For starters, I’m going to say that hacking is neither good nor bad. Most folks in the technology world are hackers, meaning they either put together something that isn’t really good sometimes to get the job done or just continue to bash their heads against a problem until they get a solution. This definition gets lost on most folks because “hackers” are shown as a stereotypes (mainly sitting at computers in the dark, being Hugh Jackman
or battling massive computer images) and mainly you only hear about them in the negative sense. Hacking is neither good nor bad…it is the intent that makes it one or the other.
In the westerns of old, you knew the good guys because they were wearing white hats and the bad guys by the black hats they were wearing. That has carried over into the modern age. There are white hat, or ethical hackers, and there are black hats or malicious hackers. Both the white hats and black hats will frequently have the same set of skills, same knowledge and even use the same tools. The difference is that the white hats will disclose the weakness they discover or actively try to counter attacks or just try to make computers and applications a little safer. Black hats are in it either for money, politics, nationalism, mischief or, and this is still the case with some folks, to just see if it can be done. And the most confusing is that folks switch hats all the time or they will be perceived as black hat when they will see themselves as a white hat or vice versa. Governments employ hackers in droves and its only folks on the receiving end that see them as bad.
I grew up with computers. Before the internet, before Google and before there was a lot of knowledge widely shared about how to do things. If you were going to use computers, you had to be a hacker. You had to figure out a way to make it work, because if you didn’t all you had was a really expensive paper weight. Hackers used to be more along the lines of Ferris Bueller and less like Hugh Jackman.
For me, being a hacker means you have skills, knowledge and a desire to figure it out. Most of what you see in the news are not hacks. They are exploits or compromises. Target wasn’t hacked, just like Home Depot wasn’t hacked. The point of sale systems, which are the second weakest point in the sales chain, were compromised with a bit of code and known exploits. These systems are frequently running massively out of date operating systems with proprietary software with poor security with lots of folks having access to them. To me…that’s not hacking. There was no art to it, just like with ATM skimmers…it’s a small kit that anyone can buy and if you have a bit of time you can use it.
Another thing that is going on is that there are these big “hacks” where the news reports millions of accounts are compromised. The problem is that these lists of big hacks could really just be a consolidated list based on smaller compromises or out dated information that could not get you into a Denny’s, let alone an email account or bank account.
Some of this is old hat…but you should read my previous post on building a castle, because everyone needs security.