security community
as Defcon 19 lurks just around the next corner, the 20th anniversary of one of the worlds top three most famous hacker conferences is now just over the horizon of the year. Anniversaries are a good cause for celebration, and reminiscing, with a touch of disbelief that we've really been doing this all for this long.
As a good friend of mine once quipped at defcon itself, almost a decade ago now :- "You know how you become old-school? you wait!". I know more than a few people who've been in this microcosm of weirdness called Information Security and the Hacker Culture for these past 20 years or so, that would shake their heads alongside me, to consider that we are the Old School now. Certainly when I first discovered this world in late 1990, I quickly saw much evidence that the Golden Years had come and gone, and all the major events, and most interesting people, were things I would only ever experience in historical accounts.
How wrong I was.
Although I'd missed many of the legendary firsts of the time, the coming decade brought more than enough activity of its own with the explosion of the internet out to consumer-access, and security, far from getting better, careened around the corner and over the hill into a wild descent of complexity, hyperbole and the pursuit of the quick buck. Robert Morris Jr's Internet Worm, was not the great educator that would happen merely once to demonstrate the risks, that everyone would then engineer out of further possibility, but the harbinger of dark times down the road.
And perhaps, if I had been less of a naive kid during those times, I may have even set myself down a different career path instead...
(...oh, who am I kidding? I wouldn't exchange this one for anything; just the people you meet in this field alone, make the whole thing worth it).
Back in 1992, when the first DEFCON was put on, with a handful of friends (in comparison to the multitudinous hordes of today), I was making my own first steps towards fame and notoriety, putting together a new Amiga Demoscene group with fellow friends from my hometown in the North of England: NERVE AXIS. The Demoscene had ties to the hacking/infosec scene, with a common turf of being on the 'computer underground', there was some crossover at various points, especially in the phreaking area (remember, this is pre-public internet access, so access to long-distance modem calls was a staple of keeping the scene's underpinnings of distribution of our productions alive). The Demoscene however, had much more focus on the 'maker' aspect of the term hacker, we developed software, we wrote music, drew graphics, and produced A/V demo's that still stand on their own rights as engrossing productions in the modern day.
Many of the people from the Demo scene, have gone on to become big names in the video game industry, having cut their teeth on complex matrix math transforms, on a 1mhz CPU, or creating some of the best images seen, on a 320x240 screen. Likewise from the hacking scene, people who 20 years ago were cracking video game copy protection code, are creating entire reverse engineering application suites today.
And soon the end of the decade, and fin de siecle came upon us, the DotCom boom coming at the perfect time for many of us to find high paying employment well beyond our years at the time, but not always beyond our experience. The explosion of the internet and the need for people with a security background, far outstripped the number of people with any formal education in the subject and those with formal education largely lacked the applied experience to deal with the rapid rewriting of the threat space occurring in lockstep with the technological evolution. Threats that were purely hypothetical (and often sounded ridiculously distant from reality), could reach viability within a year or two at the most; adapt or die soon became the prime mantra.
As the decade rolled in, we saw the brief era of massive self-replicating works: blaster, slammer, l10n, nimda, code red (all red-letter days to those of us that were on the job, when these hit); none of them however, carried (by today's standard) a particularly destructive or malicious payload, they were like proof of concept, load-balancing tests - case studies in digital epidemiology, providing future data for both defenders and attackers alike. Early Rootkit techniques and technology soon began to find a wider audience beyond the scope of the elite few - corporations that dealt in that most annoying (but essentially harmless in comparison now) of software, Adware, soon began to realize that if they could make their surreptitiously installed software that much more difficult to remove....
