Companies are calling for more active responses to hack attacks, because tinfoil hats are very poor firewalls.
More proof that our present is a cyberpunk future. Reuters reports that companies, frustrated with outdated laws against sophisticated hacking attacks, are now looking for more “active” forms of defense against hackers. Not content with react-and-repair plans, they are now looking for offensive responses:
Known in the cybersecurity industry as “active defense” or “strike-back” technology, the reprisals range from modest steps to distract and delay a hacker to more controversial measures. Security experts say they even know of some cases where companies have taken action that could violate laws in the United States or other countries, such as hiring contractors to hack the assailant’s own systems.
One such “contractor” is CrowdStrike, a “A Stealth-mode Security Start-up” that offer services such as “an on-demand retainer service that empowers your enterprise through experienced and professional tactical response teams” (what some may call “mercenaries”). They can also use more common tactics like honeypots (fake files to keep an intruder’s attention while he’s being traced).
One group seems to already have “active defense” in operation.
A slippery slope. With such security breaches becoming more commonplace, it would seem that an escalation in hacking countermeasures was inevitable. But such escalation is not without risks:
Henry (Shawn Henry, the former head of cybercrime investigations at the FBI who in April joined CrowdStrike) and CrowdStrike co-founder Dmitri Alperovich do not recommend that companies try to breach their opponent’s computers, but they say the private sector does need to fight back more boldly against cyber espionage.
Of course, that fight-back mentality can lead to mercenary groups who can go world-wide to track and “neutralize” a hacker with a “fuck your laws” mentality.
Other security experts say a more aggressive posture is unlikely to have a significant impact in the near term in the overall fight against cybercriminals and Internet espionage. Veteran government and private officials warn that much of the activity is too risky to make sense, citing the chances for escalation and collateral damage.
Who’s really to blame? Hackers are getting more aggressive with their attacks and more silent with their invasions, but are they the bored teen in his/her bedroom looking for lulz, or other corporations and governments looking for an advantage? To underscore the real threat, an example of the recently discovered to be American/Israeli made Flame rootkit is cited as a major failure:
Mikko Hypponen, the well-regarded chief research officer at Finland’s F-Secure Oyj, told the Reuters Summit his company had a sample of Flame in 2010 and classified it as clean and later missed another virus called Duqu that was suspected of being backed by Western governments.
“These are examples how we are failing” as an industry, Hypponen said. “Consumer-grade antivirus you buy from the store does not work too well trying to detect stuff created by the nation-states with nation-state budgets.”
Because some national governments are suspected in attacks on private Western companies, it is natural that some of the victims want to join their own governments to fight back.
Armed responses from corporate militias are more of a colorful afterthought for now, but with the Pentagon wanting to use military force on hackers and recent reports of Obama wanting to use drones for domestic surveillance, corporate militias may not be that far off.
Haven’t we been here before? With the war in Iraq winding down and the Afghanistan front becoming less relevant since Osama Bin’s termination, the Pentagon… and their corporate masters… are now looking for new battlegrounds to make a profit. They have plenty of choices: Korea, Iran, Canada, cyberspace,…
The Pentagon, which was penetrated by a computer virus in 2008, wants to take cyberwarfare to a new level. In essence, they want to use conventional military force to counteract cyberattacks:
“If you shut down our power grid, maybe we will put a missile down one of your smokestacks,” said a military official.
Equivalency test. How to scale a response to a cyberattack is but one problem the Pentagon has to deal with.
They want to send a nuclear-tipped cruise missile up this guy’s ass because he posted a comment about how Sarah Palin deserves to be raped in public and in front of her family.
They already have an idea as to how to make a scale work:
If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a “use of force” consideration, which could merit retaliation.
“A cyber attack is governed by basically the same rules as any other kind of attack if the effects of it are essentially the same,” Gen. Dunlap said Monday. The U.S. would need to show that the cyber weapon used had an effect that was the equivalent of a conventional attack.
For instance, if computer sabotage shut down as much commerce as would a naval blockade, it could be considered an act of war that justifies retaliation, Mr. Lewis said. Gauges would include “death, damage, destruction or a high level of disruption” he said.
Got ‘em in our sights… we think. Finding where to aim those bombs and missiles will be the biggest challenge to the Pentagon. Most cyberattacks on US systems “originate” in countries like Russia and China. That could mean that someone from those nations, with possible government backing, actually did the hack. Or it could just be zombie systems from those nations, with the actual master somewhere else.
Dr Mark Gasson explains to the BBC how he got infected.
Proof of concept. Yesterday, word was spreading around the nets about a man who infected himself with a computer virus. That man was Dr. Mark Gasson from the University of Reading (UK), who had an RFID chip in his hand. What he did with that RFID chip and virus should be cause for alarm…
(TechNews Daily) Gasson had a relatively simple chip implanted in the top of his left hand near his thumb last year. It emits a signal that is read by external sensors, allowing him access to the Reading laboratory and for his cell phone to operate.
He and his colleagues created a malicious code for the chip. When the lab’s sensors read the code, the code inserted itself into the building computer database that governs who has access to the premises.
“The virus replicates itself through the database and potentially could copy itself onto the access cards that people use,” Gasson said.
The experiment showed that implants which wirelessly communicate with other computers can infect them and vice versa.
Ammo for the anti-RFID crowd. As you might have figured, Dr. Gasson deliberately infected himself to prove a point :
(Physorg.com) “Our research shows that implantable technology has developed to the point where implants are capable of communicating, storing and manipulating data,” he said. “They are essentially mini computers. This means that, like mainstream computers, they can be infected by viruses and the technology will need to keep pace with this so that implants, including medical devices, can be safely used in the future.”
As you can imagine, there are some serious implications for such human-computer infections, and even possibilities of human to human transmissions via infected RFID chips. Anti-RFID groups can use this as a weapon against the RFIDs themselves. Instead of getting spam in your inbox, it will arrive directly to your cortex. How about a DDoS attack on your pacemaker? Even worse, a zombie apocalypse courtesy of Conficker using infected PEOPLE!
From 3AM on Wednesday November 25, 2009, until 3AM the following day (US east coast time), WikiLeaks released half a million US national text pager intercepts. The intercepts cover a 24 hour period surrounding the September 11, 2001 attacks in New York and Washington.
The messages were broadcasted “live” to the global community — sychronized to the time of day they were sent. The first message was from 3AM September 11, 2001, five hours before the first attack, and the last, 24 hours later.
Text pagers are usualy carried by persons operating in an official capacity. Messages in the archive range from Pentagon, FBI, FEMA and New York Police Department exchanges, to computers reporting faults at investment banks inside the World Trade Center
The archive is a completely objective record of the defining moment of our time. We hope that its entrance into the historical record will lead to a nuanced understanding of how this event led to death, opportunism and war.
This message, on the WikiLeaks 9/11 site (click the logo above to access), is WikiLeaks’ explanation for broadcasting some half-million intercepted pager messages. Also on the site is an index of the messages, and a zip file to download.
While WikiLeaks intentions may seem honest, there are questions concerning the pages. The most important question being:
WHO INTERCEPTED THESE PAGES?
Inquiring minds want to know. The question surrounding the pager intercepts has not gone unnoticed in DC. From Newsday.com:
Concerned about the release of 500,000 intercepted pager messages from Sept. 11, 2001, Rep. Peter King said he plans to have his Washington staff begin a preliminary investigation.
“It does raise security issues, and we will look into it in Washington,” King (R-Seaford), the ranking Republican on the House Committee on Homeland Security, said Friday.
The fact that someone had intercepted such traffic, albeit unencrypted, is giving some security people like King concerns about why such the intercepting was going on… and by whom.
Most pager users either don’t need to intercept the traffic or do not have the expertise to do so, (Phil) Lieberman (president of Lieberman Software Corp. of Los Angeles) said.
But clearly, those with the right technology can accomplish it. Literature of one pager company acknowledges that an experienced person with sophisticated equipment can break into the data transmitted for pagers.
Since, at the time, the World Trade Center was home to many financial companies, someone who has the means to intercept the pager traffic would have unprecedented access to information that could have altered markets.
History rewind… In what has to be an unfortunate timing of news stories, a story from the subscription site Wayne Madsen Report re-posted on Online Journal and Op-Ed News reminds us that someone had indeed been engaged in snooping on America’s electronic messages long before the towers came down. From writer Wayne Madsen:
National Security Agency (NSA) sources have reported to WMR that the signals intelligence agency’s warrantless wiretapping program was more widespread than originally reported and that it began shortly after the 2001 inauguration of George W. Bush and Dick Cheney, some six months prior to the 9/11 attacks.
Former Qwest CEO Joseph Nacchio reported that NSA requested that his firm take part in the warrantless wiretapping program in a February 27, 2001, meeting but that he told NSA that Qwest would refuse to participate. AT&T, BellSouth, SBC, Sprint, and Verizon all agreed to participate in the wiretapping program, which resulted in such a large database of intercepted calls, faxes, and e-mails, that NSA recently announced it was building a huge 1 million square feet data warehouse at a cost of $1.5 billion at Camp Williams in Utah, as well as another massive data warehouse in San Antonio. The cover story is that the warehouses are part of NSA’s new Cyber Command responsibilities. NSA sources have told WMR that the warehouses are to store the massive amount of intercepts collected by the ongoing Terrorist Surveillance Program, an above top secret program once code named STELLAR WIND by the NSA.
Nacchio was later convicted on 19 counts of insider trading of Qwest stock and sentenced to six years in federal prison. Nacchio maintained that his prosecution and conviction was in retaliation for his refusal to participate in the illegal NSA surveillance program. NSA also canceled a major contract with Qwest over its refusal to wiretap calls without warrants.
This would certainly answer who and possibly why. Following money trails to “terrorists” might seem logical, and the WTC would be the most likely spot to intercept the messages. But if it really was the NSA intercepting the pages, why post them to WikiLeaks? Did someone have a guilty conscience and wanted to come clean? Or was it the NSA’s way of saying “This is what we can find out about you, and you brain-dead sacks of sheep-shit can’t do a fucking thing about it!”
If it was the NSA, they’re not saying… and neither are their corporate allies, as one curious Indiana University grad student found out when he asked about what customers are being charged for wiretaps. From Wired:
Want to know how much phone companies and internet service providers charge to funnel your private communications or records to U.S. law enforcement and spy agencies?
That’s the question muckraker and Indiana University graduate student Christopher Soghoian asked all agencies within the Department of Justice, under a Freedom of Information Act (FOIA) request filed a few months ago. But before the agencies could provide the data, Verizon and Yahoo intervened and filed an objection on grounds that, among other things, they would be ridiculed and publicly shamed were their surveillance price sheets made public.
Yahoo! claimed that releasing such information can embarrass them, while Verizon objected on the grounds that customers may get confused and scared. Like having jumbo-jets crash into buildings won’t confuse and scare people enough.
This past Sunday’s (8-Nov-2009) 60 Minutes broadcast included this piece about Brazil’s blackout and how hackers were involved. But were hackers really involved? Anyone up for a history lesson?
Stop me if you’ve heard this before… There has been a massive blackout in Brazil affecting Rio de Janeiro , Sao Paulo, and parts of Paraguay (BBC,Guardian.co.uk). The blackout is reportedly caused by problems at the Itaipu dam, some say by a storm in the area, others say corporate incompetence is to blame.
Don’t mention that to CBS News, though. They have already decided that “hackers” were the cause. The same “hackers” who caused Brazil to go dark in 2007:
“We know that cyber intruders have probed our electrical grid, and that in other countries cyber attacks have plunged entire cities into darkness,” the president said.
President Obama didn’t say which country had been plunged into darkness, but a half a dozen sources in the military, intelligence, and private security communities have told us the president was referring to Brazil.
Several prominent intelligence sources confirmed that there were a series of cyber attacks in Brazil: one north of Rio de Janeiro in January 2005 that affected three cities and tens of thousands of people, and another, much larger event beginning on Sept. 26, 2007.
That one in the state of Espirito Santo affected more than three million people in dozens of cities over a two-day period, causing major disruptions. In Vitoria, the world’s largest iron ore producer had seven plants knocked offline, costing the company $7 million. It is not clear who did it or what the motive was.
And to back up their claim, CBS News interviews some government-military-intelligence types who say “The US is not ready for a cyber-attack,” or some sound-alike crap, I really wasn’t paying too much attention.
Chicken Little. We’ve heard the stories about multi-million dollar thefts due to hacks, and we do tend to believe them. CBS tries to make the big leap to infrastructure attacks by adding how hackers have penetrated military and government systems by leaving USB thumbdrives lying around for sheeple to find and plug into their systems, infecting them and leaving backdoors open for further intrusions and attacks. It sounds like if such an attack is possible, it was made so by clueless soldiers and wage-slaves.
But are such attacks possible, even by “foreign” government agents? I wouldn’t put it pass them… but then again, I did read The Hacker Crackdown (I have to get a review up here!), and knowing that there’s a war for control of the Internet on, I would have to call shenanigans.
Someone beat me to the phone…
Wired Calls Shenanigans. (Wired) No sooner than CBS News puts the video and transcription up for public review, Wired’s Marcelo Soares knocks the foundation out from under:
Brazilian government officials disputed the report over the weekend, and Raphael Mandarino Jr., director of the Homeland Security Information and Communication Directorate, told the newspaper Folha de S. Paulo that he’s investigated the claims and found no evidence of hacker attacks, adding that Brazil’s electric control systems are not directly connected to the internet.
Uh oh. It looks like Brazil did something right (not connecting directly to the Internet), so CBS’s hacker claim is just some gov-mil-corp scare tactic. But if hackers didn’t cause those blackouts, what did?
The earliest explanation for the blackout came from Furnas (Centrais Elétricas) two days after the Sept. 26, 2007, incident began. The company announced that the outage was caused by deposits of dust and soot from burning fields in the Campos region of Espirito Santo. “The concentration of these residues would have been exacerbated by the lack of rain in the region for eight months,” the company said.
Brazil’s independent systems operator group later confirmed that the failure of a 345-kilovolt line “was provoked by pollution in the chain of insulators due to deposits of soot” (.pdf). And the National Agency for Electric Energy, Brazil’s energy regulatory agency, concluded its own investigation in January 2009 and fined Furnas $3.27 million (.pdf) for failing to maintain the high-voltage insulators on its transmission towers.
(Note: See the original article from Wired for links to the pdf files mentioned above)
Yep, corporate incompetence caused the blackouts. Don’t mention that to CBS News, though. It’ll ruin their image as a corporate propaganda machine.
Brain-Computer Interfaces are just in its infancy, but security experts are worried that hackers may be able to pull off the ultimate “mindfuck.”
Mind control. Using everyday objects requires using your brain, mostly to control your arms and legs to manipulate them. Lately though, there have been some major breakthroughs in interfacing directly to your head, including a thought-controlled wheelchair and mind-reading machines, which have stirred up some controversy of its own. William Gibson’s vision of a computer that you can “jack” into your head is ever so closer.
And that has some security people concerned…
“Neural devices are innovating at an extremely rapid rate and hold tremendous promise for the future,” said computer security expert Tadayoshi Kohno of the University of Washington. “But if we don’t start paying attention to security, we’re worried that we might find ourselves in five or 10 years saying we’ve made a big mistake.”
Hackers tap into personal computers all the time — but what would happen if they focused their nefarious energy on neural devices, such as the deep-brain stimulators currently used to treat Parkinson’s and depression, or electrode systems for controlling prosthetic limbs? According to Kohno and his colleagues, who published their concerns July 1 in Neurosurgical Focus, most current devices carry few security risks. But as neural engineering becomes more complex and more widespread, the potential for security breaches will mushroom.
Can’t happen… can it? It would seem that trying to upload malware into your cortex would be difficult at best, if you consider that most BCI are read-only (that is, they can only read your brainwaves). Then again, if the “sex chip” proves viable, that connection will become read-write which can be “influenced,” and not by outside hackers alone:
In some cases, patients might even want to hack into their own neural device. Unlike devices to control prosthetic limbs, which still use wires, many deep brain stimulators already rely on wireless signals. Hacking into these devices could enable patients to “self-prescribe” elevated moods or pain relief by increasing the activity of the brain’s reward centers.
They’re already hacking brains. If the attacks on Epilepsy support sites are any indication, brain hacking is already occurring if not directly. Having a hacker hijack your brainstem is not possible just yet, but on the day when neural interfaces and neuron reprogramming come together, you can bet that meatbots will abound and we will be facing a real zombie apocalypse…
It looks like the NSA(T&T) has some competition in the domestic spying game… and they may be targets themselves.
The Biggest Brother. While the UK is well on its way to being a security-surveillance police-state, and America’s plans are apparently “on hold” for now, it would seem hard to imagine another nation attempting to lay claim to the “Big Brother” title. But China has been doing just that, according to a recently released report from researchers at the University of Toronto. A ten-month investigation has turned up some 1300 infected systems worldwide, including high-value government computers like those of the exiled Tibetan government and the Dali Lama. A full report can be downloaded from here.
Vulnerability detected between keyboard and chair. The way the infection was spread sounds typical: e-mails were sent with a trojan attached, the user unwittingly opens the attachment and infects his system, and the infected system uploads sensitive files to China and spreads even more e-mails where the user unwittingly opens the attachment…
What happens after the initial infection:
“The GhostNet system directs infected computers to download a Trojan (horse) known as ghOst RAT that allows attackers to gain complete, real-time control,” the authors write in Tracking GhostNet: Investigating a Cyber Espionage Network.
“Our investigation reveals that GhostNet is capable of taking full control of infected computers, including searching and downloading specific files, and covertly operating attached devices, including microphones and web cameras.”
The Dalai Lama expresses how he feels about China’s regime
Other Ghosts on The Net? While the Ghostnet is concentrated more on Asia, there’s a possibility that American systems have also been infected, though no reports about such infections have surfaced… yet.
Americans being spied on by foreign nations may not be new, but The Student Operated Press raises concerns about the US cybersecurity scheme, and even worse, that a post-9/11 paranoia-infected Department of Homeland (in)Security has its own Ghostnet:
Robert Paul Reyes (S.O.P.):
I hope that the CIA is taking serious precautions to safeguard our military and intelligence computer systems. I`m confident that they are running their own GhostNet operations to keep track of our many enemies throughout the world.
But what I fear the most is that the Department of Homeland Security has a GhostNet operation to keep track of Americans. Under the guise of fighting terrorism the Bush administration wiretapped the phones of Americans without obtaining a warrant from the courts.
What Ghostnet is about may be scary, but it’s small fries compared the what Conficker may have to offer…
The BBC News’ program CLICK built a botnet to show what damage they can do.
You got spammed! We’ve had to deal with it, spam in our emails, and while filtering has gotten better at removing the crap, the spammers have devised even more powerful ways of insuring that your inbox chokes. The most sinister of them all is the botnet, innocent home computers that have been infected to make remote use possible.
This week, the BBC’s tech news program Click built their own botnet of 22,000 computers to perform two tasks. First, they had the net spam a couple of email addresses they set up for the test. Next, they use the net to launch a DDoS attach on a security site owned by Prevx.
The results: The inboxes choked while the site ground to a halt.
Is this even LEGAL? To build the botnet, the BBC posed as “customers” to purchase the software that infects computers to make the botnet. That would seem to be no different than an undercover agent looking to gather evidence of hacking, only the BBC didn’t need a warrant. The attack on the Prevx was done with the company’s approval on a backup site. This would like a “test” for a tiger-team to see if they are able to do a bigger hack. Companies hire hackers (”white hats”) to regularly test their security, or ethical hackers will do so while leaving messages of possible weaknesses.
What the BBC did may border on journalism and legality, but they do had a good reason for doing this:
A lot of the debate has been about whether we did the right thing digging into the murky world of hackers and organised cybercrime. In seeking to demonstrate the threat, had we put ourselves in the position of those we wanted to expose?
That’s always a good question. After all, we could have simply described what we believe happens and given some warning advice, couldn’t we? We’ve done this in the past. So have many others…
But hacking has gone professional. Today, your PC can be doing bad things to other people without you even knowing. It’s a major growth area for organised crime: it’s global, and very local to all of us who work, communicate and play on the world wide web.
So we felt that there was the strongest public interest in not just describing what malware can do, but actually showing it in action. A real demonstration of the power of today’s botnets - to infect, disrupt and damage our digital lives - is the most powerful way to alert our audiences to the dangers that they face. It’s a wake-up call to switch on that firewall and improve our security on the internet.
We think that what we did was a first for broadcast journalism. We were amazed by the ease of use of the botnet, and the power of its disruptive capacity.
They have since disabled the botnet.
Was this power trip really necessary? People will question whether the BBC’s use of a botnet was required, but there’s no question that there will always be security holes in the system. Linux and Windows users have known this, and OS X users will soon learn this lesson the hard way.
Remember: No amount of software patching will ever close the security hole between the keyboard and the chair.
You must have heard about it over the weekend: An “Anonymous” hacker (now known, or suspected to be University of Tennessee student David Kernell, son of representative Mike Kernell, D-TN) gained access to Palin’s Yahoo! email account and posted screencaps of her inbox, emails, etc. to 4chan. Those pics have since been removed, and Palin’s Yahoo email has been deleted, but you can still get a lookee at the booty on Gawker or download a zip from WikiLeaks. Even now, there are still events unfolding around the hack, along with some “collateral damage.”
How the hack went down. Whether one can call this an actual “hack” may be questioned. In actuality, the “hack” was not much more than gaming Yahoo’s password recovery:
after the password recovery was reenabled, it took seriously 45 mins on wikipedia and google to find the info, Birthday? 15 seconds on wikipedia, zip code? well she had always been from wasilla, and it only has 2 zip codes (thanks online postal service!)
the second was somewhat harder, the question was “where did you meet your spouse?” did some research, and apparently she had eloped with mister palin after college, if youll look on some of the screenshits [sic] that I took and other fellow anon have so graciously put on photobucket you will see the google search for “palin eloped” or some such in one of the tabs.
I found out later though more research that they met at high school, so I did variations of that, high, high school, eventually hit on “Wasilla high” I promptly changed the password to popcorn and took a cold shower…
That’s it. No buffer overflows, no stealth virus bombardment, no password cracking, not even any social engineering. Just some basic Google research to find answers that only Palin herself should know.
Is this the 7337 hax0r who raided Palin’s Yahoo account?
Was it worth the effort? After looking at what was posted, there’s really nothing earth-shattering to behold; It’s just basic family-and-business yakking. Hardly worth the effort, right? Obviously, idle chatter was not what the hacker was looking for. He must have been looking for some dirt regarding Palin’s Troopergate scandal, only to leave with the screenshots to prove he was there.
Big Brother Goes Both Ways. (Not like that!) Anthony Taurus perhaps put it best in his blog, The United States of Anthony, on why hackers are more important today than ever before:
We live in a true Matrix and we’ve got to be able to fight back digitally. We, the people, need hackers as the government has hackers and as corporations have hackers that can be, will be, and have been used against us. This hacking lets me know that not even government officials are safe from the system they’ve developed. There is always someone out there watching and listening. And, those kinds of individuals exist on both teams.
There’s also a comment posted by “Anonymous” (no relation to the Palin hacker, maybe) that points out the difference between real hackers and the Palin hacker.
As always, stay tuned as more (leaked) data becomes available…
When Zed Shaw lost his V.P. job because Bear Stearns went FUBAR, he found himself with more free time (and severance $$$$$) than he can handle. So now he wants to start a special group for hackers:
This rant is about an idea I have for a group of geeks who fight to keep the art of hacking and invention alive. I want to call it The Freehacker’s Union. I want it to be against business, against the coopting and destruction of geek culture, and for preserving hacking and invention as methods of personal artistic expression.
His profile does make him sound like a dick, but he seems to have the tech ability to back it up. Plus his idea of a hacking group devoid of the co-opting that businesses and crime groups are now doing has to be good news for old-school hacker purists.
Really, what’s his motivation? “This town needs an enema,” proclaims Zed as he describes the New York City hacking scene being co-opted and corrupted. He remembers when hacking was for the adventurous, not venture capitalists:
Then it hit me, it’s the business that’s killing tech in this city. The business of technology in New York values douchebag asswipes and “idea guys” over the real people who built this world. Their ideas are shit, but because they have an MBA from Columbia (they didn’t do much to earn) they are listened to and valuable. Me and the other hackers are just tools, cogs, and slave labor designed to be subservient to a real man’s passions.
The problem is, because none of these dicks do anything they don’t know what’s a real technically challenging innovation. They would rather try to make a little bit of money making a slightly better version of whatever everyone else is making. They want the lottery tickets and the fast payout where they take all the fucking money and trade the geeks over to Google or Microsoft like some fucking slave exchange.
Zed’s rules of The Freehacker’s Union:
I want the rules of The Freehacker’s Union to be:
1. If it’s art, wires, or code you can bring it. This will be our triad: art/wires/code. Remember it.
2. NO FUCKING BUSINESS ASSHOLES This isn’t your personal fucking recruiting station. Take your “game changing” ideas and fuck the hell off.
3. If you can’t sling at least one of the three in the A/W/C triad then you can’t come. No exceptions.
4. Everyone who attends has to eventually show something. If it’s your first night, you have to present something. It can be anything, but you gotta show that you belong. If you can’t then you can’t come back until you can. For those who absolutely can’t talk in front of people, you can get someone to show your stuff on your behalf.
5. No girlfriends or boyfriends unless they’re hardcore too. Keep your fucking groupies at home.
6. Organized using simple software that’s open. No special hidden jabber servers, no yahoo groups, no fucking evite or someone’s favorite latest startup website. Just a simple mailing list, a website anyone can manage, and maybe a channel on IRC.
7. Frequent meetings at a regular time and spot. I like twice a month, but hell if people can handle more then I want to do it.
8. Clear guidelines on how to become a member, including the benefits and responsibilities.
Other than that, I’m open to suggestions. I’m going to be doing more writing on this subject, and coming up with ideas with friends, and then I’ll announce our first meeting. If you have thoughts, or you want to attend, then let me know.
If you’re an Alpha Biz Guy then fuck off. I don’t want to hear about how you can kick my ass and how I’m never going to get hired again.
I don’t give a fuck about you, I just want to hack and you’re fucking that up for me.