Two Hacker Communities:
The BUGTRAQ List and alt.2600

by Gregory B. Newby, PhD

In all communities there are people who think themselves experts. Such people might view their activities as being important or significant, and their opinions to be worthy of other people's attentions.

This resource review is directed at people who want to know more about communities of computer hackers. There is a great curiousity about hackers, and also considerable mistrust. Yet computer hackers of many types may be found in open communication in two forums, the BUGTRAQ mailing list and the alt.2600 network newsgroups.

The review will provide a brief behind-the-scenes look at who participates in these forums, and try to give the reader some insight into their purposes and uses.

BUGTRAQ

BUGTRAQ is an electronic mailing list. The list is moderated by a hacker who calls himself Aleph One . All messages must be approved by him before they are posted to the list. Strangely, for a hacker list, I have not noticed any incidents of "forged" messages (that is, messages that were not approved, but were snuck by the LISTSERV software that maintains the list anyway).

BUGTRAQ has almost 13000 subscribers, but the LISTSERV "review" command only allows basic list information so it's hard to know where the subscribers mostly come from. The list's target audience clearly includes hackers and system administrators concerned with computer security, but probably also includes educators, government officials who track hacker activity, and others. But from the list contents (ranging from 0 to 20 messages per day), it is evident that the message authors have the following general qualities:

Technically saavy Many posters are either system administrators, programmers or hackers.
Proud Hackers take pride in sharing their accomplishments, although this is often done after the hack has become "known" in the underground community. They want proper credit for the work they innovated.
Confident People who post messages often think they've found "the answer" to a particular problem or challenge. This applies to the hackers, the system administrators, and even to the many corporations whose messages or announcements are re-sent to the list

I have subscribed to this list for about 3 months, and have found the content to be useful and the overall discussion to be friendly and informative. There is debate, but the moderation of the list tends to keep messages focused and relevant. The one message I sent (forwarding a statement about the latest Intel bug from the Edupage list) was never posted and wasn't responded to...it may be that there is a bigger focus on "original" messages (things you did) rather than resending messages.

alt.2600

alt.2600 is a newsgroup, but there are more than 20 other newsgroups starting with alt.2600. that have spun off of the original alt.2600. alt.2600 is a very busy newsgroup, with hundreds of messages per week and several new threads in any particular day. Here is a list of all alt.2600. newsgroups.

The newsgroup is unruly and insulting, and packed to the gills with irrelevant messages. Apart from the usual plethora of ads for phone sex and get rich schemes that seem to pepper all non-moderated newsgroups, there are insults to Microsoft and Bill Gates, and many ads (and responses) for alleged FTP sites where "warez" (stolen software and hacker tools) may be retrieved.

Warez sites notwithstanding (most of them don't really exist), there's not a lot of content in alt.2600. There's some argument, but the general nature of the group seems to be a playground for the (intellectually) young hacker wannabe. "Real" hackers seem to have given up this newsgroup, and even the "moderated" versions of the newsgroup (alt.2600.mod and alt.2600.moderated) are empty.

2600 magazine, which pre-dates the alt.2600. newsgroups, is a far more useful source of information about hackers and hacking, especially phone phreaking. There's not much personality in the alt.2600 newsgroup or its offshoots, and very little useful content. There don't seem to be many regular posters, there's no FAQ, and almost any message results in the author being personally attacked.

Comparison

If you need to feel safe from marauding hackers, read the alt.2600. newsgroups. You'll see that there is little to fear from the hacker community, as they are argumentative, unimaginative, immature and braggadotious.

But if you are serious about hacking and want to see how its done, what the current level of exploits are (as opposed to "old hacks") and become informed about newly discovered problems early on, subscribe to BUGTRAQ (here's a form to subscribe yourself). This is a far superior forum, and very informative.

The personalities on BUGTRAQ are not unified in purpose, profession or interest. Yet there is more cohesion and commonality of interest there than in the alt.2600. newsgroups, which are really just a set of forums for people who want to feel connected to the hacker community but really are not.

- Newby's homepage - Email feedback - INLS80 homepage - Review 3 - Review 2 - Review 1 -