[ISN] More women joining the ranks of hackers

From: InfoSec News (isnat_private)
Date: Thu Oct 11 2001 - 04:14:32 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, October 10, 2001"

    Mercury News 
    Oct. 9, 2001 
    Say the word ``hacker,'' and most people still think of an antisocial
    teenage boy running amok in government computer systems, concocting
    nasty viruses and defacing Web sites.
    But during the past few years, as computers have become commonplace in
    conventional homes and businesses, hackers have undergone a remarkable
    transformation. Not only have hackers become friendlier and more
    law-abiding, they are also more frequently female.
    ``It used to be a boy thing, and now it's an everybody thing,'' said
    Alan Paller, director of research for the SANS Institute, a for-profit
    organization in Bethesda, Md., that provides computer security
    research and training.
    Women have helped soften the hacker image. More interested in computer
    security than in computer vandalism, they choose overwhelmingly to be
    cops rather than robbers, experts say. That means they'll gladly break
    into your computer, but only if they receive an invitation first.
    During the past three years, female attendance at computer security
    training courses run by organizations like the SANS Institute has
    tripled, organizers say. They are also showing up in greater numbers
    for Def Con, the hacker bacchanal and convention held each year in Las
    ``There's more and more women getting into the hacking movement,''
    said Brazen, a 23-year-old member of the Ghetto Hackers, who asked to
    be identified only be her online handle to protect her privacy. ``It's
    not that I want to be destructive, but computers are becoming more and
    more part of our lives, and it's important for me to know what this
    technology is doing exactly.''
    The Ghetto Hackers -- famous for holding the three-time title to the
    Capture The Flag tournament, hacking's answer to golf's Masters
    championship -- have a reputation as a female-friendly hacking group.
    ``With these guys, I'm just one of the boys,'' said Brazen, who began
    using her parents' computer to hook up to computer bulletin boards
    when she was 16.
    Other women attending Def Con in July echoed her curiosity. Raven
    Alder, a 25-year-old senior network engineer from Washington, D.C.,
    said learning about computer networks is like solving puzzles. ``I
    just find a whole lot of joy in figuring out something that is
    difficult,'' she said.
    The first woman to make a technical presentation a Def Con conference,
    Alder spoke this year about a programming tool she wrote that enables
    system administrators to trace electronic attacks. ``You have some
    people who have this misguided idea that women are not technically
    skilled,'' Alder said, explaining why she chose Def Con as a forum.
    Though female hackers continue to be few in number -- the vast
    majority of women at this year's Def Con were girlfriends or
    hangers-on -- the presence of several dozen geek girls underscored how
    much the hacking world has changed.
    During hacking's golden era in the early '90s, the term ``hacker''
    referred to highly skilled programmers who enjoyed the intellectual
    challenge posed by unknown computer systems. Hackers regularly
    trespassed but rarely caused damage.
    By the end of the decade, however, some hackers had become more
    malevolent. The ready availability of highly automated hacking tools
    enabled pranksters with little or no technical skills to break in to
    sophisticated networks and carry out complex, coordinated assaults.
    Derisively referred to as ``script kiddies'' or, in cases when they
    demonstrated some computer skills, ``crackers,'' the attackers gave
    all of hackerdom a bad name.
    In response, many hackers have been trying to reclaim the term's
    original meaning and rehabilitate hackers' image. ``Everyone who was a
    hacker five years ago is now a security consultant,'' observed Def Con
    founder Jeff Moss.
    And more and more women are joining the ranks of these ``white hat''
    ``Hacking is the pursuit of knowledge,'' declared Anna Moore, a
    15-year-old from Oklahoma who won the ethical hacking game at Def Con
    this year. An innocent-looking blonde, Moore admits to going through
    ``a lamer phase'' when she first started hacking and discovered cool
    tools that could be used to crash strangers' computers. But she soon
    realized that was illegal, and after several talks with her mom and
    dad, she resolved to stay on the right side of the law.
    ``The name of the game is you have to do the responsible thing,'' said
    Anna's mother, Michele Moore, who chaperoned Anna at Def Con this
    summer. The elder Moore spent most of the weekend working on
    needlepoint as Anna and her friends competed in the Capture The Flag
    Of course, not all female hackers aspire to good citizenship awards.
    Lee Curtis, who oversees high-tech investigations in the Western
    region for Kroll Associates, said that in his experience, women are
    just as likely as men to use their hacking skills to commit crimes.
    In September, a 30-year-old Ohio woman pleaded guilty to remotely
    logging into the computer system of her employer, executive recruiting
    firm Christian & Timbers, and maliciously changing the password of the
    chief information officer.
    In recent years, a number of women have joined the ranks of virus
    writers, said Sarah Gordon, a senior research fellow at Symantec.
    But even there, Gordon said, women appear to take a gentler approach,
    focusing more on the programming challenge than on the virus'
    destructive impact. ``The payload is much less important,'' she said.
    ``They are more interested with the process than with the
    The same could be said for women programmers who practice electronic
    burglary. Viki Navratilova, who co-authored a recent edition of
    ``Linux For Dummies Quick Reference,'' said she will break into a
    computer only if the owners ask her to, usually because they want her
    to test its defenses.
    ``It is really fun if an exploit actually works'' even after a
    computer has been properly secured, Navratilova said.
    Alder, who has also broken into friends' computers at their request,
    said the intellectual challenge is part of the appeal, but so is the
    feeling that she is helping people protect themselves.
    ``It's like being a doctor and diagnosing someone's complex illness,''
    she explained.
    Contact Elise Ackerman at eackermanat_private or (408) 271-3774.
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Oct 11 2001 - 06:00:33 PDT