Hacking Black Hat
What went wrong: quality control or hacker ethics?
I had some issues with last week's Computerworld.com column from Frank Hayes on "quack hackers" -- specifically, with his apparent belief in hackers as some generally noble breed. I believe I first met Hayes when he covered my presentation at the Black Hat conference back in 1997 or so, where I'm sure he also gained exposure to some of the less-than-honest "honest hackers." I also believe that he has enough exposure to see through the stereotypes that are out there.
The hacker stereotype is that of a socially inept genius spending all his free time in isolation in front of his computer -- driven by never-ending curiosity, striving to understand the intricacies of computer systems and breaking through social and technical barriers to overcome adversity and make the only true advancements in computer security. Again, that's the stereotype.
I have to admit that the socially inept aspect appears to be accurate (see "So, what's wrong with being an introvert?"). The rest of it, including the genius part, is more hype than fact. True, there are some genuine geniuses in the so-called hacker community, but those people are few and far between. Just as there are a few people who scrawl graffiti who demonstrate true artistic talent, there are a few hackers who demonstrate genuine technical ability. And just as a great many graffiti vandals mistakenly claim to share the talent of those rare artists, there are many, many people who meddle with computers and like to think that describing themselves as hackers puts them in the same category as the few brilliant hackers out there.
I'll grant that there may have been a justification of sorts for hackers to infiltrate systems, once upon a time. The original hackers may have had to intrude on computer systems because there were few available, and information about how to work the computers was even more sparse. They had to access the telecommunications networks to get into computers so that they had any access to one. By the 1990s though, computer intrusions were wholly unnecessary; computers were and are readily available, as is reasonably thorough documentation.
As systems and documentation became more widely available, the emphasis on actual technical prowess diminished, and we saw the rise of hacking scripts. Those prewritten tools allowed any inept person to take over a system that was ineptly protected -- hence the derisive term "script kiddie" for a person who cares more about attacking a system than learning about it.
The widespread hacks that we see these days -- the ones that can be reliably traced -- are generally the result of someone wanting to be considered "l33t" rather than a display of technical prowess. Essentially, it's criminal activity that results from too much free time, again not unlike graffiti. There are many highly technical people out there who make tremendous discoveries and help improve security products, but they aren't hackers in the current sense. They do it for the challenge, not for social recognition.
- Why Projects Fail CIOs are expected to deliver more projects that transform business, and do so on time, on budget and with limited resources.
- The New Business Case for Video Conferencing: 7 Real-World Benefits Beyond Cost-Savings This whitepaper provides insight into the value of video conferencing in today's business environment, and how organizations are using visual collaboration to find...
- Gartner Magic Quadrant for Client Management Tools The client management tool market is maturing and evolving to adapt to consumerization, desktop virtualization, and an ongoing need to improve efficiency.
- Audit Ready and Asset Optimized: The Solid Promise of an Intelligent Software Asset Management Solution In this paper Frost & Sullivan examines the benefits of enterprise-grade Software Asset Management solutions, and how these solutions serve as the convergence...
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Cybercrime and Hacking White Papers | Webcasts