The Hacker Ethic may describe why hackers hack, but ego is what drives them to keep at it night after night.
Motivation comes from the satisfaction of having accomplished something difficult no one had done (to that site) ever before; the knowledge that you've had an impact on the world; the right to brag to buddies you'll never meet in person to compare clothes or looks or money that for one night, or one target, you were better than anyone else.
(Actually the money is a big factor too, but for the purposes of this one entry we'll assume all Right Thinking Hackers are small-town, middle-America, salt-of-the-earth iconoclastic techno-anarchists with an obsessive hatred of corporate uniformity and deeply mixed feelings about the homoerotic sub-themes in Adult Swim animation.)
In any case: counting coup requires not only hitting your targets, but bragging about it on Twitter and IRC in enough detail to let n00b5 know you're teh 5H1t and they'd better respect.
Which prompts a lot of arguments and flame wars and blanket dismissals of this kind of attack or that variety of malware and everyone calls everyone else a poser or a script kid and, in general the trash talk fills the same function that grab-assing at the bar after a rough slo-pitch doubleheader does for middle-aged suburbanites, but with a lot more acronyms and no need to leave the basement.
A new site, RankMyHack.com lists the hacks, the hackers, the methods and the victims, awarding points for big targets, hard targets and innovative exploits. Members can vote for a hacker or hack, but as time goes on the rankings will settle more on the number, variety and difficulty level of the accomplishments of each hacker under their current alias, according to s0lar, a "UK hacker and Web developer" who founded the site this summer.
"Until now when you met another hacker on an IRC or forum there was no way to indicate if that hacker had any skills whatsoever. RankMyHack.com was built to give a clear indication of a hacker's general abilities," s0Lar wrote in the About. "It also serves the purpose of tracking a hackers hacking achievements under their current alias allowing for other hackers to quickly establish the calibre of hacker they are talking to."
A Dueling section encourages well-matched hackers to test their skills to establish a leader. Resources offers tips, links to code and other shared information. A War Room lets members exchange tips in relative privacy.
Top hackers are listed on a Leader Board that looks like the Unix greenscreen version of a golf scoreboard.
Top hacks are posted according to the number of points earned by the hacker involved. Bigger sites, tighter security and the skill involved in bypassing it are all considered in awarding points.
Once a site is compromised, though, its' done. Unless it's a really big site and a second hack uses vastly different methods or different location in the owner's network, RankMyHack won't even accept a nomination.
That, at least, should head off serial hacks of companies such as Sony, who could get hit in one place, and then in a second, third, or eighteenth before having time for (or bothering to) improve security enough to stop it.
Currently No. 1 hacker Mudkip also has the No. 1 hack – of Huffingtonpost.com on Aug. 1.
RankMyHack.com could treat hacking more like a sweaty outdoor sport than an indoor, intellectual, puzzle-solving, society-challenging obsession by iconoclasts with networking or Unix administration skills.
It doesn't. It is designed with enough opportunities for tournament competition and for one-on-one challenge matches, but treats the whole field as more than just a way to rack up points in a video game losers live in every minute they're not working.
It's not noble in intent, however, at least not on the social or political scale of other recent hack-centric publicity vortices. It does offer one way to identify Good Works hackers can participate in, even if it doesn't make that big a deal about them as a higher mission, or anything:
"The Bounty section of this site was created in an attempt to focus the abilities of talented hackers against political and government forces that need to be put back in line," s0lar wrote. "This site isn't the next Anonymous or the next Lulzsec, this site is for every hacker that wants to use it regardless of country of origin, ethos, philosophy. Bounties just provide a politically constructive target for hacker's talents regardless of ability."
Bounties aren't just high-falutin' goals, though. Any site can be put out as a Bounty at any time for any reason, not just for crimes against humanity.
"If your site has a bounty on it," s0lar summarizes, "you must have done something to piss people off."
Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.