Hacking Black Hat
What went wrong: quality control or hacker ethics?
I had some issues with last week's Computerworld.com column from Frank Hayes on "quack hackers" -- specifically, with his apparent belief in hackers as some generally noble breed. I believe I first met Hayes when he covered my presentation at the Black Hat conference back in 1997 or so, where I'm sure he also gained exposure to some of the less-than-honest "honest hackers." I also believe that he has enough exposure to see through the stereotypes that are out there.
The hacker stereotype is that of a socially inept genius spending all his free time in isolation in front of his computer -- driven by never-ending curiosity, striving to understand the intricacies of computer systems and breaking through social and technical barriers to overcome adversity and make the only true advancements in computer security. Again, that's the stereotype.
I have to admit that the socially inept aspect appears to be accurate (see "So, what's wrong with being an introvert?"). The rest of it, including the genius part, is more hype than fact. True, there are some genuine geniuses in the so-called hacker community, but those people are few and far between. Just as there are a few people who scrawl graffiti who demonstrate true artistic talent, there are a few hackers who demonstrate genuine technical ability. And just as a great many graffiti vandals mistakenly claim to share the talent of those rare artists, there are many, many people who meddle with computers and like to think that describing themselves as hackers puts them in the same category as the few brilliant hackers out there.
I'll grant that there may have been a justification of sorts for hackers to infiltrate systems, once upon a time. The original hackers may have had to intrude on computer systems because there were few available, and information about how to work the computers was even more sparse. They had to access the telecommunications networks to get into computers so that they had any access to one. By the 1990s though, computer intrusions were wholly unnecessary; computers were and are readily available, as is reasonably thorough documentation.
As systems and documentation became more widely available, the emphasis on actual technical prowess diminished, and we saw the rise of hacking scripts. Those prewritten tools allowed any inept person to take over a system that was ineptly protected -- hence the derisive term "script kiddie" for a person who cares more about attacking a system than learning about it.
The widespread hacks that we see these days -- the ones that can be reliably traced -- are generally the result of someone wanting to be considered "l33t" rather than a display of technical prowess. Essentially, it's criminal activity that results from too much free time, again not unlike graffiti. There are many highly technical people out there who make tremendous discoveries and help improve security products, but they aren't hackers in the current sense. They do it for the challenge, not for social recognition.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- Webinar: Building a Big Data solution that's production-ready Big data solutions are no longer just a nice-to-have.
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well... All Cybercrime and Hacking White Papers | Webcasts