ABOUT w00w00

This was an interview for a Russian magazine a few months ago. Early 2003.

1. When w00w00 was born? What were the goals its appearing? Who was a founder? How did collective formed? Who was in group at first and how did it change with time?
2. What does w00w00 mean? How the name was chosen? What other variants were proposed before? Is there any sence/idea in group's name?

Let me answer these two together. w00w00 was created in 1998. As it's humorous, nonsense name implies, w00w00 was created as a joke and with no goals. The group initially began with a friend and I creating a private forum for us to talk. As our discussions expanded, we'd invite our other friends in security to join into the discussions. These people found it useful and in turn invited some of their security friends. This is how it grew into the status it holds today (the world's largest non-profit security research group). To preserve the closeness of the group, it is an invite only group. A participant will invite another person in, and by inviting them, they are "vouching" that they trust that person with anything discussed and feel that person can contribute to the team. w00w00 I think has evolved into more of a community or network of friends than a group. I don't think I would say it exists as a group anymore (there are no longer any official members). First, it is more of a forum for technical security discussions. This is something it has always been. Second, we have also recently evolved into a "security advocacy" group (for lack of a better phrase). By this I mean people contact us with vulnerabilities and then we do the trouble of reporting it. This wasn't ever intended, but if someone emails us with information we're happy to help. We all love computer security and hope to further advance the profession.

Ideologically, w00w00 has always been diverse. I think the majority of w00w00 is considered "whitehat" though it is not a pre-requisite. Some are in support of full disclosure, others are not. I will reserve my personal feelings for the section about me.

3. How many members are there in group? What countries are they from and what of those countries are dominant? What is w00w00 members appoximate middle age? What range of specializations do the members have?

It ranges from 30 to 40. The areas of greatest involvement are the U.S. (#1), Europe (#2), and Australia (#3). The median, I'm guessing, is 23 or 24. The youngest at present is 19 and the oldest is somewhere around 30.

4. What infrastructure do the group have? How do u help each other, how do u work together, what kind of descipline and affairs you have inside? Is there any core (group leaders)?

There is no hierarchy or formal structure. Anyone is welcome to publish things under the title of w00w00 or speak on behalf of w00w00, provided they do so in a manner that doesn't offend the other partcipants of the group.

5. Do u have any contacts with other security groups? Whom u respect the most? Are there any group enemies?

There are many groups that we have ties to or at least respect--in my opinion, the two most prominent are TESO and HERT. w00w00 and ADM also used to share many of the same members, though ADM seems to have died off or gone underground. w00w00 officially has no people or groups that dislikes. There are of course groups (like PHC) that resent w00w00 for its public image, but there is no longer (if there ever was) any unified political ideology of w00w00 for them to be opposed to.

6. How do u appreciate w00w00 members skill level? Are there any "beginners" or experts only? Who are group's most active members?

The skill levels vary, though most would be considered advanced I think. It all depends on the person--some people are invited in because the person inviting them feel they that have something special about them (it doesn't have to be their skill level). I don't think there is a distinction between active and inactive participants. I suppose some people are more likely to publish than others (I tend to do the most), but that doesn't really indicate involvement. It just means that those that don't want their research publicly released.

7. What kind of work does w00w00 specializes in? What u think are your main achievements (hacks/advisories/utilities)?

Well, we specialize in security, and we've released several advisories, tools, and papers. That's about all I can say. We've mostly gone "underground" in the sense that we have only rarely been releasing major advisories or articles in the last two years. I think it's mainly been a lack of time. I hope to change this soon, though.

8. How do u act with all these anti-hacker organisations (such as Secret Services)? Are there any persecutions from their side? Or maybe there is cooperation instead? Do u cooperate with other security groups? And is there an essential help from outside (maybe Goverment makes u a financial support?)

There are two things I want to say on our interaction with official organizations. We, as a group, have no collaboration with any corporations or government agencies. We also don't perform security services for money. That's not what we're about. With that said, what an individual participant does in his/her own time is his/her own business.

10. How one may join w00w00? What is required and whom to contact?

You would either need to be a close friend with a current participant (since you would need to be vouched for) or demonstrate technical expertise or credibility (that you can be trusted). The reason trust is so important is that participants have to feel comfortable discussing their research or sensitive topics in the group. If there are unknown/untrusted people involved, no one will comfortable discussing the stuff that makes w00w00 great.