Where have all the grey hack BBSs gone?

Where have all the grey hat hacker forums gone?

Grey hats were always a valuable part of the hacker community. They may sometimes cross ethical lines, but unlike black hats they’re in it to learn, not to make money. A black hat might intend to steal credit cards and resell them online. A grey hat is just interested in smart new ways to gain network access.

Back in the day, before you could buy Hacking for Dummies at your local Indigo store, even basic hacking knowledge was a valuable commodity. There were places online, where grey hats would hang out and trade it. They were forums dedicated to the pursuit of knowledge, where the more advanced would mentor newcomers in the finer arts of system manipulation. They were places like The Works BBS.

The Works was a bulletin board system that started purely as an exchange board for text files, but which eventually allowed tech enthusiasts to talk to each other. It was here that Chris Wysopal, SecTor speaker and co-founder of l0pht, met his crew.

“I met the soon to be l0pht people there and cDC [Cult of the Dead Cow] folks there. It was a real community.  It morphed into the 2600 meetup community where we would meet up once a month in Cambridge, then later Boston,” he says.

Early hacker BBSs had their faults. They only had so many connections, meaning that participants might find themselves dialing a telephone number several times as they competed for time on a host machine. Despite that, the BBS movement had its cultural advantages.

“The early hacking BBSs were more of a tight-knit community because they were area code-based,” says Wysopal. “It cost money to make long-distance calls, but most people had unlimited plans for local numbers. “Phreakers could call long distance for free, but they still would hang out at a local BBS with their community. People used to call their neck of hackerdom by the area code.  I was a 617er.  NYC folks were 212s.  A famous early band of hackers was the 414s.”

Brian Bourne, co-founder of SecTor, spent a lot of time on BBSs in the early days. They were often invitation-only, and were therefore a haven for grey hats eager to exchange ideas, he says. Then, there was Internet Relay Chat (IRC).

“Law enforcement had no idea what a BBS was, never mind IRC!  So even though IRC channels were a bit harder to police membership and keep unknown folks out, we would share ideas with impunity,” he says.

Changing channels

Things have changed dramatically over the years, says Dug Song. The co-founder of Duo Security and Arbor Networks was an early participant in W00W00, the online security forum that flourished in the late nineties.

The disappearance of these early forums has altered hacker culture, he says, making it harder to find discussion areas where grey hats can share ideas without risk of recrimination. Instead, the community has polarized, with black hats on the one side and white hats on the other.

Unless white hats are deliberately out to infiltrate black hat networks, the two rarely meet online.

“The baddies now often aren’t even English speaking anymore,” says Emerson Tan, director at security non-profit forum PacketStorm. “It’s now a much more organised and fractured sort of world.”

By the time white hats and black hats pick their sides, there’s no going back. Song laments the middle ground, where people who were neither on one side or the other could share ideas without labels.

“That’s really the only way that you make progress,” he says. “The need to take sides has resulted in less opportunity for folks to find transition. That’s been an unhealthy development in our community.”

Grey hat areas provide a forum for young, talented hackers to transition into roles where they use their powers for good, Song adds, adding that this was one of W00W00’s biggest benefits.

“I feel like W00W00 as a neutral platform of security research helped afford folks who would otherwise only have had blackhat opportunities or had only learned about computer security in that manner to see what the rest of it looked like,” he says.

W00W00 exists now mostly in name only, and most of the BBSs have disappeared (although Song says there are still a handful dotted around). So what’s left for grey hats?

“The industry is drastically bigger, so the tiny clique of like-minded hackers isn’t tiny anymore,” says Bourne. In a more mature industry, discussions are often more public – and therefore more sanitized.

There are still some private discussions, but they have gravitated to different channels, some old and some new.

“Mailing lists are one of the things today that brings back that community,” says Wysopal. “I am on a couple of private mailing lists.  It gives a fixed set of people to have a discussion with.”

Tan says that some people have gone back to IRC. Bourne believes that there are still carefully curated user discussions on some dark web forums, and there are also new groups popping up on newer channels ranging from Facebook groups through to Telegram, Whatsapp and Slack. The communications media for grey hat discussions is more fractured; more difficult to keep a handle on.

“Today a bit of the old IRC feel is back with Slack,” agrees Wysopal. “I am on a Slack server with many of the people who used to be on IRC EFNET #hack and #!r00t.  It is not as anarchic and it isn’t really the grey hat feel of yesteryear.”

Physical meetings are always an alternative. Security get togethers from 2600 meetups through to B-Sides and other events are still buzzing with discussions.

“The hallway track at hacker cons, and even at the more corporate events like SecTor are still full of grey hat discussions,” says Bourne.

The Works eventually shut down as a BBS and moved to works.org, where it ran as a Telnet-accessible BBS for a while. The domain is still owned by technology historian Jason Scott, who served as The Works’ New York SysOp for a while and now runs Textfiles, an archive of bulletin board text files online. He also made a long documentary about the history of the BBS movement, which makes fascinating viewing.

The old 617 number for The Works BBS is now disconnected, but dead lines don’t mean that the grey hat discussions have gone away. You just have to socialize with the right people to find them.