The good and bad of computer hacking

[InfoSec News <isn () c4i org>]

http://www.jsonline.com/bym/career/dec02/101856.asp

J. Robert Parkinson
jrp@@parkinson.com
Dec. 8, 2002

In early October, I wrote a column about how words influence the way
we view and act upon situations. I made specific reference to the word
"hacker" and how the word seems innocent, even cute. But I said it
actually describes an action that is criminal.

I said hackers are guilty of "breaking and entering" because they
intrude into computer systems that are the private property of others.

There was more to the column, of course, but that was one of the main
points. Well, did I get reactions from readers! I received dozens of
e-mails telling me I didn't know what I was talking about.

Hackers, I was told, don't do those things. Real hackers provide a
valuable service by checking and assuring the security of many
computer systems.

The people who wrote to me, the good hackers, informed me in no
uncertain terms that the people I was describing are "crackers," and I
should be more careful to distinguish between the two labels.

I've never heard the label "crackers" used in this context. "Computer
cracker" is a new term to me, and I'll bet most of the general public
have never heard this meaning of the word, either.

Along with chastising and correcting me, readers sent long definitions
from a variety of sources to help educate me on the important
distinctions between hackers and crackers. For that I say "thank you."  
It's always important to continuing learning, and I'll be aware of the
distinctions in the future.


Perception is reality

There is another broader lesson here, however, for all of us, and it
relates to the old adage, "Perception is reality."

Words mean what people think they mean.

Most of us in the non-computer community consider anyone who breaks
into, or tries to break into, a secure computer system to be a hacker.  
So in our minds, that is a valid and accurate label. For the "good
hackers," however, our label and definition doesn't fit them. It
describes that other group.

The definition that the general public understands is very different
from the one the computer community accepts. Each perception is
accurate for each of the respective groups based on their experience
and information.

The "good hackers" told me the media is to blame for the
misunderstanding by spreading inaccurate information about what the
computer experts actually do. That may be partially correct, but it
seems to me that those same computer experts carry some responsibility
to educate and inform their various detractors. They certainly did it
to me when they felt unjustly attacked. They might be able to provide
simple definitions such as:

Hackers test computer systems to determine how secure they are.  
Hackers often are employed by companies to test their systems in order
to protect them and the public at large.


Mischief makers

Crackers, on the other hand, break into secure systems just to see if
they can do it, and sometimes they create mischief.

There is a clear distinction between these two motivations. One is
honorable, valuable and legal. The other isn't.

All of us in business know what we intend when we send messages to our
clients and customers. What is really important, though, is what our
clients and customers think we mean. Their thoughts and
interpretations dictate their feelings and reactions.


Sending the right message

If, somehow, they misunderstand our message, it isn't their fault;  
it's our fault. We didn't craft the message accurately. Because words
mean what people think they mean, we must consider not only what we
believe our words to mean but also how our words might be interpreted
by others.

That's the real lesson for all of us behind the strong reaction to the
hacker column.

Once again, to all of you who took the time to write and educate me I
say thank you and keep writing. I hope we all learned a good lesson
not only about computer labels, but also about the need to pay close
attention to all the words we use in business and how others might
interpret what we say.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.