Skip the navigation

Hacking Black Hat

What went wrong: quality control or hacker ethics?

By Ira Winkler
September 5, 2006 12:00 PM ET

Computerworld -

I had some issues with last week's column from Frank Hayes on "quack hackers" -- specifically, with his apparent belief in hackers as some generally noble breed. I believe I first met Hayes when he covered my presentation at the Black Hat conference back in 1997 or so, where I'm sure he also gained exposure to some of the less-than-honest "honest hackers." I also believe that he has enough exposure to see through the stereotypes that are out there.

The hacker stereotype is that of a socially inept genius spending all his free time in isolation in front of his computer -- driven by never-ending curiosity, striving to understand the intricacies of computer systems and breaking through social and technical barriers to overcome adversity and make the only true advancements in computer security. Again, that's the stereotype.

I have to admit that the socially inept aspect appears to be accurate (see "So, what's wrong with being an introvert?"). The rest of it, including the genius part, is more hype than fact. True, there are some genuine geniuses in the so-called hacker community, but those people are few and far between. Just as there are a few people who scrawl graffiti who demonstrate true artistic talent, there are a few hackers who demonstrate genuine technical ability. And just as a great many graffiti vandals mistakenly claim to share the talent of those rare artists, there are many, many people who meddle with computers and like to think that describing themselves as hackers puts them in the same category as the few brilliant hackers out there.

I'll grant that there may have been a justification of sorts for hackers to infiltrate systems, once upon a time. The original hackers may have had to intrude on computer systems because there were few available, and information about how to work the computers was even more sparse. They had to access the telecommunications networks to get into computers so that they had any access to one. By the 1990s though, computer intrusions were wholly unnecessary; computers were and are readily available, as is reasonably thorough documentation.

As systems and documentation became more widely available, the emphasis on actual technical prowess diminished, and we saw the rise of hacking scripts. Those prewritten tools allowed any inept person to take over a system that was ineptly protected -- hence the derisive term "script kiddie" for a person who cares more about attacking a system than learning about it.

The widespread hacks that we see these days -- the ones that can be reliably traced -- are generally the result of someone wanting to be considered "l33t" rather than a display of technical prowess. Essentially, it's criminal activity that results from too much free time, again not unlike graffiti. There are many highly technical people out there who make tremendous discoveries and help improve security products, but they aren't hackers in the current sense. They do it for the challenge, not for social recognition.

Our Commenting Policies