cDc #360
_
| \
| \
| | \
__ | |\ \ __
_____________ _/_/ | | \ \ _/_/ _____________
| ___________ _/_/ | | \ \ _/_/ ___________ |
| | _/_/_____ | | > > _/_/_____ | |
| | /________/ | | / / /________/ | |
| | | | / / | |
| | | |/ / | |
| | | | / | |
| | | / | |
| | |_/ | |
| | | |
| | c o m m u n i c a t i o n s | |
| |________________________________________________________________| |
|____________________________________________________________________|
...presents... The Journalist's Cookbook
Version 1.0
by Reid Fleming
7/15/1998-#360
__///////\ -cDc- CULT OF THE DEAD COW -cDc- /\\\\\\\__
\\\\\\\/ Everything You Need Since 1986 \///////
___ _ _ ___ _ _ ___ _ _ ___ _ _ ___
|___heal_the_sick___raise_the_dead___cleanse_the_lepers___cast_out_demons___|
[Editor's note: This is a living document. It will be updated from time
to time, and its version number incremented to reflect major and minor
changes.]
Eventually it happens to everybody. The producer asks you to put
together a segment on computer crime or the hacker subculture. Sounds easy
enough. You already have a couple ideas. And luckily you have that
friend-of-a-friend who knows that hacker who went to jail.
But once you start actually writing, you realize that your script is
sounding as trite as anything you've ever seen. No matter how much you
try to jazz it up, it looks like every other hacker spot you've seen.
Pretty soon you're downright desperate for ideas.
Here's a suggestion: don't agonize over what will end up being just
another derivative news piece anyway. Instead, let this document help
you produce yet another mediocre story about computer hackers.
TABLE OF CONTENTS
TITLE
TOPIC
IMPENDING THREATS
STATISTICS
THE LEAD
MOVIE CLIPS
DEFINITIONS
MONEY SHOTS
ANIMATIONS
INTERVIEWS
SHOOTING YOUR SUBJECTS
Computer Hackers
Settings
Inserts
Law Enforcement Officials
Settings
Inserts
Security Experts
Settings
Inserts
The Closing
Appendix A: Statistics
Appendix B: Interview Subjects
Appendix C: Vernhackular
--------------------------------------------------------------------------------
TITLE
Start by selecting the working title of your piece. In many news
organizations, the title isn't even chosen by the producer of the piece,
so it's often a waste of time to come up with something good, just to
have it retitled at the last minute. And even if you DO get to choose
your own title, it doesn't matter. Nobody remembers them.
Regardless, it's easier to avoid writer's block once you have a title.
Here are some examples to get you thinking. (Of course, if you're really
short on time, just crib one without modification.)
- The Cyberwarriors
- At Your Digital Doorstep
- The Digitally Depraved
- Hacking The Planet
- How Secure Are You Really?
- Is Your Data Safe?
- Dialing for Mayhem
TOPIC
Now choose a topic corresponding to a recent computer crime. This can be
very easy. Just check out the AntiOnline web site for recent hacker
news. The site is written for the layperson with some understanding of
vernhackular.
If AntiOnline doesn't help, then this can be hard. Check the newspapers,
magazines, chat boards... ferret out some recent computer crimes. If you
can find a fresh event falling into one of these categories, write it
down (if you don't have time for that, then just pick one that sounds good):
- Banking systems/ATM network penetration
- Cryptography
- Cyber terrorism/electronic pearl harbor
- Hacktivism
- Identity theft
- Military or Fortune 100 systems penetration
- Online privacy
- Personal data theft
- Proliferation of Increasingly Sophisticated Hacking Tools
- International Hacker Gatherings
IMPENDING THREATS
The phrase "electronic Pearl Harbor" has crept into the national
consciousness. It encompasses the commonly-cited worst case scenarios in
the computer hacking sphere. This set of impending cataclysms includes
the disruption or obliteration of any the following computer systems:
- Military sites protecting nuclear, biological, or chemical agents
- Air Traffic Control systems
- Communications satellites
- Interstate power grids
- 911 systems
- Metropolitan mass transit systems
- Hospital systems (patient record databases)
- National credit databases
- The Internet backbone itself
STATISTICS
You know the deal with statistics: no one can verify them, so don't worry
about quoting your sources. They're just guesses anyway. Well, this
wisdom is ESPECIALLY true in the case of computer crime.
So grab a useful statistic from a print story, or use one of those
provided in Appendix A. In a pinch you can just make something up. No
one will have any idea.
THE LEAD
If you don't have time to write your own, try this sure-fire intro.
"[CYBER TERRORISM]. With the recent [SHUTDOWN OF THE PUBLIC LIBRARY
SYSTEM], it's been on everybody's mind. We've all heard stories of
computer hackers [DISRUPTING AIR TRAFFIC CONTROL COMPUTERS] and
[DISABLING 911 SYSTEMS], but just how big a problem is this? According
to statistics, [20 MILLION HACKS ARE PERPETRATED EACH YEAR]. With odds
like that, it makes you wonder: how safe are we really?"
MOVIE CLIPS
Consider the use of a movie clip to hook your audience right away. At
least some of these films are familiar to most of your audience, even the
ones who don't have computers.
Grab a suitable sequence from one of the following flicks and open your
story with it.
- Goldeneye
- Hackers
- Lawnmower Man
- The Net
- Terminator 2
- Real Genius
- Sneakers
- Speed 2
- Superman III
- Wargames
- The Armchair Hacker
- Tron
ABOUT DEFINITIONS
Explain the technical jargon to your audience as each term arises. Your
intro may require the use of one or more terms, but resist the urge to
explain everything at once. It's boring, and it won't work anyway.
Ask your interview subjects to explain any jargon they use. While
they're at it, ask them to explain the jargon used by anyone you
interviewed previously. Someone else may be better at explaining
something than the person who actually used the term.
If an explanation differs substantially from that offered in Appendix C,
use the one offered by your source. Things change so rapidly on the
Internet that words are often redefined.
MONEY SHOTS
These are the clips of hackers sharing the fruits of their labor. Your
story should have at least one of these.
- Hacked web sites (FBI, CIA, DOJ, NASA, etc.)
- Purloined data scrolling across monitor
- Screenful of cracked passwords
ANIMATIONS
If you need them, here are some tried-and-true ideas for CG elements.
- Packets served across the Internet
- Satellite hacking
- Virus infecting files
- Files being deleted
- Calls being traced
INTERVIEWS
There are just three categories of subjects worthy of on-camera
interviews: computer hackers, law enforcement officials, and security
experts.
Whenever you interview any of these subjects, you must determine their
credentials. By this we mean the following:
* number of years in their respective roles
* famous exploits
* membership in appropriate organizations
* authorship of any books or articles on the topic
* relevant jail time
* whether the subject has been featured in any previous interviews
ABOUT SHOOTING YOUR SUBJECTS
Just four simple rules, all of which you should already know.
Rule number one: always shoot the subject working at a computer. This is
absolutely crucial, never omit it.
Rule number two: conduct the interview in the subject's habitat, but away
from the computer.
Rule number three: get lots of closeups. Room decorations, computer
systems, keyboards, bookshelves, anything visually appealing. You will
need these for cutaways.
Rule number four: get full coverage on the subject. This can mean more
than closeups and reverse shots. Shoot ECUs of prominent jewelry,
t-shirt logos, badges, holsters, ID tags, whatever. More cutaway material.
computer hackers
----------------
SETTINGS
- hacker in his habitat
- anti-Microsoft propaganda (posters, bumper stickers, etc.)
- pro-UNIX propaganda
- 2600 magazine
- Phrack
- anonymous hacker in nondescript hotel room
- features obliterated
- silhouette against scary backlight
- mosaic face
- hacker conventions
- Defcon
- Hohocon
- HOPE
- Summercon
- dumpster
- bank of payphones
INSERTS
- offbeat grooming & wardrobe
- unusual hairdos
- body piercings
- tattoos
- 2600 t-shirt
- leather jacket
- equipment
- computers, plural
- keyboards
- CRTs
- misc. gadgetry
- software tools
- L0phtCrack
- Satan
- Back Orifice
- internet chat rooms
- #hack
- #cDc
law enforcement officials
-------------------------
FBI agents, Secret Service agents, local police officers, anyone from the
Department of Justice, local district attorneys, etc.
SETTINGS
- server room
- cubicle
INSERTS
- building entrance
- nametag
- badge
- gun
- bookshelves
security experts
----------------
These come in two flavors: computer security consultants, and computer
privacy advocates.
Security consultants (usually themselves former hackers or law
enforcement) are paid consultants who sell their insight into the
methodology and ideology of the typical hacker. Usually self-employed.
Computer privacy advocates are private individuals who speak out publicly
regarding threats to personal liberty in cyberspace. Favorite topics
include: export restrictions on certain cryptographic materials, the
validity of various data encryption schemes, and the potential
vulnerability of critical information systems.
SETTINGS
- server room
- telephone equipment room
- cubicle
INSERTS
- storefront / sign
- bookshelves
THE CLOSING
Nothing special here. Just a few sentences that re-emphasize the topic.
Remember that no matter the precise issue, the general message should be
to fear the relentless and unstoppable legion of computer hackers.
Perhaps you could close with an epigram. In which case, you should crack
open Bartlett's Quotations. Try one of these topics: COMPUTER, DANGER,
MENACE, PERIL, RISK, THREAT, TREACHERY, VULNERABLE.
--------------------------------------------------------------------------------
APPENDIX A - STATISTICS
Nearly 80 percent of U.S. businesses have been victims of computer crimes.
58 percent of Fortune 1000 companies have experienced computer
break-ins. 18 percent of that group suffered more than $1 million in losses.
According to the FBI, 122 countries across the world currently have
online hacking capabilities.
We know that in the neighborhood of 20 million hacks a year are occurring
worldwide.
The average cyberheist nets $250,000 with a less than one
percent rate of conviction.
Only 17 percent of the major corporations and financial institutions that
have been intruded actually report it.
75 percent of the Fortune 500 companies have been successfully penetrated.
The average loss that they concede is about $100,000.
The FBI estimates that the total losses from these electronic rip offs
range from a rock bottom figure of $500 million a year up to $10 billion.
cDc Media List
_Rocky Mountain News_, August 18, 1996, "Air Force battles computer hackers",
pg 42A. Hundreds of thousands of times a year, the Cyberwarrior
[the U.S. Air Force Information Warfare Center] defends the nation's secrets
from the members of the Legion of Doom and the CULT of the DEAD COW in a
battlefield that spans the globe.
--------------------------------------------------------------------------------
APPENDIX B - INTERVIEW SUBJECTS
Try these organizations' web sites for up-to-date contact info.
HACKERS
- 2600 Magazine
- Chaos Computer Club
- Cult of the Dead Cow
- L0pht Heavy Industries
- New Hack City
- Phrack
- r00t
LAW ENFORCEMENT
- Federal Bureau of Investigation
- Secret Service
- San Jose Police Department
SECURITY EXPERTS
- Cypherpunks
- Electronic Frontier Foundation
- Bruce Schneier
- Tsutomu Shimomura (tsutomu@sdsc.edu)
- Cliff Stoll (stoll@ocf.berkeley.edu)
--------------------------------------------------------------------------------
APPENDIX C - VERNHACKULAR
These are some of the more common vocabulary items.
ATTACK: a specific tactic designed to generate some kind of malfunction,
usually to grant or deny computer access -- syn. EXPLOIT
BACK DOOR: Leaving behind a hidden or nonobvious method to regain system
access during subsequent visits
BLACK HAT: a malicious hacker who defies the Hacker Ethic -- ant. WHITE HAT
CARDING: credit card fraud, typically for mailorder goods
CRACKER: contemptuous term for hacker, or abbrev. for password cracker
DENIAL OF SERVICE: an attack designed to prevent the productive use of a
computer system, by overworking the computer beyond its operational limits
DUMPSTER DIVING: looking through the garbage for discarded equipment,
useful information, or other materials -- syn. TRASHING
EXPLOIT: see attack
HACKER: a person skilled or expertised in methods of hacking computer
systems
HACKER ETHIC: an informal code of conduct designed to preserve the
integrity of a hacked computer system and its contents, the terms of
which generally prohibit the contamination or destruction of valuable
data or other resources
HACKING: the process of gaining unauthorized access to a computer system
HACKTIVISM: a term first coined by THE CULT OF THE DEAD COW to describe one
brand of activism practiced by the HONG KONG BLONDES; a policy of hacking,
phreaking, or creating technology to achieve a political or social goal
HANDLE: a hacker's chosen alias, or nom-de-hack
MAN IN THE MIDDLE: an attack wherein a malicious agent seeks to intercept
communications between two computers and rewrite certain message contents
OWNED: a computer whose security has been entirely neutralized by a hacker
PACKET SNIFFER: a computer program designed to reveal the contents of all
network traffic within earshot of the computer, not just the data bound
for that particular system
PASSWORD CRACKER: a computer program designed to extract the passwords of
a given system's user database, usually employing a method of brute force
or dictionary comparison
PHREAK: a person skilled or expertised in methods of phone phreaking
PHREAKING: manipulating the telephone system in order to reroute phone
calls, avoid billing, or otherwise defraud the phone company
SECURITY THROUGH OBSCURITY: the tactic of protecting something by keeping
secret all its details
SNIFFER: abbrev. for packet sniffer
SOCIAL ENGINEERING: any means of convincing someone to willingly furnish
information which is unavailable to the general public, usually by posing
as someone with a legitimate need
SPOOFING: making it appear that data originating from an untrusted
computer is actually coming from a trusted one
TRASHING: see dumpster diving
TROJAN HORSE: any piece of software intentionally infected with a virus,
and purposely provided to others
VIRUS: a small computer program devised to be undetectable and duplicate
itself
WAREZ: illegally-duplicated computer software products
WHITE HAT: a mediagenic hacker who adheres to the Hacker Ethic -- ant.
BLACK HAT
.-. _ _ .-.
/ \ .-. ((___)) .-. / \
/.ooM \ / \ .-. [ x x ] .-. / \ /.ooM \
-/-------\-------/-----\-----/---\--\ /--/---\-----/-----\-------/-------\-
/lucky 13\ / \ / `-(' ')-' \ / \ /lucky 13\
\ / `-' (U) `-' \ /
`-' the original e-zine `-' _
Oooo eastside westside / ) __
/)(\ ( \ WORLDWIDE / ( / \
\__/ ) / Copyright (c) 1998 cDc communications and the author. \ ) \)(/
(_/ CULT OF THE DEAD COW is a registered trademark of oooO
cDc communications, PO Box 53011, Lubbock, TX, 79453, USA. _
oooO All rights reserved. Edited by Omega __ ( \
/ ) /)(\ / \ ) \
\ ( \__/ Save yourself! Go outside! Do something! \)(/ ( /
\_) xXx BOW to the COW xXx Oooo
http://www.cultdeadcow.com