The Top 20 40 60 Things I'd Do If I Ever Became A 1337 Anonymous H@xx0r
Update Oct. 9, 2011: Now with 60 items and a glossary!
(Inspired by Peter's Evil Overlord List, this interesting article about Sabu, and speculation about various recent events. I'm about as likely to become a 1337 Anonymous H@xx0r as I am to become an evil overlord, but I hope this will be useful to someone.)
- I'll spend my free time honing my skillz, not having pointless arguments with people on Twitter and IRC.
- If I desperately want to leave my house but am terrified of doing so, I won't "accidentally on purpose" get arrested just so I can go outside. Instead I'll ask a family member, friend, or local mental health services provider for help.
- In every IRC chat, I'll assume that at least one person is keeping the chat log, and will show it to my worst enemy at the worst possible moment.
- I'll never say something like "I am invincible! I can never be dox'd or v&!" After that, the FBI usually shows up instantaneously.
- I'll only be anonymous when necessary. If I'm lucky enough to live in a place with freedom of speech and other guaranteed rights, I'll proudly exercise my rights under my own name unless there's a good reason not to (and cowardice doesn't count).
- If I'm angry at someone, I'll express my anger either under my real name or anonymously, but never both. For example, I won't hack a company's website right after I rant to everyone I know about how much I hate the company.
- I'll use different nicknames for different purposes and in different internet fora, and be careful not to reveal connections between them. Hacking high-profile websites using a nickname when I once owned a domain name in the form of nickname-dot-tld is completely out of the question.
- It may occasionally be appropriate to find vulnerable websites first, and come up with a justification for hacking them later, but I'll use this judiciously. For example, I won't hack a local hair salon website and harass its webmaster, then try to justify this by saying I saw a cop go into the salon once.
- I won't lie and say that I'm at Defcon when I'm not, because that's just sad.
- Actually I'll realize that no one really cares if I'm at Defcon, so I won't go on about it either way.
- Although I'll have many typically geeky characteristics, I'll still make some effort to stay healthy (i.e., get up from the computer once in a while, and not live on Cheetos). Hacking is easier when you have good circulation.
- I won't use addictive drugs. Or if I absolutely must use addictive drugs, I'll be careful not to learn the dox of any fellow hackers. Because one day when I really need a hit, I'd sell out anyone to get it.
- I won't trust druggies with any important secrets, see above.
- I won't ever talk to the police or allow them to search my stuff without a warrant. I'll watch this video about why not to talk to the police and learn what to do if an agent is at your door.
- If I ever get angry about something, I won't suddenly turn against all the hackers I've ever known. This just ensures that someone will get angry enough to dox me and turn me in.
- I won't fly into a fit of rage any time someone calls me a script kiddie. Haters gonna hate, and it's easy to do something stupid when you're raging.
- If my first choice of hacking target seems too difficult/dangerous, I won't obsess over it and keep trying and putting myself at risk. There are plenty of other targets, and I can come back to the first one later -- maybe I'll have increased my skills or they'll have lessened their security.
- I'll try hacking my own website(s) once in a while and fix any vulnerabilities I find, and make sure all plugins are up-to-date. It would be hypocritical to make fun of other people for having poor security while neglecting my own.
- If another hacker I know starts doing bizarre/rude/risky stuff like DDOS'ing his/her own sites, picking fights with people, or acting like he/she wants to get v&, I'll immediately and permanently distance myself from that person instead of continuing to work together.
- I'll remember that there are many good causes in the world, many different ways of fighting for them, and many sources of happiness. I'll occasionally ask myself, "Why am I doing this?", and if the answer isn't a cheery, "For the lulz!", I'll check my bearing, change tack and sail for sunnier climes. Then after a well-deserved vacation, I can return as dapper/piratical/geeky/nervy/lulzy/hackery as ever. With a new nickname.
- I won't insult n00bs for their ignorance, because everyone was a n00b once. Instead I'll help train promising n00bs for future ops (or, depending on my long-term goals, as my minions).
- If I get less enjoyment from hacking than I do from bragging about my hacks, and if in fact the hacking is just a means to the end of writing long odes in poor English about how clever and wonderful I am, I'll consider giving up hacking in favor of pursuing a career as a rapper.
- While I might be able to convince a server that I'm a bot, I'll remember that telling humans "I have replaced myself with a bot" is silly and unconvincing (especially when the "bot" is having a snit fit).
- I'll remember that trolling is an art form and many are skilled in its practice. Therefore I won't risk feeding them, even if that means occasionally denying sustenance to non-trolls. (They won't starve; the internet is a dumpster-diver's paradise.)
- While hacker jargon is fun and useful, I'll remember to speak/write in plain English when dealing with non-hackers. Speaking entirely in leetspeak, memes and code wouldn't make much of an impression on them (other than an impression that I'm having a stroke).
- When writing code for an illegal project, I won't leave clues to my identity in the comments. If anything, I'll leave clues to the identity of someone I don't like (in which case I'll also make the code as sloppy as possible while remaining functional).
- When my goal is to get information, I won't obtain with hacking anything that could just as easily be obtained with freedom of information requests.
- I won't use my real name as my hacker name. Among other reasons, it would make life difficult if a judge were to say that I'm not allowed to use my hacker name online anymore.
- If my goal is to remain incognito and blend in with the crowd, I'll use a nickname derived from someone or something in the first Matrix film, secure in the knowledge that huge numbers of people are already using it.
- I won't name myself after the stereotypical evil villain from a comic book, movie, etc. Those characters were eventually all killed or imprisoned, and I want to maintain a more optimistic outlook.
- If I want to stand out from the crowd, I won't base my name/branding on an existing character at all; instead I'll come up with something unique. If I ever do get in trouble for hacking, there's no need to add trademark and copyright infringement to my legal problems.
- If my goal is to get hired at a particular company and I'm considering an elaborate hack of their systems to impress them, I'll also at least consider just mailing them a polite letter and resume instead.
- If I were an infamous-enough hacker that foreign news media made flattering animated videos of me, I'd just call it quits after that and take up a different hobby, because that's probably the pinnacle of my career.
- While of course I'll consider working for an evil entity if the price is right, I'll choose my employer very carefully. After all, if they're willing to pay me to do something bad to someone else, they'll be willing to pay someone else to do something bad to me if they're not happy with my work.
- If I'm angry enough at a company to hack them and suggest that others do likewise, I won't also be a fanboy for the company's products and give them free advertising (unless I'm being hypocritical as an elaborate troll, in which case it's OK).
- While it's only natural that I'll form friendships with other hackers, I won't engage in constant casual conversation with them on public websites. The only third parties with the patience to read our inane blathering would be those trying to dox us, and eventually we'd let slip enough personal information to make this possible.
- While my writing will have its own unique style, it won't also have its own unique spellings that lead right to my real name if Googled.
- Of course I'll be behind the proverbial 7 proxies. But I'll also remain aware of other threats to my privacy, such as security cameras, financial records, and people with way too much time on their hands.
- Once in a while I'll think about how disappointed my mom would be to find out I'm a hacker, and I'll be extra nice to her.
- I'll remember that most hackers will eventually violate one or more items on this list, so I'll be prepared for that and not let it bother me too much. There will still be over 9000 more n00bs eager to learn.
- Just as I check Snopes before forwarding an email, if someone claims to have created a revolutionary new hacking tool, I won't publicize it (let alone make Bitcoin contributions to it) until a trusted party has verified that it actually exists and works as advertised.
- If a notorious hacker of my acquaintance suddenly disappears and there are rumors he's been arrested for serious federal crimes, then he reappears a month later seeming oddly relaxed and says he wants to get together and hear about all the cool illegal stuff I've been doing, I'll decline.
- If circumstances unfortunately were such that I found it necessary to become an FBI informant (and I'd have plenty of company, as it's estimated that one in four US hackers is an FBI informant), I'd remember that they don't always follow their own guidelines (long PDF link), and proceed with caution.
- If I'm planning to attend a hacker convention where the other attendees are the world's best hackers, security professionals, and undercover agents, I won't take notes on a laptop that also contains data I want to keep secret. In fact I won't bring anything with me but paper and pen.
- I won't literally wear a black hat. This is real life, not some crappy movie where the writing is so bad that all the characters have to be labeled so people can remember who's who.
- Although it's sad, I'll resignedly accept that people will continue using "hacker" when they mean "cracker." The vocabulary battle has ended, and "cracker" has lost.
- I'll also accept that journalists and bloggers will repeatedly misuse the word hacker for all kinds of things that have nothing at all to do with hacking. As this is unstoppable, I'll refrain from drawing attention to myself by posting frequent butthurt reply comments expressing how deeply they wound and insult me by mischaracterizing my chosen profession.
- Upon finding vulnerabilities in some entity's systems, I'll resist the temptation to immediately publicize my cleverness and the entity's lameness. Instead I'll wait until I'm sure the pwnage is complete and I'm not shooting myself in the foot by publicising the vulns before I've made full use of them.
- While recognizing that names and pricing aren't everything, I'll also recognize that they are something, as a company's branding and cost may be some indication of their quality. Therefore I'll choose a proxy with a name and pricing scheme that convey reliability and sound business practices, not something like FreeProxeeFoHidingYoNastiShitFromDaFedzPlusFreeNekidWebcamAndOnlinePoker.com
- Although in general I'll try to be helpful to other hackers, my helpfulness will not extend to pointing out mistakes that lead to the investigation and prosecution of those who deserve it (which may explain why this list item is less helpful than others).
- I'll remember that any IRC, proxy server or website forum is only as trustworthy as its owner. I'll always keep in the back of my mind that any owner could become a victim of threats, bribes, carelessness, insanity, or spontaneous drama queen hissy fit theatricality.
- If I don't like something Anonymous is doing, I'll just go do something else (as Anonymous or under a new name). If others agree, they'll come join me. If not, it's fine, as their stupidity will distract the authorities while I carry out the real work.
- While recognizing that Anonymous is not my personal army, I'll also remember that I am not theirs, and they do not offer military benefits or pensions. Therefore I won't spend all my time on Anonymous to the exclusion of my other obligations and career goals.
- If I have a juicy secret or private document which I'm dying to reveal, I'll ask myself, "Do I have any reason for revealing this, other than being an AW?" If I can't quickly and easily think of a reason, I'll keep the secret or document private.
- I will be proud of all aspects of my individuality. However, this will not extend to publicly boasting about any of my unique physical characteristics when I'm trying to stay anonymous. (Posting nude photos is an especially poor idea for a variety of reasons.)
- I'll probably compulsively keep large collections of certain things -- this goes with the hacker mentality -- but I'll do my best to limit this to something like stamps or movies. Under no circumstances will I retain a complete, indexed and cross-referenced record of all my illegal activity such as would make a prosecutor do a happy dance.
- When attending a protest IRL, I'll remember that a Guy Fawkes mask won't help me with anonymity if I'm also expressing my unique fashion sense with an elaborate hairstyle, innovative fashion-forward ensemble, and that one fabulous signature piece that always draws attention. Instead I'll skip the mask and wear a couple of layers in different shades of boring, then discreetly take off the top layer when it's time to skedaddle.
- I'll remember that just because I haven't yet been v& doesn't necessarily mean that I haven't slipped up. Maybe LE just hasn't gotten to me yet.
- If circumstances have forced me into working with a programmer whose coding is atrociously, horribly bad, where the programmer obviously didn't get through even chapter one of an introductory programming book and the code looks not unlike the output of a gang of monkeys dancing on the keyboard, I'll resist the strong temptation to bludgeon him/her to death. Instead I'll be friendly and try to get him/her a well-paying job at a company I'd like to hack in the future.
- Upon encountering skiddies, I won't insult them for being unable to code, but instead suggest other ways they can make themselves useful, such as social engineering, analytics, research, writing, art, or writing silly lists.
Feel free to add more items and repost!
Glossary
(Links go to Wikipedia unless otherwise specified)
1337, a. leet, short for elite.
AW, attention whore
butthurt, "An inappropriately strong negative emotional response from a perceived personal insult," "being offended or getting all bent out of shape because of something petty or stupid." (per UrbanDictionary.com; warning, site contains some offensive content).
cracker, n. "One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker" per The Jargon File. (more)
DDOS, n. distributed denial-of-service attack.
Defcon, a big hacker convention.
dox, n. (from "documents") identifying information (generally of someone who wanted to remain anonymous). v. to find and publicize someone's identifying information.
H@xx0r, n. hacker.
Haters gonna hate, "a catchphrase used to indicate a disregard for hostile remarks addressed towards the speaker" (per KnowYourMeme.com; warning, site contains some offensive content).
IRC, n. Internet Relay Chat (technically it's redundant to say "IRC chat," but people seem to add the "chat" when referring to a particular chat, and leave it out when referring to the technology).
IRL, in real life
LE, law enforcement
leetspeak, n. "an alternative alphabet for the English language that is used primarily on the Internet" (more)
lulz, n. a variant of LOL, but usually implying some maliciousness or a dark/odd sense of humor.
n00b, n. variant of "newbie," someone who is new at a skill; a novice.
ops, pl. n. short for "operations" (specific projects).
proxy, n. a server that acts as an intermediary when requesting resources from other servers. A proxy server can be used to anonymize web surfing. (more)
pwn, v. "to compromise or control, specifically another computer (server or PC), web site, gateway device, or application" (more)
pwnage, n. noun form of pwn, see above.
script kiddie, n. (sometimes shortened to skiddie or skid) a derogatory term for someone who doesn't know how to write his or her own code, but only uses programs (scripts) written by others.
skillz, n. variant of "skills." "The 'z' implies something not quite legit, so the activity described may be illegal or against the rules." (per UrbanDictionary.com (may contain offensive content)).
troll, n. "someone who posts inflammatory, extraneous, or off-topic messages in an online community with the primary intent of provoking readers into an emotional response or of otherwise disrupting normal on-topic discussion" (more)
v&, v. (pronounced "vanned") to get arrested and put into an FBI van.
vuln, n. short for "vulnerability"
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.