注:本文为 “黑客亚文化演进” 相关文章合辑。
机翻,未校。
Hacker Subcultures: Unmasking the Motivations and Methods
黑客亚文化:揭开动机与方法的面纱
February 5, 2024
The world of cybersecurity is vast and teeming with a wide array of hackers who possess distinct motivations, objectives, and methods. Unfortunately, public awareness of these differences is nearly non-existent. Some individuals employ their skills for noble purposes, while others are driven by malicious intent. Let’s delve into several subcultures within the realm of hackers, exploring their unique characteristics and their roles in shaping the cybersecurity landscape.
网络安全的世界广阔无垠,充斥着各种各样的黑客,他们有着不同的动机、目标和方法。不幸的是,公众几乎完全没有意识到这些差异。有些人运用自己的技能是为了崇高的目的,而另一些人则是受恶意意图驱使。让我们深入探讨黑客领域内的几种亚文化,探究它们独特的特征以及在塑造网络安全格局中所扮演的角色。
What are Black Hat hackers?
什么是黑帽黑客?
Black hat hackers are a notorious element in the cybersecurity world, known for using their hacking skills for malicious purposes. These individuals often aim for financial gain, breaking into secure systems to steal data or disrupt operations. However, their motivations can extend beyond mere profit. Some engage in hacking to cause chaos, damage reputations, or express dissent against entities, adding a layer of unpredictability and danger to their activities.
黑帽黑客是网络安全世界中声名狼藉的一类人,他们以将黑客技能用于恶意目的而闻名。这些人通常以获取经济利益为目标,侵入安全系统以窃取数据或破坏系统运行。然而,他们的动机不仅仅局限于单纯的盈利。有些人进行黑客攻击是为了制造混乱、损害声誉,或者表达对某些实体的不满,这为他们的活动增添了一层不可预测性和危险性。
Their presence in the digital landscape poses a significant threat, necessitating vigilant and advanced cybersecurity measures. Black hat hackers continuously adapt, employing sophisticated techniques to evade detection and exploiting vulnerabilities.
他们在数字领域的存在构成了重大威胁,因此需要高度警惕和先进的网络安全措施。黑帽黑客不断适应变化,运用复杂的技术来逃避检测并利用系统漏洞。
What are White Hat hackers?
什么是白帽黑客?
White hat hackers, often regarded as the guardians in the cybersecurity realm, utilize their hacking expertise for ethical purposes. With explicit permission from system owners, they identify and exploit vulnerabilities, a practice essential for preemptive security measures. Their goal is to uncover potential security weaknesses before malicious entities can exploit them, thereby strengthening the system’s defenses.
白帽黑客通常被视为网络安全领域的守护者,他们将自己的黑客专业技能用于合乎道德的目的。在得到系统所有者的明确许可后,他们识别并利用 漏洞,这是采取先发制人的安全措施所必需的做法。他们的目标是在恶意实体利用这些漏洞之前发现潜在的安全弱点,从而加强系统的防御能力。
The work of white hat hackers is invaluable in maintaining digital security. By rigorously testing and probing systems, they enable organizations to address and patch vulnerabilities before they can be used against them. This proactive approach is a cornerstone of robust cybersecurity strategies, ensuring that digital infrastructures are not just reactive to threats, but are fortified against them in advance.
白帽黑客的工作在维护数字安全方面具有不可估量的价值。通过对系统进行严格的测试和探测,他们使组织能够在漏洞被利用之前解决并 修补漏洞。这种主动的方法是强大的 网络安全策略 的基石,确保数字基础设施不仅能对威胁做出反应,还能提前做好防范。
What are Grey Hat hackers?
什么是灰帽黑客?
Grey hat hackers are in between white hat and black hat hackers in the cybersecurity world. They access systems without permission, but unlike black hat hackers, they don’t aim to cause harm. After finding security issues, they often inform the system owners, rather than exploiting these weaknesses for negative purposes.
灰帽黑客在网络安全世界中介于白帽黑客和黑帽黑客之间。他们未经许可访问系统,但与黑帽黑客不同的是,他们无意造成损害。在发现安全问题后,他们通常会通知系统所有者,而不是利用这些弱点来达到不良目的。
Their role in cybersecurity is complex. While grey hat hackers don’t strictly follow legal or ethical guidelines like white hat hackers, they can still positively impact security. By uncovering vulnerabilities, they help to improve overall cybersecurity. Sometimes, their discoveries are even rewarded by organizations, acknowledging the benefit of identifying these hidden security gaps.
他们在网络安全中的角色很复杂。虽然灰帽黑客不像白帽黑客那样严格遵守法律或道德准则,但他们仍然可以对安全产生积极影响。通过发现漏洞,他们有助于提高整体的网络安全水平。有时,他们的发现甚至会得到组织的奖励,这是对他们发现这些隐藏的安全漏洞所带来的益处的认可。
What is a Hacktivist?
什么是黑客活动家?
Hacktivists use their hacking abilities for more than just breaking into systems; they aim to promote political or social causes. This approach is akin to digital protesting, where their activities are driven by a desire to bring attention to or advocate for certain issues. Unlike traditional hackers who might be motivated by profit or malice, hacktivists see their actions as a form of activism.
黑客活动家使用他们的黑客能力不仅仅是为了侵入系统;他们旨在推动政治或社会事业。这种方式类似于数字抗议,他们的活动是由引起对某些问题的关注或倡导这些问题的愿望所驱动的。与可能受利益或恶意驱使的传统黑客不同,黑客活动家将他们的行动视为一种激进主义形式。
Their role in the digital world is unique. Hacktivists often target organizations or systems that they view as opposing their values or causes. By doing so, they aim to raise awareness or trigger change related to important social or political issues. While their methods can be controversial, their actions highlight the power of digital tools in modern activism.
他们在数字世界中的角色是独特的。黑客活动家常常将目标对准那些他们认为与自己的价值观或事业相悖的组织或系统。通过这样做,他们旨在提高人们对重要社会或政治问题的认识或引发相关变革。虽然他们的方法可能存在争议,但他们的行动突显了数字工具在现代激进主义中的力量。
What are Script Kiddies?
什么是脚本小子?
Script kiddies are newcomers in the hacking community, often with limited knowledge or experience. They usually depend on ready-made hacking tools available online, rather than developing their own. Their motivations can vary, but they are generally fueled by curiosity and a desire to learn more about hacking.
脚本小子是黑客社区中的新手,通常知识或经验有限。他们通常依赖于网上现成的黑客工具,而不是自己开发工具。他们的动机各不相同,但一般是由好奇心和想要更多了解黑客技术的愿望所驱使。
While they are at the early stage of their hacking journey, script kiddies can sometimes unintentionally cause disruptions. Their exploration into hacking, driven largely by a desire to understand and experiment, marks the beginning of their potential growth in cybersecurity skills. However, their actions also highlight the importance of ethical guidance and education in the field of cybersecurity.
虽然他们处于黑客之旅的早期阶段,但脚本小子有时可能会无意中造成干扰。他们对黑客技术的探索在很大程度上是由理解和实验的愿望所驱动的,这标志着他们在网络安全技能方面潜在成长的开始。然而,他们的行为也突显了网络安全领域中道德指导和教育的重要性。
In Summary
总结
As we conclude our exploration of the diverse hacker subcultures, it becomes evident that the world of hacking is not a monolith but a spectrum of motivations, methods, and moral compasses. From the ethically-guided white hat hackers to the disruptive yet curious script kiddies, each group plays a unique role in the vast tapestry of cybersecurity. Understanding these distinctions is crucial not only for cybersecurity professionals but also for the public, as it sheds light on the complex dynamics that drive digital security and vulnerability.
当我们结束对各种不同的黑客亚文化的探索时,很明显,黑客世界并不是一个单一的整体,而是由一系列不同的动机、方法和道德准则所构成的。从受道德指引的白帽黑客到具有破坏性但充满好奇心的脚本小子,每个群体在广阔的网络安全画卷中都扮演着独特的角色。理解这些差异不仅对网络安全专业人员至关重要,对公众来说也是如此,因为这有助于揭示推动数字安全和漏洞的复杂动态。
This knowledge arms us with a better appreciation of the challenges in safeguarding our digital world and the diverse players who shape the cybersecurity landscape, for better or worse. As the digital realm continues to evolve, so too will these subcultures, constantly redefining the boundaries of what it means to be a hacker in an ever-connected world.
这些知识使我们能够更好地理解保护我们数字世界所面临的挑战,以及那些塑造网络安全格局的形形色色的参与者,无论其影响是好是坏。随着数字领域的不断发展,这些亚文化也将随之演变,不断重新定义在一个日益互联的世界中成为一名黑客的意义。
Leetspeak: The History of Hacking Subculture’s Native Tongue
Leetspeak:黑客亚文化母语的历史
You’ve probably seen leetspeak, also known as 1337 or “l33t,” somewhere on the Internet or in a movie about computer hacking. It’s essentially regular English, but with more hacker slang and with certain letters changed to numbers.
你可能在互联网的某个地方或者关于电脑黑客的电影中见过“黑客语”(leetspeak),它也被称为 1337 或者 “l33t”。它本质上是普通英语,但包含更多的黑客俚语,并且某些字母被换成了数字。
Leetspeak – An Origin Story
黑客语——起源故事
Developed in the early 1980s,leetspeak actually predates the World Wide Web_ by nearly a decade. It started on Bulletin Board Systems when the Internet was first developing and only people with elite status could access certain content. That content often included information that those elites didn’t want anyone outside their circles to find.
黑客语在 20 世纪 80 年代早期形成,实际上比万维网的出现早了近十年。它起源于互联网刚刚兴起时的电子公告板系统(BBS),当时只有具有精英身份的人才能访问某些内容。这些内容通常包含那些精英们不希望圈子外的人发现的信息。
Outsmarting the System
智胜系统
In those days, search functions scanned for specific keywords to identify their targets. Early hacker communities figured out that changing a few of the letters within a word could throw the search engines off the proverbial scent. By using “h3ll0” for “hello,” for example, they could protect the privacy of their content while keeping it readable among themselves.
在那个时候,搜索功能通过扫描特定关键词来识别目标。早期的黑客社区发现,改变一个单词中的几个字母可以让搜索引擎找不到相关内容。例如,用 “h3ll0” 代替 “hello”,他们可以在保护内容隐私的同时,让自己人能够读懂。
The Mark of an “3l33t”
“精英(3l33t)” 的标志
As leetspeak became more well-known, gamers began to use it to present themselves as high status. The phrase “1 4m 3l33t!” (or, “I am elite!”) became a popular way for both gamers and hackers to show that they had reached the top of the pack.
随着黑客语越来越为人所知,游戏玩家开始用它来显示自己的高地位。“1 4m 3l33t!”(也就是 “I am elite!”,我是精英!)成为游戏玩家和黑客们展示自己处于领先地位的流行表达方式。
Levels of L33t
黑客语的等级
Th1s s3nt3nc3 1s wr1tt3n 1n b4sic l33t. (“This sentence is written in basic leet.”)
这个句子是用基础黑客语写的。
It’s pretty understandable, even to someone who isn’t well versed in the world of computer hacking. All you do is get rid of vowels and substitute numbers_ that look similar.
即使对于不太熟悉电脑黑客领域的人来说,这也相当容易理解。你所需要做的就是去掉元音字母,并用看起来相似的数字代替。
The Next Step
下一步
Intermediate-level leet starts to get the consonants involved, and it looks “50meth1n9 l1k3 th15.” It’s more challenging to read than basic leet but still decipherable, particularly to eyes and brains that are already familiar with the basic form. A 5 looks enough like an S, for example, that a reader can go from “is” to “1s” to “15” without excessive confusion.
中级黑客语开始涉及辅音字母,看起来像 “50meth1n9 l1k3 th15.”(“something like this”)。它比基础黑客语更难读懂,但仍然可以破译,特别是对于已经熟悉基础形式的人来说。例如,数字 5 看起来很像字母 S,读者可以从 “is” 到 “1s” 再到 “15”,而不会产生太多混淆。
Advanced Leet
高级黑客语
Advanced leet brings in yet more replacements, including more replacements per letter.
高级黑客语引入了更多的替换方式,包括每个字母有更多的替换选项。
If you read a message in basic or intermediate leet, the replacement for the letter E will almost always be the number 3. Once you get into advanced leet, however, you have a lot more options. You can still indicate E using 3, but you can also use &, €, ë, and even |=-. Just the word leet has dozens of possible translations, from the classic l33t to |&€”|”.
如果你读一条用基础或中级黑客语写的信息,字母 E 的替换通常几乎总是数字 3。然而,一旦进入高级黑客语阶段,你就有更多选择了。你仍然可以用 3 来表示 E,但你也可以用 &、€、ë,甚至 |= - 来表示。仅仅 “leet” 这个单词就有几十种可能的翻译,从经典的 l33t 到 |_&€”|” 等。
Your Basic L33t Vocabulary
你的基础黑客语词汇
As with any dialect, there are words that anyone who is “in the know” has to have in their vocabulary. Many of them have to do with status. (Specifically, the speaker being of a higher status than others.)
和任何方言一样,对于那些 “懂行” 的人来说,有些单词是他们词汇中必须有的。其中很多单词都与地位有关。(具体来说,说话者的地位比其他人高。)
“Pwn”
“Pwn” is one of the most popular leetspeak words in hacker culture. It’s an intentional typo of “own,”_ a word that the early hackers of the 80’s used to mean taking over control of another computer.
“Pwn” 是黑客文化中最流行的黑客语单词之一。它是 “own” 的故意拼写错误,20 世纪 80 年代的早期黑客用 “own” 这个词表示接管控制另一台计算机。
Urban legends offer a number of explanations for how the shift from “own” to “pwn” happened. Some say that it has always been an intentional misspelling, while others say that it was an honest mistake that took off in common usage.
关于从 “own” 到 “pwn” 的转变是如何发生的,有很多都市传说给出了解释。有些人说这一直是故意的拼写错误,而另一些人说这是一个无意的错误,但在日常使用中流行了起来。
In either case, it’s become a popular way to express your victory or defeat. While you can definitely “pwn” someone, it’s also common to admit that you “g0t pwned.” It’s usually pronounced “got poned.”
无论哪种情况,它都成为了表达胜利或失败的流行方式。你当然可以 “pwn” 某人,承认自己 “g0t pwned”(被打败了)也很常见。它通常发音为 “got poned”。
“N00b”
N00b, or “noob” in non-leetspeak, is a shortened form of “newbie.” Programmers and hackers started calling people “newbies” around the same time that they started “owning” each others’ systems. And like “own,” the word newbie evolved into noob and n00b.
N00b,或者在非黑客语中是 “noob”,是 “newbie”(新手)的缩写形式。程序员和黑客在开始 “接管” 彼此的系统时,差不多也开始把人称为 “newbies”。和 “own” 一样,“newbie” 这个词演变成了 “noob” 和 “n00b”。
The new spellings are specifically derogatory. Being a “newb” simply means that you’re new at something, which is perfectly fine in and of itself. If someone’s calling you a “n00b” or “noob,”[_]](https://www.digitaltrends.com/gaming/noob-newbie-word-origins/) however, that usually means that they think you’re not only new or unskilled but also disrespectfully content to be ignorant.
这些新的拼写方式带有明显的贬义。成为一个 “newb” 仅仅意味着你在某方面是新手,这本身并没有什么问题。然而,如果有人叫你 “n00b” 或 “noob”,那通常意味着他们认为你不仅是新手或没有技能,而且还对自己的无知满不在乎。
Haxor
黑客(Haxor)
Like the first leetspeak words, “haxor” expresses the speaker’s claim to the hacking community. It literally means “hacker” or even “to hack.”
和最早的黑客语单词一样,“haxor” 表达了说话者对黑客社区的认同。它字面上的意思是 “黑客”,甚至是 “进行黑客攻击”。
The term “haxor” usually refers to a particularly advanced hacker_ (or haxor) and may even be used in reference to leetspeak itself. For example, “that haxor always types haxor.”
“haxor” 这个词通常指的是一个特别厉害的黑客(或者 haxor),甚至可能用来指代黑客语本身。例如,“that haxor always types haxor.”(那个黑客总是打出 “haxor” 这个词。)
Leetspeak Out in the World
黑客语在现实世界中的应用
Even now, leetspeak continues to evolve and make its way into new corners of our perpetually connected society. Google even uses it to communicate with members of the general public, but with an insider nod to hacker culture.
即使在现在,黑客语仍在不断演变,并进入我们这个始终互联的社会的新领域。谷歌甚至用它与普通大众交流,同时也向黑客文化的内行人士致敬。
Google’s Bug Bounty
谷歌的漏洞赏金计划
The Google Vulnerability Reward Program (VRP), known colloquially as its “bug bounty,” offers rewards to users who can identify and draw Google’s attention to security vulnerabilities that can compromise user data.
谷歌漏洞奖励计划(Google Vulnerability Reward Program,简称 VRP),俗称 “漏洞赏金”,向能够识别并引起谷歌注意那些可能危及用户数据的安全漏洞的用户提供奖励。
If a user finds such a vulnerability in a qualifying Google site, the specifics of which are detailed on the VRP website_, Google will offer a financial reward. Reward amounts range from $100 to $31,337. Remove the comma and the dollar sign from that maximum amount and you have “31337.”
如果用户在符合条件的谷歌网站上发现这样的漏洞(具体细节在 VRP 网站 上有详细说明),谷歌将提供经济奖励。奖励金额从 100 美元到 31337 美元不等。去掉最高金额中的逗号和美元符号,你就得到了 “31337”。
Or, in non-leetspeak, “eleet.”
或者,用非黑客语来说,是 “eleet”(与 1337 的发音类似)。
Hacker Movies
黑客电影
Hacker culture even has its own filmography_. A quick Google search for “hacker movies” will give you lists of what dozens of people believe to be the best. Popular titles include:
黑客文化甚至有自己的电影作品。在谷歌上快速搜索 “hacker movies”(黑客电影),你会得到几十个人认为最好的黑客电影列表。受欢迎的电影包括:
- Untraceable (2008)
《网络犯罪调查》(2008 年) - The Italian Job (2003)
《偷天换日》(2003 年) - The Matrix (1999)
《黑客帝国》(1999 年) - Hackers (1995)
《黑客》(1995 年)
One recent example is the movie adaptation of the novel Ready Player One, the story of one gamer’s search for the industry’s biggest “Easter egg.” The book and the movie both include characters with leetspeak names.
最近的一个例子是小说《头号玩家》改编的电影,讲述了一个游戏玩家寻找该行业最大 “复活节彩蛋” 的故事。原著和电影中都有名字是用黑客语起的角色。
These characters are employees of the big bad corporation, IOI. They are known as the “suxorzs,” or the “sux0rz.” The word is a leetspeak translation of “sixers,” a nickname given because of their avatar names are also their six-digit employee numbers_. It is also the leetspeak term for “this sucks.”_
这些角色是大反派公司 IOI 的员工。他们被称为 “suxorzs” 或者 “sux0rz”。这个词是 “sixers” 的黑客语翻译,“sixers” 这个昵称是因为他们的虚拟角色名字也是他们的 六位员工编号。它也是 黑客语中表示 “这很糟糕” 的词。
Leetspeak and You
黑客语和你
Some people take to leetspeak like a natural second language. These are the people who might go on to pursue a career in hacking – and yes, it is possible. Even legal.
有些人很自然地就把黑客语当作第二语言。这些人可能会继续从事黑客职业——是的,这是可能的,甚至是合法的。
The first step is training in cybersecurity and penetration testing. Through professionally designed courses, like those offered by Cerberus Sentinel, you can learn the techniques that hackers – sorry, haxors – use to access today’s systems.
第一步是进行网络安全和渗透测试方面的培训。通过像 Cerberus Sentinel 提供的那些专业设计的课程,你可以学习黑客(抱歉,是 haxors)用来访问当今系统的技术。
Go ahead – build a career that will let you pwn the h4x0rs. Also, develop some people skills while you’re at it – read my book “The Smartest Person in the Room”_ to learn how.
大胆去做吧——建立一份能让你打败那些厉害黑客(h4x0rs)的职业。同时,在这个过程中培养一些人际交往能力——阅读我的书 《房间里最聪明的人》 来学习怎么做。
How to turn your biggest unknown weakness into your strongest defense.
如何将你最大的未知弱点转化为最强有力的防御
Bestseller by leadership & cybersecurity expert Christian Espinosa that unveils a simple proven and powerful 7 step process that removes the glass ceiling holding you down by awakening your leadership and life skills.
领导力与网络安全专家克里斯蒂安·埃斯皮诺萨(Christian Espinosa)的畅销书,揭示了一个经过验证的简单而强大的七步流程,通过唤醒你的领导能力和生活技能,打破阻碍你发展的玻璃天花板。
“Swiss Army Knife of Cyber/IT/Business/Life help…there is something for everyone here!”
“网络/信息技术/商业/生活方面的‘瑞士军刀’式帮助……这里总有适合每个人的内容!”
“I highly recommend that any cybersecurity leader, or aspiring leader, read this book from cover-to-cover.”
“我强烈建议任何网络安全领域的领导者,或者有志向成为领导者的人,从头到尾通读这本书。”
“Christian Espinosa unveils the hard-hitting truth and bad practices that companies face when they hire inexperienced and ego-centric cybersecurity staff to protect their company’s information.”
“克里斯蒂安·埃斯皮诺萨揭示了公司在雇佣缺乏经验且以自我为中心的网络安全人员来保护公司信息时所面临的残酷现实和不良做法。”
The Smartest Person in the Room Description:
《房间里最聪明的人》内容简介:
Cyberattack—an ominous word that strikes fear in the hearts of nearly everyone, especially business owners, CEOs, and executives. With cyberattacks resulting in often devastating results, it’s no wonder executives hire the best and brightest of the IT world for protection. But are you doing enough? Do you understand your risks? What if the brightest aren’t always the best choice for your company?
网络攻击——一个不祥的词汇,几乎让每个人,尤其是企业主、首席执行官和高管们心生恐惧。由于网络攻击常常会导致毁灭性的后果,难怪高管们会聘请信息技术领域最优秀、最聪明的人才来提供保护。但你做得足够了吗?你了解自己所面临的风险吗?如果最聪明的人并不总是适合你公司的最佳选择,那该怎么办呢?
In The Smartest Person in the Room, Christian Espinosa shows you how to leverage your company’s smartest minds to your benefit and theirs. Learn from Christian’s own journey from cybersecurity engineer to company CEO. He describes why a high IQ is a lost superpower when effective communication, true intelligence, and self-confidence are not embraced. With his seven-step methodology and stories from the field, Christian helps you develop your team’s technical minds so they become better humans and strong leaders who excel in every role. This book provides you with an enlightening perspective of how to turn your biggest unknown weakness into your strongest defense.
在《房间里最聪明的人》一书中,克里斯蒂安·埃斯皮诺萨向你展示了如何利用公司里最聪明的人才,让他们既为你也为他们自己带来好处。从克里斯蒂安自己从网络安全工程师成长为公司首席执行官的历程中汲取经验。他阐述了为什么当缺乏有效的沟通、真正的智慧和自信时,高智商就会失去其超能力的作用。通过他的七步方法论和来自实际领域的故事,克里斯蒂安帮助你培养团队的技术思维,使他们成为更优秀的人才和在各个角色中都表现出色的强大领导者。这本书为你提供了一个具有启发性的视角,让你了解如何将自己最大的未知弱点转化为最强有力的防御。
via:
-
Hacker Subcultures: Unmasking the Motivations and Methods - SecurityScorecard
https://securityscorecard.com/blog/hacker-subcultures-unmasking-the-motivations-and-methods/ -
Leetspeak: The History of Hacking Subculture’s Native Tongue - Christian Espinosa
https://christianespinosa.com/blog/leetspeak-the-history-of-hacking-subcultures-native-tongue/ -
Hacking Away at the Counterculture | POSTMODERN CULTURE
https://www.pomoculture.org/2013/09/26/hacking-away-at-the-counterculture/ -
Hacking Hackers: Ethnographic Insights Into The Hacker Subculture –Definition, Ideology And Argotbysteven William Kleinknecht, B.A.2003
-
Hacker Culture - Douglas Thomas Copyright Date: 2002
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
