Hacking Black Hat
What went wrong: quality control or hacker ethics?
I had some issues with last week's Computerworld.com column from Frank Hayes on "quack hackers" -- specifically, with his apparent belief in hackers as some generally noble breed. I believe I first met Hayes when he covered my presentation at the Black Hat conference back in 1997 or so, where I'm sure he also gained exposure to some of the less-than-honest "honest hackers." I also believe that he has enough exposure to see through the stereotypes that are out there.
The hacker stereotype is that of a socially inept genius spending all his free time in isolation in front of his computer -- driven by never-ending curiosity, striving to understand the intricacies of computer systems and breaking through social and technical barriers to overcome adversity and make the only true advancements in computer security. Again, that's the stereotype.
I have to admit that the socially inept aspect appears to be accurate (see "So, what's wrong with being an introvert?"). The rest of it, including the genius part, is more hype than fact. True, there are some genuine geniuses in the so-called hacker community, but those people are few and far between. Just as there are a few people who scrawl graffiti who demonstrate true artistic talent, there are a few hackers who demonstrate genuine technical ability. And just as a great many graffiti vandals mistakenly claim to share the talent of those rare artists, there are many, many people who meddle with computers and like to think that describing themselves as hackers puts them in the same category as the few brilliant hackers out there.
I'll grant that there may have been a justification of sorts for hackers to infiltrate systems, once upon a time. The original hackers may have had to intrude on computer systems because there were few available, and information about how to work the computers was even more sparse. They had to access the telecommunications networks to get into computers so that they had any access to one. By the 1990s though, computer intrusions were wholly unnecessary; computers were and are readily available, as is reasonably thorough documentation.
As systems and documentation became more widely available, the emphasis on actual technical prowess diminished, and we saw the rise of hacking scripts. Those prewritten tools allowed any inept person to take over a system that was ineptly protected -- hence the derisive term "script kiddie" for a person who cares more about attacking a system than learning about it.
The widespread hacks that we see these days -- the ones that can be reliably traced -- are generally the result of someone wanting to be considered "l33t" rather than a display of technical prowess. Essentially, it's criminal activity that results from too much free time, again not unlike graffiti. There are many highly technical people out there who make tremendous discoveries and help improve security products, but they aren't hackers in the current sense. They do it for the challenge, not for social recognition.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Cybercrime and Hacking White Papers | Webcasts