◆ SpookStack

New Architect: Inside the a i e Page 2 of 6 There, a neighbor showed up like a dal later to ask whether we were growing pot. Can‘t win. NA: Do you think hacking is seen as more criminal than growing pot? AL: Depends massively on the location. You're very much subject to the foibles of local law enforcement, who range from ex-marine types who got turned down by the FBI, to the state police who like to take it out on minor offenders, to people who just have the job because it’s easy, has good benefits, and enjoy a Jack Daniels and Xanax before bed. It's very subjective. NA: It also depends on the “type” of hacker, right? You're white hat? AL: Well, despite the frequent use of "white hat" to describe me, I've never identified myself as such, or claimed a specific label for what I do. I do what I do and encourage people to draw their own conclusions, NA: So what kind of gear do you use? AL: There's a bit of incidental stuff, but the center of most of the compromises has been my laptop, a Toshiba Portege 3480CE, and my Web browser, usually out-of-the-box Internet Explorer. Almost everything is Web based; 1 could do it from any workstation on any operating system, pretty much, NA: Back in the day, most hacker tools were nasty DOS kluges. Things appear to have progressed a long way in the last few years, AL: Conceptually, it's the same: You're dealing with the same basic sort of technology structures, People make the same sorts of mistakes. You think in the same ways of doing research, It's just the faces that change. With occasional exceptions, there are patterns to how things are arrayed—people or machines—no matter haw complex they get. Sometimes they're so subtle that you don't even really know what they are, you just move with them intuitively. The primary difference, to me, has been a change in people's awareness of how accessible much of it is. NA: Are you saying people are now more aware of security risks or less? AL: To most people, no matter how much exposure they get to the idea of computer security, it will still always be an opaque concept. They don't get that posting their resume and mentioning the URL of an intranet site they designed for Lockheed a year ago could iead indirectly to massive compromise, no matter how aware they are of the bugs that afflict their Outlook install. http://Awww.newarchitectmag.com/documents/s=2415/na12021/ 9/8/2003 FBI(19-cv-1495)-1094