Re: The good and bad of computer hacking

[InfoSec News <isn () c4i org>]

Forwarded from: Robert G. Ferrell <rferrell () texas net>

At 02:23 AM 12/11/02 -0600, you wrote:

> In early October, I wrote a column about how words influence the way
> we view and act upon situations. I made specific reference to the
> word "hacker" and how the word seems innocent, even cute. But I said
> it actually describes an action that is criminal.

If you think "hacker" is innocent or cute, you need to spend some
time with Mr. Webster:

"One who cuts or severs with repeated irregular or unskillful blows"
"One who cuts or shapes by or as if by crude or ruthless strokes"

Charming.

Of course, the same dictionary now lists hacking as "gaining
access to a computer illegally," but that is the direct result of the
persistent misuse of the term by a careless and lazy press,
more interested in sensationalism than, say, accuracy.

> Hackers, I was told, don't do those things. Real hackers provide a
> valuable service by checking and assuring the security of many
> computer systems.

No, no, no, no, no.  Hacking has nothing to do with security.  Let me
reiterate: hacking has nothing to do with security.  I want you to
stand in front of a mirror and repeat that sentence until it sinks
in.  Hacking has nothing to do with security.  Hacking is a way of
looking at and solving complex problems.  Some of those problems
might involve security, but there is nothing inherent in hacking that
causes its practitioners to break into other people's systems.  I think 
this whole misunderstanding stems from the fact that early hackers
(myself among them) used to, shall we say, explore beyond the
boundaries of our own systems in order to figure out how different
architectures and platforms worked.  Remember that this was long
before the Web, the explosion of "Dummies" or other computer
how-to books, and in many cases in the absence of any available basic 
system documentation.  We were interested solely in how things worked.
We couldn't care less about reading someone's email (yes, we had that
back then) or rifling through their files.  We wanted to see how their
operating systems were put together, or how their machine communicated
with other machines.  Most of the time there wasn't even any security 
in  place to crack.  Security wasn't designed into systems then, as there 
weren't any malicious hackers around to require it. We all pretty much knew 
one another.

A lot of modern "hackers" have used the vague "quest for knowledge" as an 
excuse for their intrusions, but most of what there is to know can be 
gleaned without recourse to illicit activities these days, so that 
rationale falls flat.  They're just mindlessly chanting a mantra whose 
origin they don't really understand.

> The people who wrote to me, the good hackers, informed me in no
> uncertain terms that the people I was describing are "crackers," and
> I should be more careful to distinguish between the two labels.

Crackers break into computer systems, for a variety of reasons.  Cracking
and hacking are only marginally connected.  The world is not divided into 
"hackers" and "crackers."  If you must think of information security this 
way, use the terms "white hat" and "black hat," respectively (though I 
personally think those terms are misleading oversimplifications).

> I've never heard the label "crackers" used in this context.  
> "Computer cracker" is a new term to me, and I'll bet most of the
> general public have never heard this meaning of the word, either.

It's a common, accepted term, and has been for years.  I suggest that
you do at least minimal preparatory research before you write about a topic 
in the future.

> Perception is reality

This is a copout and a circular argument.  The press have created this
"perception" by abusing the reality.

> Words mean what people think they mean.

Thank you, Humpty Dumpty.  Be careful not to sit too close to the
edge of that wall.  What you're really saying is, "words mean what
the media decides they mean."

> Most of us in the non-computer community consider anyone who breaks
> into, or tries to break into, a secure computer system to be a
> hacker.

Yeah?  Well most of us in the computer community consider anyone
who writes about things they don't understand to be "clueless."

> The definition that the general public understands is very different
> from the one the computer community accepts. Each perception is
> accurate for each of the respective groups based on their experience
> and information.

The general public only knows what the press tells them.  If writers
don't bother to check on the definitions of words they use, it's
not surprising that the public has come to misunderstand what hacking
is.  Responsible, professional journalists subscribe to the notion
that theirs is a position of public trust, in which it is the duty of the
reporter to convey information factually, accurately, and without
bias (unless otherwise stated).  This includes doing research on
the meanings of words before you use them in a sentence.

> The "good hackers" told me the media is to blame for the
> misunderstanding by spreading inaccurate information about what the
> computer experts actually do. That may be partially correct, but it
> seems to me that those same computer experts carry some
> responsibility to educate and inform their various detractors. They
> certainly did it to me when they felt unjustly attacked. They might
> be able to provide simple definitions such as:

Again, we've been doing just this for years.  I went to Google and put in
"hacking" and "definition." I got 109,000 returns.  You obviously haven't
done any research whatsoever.

Here, since you don't seem to have access to your own dictionary, are
some of the other definitions of a hacker:  "a person who is inexperienced 
or unskilled at a particular activity," "a person who works solely for 
mercenary reasons," and finally and most appropriately on this occasion, "a 
writer who aims solely for commercial success."

I think we've uncovered the real "hacker" here.

RGF

Robert G. Ferrell
rferrell () texas net
http://rferrell.home.texas.net/rgflit.html 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.