We’ve received some e-mail recently from firms who are seeking to plug security holes by hiring people called “hackers.” One company spokesperson wrote, “I’m afraid to open ourselves up to someone who knows how to shut us down.”
You can always turn to the secure services of IBM’s Ethical Hacking Unit, but our experience is that most people identified as “hackers” are just young people interested in high technology. And now more than ever, the trend is for former hackers to make the transition to getting legitimate jobs in computer security.
In some hacker circles, group members invoke the names of Star Wars characters (search for “Boba Fett” on one of these newsgroups and you’ll be deluged) to make points. Some of the harshest comments are directed toward hackers who have now legitimized themselves by getting “real” computer jobs.
Usenet newsgroups are full of messages much like this one: “It’s like Anakin Skywalker (Luke Skywalker’s father, before he became Darth Vader) being seduced by the Dark Side of the Force,” wrote one hacker.
This is nice as far as myth goes, from teenagers who like to wield club names like “Legion of Doom” as if they were weapons, but it bears little relation to reality.
Said one prominent former hacker who now provides security services to the Internet megaprovider BBN, which recently became a division of GTE, “Only very few groups, I’d call them fringe groups, were interested in really taking down systems and screwing things up. We were never malicious, at least not intentionally. If we’d shut down some phone lines, it wasn’t because we were trying to. We just wanted to learn, to be in on it. We were kids.”
According to another security specialist who provides security services for a New England-based ISP, “It was like flying a plane under radar. We never damaged anything on purpose. What we wanted to discover is whether we could get in.”
Typical of such people is David Buchwald, an information security and privacy consultant in New York City. As a teenager — he’s now 28 — Buchwald was enmeshed in hacker culture, writing articles for 2600, a hacker magazine.
“In the mid-’80s, things were not networked the same way they as they are now. All you had to work with was a 300-baud modem. A lot of what we learned we picked up by trading bits of information back and forth,” said Buchwald. “It’s not like now when you can walk into a Barnes & Noble and see ten books on telecommunications architecture. We didn’t learn from textbooks. Now it’s a different world. You have direct access to millions of hosts over the Net. If a hacker wants to get into the industry, he can buy a Pentium for $700, get Linux for free, hook up to an ISP, and practice on his own machine without breaking the law.”
And breaking the law was far from Buchwald’s mind when he was hacking. “When I was a kid, my dream was to work for the phone company. When I was a hacker, all I wanted to do was play with this equipment.”
And now he can play — and get paid for it.
———-
Are you plugging any security holes? We want to know.
