The Mind Of A Hacker - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure
News
11/7/2003
11:39 AM
50%
50%

The Mind Of A Hacker

Why do hackers hack? They say it's to learn about technology and how computers work. That's small comfort to security pros.

Marc Maiffret is a hacker. Maiffret started hacking about six years ago, at age 16, when a friend at school introduced him to computers, and he got hooked on a digital-age narcotic: information. He consumed what he could about the Internet, computers, networks, and phone systems. "I wanted to learn more," says the guy whose teenage handle was "Chameleon" and whose hair color shifts from black to green to blue. Maiffret says some of his actions back then wouldn't meet with widespread approval. "When I was younger, I was up to no good," he admits.

Today, Maiffret could be considered one of the good guys. In 1998, when he was 17, Maiffret co-founded eEye Digital Security, which makes security software that has been adopted by companies such as Prudential Financial. Now he has the title of chief hacking officer, and he and his co-workers help to discover security flaws in software.

Hacker is a loaded word. The hacker community--and it's a thriving online community--includes technophiles, curiosity seekers, cybervandals, and outright thieves and fraudsters. The technophiles love to take apart software to see how it works or what they can make it do. Some write tools and applications such as password crackers, vulnerability scanners, and anonymity tools, and make them freely available on the Internet or hacker Web sites and message boards. Some devote long hours to uncovering flaws in software that make systems less secure by allowing destructive worms and viruses to gain access.

The others--the intruders, vandals, virus writers, and thieves--are criminals, pure and simple. At their most benign, they are trespassers, rummaging through proprietary systems and databases. Hackers also are responsible for Web defacements, denial-of-service attacks, and identity theft. Some see themselves as rebels or revolutionaries, "hactivists" spreading a message of anarchy and freedom. Some are simple mercenaries who write tools, known as exploits, to take advantage of security flaws and make it easier to penetrate systems. In some cases, they sell that information to spammers, organized crime, other hackers, or the intelligence services of foreign countries.

Hackers are blamed for unleashing worms and viruses that have cost businesses billions of dollars a year in damages. The problems they cause have gotten so bad that Microsoft last week created a $5 million fund to provide rewards for information leading to the capture of the people responsible for those attacks. Fed up with the damage done to its reputation and, increasingly, to its revenue stream, Microsoft, working with the FBI, the U.S. Secret Service, and Interpol, is offering a bounty of $250,000 to people who help capture those responsible for the Blaster worm and the Sobig virus, which wreaked havoc this past summer on systems and networks worldwide.


Marc Maiffret, 17,  co-founder of eEye Digital Security

Maiffret turned his hacking experience into a career by co-founding eEye Digital Security. "When I was younger, I was up to no good," he says.

Photo by Bryce Duffy
Hacker is a term with negative connotations for most of the technology community. "I used to call myself a hacker in the sense that I like to twiddle with stuff, but I don't use that word to mean that any more," says Marcus Ranum, senior scientist at TruSecure Corp., a risk-management and security vendor. "That word has been ruined by little selfish punks."

It's more than a question of semantics. Some of the positive that hacking represents--intellectual curiosity, tech savvy, innovative thinking--is overshadowed by its criminal aspects--the potential for grave harm and mass destruction--but it's a difficult line, especially for young people, who need to be encouraged to embrace technology and its potential. Also, recent laws such as the Digital Millennium Copyright Act and the USA Patriot Act may criminalize what some security researchers see as legitimate avenues of inquiry, limiting the technology industry's ability to help itself and eliminating necessary research or driving it further underground.

That's why it's illuminating to inquire about hackers: Who they are, what they do, and why.

Chris Wysopal is a hacker. Wysopal, VP of research and development at security consulting firm @stake Inc., advises businesses and government agencies how to better secure their computer networks and systems. He has also held jobs at GTE Internetworking and Lotus Development Corp.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Previous
1 of 5
Next
Comment  | 
Print  | 
More Insights
Slideshows
7 Technologies You Need to Know for Artificial Intelligence
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2019
Commentary
A Practical Guide to DevOps: It's Not that Scary
Cathleen Gagne, Managing Editor, InformationWeek,  7/5/2019
Commentary
Diversity in IT: The Business and Moral Reasons
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  6/20/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
Slideshows
Flash Poll