude with a positive message and we feel
that the conclusion of the "Underground Myth" article in issue 65 applies
well to the current situation in Greece [UND]:

"All that remains is to relax, to do what you enjoy doing; to hack purely
for the enjoyment of doing so. The rest will come naturally, a new
scene, with its own traditions, culture and history. A new underground,
organically formed over time, just like the first, out of the hacker's
natural inclination to share and explore."

We hope you enjoyed this brief overview of the current state of the Greek
security scene. Greets and thanks to the people that provided extra
information on certain topics. You know who you are.

Stay tuned for the second part of this article.

--[ 4 - References

[GRH]   http://www.grhack.net/
[ARG]   http://www.phrack.org/issues.html?issue=66&id=8#article
[ITH]   http://www.phrack.org/issues.html?issue=66&id=9#article
[HUK]   http://www.phrack.org/issues.html?issue=66&id=6#article
[375]   https://www.grhack.net/files/0x375/
[ATH]   http://www.athcon.org/speakers/
[260]   http://www.2600.gr/
[PWN]   http://www.p0wnbox.com/
[XRL]   http://xorl.wordpress.com/
[GRD]   http://www.deus.gr/gardening.html
[DMS]   http://www.demoscene.gr/
[ASD]   http://www.asd.gr/
[AWP]   http://en.wikipedia.org/wiki/Andromeda_Software_Development
[ICS]   http://www.ics.forth.gr/
[SLS]   http://rainbow.cs.unipi.gr/projects/oss/
[UND]   http://phrack.org/issues.html?issue=65&id=13#article
[ News ] [ Paper Feed ] [ Issues ] [ Authors ] [ Archives ] [ Contact ]
© Copyleft 1985-2021, Phrack Magazine.