The Guardian vs. Scary Russian Hackers


There are a couple of things that are really complex: geopolitics and computer security. In this day and age, a lot of people seem very scared about a mix of those two themes, that is Russian Hackers.

While casually snooping around The Guardian's homepage today, I found an article entitled My terrifying deep dive into one of Russia's largest hacking forums by Dylan Curran. It tells how the author passed one week on a darknet russian hacking forum and the impressions it gave him.

Following are some opinions I'd like to share about this opinion piece.

The first thing that caught my attention was the definition he gave for the term "phreaking". In the article he describes it as:

[P]hreaking is trying to break someone’s security network

I'll just ignore the term "security network" as I think that's an artifact of the translation software he used. My point is that... that's not what phreaking is. Phreaking is the act of hacking the phone network and infrastructure. In a tweet Curran points out that that's the meaning the darknet users give to the term. I don't know if it's true (actually, I sincerly doubt it) but pointing it out in the article would have been a good thing, in my most humble opinion. Also, I don't really agree with his point that he's not writing for the security-literate 0.1%. One thing is dumbing a concept down. Another thing entirely is writing wrong information.

Another thing that didn't sit well with me was general fear-mongering tone of the article. While it's certainly true that Russian hackers do exist and they are almost certainly attacking western infrastructure, the article mentions just tutorials about social engineering and information retrieval via open source intelligence activities. Things that any wannabe hacker or security expert learned to do in the first weeks of finding security an interesting field. This does nothing to prove that Russian hackers are a much worse threat than anything else in the security world.

Moreover, I'm pretty sure I could find that kind of material and people discussing it even in the clearnet, both from Russian and non-Russian sources. I would like to see what Curran has to say about Phrack or other similar websites.

All in all, I feel this article does a disservice to the general public by both giving wrong information (that's just a tiny, minor part of the article, to be fair, but still) and by sensationalizing things that many in the computer underground take for granted.


If Dylan Curran ever reads this response, I'm not picking on you specifically, it's just that this article left a sour taste in my mouth. If you ever want to chat about this, there's my twitter profile link on my home page. Peace :-)