What This Is
NMRC stands for Nomad Mobile Research Centre, what Simple Nomad typed into the "organization" field of the command line USENET utility tin spur of the moment circa 1995. It became the name of a collective of nerds, artists, makers, tinkerers, engineers, but mainly hackers. In 1997 the domain nmrc.org was registered, and both mail and web services were established that same year.
Like many hacking groups, NMRC has released free security and hacking-related information in the form of FAQs, presentations, advisories, and tools.
Who We Are
Founded in 1995, current members include Simple Nomad, Weasel, hellNbak, grepwzrd, Cask3t, cgistar.
Past members have included Anonpoet, Cybereagle, Cyberiad, Daaihliuh, Grace Clovia Terre (RIP), Irib, Jericho, Jitsu-Disk (RIP), jrandom, Knobster, Hole, MadHat Unspecific, Maniac, Phuzzy L0gik, Rat Toe, Raven, Ring Zero, Sioda an Cailleach, Tanshiai, Up-uat and a few others who may or may not wish to remain nameless.
Our Work
Our work falls into three main categories:
General knowledge: This is just general knowledge within the hacking and security space. Most material published, including most blogs, presentations, code, etc all fall into this category.
Risky issues: Whenever we've done a talk at a conference where we run the presentation by a lawyer or especially if we'd prefer a lawyer looking out for us and be present during the talk, the reason behind it is risk. The risk could involve potential litigation or even some type of law enforcement action, and yes the idea of the lawyer there is partially a "we're serious and we've run this by someone from a legal standpoint so don't fuck with us" show of position. This has included:
- Simple Nomad's "Hacking the Friendly Skies" from ShmooCon 2 in 2006. The talk details were withheld from the conference website in case of retaliation of some sort by a U.S. federal agency. Thanks to Jennifer Granick for slide editing notes as well as attending the talk in case something happened. This generated a surprising amount of press, considering the lameness of the Wi-Fi "zero day" released at that time.
- Raven's "Pen-Testing the Backbone" (very poor audio) from DEF CON 13 in 2005. Thanks to Jennifer Granick and the EFF for support and being front and center during the talk. It should be noted that Raven's DEF CON talk was one of the rare DEF CON talks where the presenter actually got a standing ovation. This also generated a lot of press with quotes from Raven, although the entire Ciscogate scenario (which Raven talked about at length) certainly got the much more.
Behind the scenes: NMRC has helped human rights workers, activists, journalists, and other groups that have OPSEC issues or technological needs that are beyond their main skill sets, and NMRC has worked to resolve issues and address concerns. As "behind the scenes" implies, this work is not out in the open.
As a result of some of this work, NMRC has found itself come under direct attack, including but not limited to nation-sponsored APT actors have come after NMRC assets more than once (one incident is documented in this blog post as well as this DEF CON 29 conference talk).
Important Notes
A few items of note involving things that have occurred along the way:
Diversity: While not the first nor the only group to make this claim, NMRC has had a diverse group of members from the very beginning. We never formally set out to bring in females, members of the LGBTQ community, different ethnic backgrounds, it simply just happened that some people were a good fit and had talent.
Disclosure: While most references to responsible disclosure discuss the first documented policies coming out in the early 2000s, after much internal discussion NMRC published the first disclosure policy in 1999. [Ref. 1, 2]
Google Hacking: Before Google hacking aka Google dorking, NMRC pioneered the idea with the pre-Google search engine known as Alta Vista. Granted it was an extremely less sophisticated search engine and the "dorks" were quite simple, however Johnny Long took the original concept and ran with it using Google. Johnny has even credited NMRC in coming up with the technique in 1997. [Ref. Google Hacking for Penetration Testers, Appendix B. Published 2005 (ISBN 1-931836-36-1)]
