The Mind Of A Hacker - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure
News
11/7/2003
11:39 AM
50%
50%

The Mind Of A Hacker

Why do hackers hack? They say it's to learn about technology and how computers work. That's small comfort to security pros.

Marc Maiffret is a hacker. Maiffret started hacking about six years ago, at age 16, when a friend at school introduced him to computers, and he got hooked on a digital-age narcotic: information. He consumed what he could about the Internet, computers, networks, and phone systems. "I wanted to learn more," says the guy whose teenage handle was "Chameleon" and whose hair color shifts from black to green to blue. Maiffret says some of his actions back then wouldn't meet with widespread approval. "When I was younger, I was up to no good," he admits.

Today, Maiffret could be considered one of the good guys. In 1998, when he was 17, Maiffret co-founded eEye Digital Security, which makes security software that has been adopted by companies such as Prudential Financial. Now he has the title of chief hacking officer, and he and his co-workers help to discover security flaws in software.

Hacker is a loaded word. The hacker community--and it's a thriving online community--includes technophiles, curiosity seekers, cybervandals, and outright thieves and fraudsters. The technophiles love to take apart software to see how it works or what they can make it do. Some write tools and applications such as password crackers, vulnerability scanners, and anonymity tools, and make them freely available on the Internet or hacker Web sites and message boards. Some devote long hours to uncovering flaws in software that make systems less secure by allowing destructive worms and viruses to gain access.

The others--the intruders, vandals, virus writers, and thieves--are criminals, pure and simple. At their most benign, they are trespassers, rummaging through proprietary systems and databases. Hackers also are responsible for Web defacements, denial-of-service attacks, and identity theft. Some see themselves as rebels or revolutionaries, "hactivists" spreading a message of anarchy and freedom. Some are simple mercenaries who write tools, known as exploits, to take advantage of security flaws and make it easier to penetrate systems. In some cases, they sell that information to spammers, organized crime, other hackers, or the intelligence services of foreign countries.

Hackers are blamed for unleashing worms and viruses that have cost businesses billions of dollars a year in damages. The problems they cause have gotten so bad that Microsoft last week created a $5 million fund to provide rewards for information leading to the capture of the people responsible for those attacks. Fed up with the damage done to its reputation and, increasingly, to its revenue stream, Microsoft, working with the FBI, the U.S. Secret Service, and Interpol, is offering a bounty of $250,000 to people who help capture those responsible for the Blaster worm and the Sobig virus, which wreaked havoc this past summer on systems and networks worldwide.


Marc Maiffret, 17,  co-founder of eEye Digital Security

Maiffret turned his hacking experience into a career by co-founding eEye Digital Security. "When I was younger, I was up to no good," he says.

Photo by Bryce Duffy
Hacker is a term with negative connotations for most of the technology community. "I used to call myself a hacker in the sense that I like to twiddle with stuff, but I don't use that word to mean that any more," says Marcus Ranum, senior scientist at TruSecure Corp., a risk-management and security vendor. "That word has been ruined by little selfish punks."

It's more than a question of semantics. Some of the positive that hacking represents--intellectual curiosity, tech savvy, innovative thinking--is overshadowed by its criminal aspects--the potential for grave harm and mass destruction--but it's a difficult line, especially for young people, who need to be encouraged to embrace technology and its potential. Also, recent laws such as the Digital Millennium Copyright Act and the USA Patriot Act may criminalize what some security researchers see as legitimate avenues of inquiry, limiting the technology industry's ability to help itself and eliminating necessary research or driving it further underground.

That's why it's illuminating to inquire about hackers: Who they are, what they do, and why.

Chris Wysopal is a hacker. Wysopal, VP of research and development at security consulting firm @stake Inc., advises businesses and government agencies how to better secure their computer networks and systems. He has also held jobs at GTE Internetworking and Lotus Development Corp.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 5
Next
Comment  | 
Print  | 
More Insights
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Commentary
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Commentary
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
White Papers
Register for InformationWeek Newsletters
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
Slideshows
Flash Poll