Author, Applied Cryptography and Secrets and Lies: Digital Security
in a Networked World.
What is the role of hackers on the internet?
Historically, hackers have played a number of roles--some good, some bad. On
the one hand, hackers find vulnerabilities and point them out, and this results
in improved security. We're sitting in a world where often hackers are the only
ones holding up their hands and saying, "Look, this isn't any good. You're
being sold a bill of goods. This isn't really security." And they perform a
very necessary function doing that.
On the other hand, hackers also write tools to break into systems, which, when
they fall in the wrong hands, cause insecurity. So there's a balance. There's
good hacking and there's bad hacking. . . . And you can use your skills for
good, or you can use them for bad. And this is true for most every other aspect
of society. If you're a demolitions expert, you can blow up bridges for fun, or
you can do it because you're hired. The skill set is the same. Hacking is a
very important skill set in our society, because these are the experts in how
the systems work and how the systems fail. The people who use that expertise
for bad are bad people. People who use that expertise for good are good people.
Founder, President and Chief Executive Officer of Open Source
Solutions, Inc. (OSS).
What is the role of hackers in all of this?
. . . One of the reasons that I support hackers is that they have been telling
us for over 10 years that the emperor is naked. It's very erroneous to think of
hackers as criminals--that's not the case. Hackers are more like astronauts
pushing the edge of the envelope. Hackers have been identifying major
vulnerabilities in Microsoft products and Sun products and Dell products
and all kinds of computer and communications products. And nobody has wanted to
listen. . . .
Your view of hackers will come as a surprise, I think, to a lot of viewers,
who view them as greasy-haired, goth louts who are spending too much time in
front of a computer screen.
Well, I myself have participated in a very well attended debate on whether
hackers were a national resource--which is my position--or whether they are
pathological scum. I would say to you that it is the media's fault that hackers
are seen in this light. And it is the fault of the US Secret Service, and it is
the fault of certain governments around the world who chose to treat hackers as
a threat because they didn't understand hackers; they didn't understand the
electronic environment that that hackers were addressing.
The bottom line is that hackers are the pioneers in this electronic frontier.
They are way out in front of the rest of the world. They are seeing the
dangers, the vulnerabilities, the shoddy, unethical, inappropriate business
behavior by communications and computing companies. They're basically saying,
"Hey, look what we found." And everyone wants to shoot the messenger. . . .
Give me your portrait of today's hacker.
I will give you Sherry Turkle's portrait of a hacker. Sherry Turkle wrote a
wonderful book called [The Second Self:] Computers and the Human Spirit.
It was about the original hackers. The original hackers were MIT students,
individuals vastly endowed with great intelligence, selected by MIT as the best
and the brightest in the nation. And they began playing with the first Dell
computer. They began discovering that there were new and unusual things that
you could do with computers that once were things that punched cards.
Hacking is about exploring. Hacking is about going where no one else has gone
before. It is about finding new corners in cyberspace. It is about discovering
new worlds, and finding different solutions. A good hack is about doing
something better than it's ever been done before. That's why I'm here at the
"Hackers in the Twenty-first Century" conference. And that's
why I'm very upset that people don't understand that hackers are, in fact, a
national resource. You can't create a hacker. Hackers are born; they are very
special people. When the Israelis catch a hacker, they give him a job. When the
Americans catch a hacker, they kick him in the teeth and throw him in jail. And
that's not good.
Have you noticed a change from the early days of the hacker
I've noticed two changes. The first change is within the hacker community
itself. I am stunned to find that these thousand people who normally would have
slept through the day and been a disorganized mob started this conference on
time, had a program, and had mainstream speakers. Hackers have come of age.
Hackers are now a power unto themselves, as a community--not an illegal
community, not an unethical community--but as a community of vibrant knowledge
that is able to express its views to the media and to others in articulate,
I've also seen a change in the private sector and in government. They still
don't understand hackers. They still don't understand the communications and
computing environment as well as they should. We've talked here about the
abysmally ignorant federal regulators and the federal regulations that are
completely inappropriate--1950s regulations for 1990s and year 2000 technology.
But I clearly see that government and industry understand that hackers and the
views that hackers represent are a force to be reckoned with. Therefore, over
the next five to ten years, I anticipate that hackers will have a very
beneficial influence on the safety and stability of cyberspace.
Giovagnoni is the Executive Vice-President for Strategic Relations for
iDEFENSE, a private agency specializing in information intelligence.
How big a problem are hackers?
. . . I find hacking an interesting development in understanding the system.
All of these hackers that we deal with today were growing up on the internet
when it was more open. Ten, fifteen years ago, they were at home on their
computer, playing. And most of us learned what's right and what's wrong from
our parents. They tell us, "Don't put your hand on the stove or you'll get it
burned," or, "You shouldn't tell a lie." . . . That didn't take place on the
So a Lord of the Flies-type of environment was created there, because
there were no restraints. No one looking over their shoulders to tell them
what's right and wrong. And now we have industry coming on in, and saying, "We
need to make this secure and you shouldn't do this because it hurts others."
And that creates a problem for the hackers that are out there, because their
sense of what's right and wrong is different than the sense of what industry
believes is right or wrong. . . .
Hackers are a problem, for business and for my personal use of the internet,
because they raise the cost of me having access to it. It raises the cost of
doing business, and that's a concern. But on the other side, young hackers have
a problem, because we're taking away something that they feel, at this point,
is theirs--something that was open and free. . . .
What do you think of these hackers? What do you think of these
counterculture people who think that you're a big bully, who think that your
company is going to steal democracy out of the system?
I think again, with them, it's an education and awareness. I think what you're
dealing with here is that we are moving in on what they consider their
territory, and we have to find an accord to educate them. Because right now,
industry does have, and we, the American people, do have a valid stake in this,
and they have to make room to play. And until they all can use it effectively,
until we can educate them as to what should and shouldn't take place, it's a
It's a problem, because to catch one young hacker probably takes the resources
of 30 or 40 government individuals, or private sector individuals, four to five
man-weeks, and what are you going to do? Are we ready to drop the hammer on a
17-year-old, 13-year-old, 15-year-old, when we really don't have a lot of
guidelines as to what they should or shouldn't have been doing?
And you're not entirely sure whether he's really out to get you, or is he
just playing around?
That's true. In many cases, the ones we catch are the ones that are playing. .
What kind of an impression have they individually made on you when you find
and meet one?
They're very interesting people. I find that as you get to know them and you
garner their trust, they will give you their trust if you have a sincere
interest in what they're doing--and I do. They share with you what they've
done. They're willing to tell you what they do, and how they do it, because
this is their life, and it's a solitary life. When you spend hours and hours in
front of a screen, hacking, or whatever it is that you're doing on the system .
. . you're there alone. And when someone actually walks in . . . they finally
have someone to talk to, and they want to be recognized for what they've
accomplished. But I don't think they're going to be different than the rest of
us. It's just driven by different life experience, and that they've spent so
much time in front of the screen. . . .
Chief of the Justice Department's Computer Crime and Intellectual Property
The hacker phenomenon keeps raising in my mind the question of whether or
not hackers are a problem, or are hackers are a symptom of an intrinsic problem
in this whole new technology.
And the intrinsic problem would be the security of the network?
The security of the network, the universal accessibility of it and the
democracy of it.
Okay. Well, if you ask me which is it, my answer is yes, it's both.
. . . It's important to understand that networks, like streets, like
automobiles, are never going to be perfectly secure. We want them to be as
secure as they can be and that's rational; that's a reasonable expectation. But
we then introduce people into that environment. And, you know, people break
into houses. People break into banks. And they steal things, and it's very
clear to the society that that's not permitted, that's not okay. And I think we
need to inculcate the same ethic into technology users. It's not okay to do
things just because it's possible, just because we can.
What about the argument that hackers are kind of like the Ralph Naders vis a
vis the automobile industry, pointing out weaknesses that we should know
I hear that argument a lot, and I have to say that I think it's a very silly
one. It seems to me that thanking hackers who violate the privacy of networks
or network users for pointing out to us our vulnerabilities is a little bit
like sending thank-you notes to burglars for pointing out the infirmity of our
physical alarms. That's silly.
. . . If these folks are really trying to assist with network security, then
what I suggest is that they get a job with somebody who's working on that
problem or study in a university and write papers on that problem, and offer
your solutions to the community. . . .
Lipner is a senior security analyst for the Microsoft Corporation.
Hackers frequently find bugs in Microsoft products before you do. How
important are those hackers in the whole picture?
We want to find vulnerabilities and issues in our product from any source, and
we want to take action to keep our customers safe. We welcome the reports from
those customers. They send mail to secure@Microsoft.com. We correspond
with them. We evaluate every report that comes in, and if it is a bona fide
vulnerability, we fix it. So they're a real source of information and ways that
we can help keep our customers safe.
We do ask them when they report to keep those vulnerabilities private until we
can fix the problem, assuming there is one. We do that because we think our
customers are best served by having a complete packaged finished solution that
we put out on our web site. If the hacker, if the security researcher works with
us, we acknowledge him in the bulletin that results. Microsoft works with
hackers to protect our customers, and we like protecting our customers.
I started off this whole project with the sense that a hacker was a kind of
graffiti spray painter, or vandal. What is a realistic profile of the hacker
The hacker community is so wide, so varied in composition, competence, and
motivation, that it is not possible to generalize, to put sort of a sound bite
of the hacker or the hacker community. There is a wide range of folks. We work
very cooperatively with a lot of them. Others do things that we wish they would
not, but our bottom line is protecting our customers, and we will work with
anybody who reports information to us that we need to know to protect our
Reid and Count Zero are members of the Cult of the Dead Cow, a hacker organization which developed "Back Orifice,"
a computer program which allows the user to remotely view and
control any computer running Windows 95 or later.
How should the public view hackers like you? Are you demons, are you
crusaders, should we be embracing you, should we be attacking you?
Reid: I think the first misconception that people have about hackers is that
it's a giant political party, or it's a voting bloc, or it's organized somehow.
And it's not. It's like asking what should people think about carpenters. It's
just a very loosely defined group of people. In fact, we can't even seem to
agree on a definition of hacker most of the time.
. . .
Count Zero: It implies curiosity, and looking at how you can use tools in
different ways and how you can think of new tools to extend people's abilities
to do things. But the best definition I heard of a hacker was just someone who
. . . if they saw something closed and it was doing something, they just wanted
to open it up to see how it was working, and then how to maybe play with it a
little bit to make it work a little better. . . . It's just a general loose
sort of mentality based on focusing on technology.
. . . I don't think the public should be afraid. I think hackers in general are
explorers. They're exploring new territory. And of course when you're exploring
territory, some people are going to cut down all the trees and screw up the
environment, and other people are going to catalogue all of the wildlife and
create very useful scientific resources. . . . The key thing that you'll find
probably at conferences like this is that hackers like to talk about what
they're finding. . . . So as long as people continue to engage with the "hacker
community," then we can all learn and move the whole society forward and
continue to expand the frontiers of the digital world. . . .
home · who are hackers? · risks of the internet · who's responsible · how to be vigilant · interviews
discussion · video excerpts · synopsis · press · tapes · credits
FRONTLINE · wgbh · pbs online
some photos copyright ©2001 photodisc
web site copyright 1995-2014
WGBH educational foundation