January 2nd, 2019 – by Andrew Ysasi and guest writer Chris Robert
If you are reading this, you may be here to get some validation or confirmation that hackers are good. Well, I have it for you. As a youth, I grew up watching movies like War Games, Sneakers, and Hackers. I also read books such as The Cuckoo’s Egg, earned the Security+ and CISM certifications and continued to read textbooks, periodicals, and put my skills to use. Despite my efforts, I have barely scratched the surface of hacking, and as it evolved the skills needed to be a hacker have long left me. Well, that is enough about my barely novice-level skills. Chris Roberts provides content and validation to this article. Yes, this or THE Chris Roberts. I want to thank him for his contribution. We both share the same frustration of hackers being mischaracterized. My goal is to shine a light on why people who hack do good, and how a majority of hackers are well-intentioned.
Hackers by one definition are not considered criminals. According to Merriam Webster, the third definition of a hacker is “an expert at programming and solving problems with a computer,” but the fourth definition states, “a person who illegally gains access to and sometimes tampers with information in a computer system.” After reading this article, we hope that Merriam Webster considers revising the fourth definition to possibly, “Hacker: not to be confused with someone who illegally gains access to and sometimes tampers with information in a computer system, otherwise known as a criminal or thief.” Now, without further delay, below are how Chris and I explain hackers. If inquiring minds want to know, not even a dram of whiskey was spilled during the writing process.
Hackers are incredibly smart. Their technical skills are top-notch. They can make, break and repair computers, troubleshoot anything with a power supply and microchips, and install networks across the globe, work in cloud, IoT, ICS and other environments, have a vast knowledge of storage systems, operating systems (Linux), and they can code in more languages than most people can speak. Some technical people make a great living doing just one of the above skills. Hackers use them all. Tools can be applications, code, or knowledge. Most of these tools are readily available free, some they pay for, and others they build on their own. They are curiosity junkies when it comes to information security, and they may have another hobby or activity they approach with the same enthusiasm.
Hackers understand people. They often study how people work and how they access their systems. They have watched their colleagues and users they support throughout the globe. They know you are overworked and underpaid, or you may be highly successful. Either way, your guard is down, and they know it. They understand how money works, and without money systems, businesses, and governments cannot operate well – or at all. They know billions of people do not have the technical skills they do, and they know common tendencies. They know most people do not bother to encrypt their data, protect their credentials, or protect their portable storage and Wi-Fi networks. They can gather information about your life or organization in a matter of minutes, and manipulate that information to do their bidding. They know you leave digital breadcrumbs all over the Internet, and that most of this information is easy to obtain. They probably know you better than you know yourself if they bothered to find out. Hackers know most people do not understand how data travels. Hackers rely on the fact that you have the key to protecting your information (hopefully), but you probably do not know how to use it to lock the door. They can apply social engineering and pretext to find their way into systems through people. Hackers may have the stigma of being socially awkward, but they can go into character to get what they need from someone.
The Perfect Weapon
Hackers can be anonymous. With a lot of planning, they can be virtually impossible to find. With the use of cryptocurrency and a little bit of savvy, they can create a virtually untraceable path. With their skills, tools, and knowledge of how people work they are formidable. Throw in some traditional education, and they become the perfect weapon. Why? Because they can deploy their knowledge for whatever means of their choosing and whatever target they want. One might call them dangerous. Hackers could be as hazardous as a boxer or MMA fighter if they chose to deploy their skills on you. Only you wouldn’t feel the punch until you woke up, or you may not even know they were in your home and they leave no trace of their work, like a modern-day ninja.
Hackers are not criminals. They turn criminal if they choose to use their knowledge and tools to commit crimes. There are petty criminal hackers who get caught, and there are organized criminals who are very sophisticated, and there are governments who use hackers to break international laws. When someone identifies as a hacker, and few do, do not automatically think they are up to no good. Boxers and MMA fighters use their skills to make a living, not to beat people in bars or on the streets for fun. Rarely do criminals go around to the masses and proclaim how smart they are because they hacked someone or something. So, if you meet a hacker thank them. Chances are they are protecting someone or something from a criminal. They are reducing risk so that businesses and governments can thrive. Consider employing, contracting, or just chatting with a hacker. You might find a hacker useful someday, and it is always good to know someone who can get you or your organization out of a jam. A hacker might help you avoid a fight, which are the best fights to have.
Chris Roberts works for a security firm and Denver, Colorado. Chris speaks all over the world on security and is a sought-after expert. Chris currently works on many projects, and over the years, he’s founded or worked with a number of companies specializing in DarkNet research, intelligence gathering, cryptography, deception technologies, and providers of security services and threat intelligence.
Andrew Ysasi is a Vice President at Vital Records Control and President of IG GURU®, an information governance news organization to ensure relevant IG news is shared with the IG community. He has volunteered with ARMA, the ICRM, worked as an adjunct professor and founded a career consulting practice called Admovio® where he is featured in CIO Magazines IT Resume Makeover Series. Andrew has spoken across the United States and contributed to ARMA’s Information Governance Body of Knowledge (IGBOK). He holds the following certifications CRM, FIP, CIPM, CIPP, CISM, PMP, and IGP.