The Myth of the Ethical Hacker

Discussion in 'Blogs' started by Mike, Jun 20, 2011.

  1. Mike

    Mike Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Jul 22, 2005
    Messages:
    8,488
    Likes Received:
    783
    "From the rise of retro fashion trends, art, music, and literature (as inspired by some great 21st century works of literature like "Pride and Prejudice and Zombies" and the complete stereo remastered works of The Beatles), I explore the notion of a Hacking Renaissance taking place today and discuss the flawed concept of Ethical Hacking. Through bank bailouts, to failed economies, and government corruption, aren't self-purported hackers simply playing the same deviant game as the "real" 3L33T?"


    Someone once said “the road to hell is ‘pwned’ with good intentions”. Wait, is that really what they said? Is hacking as American as apple pie? Maybe, since apple pie isn’t originally from America. But as of late, the group Lulz Security has put on quite the show. And mounting evidence suggests that their blatant hacking attempts at some of the world’s largest corporations and government organizations are inspiring copycat hacking around the world. And according to some of their tweets on Twitter, the “1990s are back”.

    The 1990s spawned the advent of the popular Internet, and with it were groups of self-proclaimed hackers. The group 2600, which had been famous in the 1980s for its anarchy-inspired schemes to hack pay phones and modem-based services, suddenly became a mainstream publication at the bookstore next to copies of music magazines like Alternative Press and Rolling Stone. Suddenly it was cool for hipsters with goatees to go to the local bookstore and read about how to perform a kernel upgrade in Linux.

    Perhaps, ironically, and to stay in context, by the end of the 1990s, Internet use around the industrialized world had become virtually universal, and instead of people locking themselves away onto archaic dial-up bulletin board systems (BBS), infrastructure was being built all over the world for what has now become household fiber optic and coaxial cable networks. For what was once only a luxury of Wall Street traders and academics, high speed Internet access was quickly replacing the slow dredge of dial-up. The 1990s saw the advent of hacking in its most raw sense: The US entry into the first US Gulf War was widely discussed on Internet Relay Chat (IRC) – a chat protocol that would, not long after, become synonymous with botnets, illegal activity, and the “dark dungeons of the Internet” as termed by US Vice President Al Gore.

    With the advent of, first, Prodigy, CompuServe, and ultimately America Online here in the United States, the first signs of script kiddies, Internet memes, and the strange oingo boingo style traditions of the Internet netherworld would eventually become popular. With the quick releases of Windows 98 SE, Windows ME, Windows 2000 and ultimately a largely pre-Service Pack 1 Windows XP, hacking took on a life of its own. Perhaps hacking became main-stream for most non-computer users in 1995 – with the release of the actual movie called Hackers - inspiring millions of teenagers in the Western world to pretend that they were elite or (31337). After all, if you were a real hacker, according to Hollywood, you had to drink tons of Jolt cola (apparently the 1990s version of Tang – the pink canned 80s drink that had a holistic “cool” factor for those in the know). In that sense, the group of kids in Hackers were fighting the good fight while wearing sunglasses and trying to destroy a nefarious computer system that was really a giant television with a dotted outline of a boat.

    Perhaps hacking did take on somewhat of a life of its own in the 1990s. Those self-proclaimed elites in society, who were so special that they decided to sit around in Mom’s Basement for hours writing viruses to destroy someone else’s property, weren’t content enough with the idea that they were just simply, well, “elite”. Going from playing Dungeons and Dragons and Magic the Gathering all day to taking over college university systems must not have been easy. So to stand out even further, several terms emerged. Instead of just being a hacker, you were either a white hat hacker or a black hat. It is possible that some geeks at IBM coined the term to make themselves feel better about conducting corporate espionage, as the term white hat was meant to convey the approach of “ethical hacking”. Although we may never know the true origins of the word, the idea of ethical hacking has always struck me as being kind of at odds with reality. Is it really OK to drain the river to save the lake?

    Isn’t ethical hacking an oxymoron? Isn’t that kind of like euthanasia, or blowing up part of a village to prevent the water supply from becoming contaminated? Anyway, whatever you want to call it, by the end of the 1990s, ethical hacking had become main stream. In the United States, the National Security Agency (NSA) began offering certifications for ethical hacking in team management environments. I suspect this was in between listening to people’s telephone calls.

    And the 1990s also saw the term “black hat” hit the main stream. Well that was pretty much anyone who decided to use their elite skills of screwing up computers for “evil” purposes: Like screwing up computers. In 1996, the US Congress passed the Telecommunications Act, which allowed media companies to consolidate and work in multiple markets. So if a company like AT&T wanted to get into the Internet business, it certainly could. Within a few years, most local ISPs in the nearby towns (the mom and pop ISPs) were put out of business by large cable companies. And the first major acquisitions, expansions, and creation of television, Internet, telephone, and wireless conglomeration companies by multi-national corporations became a fact and way of life. Not soon after this, the US government would repeal Great Depression-era New Deal provisions that prevented banks from gambling with your money… I guess back in those days someone realized that anyone who already has all of your money kind of has a vested interest in making sure you never get it back. Maybe someone forgot about that?

    So how did hacking become main stream, and what is with the 1990s nostalgia now rumbling about? A lot of this, according to some people, has to do with a cultural nostalgia in general. The 00’s (or zeros) saw a cultural decline in works of art in the west, in favor of excess. Much like the 1980s, the 00’s, for a lot of kids who grew up in the era, was a major downer: in some cases, literally. The number of people, especially kids, being given prescription drugs for mood disorders like depression and anxiety nearly doubled. Confirmed cases of post-traumatic stress disorder (PTSD) also increased. And then there was the threat of terrorism. With western economies no longer exploding out of greatness, but out of a lack of funds, with millions of people foreclosing on their mortgages, and with unemployment skyrocketing, The Beatles became the bestselling artists of the 21[SUP]st[/SUP] century. By the 2010s, a complete revival of everything retro was in full swing. Pop stars had begun wearing 1980s garb, new music reminiscent of 1960s pop music, and early 90s pop rock and grunge had started to become hip. As independent artists became disenfranchised with a decaying underground, they began to explore the inner workings of what could be conceived as the mysterious popular culture of the 60s, 70s, 80s, and 90s.

    And who can forget 4chan? As mainstream media companies became consolidated by the real elite class (those people who make up 1% of the population but control 40% of the wealth), collective groups of Internet weirdoes, entrepreneurs, and general social outcasts decried this new age of conglomeration by creating non-mainstream outlets of their own. By the mid-00s, the hacking group Anonymous had emerged. Major sites like Wikipedia gained large philanthropic support, while the seedy underground sites like MemoryHole, Prison Planet, What Really Happened?, The Pirate Bay, and WikiLeaks began their operations. Is it possible, that in the face of rampant corporatism, purported hackers had found their calling?

    Not quite. Lulz Security traces its origins to 4chan. But then again, so does every weird hacking group and social outcast that makes a big splash on the net. They also have a giant ASCII pirate ship on their website. They hack companies like Sony with the justification that confidential user information is stored in SQL databases full of plain text. And they love the 90s. Following Lulzsec around on Twitter for a while showed me the danger of people claiming the moral high ground when they don’t really have one. What’s so cool about releasing the e-mail addresses and passwords of a bunch of elderly people because you exported a copy of someone else’s database by year? What’s so ethical about that?

    I began to question this weird fascination with retro culture and the idea of hacking being a joke, or “for the lulz”, very recently. Why hack a company like Sega and release one million records of user details? Isn’t it bad enough that the company is stuck making video games for Nintendo and Sony, or something? What’s the purpose? With terms like “Sail Strong Sunday (Saturday?)” and “F*** FBI Friday”, Lulzsec may try to appear like they’re doing the world a favor. But what is it they’re really doing, except compromising people’s personal security? Isn’t it bad enough that people are losing their jobs, homes, and even their sanity?

    I ask these questions now, because one of my websites was hacked recently. It had nothing to do with the forums, the passwords were secure, and decent security measures were taken. The site in question lists some of the business partners I’ve worked with and I put it on my business cards so that prospective clients can look up my IT background. In 2006, I donated some money to the company that the site is hosted on to help keep their small operation in business. They don’t even have a phone number for tech support, but their team burns the midnight oil and works hard. In exchange, I was given a free shared hosting account there for life. And that site was hacked. Not due to lax security precautions, but because the content management system (CMS) I was using simply hadn’t been patched in about a year. You see, I was kinda too busy having a life.

    The elite hacker who did this likely knew nothing about me, was able to overwrite one file in my public_html folder using a flaw in the software, put some reggae music on a webpage on repeat, and the KiNG of HaCKeRs” proclaimed himself champion of my obscure webpage. God forbid I might help someone else fix their computer. He also gave a shout out to all his hacker friends. A search for this King of Hackers on Google helped me find a cache’d article about a few Brazilian government websites that were hacked in the same fashion. Maybe they were running Joomla 1.5 too? Within a few hours my site was back online. The King had pointed out my glaring inadequacy at not updating my website’s back-end once a week. There were no real other problems. Besides the fact I didn’t want to pay $2,000 a month to host a website that has a 90KB database that has my resume on it.

    So while there’s some people out there who think the idea of hacking is “cool” – especially kids and teens who read about the all-powerful Lulzsec, the hacking group that has defied the FBI and CIA, and has gone after “the man”, I’m not too sure this is a new renaissance for hacking. In 2003, nearly half a million people protested against the Iraq war in New York City alone. No one could end that war. Even Julian Assange, a journalist, has been labeled a hacker. His source, an army intelligence officer named Bradley Manning, has been hanging out in a federal prison, first without clothes, and still without a trial, for years. And this wasn’t “ethical hacking”, it was reporting the news. You know, like civilians and reporters being killed for the wrong reasons? It seems to me that the new prevalence of hacking, or whatever you’d like to call it, becomes an indictment on popular culture and society as a whole. After all, everyone knows that being accused of hacking publicly is a big deal. But there seems to be some confusion about “ethical hacking” – a concept that was created by individuals who probably wanted to get away with murder if they could. Once we dispel the myth that hacking is actually good for society, we can see that these groups are filled with individuals whose goals are in defiance of the way of life of people living in a free society. And that is a scathing indictment. There is no redeeming value to breaking into someone’s property and playing Robin Hood, even if it is in a virtual world.

    I ask myself: Where does this all lead to? And my conclusion is nowhere land. Today, the country I live in is at war in Yemen, Pakistan, Iraq, Afghanistan, Libya, and probably several other countries I can’t think of right now. When I was a kid, I remember being taken to the Vietnam War Memorial. And the Korean War Memorial. I was told that these memorials were there so that wars like these would never happen again. So what kind of war is Lulzsec, or other “neohackers” fighting? Not the war that peace activists like Robert Kennedy, Martin Luther King, or John Lennon fought for. Do the hackers today remember living a life when the nation they lived in was not at war? Are they simply using asymmetrical warfare of their own on perceived enemies?

    One comes to the conclusion that people have a fascination with the past because they can’t control the present – or the future. And that certainly isn’t a very ethical situation to be in. So while millions of video game console owners were denied the ability to use the Playstation Network for a while, thanks to hackers fighting the purported good fight, a lot of people probably lost their jobs. Sony certainly didn’t go out of business or stop making Playstations. But even if they did, perhaps that would have been an even greater tragedy. When Nintendo was hacked, people still kept buying consoles. When Lockheed Martin was hacked, they didn’t stop building bombs, but I sure bet someone lost their job. This is the problem that you start to face when you begin to believe that the end justifies the means. Maybe you're trying to oust the tyrants, but in doing so, you deny millions of adults and kids a chance to enjoy the products and services they have. I remember as a kid growing up, that video games helped me get through some tough times. Why don't you just steal the candy right out of the baby's mouth while you're at it?

    So what is the purpose of hacking? In the 1980s, maybe it was anarchy by intellect. And a lot of guys with too much time on their hands. So much time that they were using baud-rate modems to perform their nerd-based power plays. In the 1990s, it seemed to be all about exerting a false sense of power over others. While you were watching the latest episode of The X-Files, there probably was a real guy out their on the Internet named "2shy" stalking only fat women and hacking into their computers.

    In the 2000s, it seems like it was about a bunch of people trying to put each other out of business with phishing attacks. By the late 1990s, the various kings and princes from Nigeria had accumulated so much wealth that they had launched massive e-mail campaigns to all of Europe and North America to give away their fortunes. In exchange for every single piece of private information that could possibly be sent their way through intermediaries and surrogates of their choosing, the fortune of a Nigerian prince could be yours. Alternatively, you could simply hit the OK button on your browser repeatedly when hitting a random website in order to give them direct access to your computer.

    And now in this decade, it seems to be all about 8-bit art, bad retro references to The Love Boat, and pretending you weren’t born in the ‘90s. It’s about showing people how “insecure” they are for their own protection. It strikes me that it’s the same as the big bully on the playground, projecting all his fears on those nerds. Maybe, in the future, ethical hacking will involve unplugging your own modem before you decide to publish a million e-mails and passwords of unsuspecting consumers.

    Ultimately, hacking was, is, and always has been a self-serving and illegal hobby. The concept of ethical hacking is a myth propagated by security companies that want to hire criminals and engage in what society would classify as deviant behavior – i.e. behavior going outside the acceptable standards of decency that the majority of society is willing to accept. Deviant behavior comes in many forms, but self-serving deviance is the essence of hacking. Despite rumors of fighting the good fight, taking down the multi-national corporations, or throwing a wrecking ball at our corrupt government and intelligence agencies – hackers are still disrespecting, not just the rule of law, but common law itself: Laws that people fought and died for since the signing of the Magna Carta, and even before. However, hacking groups today purport themselves to be freedom fighters – fighting for justice by destroying computer infrastructure and denying access to basic Internet services. Wasn’t that considered deviant when Internet access was blocked by the Middle Eastern governments recently?

    These days, hackers have a new alibi for their malicious and often childish pranks. These pranks can often lead to the loss of a job or business. And when we view that fact from a distance, it may not seem like a big deal. But how do the governments of the world pay for basic services for their people? How do people provide basic services for one another? It is through production. When production is disrupted on a wide scale, this can create a crisis of confidence of all people. And is this not deviant? Do hackers have a novel idea that they need to get back at the government for the bank bailouts and corporate marriage between government and business?

    Recently, hacking groups have gone after entertainment companies and government intelligence agencies. When a business receives capital, in their perspective, it does not matter where that money comes from. They are going to spend it to make more money. The nature of business is to turn a profit. It is one of the founding principles on which all of the success of USA and other democracies has based on. Like it or not - this is not deviance. And I am truly amazed that people are still outraged, not that the government has spent their tax money, but that businesses actually used the money for funding their business and investing in their employees’ success. In 2009 we were looking at four bailouts of AIG and three bailouts of Citigroup. And still, the government continued to spend taxpayer money with additional quantitative easing measures that cost working class families trillions of dollars. The government’s accounting practices are more deviant than the corporations that hacking groups like Lulz Security attempt to go after. In relation to this anomaly and now the resurgence of hacking, I wrote, some time ago, about the bank bailouts and how deviant those were. I wrote, “When asked if the government should allow delinquent banks to fail on an interview on 60 Minutes, Sunday March 15, 2009, the Chairman of the Board of Governors of the U.S. Federal Reserve, Ben Bernake stated, ‘If your neighbor’s house is on fire because he smoked in bed, you would be angry at your neighbor. But if your house is made of wood, you need to put the fire out first, and then deal with improving the fire code.’ (paraphrase). This was an analogy to the banks having out of control practices. My response to this would be that it was government legislation that created this economic crisis and allowed the banks and mortgage companies to issue subprime loans. In ancient times, the city of Rome was built so well, and their fire code was so strong, that there were rarely any fires. So Nero allowed Rome to burn, and had his firefighters create fires throughout the city, to extort the landowners. The same management practices allowed us to spend over nine trillion dollars in eight years and create no new jobs. It goes outside of the principles that our government was founded upon. Imagine, the entire American Revolution was started over a small tax on tea, and now we allow our government to spend one trillion dollars giving our money to bankers.”

    Are hackers not similarly responsible for disrupting free market economics around the world? What do they hope to accomplish? The real answer is self-serving interests, and that is not only deviant, but a net negative for everyone. Who knows what interests large hacking cartels really serve. Contrary to statements being made by Lulz Security, online hacking does not make everyone more secure by exposing holes in security. There are far more responsible ways to do that. These are proven methods that are brought to the attention of software developers around the world: at conferences, conventions, in academia, and in business. Those methods involve reporting vulnerabilities to the enterprise administrative teams that manage business security, open source projects, and the development of commercial software. Releasing names, credit card numbers, addresses, social security numbers, and other personal data erodes the privacy entitlements, personal rights, and civil liberties of people around the world.

    In the past, the Internet was used for research, exchanging information, assisting the handicapped, academia, group therapy, rehabilitation, and remote assistance. In other words, it wasn't used for shenanigans, and it actually enriched peoples' lives. Have a look:



    Today, the top uses of the Internet include online pornography and shopping. Hacking also seems to be on the menu. As the old saying goes, “Choose your enemies carefully, for you will become like them”. And as a new era of hacking has been ushered in by "newbs" taking their cues from a generation of hackers that probably grew up or ended up in jail, we are left with yet another emperor that has no clothes: A pixelated cat flying through the air with a rainbow behind it. A group that identifies itself with the mask from V for Vendetta and Guy Fawkes. Shouldn't we be striving for just something, maybe, say, a little better? If there is any constructive message of these groups, surely a real face can be put on them, and real acts of civil disobedience can be used to usher in reform. Right? When you realize that widespread hacking actually kills jobs, damages livelihoods, and does nothing except screw people over en mass its not hard to come to a conclusion that, really, the imagery isn't funny, and there's so much better we can do both individually and collectively.

    As the Internet matures, it becomes very clear that there are two roads society can travel on with its new experiment. Much like fascists have tested the resolve of free peoples throughout history; it doesn’t take a rocket scientist to see that hacking itself will one day be used as an excuse to try to regulate the Internet.

    Yet in a culture of instant gratification, any astute observer should realize that we are, as a collective society that is somewhat wired to the Internet, approaching the lowest common denominator.

    References:

    Lulzsec - Twitter

    Anonymous (group) - Wikipedia, the free encyclopedia

    The Case for Ethical Hacking

    Lulz Security Says It Hacked Sony, Nintendo, U.S. Senate - The Washington Post

    Hackers steal personal data of 1.3m Sega Pass users
     
    #1 Mike, Jun 20, 2011
    Last edited: Aug 9, 2013
  2. Captain Jack

    Captain Jack Extraordinary Member

    Joined:
    Mar 6, 2010
    Messages:
    1,952
    Likes Received:
    139
    Nice write up Mike ....
     
  3. patcooke

    patcooke Microsoft MVP
    Staff Member Premium Supporter Microsoft MVP

    Joined:
    May 16, 2010
    Messages:
    5,454
    Likes Received:
    268
    Good food for thought.
     
  4. nmsuk

    nmsuk Windows Forum Admin
    Staff Member Premium Supporter

    Joined:
    Sep 7, 2009
    Messages:
    2,694
    Likes Received:
    194
    Nice write up. I think of ethical hacking as civil disobedience for the 90's and 00's. Wouldn't do anything like that myself but I can understand where a lot of the antisec movement comes from. For too long users of the internet have become complacent about security.
     

Share This Page

Loading...