cDc #360 _ | \ | \ | | \ __ | |\ \ __ _____________ _/_/ | | \ \ _/_/ _____________ | ___________ _/_/ | | \ \ _/_/ ___________ | | | _/_/_____ | | > > _/_/_____ | | | | /________/ | | / / /________/ | | | | | | / / | | | | | |/ / | | | | | | / | | | | | / | | | | |_/ | | | | | | | | c o m m u n i c a t i o n s | | | |________________________________________________________________| | |____________________________________________________________________| ...presents... The Journalist's Cookbook Version 1.0 by Reid Fleming 7/15/1998-#360 __///////\ -cDc- CULT OF THE DEAD COW -cDc- /\\\\\\\__ \\\\\\\/ Everything You Need Since 1986 \/////// ___ _ _ ___ _ _ ___ _ _ ___ _ _ ___ |___heal_the_sick___raise_the_dead___cleanse_the_lepers___cast_out_demons___| [Editor's note: This is a living document. It will be updated from time to time, and its version number incremented to reflect major and minor changes.] Eventually it happens to everybody. The producer asks you to put together a segment on computer crime or the hacker subculture. Sounds easy enough. You already have a couple ideas. And luckily you have that friend-of-a-friend who knows that hacker who went to jail. But once you start actually writing, you realize that your script is sounding as trite as anything you've ever seen. No matter how much you try to jazz it up, it looks like every other hacker spot you've seen. Pretty soon you're downright desperate for ideas. Here's a suggestion: don't agonize over what will end up being just another derivative news piece anyway. Instead, let this document help you produce yet another mediocre story about computer hackers. TABLE OF CONTENTS TITLE TOPIC IMPENDING THREATS STATISTICS THE LEAD MOVIE CLIPS DEFINITIONS MONEY SHOTS ANIMATIONS INTERVIEWS SHOOTING YOUR SUBJECTS Computer Hackers Settings Inserts Law Enforcement Officials Settings Inserts Security Experts Settings Inserts The Closing Appendix A: Statistics Appendix B: Interview Subjects Appendix C: Vernhackular -------------------------------------------------------------------------------- TITLE Start by selecting the working title of your piece. In many news organizations, the title isn't even chosen by the producer of the piece, so it's often a waste of time to come up with something good, just to have it retitled at the last minute. And even if you DO get to choose your own title, it doesn't matter. Nobody remembers them. Regardless, it's easier to avoid writer's block once you have a title. Here are some examples to get you thinking. (Of course, if you're really short on time, just crib one without modification.) - The Cyberwarriors - At Your Digital Doorstep - The Digitally Depraved - Hacking The Planet - How Secure Are You Really? - Is Your Data Safe? - Dialing for Mayhem TOPIC Now choose a topic corresponding to a recent computer crime. This can be very easy. Just check out the AntiOnline web site for recent hacker news. The site is written for the layperson with some understanding of vernhackular. If AntiOnline doesn't help, then this can be hard. Check the newspapers, magazines, chat boards... ferret out some recent computer crimes. If you can find a fresh event falling into one of these categories, write it down (if you don't have time for that, then just pick one that sounds good): - Banking systems/ATM network penetration - Cryptography - Cyber terrorism/electronic pearl harbor - Hacktivism - Identity theft - Military or Fortune 100 systems penetration - Online privacy - Personal data theft - Proliferation of Increasingly Sophisticated Hacking Tools - International Hacker Gatherings IMPENDING THREATS The phrase "electronic Pearl Harbor" has crept into the national consciousness. It encompasses the commonly-cited worst case scenarios in the computer hacking sphere. This set of impending cataclysms includes the disruption or obliteration of any the following computer systems: - Military sites protecting nuclear, biological, or chemical agents - Air Traffic Control systems - Communications satellites - Interstate power grids - 911 systems - Metropolitan mass transit systems - Hospital systems (patient record databases) - National credit databases - The Internet backbone itself STATISTICS You know the deal with statistics: no one can verify them, so don't worry about quoting your sources. They're just guesses anyway. Well, this wisdom is ESPECIALLY true in the case of computer crime. So grab a useful statistic from a print story, or use one of those provided in Appendix A. In a pinch you can just make something up. No one will have any idea. THE LEAD If you don't have time to write your own, try this sure-fire intro. "[CYBER TERRORISM]. With the recent [SHUTDOWN OF THE PUBLIC LIBRARY SYSTEM], it's been on everybody's mind. We've all heard stories of computer hackers [DISRUPTING AIR TRAFFIC CONTROL COMPUTERS] and [DISABLING 911 SYSTEMS], but just how big a problem is this? According to statistics, [20 MILLION HACKS ARE PERPETRATED EACH YEAR]. With odds like that, it makes you wonder: how safe are we really?" MOVIE CLIPS Consider the use of a movie clip to hook your audience right away. At least some of these films are familiar to most of your audience, even the ones who don't have computers. Grab a suitable sequence from one of the following flicks and open your story with it. - Goldeneye - Hackers - Lawnmower Man - The Net - Terminator 2 - Real Genius - Sneakers - Speed 2 - Superman III - Wargames - The Armchair Hacker - Tron ABOUT DEFINITIONS Explain the technical jargon to your audience as each term arises. Your intro may require the use of one or more terms, but resist the urge to explain everything at once. It's boring, and it won't work anyway. Ask your interview subjects to explain any jargon they use. While they're at it, ask them to explain the jargon used by anyone you interviewed previously. Someone else may be better at explaining something than the person who actually used the term. If an explanation differs substantially from that offered in Appendix C, use the one offered by your source. Things change so rapidly on the Internet that words are often redefined. MONEY SHOTS These are the clips of hackers sharing the fruits of their labor. Your story should have at least one of these. - Hacked web sites (FBI, CIA, DOJ, NASA, etc.) - Purloined data scrolling across monitor - Screenful of cracked passwords ANIMATIONS If you need them, here are some tried-and-true ideas for CG elements. - Packets served across the Internet - Satellite hacking - Virus infecting files - Files being deleted - Calls being traced INTERVIEWS There are just three categories of subjects worthy of on-camera interviews: computer hackers, law enforcement officials, and security experts. Whenever you interview any of these subjects, you must determine their credentials. By this we mean the following: * number of years in their respective roles * famous exploits * membership in appropriate organizations * authorship of any books or articles on the topic * relevant jail time * whether the subject has been featured in any previous interviews ABOUT SHOOTING YOUR SUBJECTS Just four simple rules, all of which you should already know. Rule number one: always shoot the subject working at a computer. This is absolutely crucial, never omit it. Rule number two: conduct the interview in the subject's habitat, but away from the computer. Rule number three: get lots of closeups. Room decorations, computer systems, keyboards, bookshelves, anything visually appealing. You will need these for cutaways. Rule number four: get full coverage on the subject. This can mean more than closeups and reverse shots. Shoot ECUs of prominent jewelry, t-shirt logos, badges, holsters, ID tags, whatever. More cutaway material. computer hackers ---------------- SETTINGS - hacker in his habitat - anti-Microsoft propaganda (posters, bumper stickers, etc.) - pro-UNIX propaganda - 2600 magazine - Phrack - anonymous hacker in nondescript hotel room - features obliterated - silhouette against scary backlight - mosaic face - hacker conventions - Defcon - Hohocon - HOPE - Summercon - dumpster - bank of payphones INSERTS - offbeat grooming & wardrobe - unusual hairdos - body piercings - tattoos - 2600 t-shirt - leather jacket - equipment - computers, plural - keyboards - CRTs - misc. gadgetry - software tools - L0phtCrack - Satan - Back Orifice - internet chat rooms - #hack - #cDc law enforcement officials ------------------------- FBI agents, Secret Service agents, local police officers, anyone from the Department of Justice, local district attorneys, etc. SETTINGS - server room - cubicle INSERTS - building entrance - nametag - badge - gun - bookshelves security experts ---------------- These come in two flavors: computer security consultants, and computer privacy advocates. Security consultants (usually themselves former hackers or law enforcement) are paid consultants who sell their insight into the methodology and ideology of the typical hacker. Usually self-employed. Computer privacy advocates are private individuals who speak out publicly regarding threats to personal liberty in cyberspace. Favorite topics include: export restrictions on certain cryptographic materials, the validity of various data encryption schemes, and the potential vulnerability of critical information systems. SETTINGS - server room - telephone equipment room - cubicle INSERTS - storefront / sign - bookshelves THE CLOSING Nothing special here. Just a few sentences that re-emphasize the topic. Remember that no matter the precise issue, the general message should be to fear the relentless and unstoppable legion of computer hackers. Perhaps you could close with an epigram. In which case, you should crack open Bartlett's Quotations. Try one of these topics: COMPUTER, DANGER, MENACE, PERIL, RISK, THREAT, TREACHERY, VULNERABLE. -------------------------------------------------------------------------------- APPENDIX A - STATISTICS Nearly 80 percent of U.S. businesses have been victims of computer crimes. 58 percent of Fortune 1000 companies have experienced computer break-ins. 18 percent of that group suffered more than $1 million in losses. According to the FBI, 122 countries across the world currently have online hacking capabilities. We know that in the neighborhood of 20 million hacks a year are occurring worldwide. The average cyberheist nets $250,000 with a less than one percent rate of conviction. Only 17 percent of the major corporations and financial institutions that have been intruded actually report it. 75 percent of the Fortune 500 companies have been successfully penetrated. The average loss that they concede is about $100,000. The FBI estimates that the total losses from these electronic rip offs range from a rock bottom figure of $500 million a year up to $10 billion. cDc Media List _Rocky Mountain News_, August 18, 1996, "Air Force battles computer hackers", pg 42A. Hundreds of thousands of times a year, the Cyberwarrior [the U.S. Air Force Information Warfare Center] defends the nation's secrets from the members of the Legion of Doom and the CULT of the DEAD COW in a battlefield that spans the globe. -------------------------------------------------------------------------------- APPENDIX B - INTERVIEW SUBJECTS Try these organizations' web sites for up-to-date contact info. HACKERS - 2600 Magazine - Chaos Computer Club - Cult of the Dead Cow - L0pht Heavy Industries - New Hack City - Phrack - r00t LAW ENFORCEMENT - Federal Bureau of Investigation - Secret Service - San Jose Police Department SECURITY EXPERTS - Cypherpunks - Electronic Frontier Foundation - Bruce Schneier - Tsutomu Shimomura (tsutomu@sdsc.edu) - Cliff Stoll (stoll@ocf.berkeley.edu) -------------------------------------------------------------------------------- APPENDIX C - VERNHACKULAR These are some of the more common vocabulary items. ATTACK: a specific tactic designed to generate some kind of malfunction, usually to grant or deny computer access -- syn. EXPLOIT BACK DOOR: Leaving behind a hidden or nonobvious method to regain system access during subsequent visits BLACK HAT: a malicious hacker who defies the Hacker Ethic -- ant. WHITE HAT CARDING: credit card fraud, typically for mailorder goods CRACKER: contemptuous term for hacker, or abbrev. for password cracker DENIAL OF SERVICE: an attack designed to prevent the productive use of a computer system, by overworking the computer beyond its operational limits DUMPSTER DIVING: looking through the garbage for discarded equipment, useful information, or other materials -- syn. TRASHING EXPLOIT: see attack HACKER: a person skilled or expertised in methods of hacking computer systems HACKER ETHIC: an informal code of conduct designed to preserve the integrity of a hacked computer system and its contents, the terms of which generally prohibit the contamination or destruction of valuable data or other resources HACKING: the process of gaining unauthorized access to a computer system HACKTIVISM: a term first coined by THE CULT OF THE DEAD COW to describe one brand of activism practiced by the HONG KONG BLONDES; a policy of hacking, phreaking, or creating technology to achieve a political or social goal HANDLE: a hacker's chosen alias, or nom-de-hack MAN IN THE MIDDLE: an attack wherein a malicious agent seeks to intercept communications between two computers and rewrite certain message contents OWNED: a computer whose security has been entirely neutralized by a hacker PACKET SNIFFER: a computer program designed to reveal the contents of all network traffic within earshot of the computer, not just the data bound for that particular system PASSWORD CRACKER: a computer program designed to extract the passwords of a given system's user database, usually employing a method of brute force or dictionary comparison PHREAK: a person skilled or expertised in methods of phone phreaking PHREAKING: manipulating the telephone system in order to reroute phone calls, avoid billing, or otherwise defraud the phone company SECURITY THROUGH OBSCURITY: the tactic of protecting something by keeping secret all its details SNIFFER: abbrev. for packet sniffer SOCIAL ENGINEERING: any means of convincing someone to willingly furnish information which is unavailable to the general public, usually by posing as someone with a legitimate need SPOOFING: making it appear that data originating from an untrusted computer is actually coming from a trusted one TRASHING: see dumpster diving TROJAN HORSE: any piece of software intentionally infected with a virus, and purposely provided to others VIRUS: a small computer program devised to be undetectable and duplicate itself WAREZ: illegally-duplicated computer software products WHITE HAT: a mediagenic hacker who adheres to the Hacker Ethic -- ant. BLACK HAT .-. _ _ .-. / \ .-. ((___)) .-. / \ /.ooM \ / \ .-. [ x x ] .-. / \ /.ooM \ -/-------\-------/-----\-----/---\--\ /--/---\-----/-----\-------/-------\- /lucky 13\ / \ / `-(' ')-' \ / \ /lucky 13\ \ / `-' (U) `-' \ / `-' the original e-zine `-' _ Oooo eastside westside / ) __ /)(\ ( \ WORLDWIDE / ( / \ \__/ ) / Copyright (c) 1998 cDc communications and the author. \ ) \)(/ (_/ CULT OF THE DEAD COW is a registered trademark of oooO cDc communications, PO Box 53011, Lubbock, TX, 79453, USA. _ oooO All rights reserved. Edited by Omega __ ( \ / ) /)(\ / \ ) \ \ ( \__/ Save yourself! Go outside! Do something! \)(/ ( / \_) xXx BOW to the COW xXx Oooo http://www.cultdeadcow.com