Open Security: Sad and Ludicrous, aka OpenSSL, has finally been outed as the welcome mat we've all unwittingly placed before our digital front doors, and the damage to the cyber criminal and the government intel-hack community is devastating. I learned just how violated and crippled these poor folks feel at an emergency black hat caucus held Monday, which I attended cleverly disguised as one of their own, decked out in neon blue hair and clothes so old and unwashed I could have been legally classified as landfill.
The Digital Oligarchy for Underworld Criminals Hackers and Eavesdroppers Convention is an ultrasecret affair held annually at a randomly selected Apple Store in upstate New York or Northern California. This year's convention occurred on the same day that Heartbleed, an OpenSSL exploit used for years as a cornerstone for slurping up mountains of much-needed marketing data and identity theft revenue, was discovered and inconsiderately blared out across the Web.
[ For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter and follow Cringely on Twitter. | Can we talk? Send your tech war story to email@example.com and get a $50 AmEx gift cheque if InfoWorld publishes it. We're all ears! ]
Fortuitous timing for me, not so much for the convention.
All scheduled events, including the Whack-a-Snowden party and the Microsoft Security Essentials Open Mic Comedy Festival, had been canceled in favor of an emergency caucus to discuss the chilling ramifications of the Heartbleed exploit discovery. This exploit is so simple and so far reaching, it spawned the NSA's Mind Blowingly-Big Citizen Information Data Warehouse Organizational Task Force, gone in the blink of a Tumblr post.
A rogue's roundtable
The session was held as an open discussion moderated by a panel of grievously wounded hack monsters, including Mammabear, a soccer mom from Orange County who's been infiltrating the state SAT system to get her kids Ivy League scholarships; Snowdenhatah05, an NSA haxpert who's been filling his daily info-gathering quota in less than an hour using Heartbleed so that he has time to for his anime action figure collection and training for the Pentagon's annual Nap-athon competition; WebC0ssack, a Russian cyber sociopath whose long been using Heartbleed to fund an 18-hour-a-day gaming addiction; and Travis Kalanick, who just likes to attend conventions populated by bastards.
"This is intolerable," cried Mammabear. "How am I supposed to get my kids to karate class if cracking is going to take more than 10 minutes?"
"That's nothing," screamed WebC0ssack. "If Wells Fargo closes this hole, how am I going to fund my spiritual bohemian lifestyle?"
"I hate people," said Kalanick to no one in particular.
A small panic set in with hackers, spies, and criminals arguing about who had leaked the exploit and ruined one of their best and easiest pathways into the general populace's wallets, hearts, and dreams. A nerd melee began, so I broke my beer bottle and backed into a corner, ready for all comers. But just as Rogers jumped over some chairs to throttle a self-billed Nigerian prince, sanity returned to the room in the form of Kristoffer Von Hassel, the five-year old who recently cracked a loophole in Xbox code so that he could play Grand Theft Shooting Rampage III.
"Stop!" he shouted slamming down his Red Bull-filled cup with a somewhat audible crack, preschool upper body strength being what it is. The room quieted instantly in awe of this up-and-coming Mozart of Hack Wizardry.
"Breathe slowly, folks, and take heart," he said sagely. "They may have found this hole, but there are plenty more out there. A few more Windows 8.1 updates, and it's back to business as usual."
The stress disappeared immediately from the near frenzied crowd, and Net bastards who'd been at each other's throats only moments before relaxed, chuckled, and shook their cloven hooves. Camaraderie restored, as we linked arms, read relevant passages from the Necronomicon, then dined on 5-star food paid for with Jon Stewart's AmEx number and served on a tablecloth made out of 2011 tax returns.
It's a message for the ages coming straight from the mouths of babes: Just when we think our digital security can't get any worse, that's when the real cyber reaming starts.
This article, "Let's remember the real victims of Heartbleed: Cyber thieves," was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, follow Cringely on Twitter, and subscribe to Cringely's Notes from the Underground newsletter.