[ISN] The good and bad of computer hacking

From: InfoSec News (isnat_private)
Date: Wed Dec 11 2002 - 00:23:40 PST

  • Next message: InfoSec News: "[ISN] REVIEW: "Secured Computing", Carl F. Endorf"

    J. Robert Parkinson
    Dec. 8, 2002
    In early October, I wrote a column about how words influence the way
    we view and act upon situations. I made specific reference to the word
    "hacker" and how the word seems innocent, even cute. But I said it
    actually describes an action that is criminal.
    I said hackers are guilty of "breaking and entering" because they
    intrude into computer systems that are the private property of others.
    There was more to the column, of course, but that was one of the main
    points. Well, did I get reactions from readers! I received dozens of
    e-mails telling me I didn't know what I was talking about.
    Hackers, I was told, don't do those things. Real hackers provide a
    valuable service by checking and assuring the security of many
    computer systems.
    The people who wrote to me, the good hackers, informed me in no
    uncertain terms that the people I was describing are "crackers," and I
    should be more careful to distinguish between the two labels.
    I've never heard the label "crackers" used in this context. "Computer
    cracker" is a new term to me, and I'll bet most of the general public
    have never heard this meaning of the word, either.
    Along with chastising and correcting me, readers sent long definitions
    from a variety of sources to help educate me on the important
    distinctions between hackers and crackers. For that I say "thank you."  
    It's always important to continuing learning, and I'll be aware of the
    distinctions in the future.
    Perception is reality
    There is another broader lesson here, however, for all of us, and it
    relates to the old adage, "Perception is reality."
    Words mean what people think they mean.
    Most of us in the non-computer community consider anyone who breaks
    into, or tries to break into, a secure computer system to be a hacker.  
    So in our minds, that is a valid and accurate label. For the "good
    hackers," however, our label and definition doesn't fit them. It
    describes that other group.
    The definition that the general public understands is very different
    from the one the computer community accepts. Each perception is
    accurate for each of the respective groups based on their experience
    and information.
    The "good hackers" told me the media is to blame for the
    misunderstanding by spreading inaccurate information about what the
    computer experts actually do. That may be partially correct, but it
    seems to me that those same computer experts carry some responsibility
    to educate and inform their various detractors. They certainly did it
    to me when they felt unjustly attacked. They might be able to provide
    simple definitions such as:
    Hackers test computer systems to determine how secure they are.  
    Hackers often are employed by companies to test their systems in order
    to protect them and the public at large.
    Mischief makers
    Crackers, on the other hand, break into secure systems just to see if
    they can do it, and sometimes they create mischief.
    There is a clear distinction between these two motivations. One is
    honorable, valuable and legal. The other isn't.
    All of us in business know what we intend when we send messages to our
    clients and customers. What is really important, though, is what our
    clients and customers think we mean. Their thoughts and
    interpretations dictate their feelings and reactions.
    Sending the right message
    If, somehow, they misunderstand our message, it isn't their fault;  
    it's our fault. We didn't craft the message accurately. Because words
    mean what people think they mean, we must consider not only what we
    believe our words to mean but also how our words might be interpreted
    by others.
    That's the real lesson for all of us behind the strong reaction to the
    hacker column.
    Once again, to all of you who took the time to write and educate me I
    say thank you and keep writing. I hope we all learned a good lesson
    not only about computer labels, but also about the need to pay close
    attention to all the words we use in business and how others might
    interpret what we say.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Dec 11 2002 - 02:46:30 PST