Re: [ISN] The good and bad of computer hacking

From: InfoSec News (isnat_private)
Date: Thu Dec 12 2002 - 00:50:14 PST

  • Next message: InfoSec News: "[ISN] Analysis of Defacement of Indian Web Sites"

    Forwarded from: Robert G. Ferrell <rferrellat_private>
    At 02:23 AM 12/11/02 -0600, you wrote:
    > In early October, I wrote a column about how words influence the way
    > we view and act upon situations. I made specific reference to the
    > word "hacker" and how the word seems innocent, even cute. But I said
    > it actually describes an action that is criminal.
    If you think "hacker" is innocent or cute, you need to spend some
    time with Mr. Webster:
    "One who cuts or severs with repeated irregular or unskillful blows"
    "One who cuts or shapes by or as if by crude or ruthless strokes"
    Of course, the same dictionary now lists hacking as "gaining
    access to a computer illegally," but that is the direct result of the
    persistent misuse of the term by a careless and lazy press,
    more interested in sensationalism than, say, accuracy.
    > Hackers, I was told, don't do those things. Real hackers provide a
    > valuable service by checking and assuring the security of many
    > computer systems.
    No, no, no, no, no.  Hacking has nothing to do with security.  Let me
    reiterate: hacking has nothing to do with security.  I want you to
    stand in front of a mirror and repeat that sentence until it sinks
    in.  Hacking has nothing to do with security.  Hacking is a way of
    looking at and solving complex problems.  Some of those problems
    might involve security, but there is nothing inherent in hacking that
    causes its practitioners to break into other people's systems.  I think 
    this whole misunderstanding stems from the fact that early hackers
    (myself among them) used to, shall we say, explore beyond the
    boundaries of our own systems in order to figure out how different
    architectures and platforms worked.  Remember that this was long
    before the Web, the explosion of "Dummies" or other computer
    how-to books, and in many cases in the absence of any available basic 
    system documentation.  We were interested solely in how things worked.
    We couldn't care less about reading someone's email (yes, we had that
    back then) or rifling through their files.  We wanted to see how their
    operating systems were put together, or how their machine communicated
    with other machines.  Most of the time there wasn't even any security 
    in  place to crack.  Security wasn't designed into systems then, as there 
    weren't any malicious hackers around to require it. We all pretty much knew 
    one another.
    A lot of modern "hackers" have used the vague "quest for knowledge" as an 
    excuse for their intrusions, but most of what there is to know can be 
    gleaned without recourse to illicit activities these days, so that 
    rationale falls flat.  They're just mindlessly chanting a mantra whose 
    origin they don't really understand.
    > The people who wrote to me, the good hackers, informed me in no
    > uncertain terms that the people I was describing are "crackers," and
    > I should be more careful to distinguish between the two labels.
    Crackers break into computer systems, for a variety of reasons.  Cracking
    and hacking are only marginally connected.  The world is not divided into 
    "hackers" and "crackers."  If you must think of information security this 
    way, use the terms "white hat" and "black hat," respectively (though I 
    personally think those terms are misleading oversimplifications).
    > I've never heard the label "crackers" used in this context.  
    > "Computer cracker" is a new term to me, and I'll bet most of the
    > general public have never heard this meaning of the word, either.
    It's a common, accepted term, and has been for years.  I suggest that
    you do at least minimal preparatory research before you write about a topic 
    in the future.
    > Perception is reality
    This is a copout and a circular argument.  The press have created this
    "perception" by abusing the reality.
    > Words mean what people think they mean.
    Thank you, Humpty Dumpty.  Be careful not to sit too close to the
    edge of that wall.  What you're really saying is, "words mean what
    the media decides they mean."
    > Most of us in the non-computer community consider anyone who breaks
    > into, or tries to break into, a secure computer system to be a
    > hacker.
    Yeah?  Well most of us in the computer community consider anyone
    who writes about things they don't understand to be "clueless."
    > The definition that the general public understands is very different
    > from the one the computer community accepts. Each perception is
    > accurate for each of the respective groups based on their experience
    > and information.
    The general public only knows what the press tells them.  If writers
    don't bother to check on the definitions of words they use, it's
    not surprising that the public has come to misunderstand what hacking
    is.  Responsible, professional journalists subscribe to the notion
    that theirs is a position of public trust, in which it is the duty of the
    reporter to convey information factually, accurately, and without
    bias (unless otherwise stated).  This includes doing research on
    the meanings of words before you use them in a sentence.
    > The "good hackers" told me the media is to blame for the
    > misunderstanding by spreading inaccurate information about what the
    > computer experts actually do. That may be partially correct, but it
    > seems to me that those same computer experts carry some
    > responsibility to educate and inform their various detractors. They
    > certainly did it to me when they felt unjustly attacked. They might
    > be able to provide simple definitions such as:
    Again, we've been doing just this for years.  I went to Google and put in
    "hacking" and "definition." I got 109,000 returns.  You obviously haven't
    done any research whatsoever.
    Here, since you don't seem to have access to your own dictionary, are
    some of the other definitions of a hacker:  "a person who is inexperienced 
    or unskilled at a particular activity," "a person who works solely for 
    mercenary reasons," and finally and most appropriately on this occasion, "a 
    writer who aims solely for commercial success."
    I think we've uncovered the real "hacker" here.
    Robert G. Ferrell
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Dec 12 2002 - 04:18:02 PST