Linked by Thom Holwerda on Fri 17th Jun 2011 18:49 UTC
Privacy, Security, Encryption Oh boy, what do we make of this? We haven't paid that much attention to the whole thing as of yet, but with a recent public statement on why they do what they do, I think it's about time to address this thing. Yes, Lulz Security, the hacking group (or whatever they are) that's been causing quite a bit of amok on the web lately.
Thread beginning with comment 477781
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[7]: Bah - hacking skills
by jabbotts on Sun 19th Jun 2011 19:58 UTC in reply to "RE[6]: Bah - hacking skills"
jabbotts
Member since:
2007-09-06

I think my meaning in my original post was quite clear in referring to law abiding Hackers not crackers or criminals. Are you just trying to be cute by intentionally misreading what I wrote to mean criminals just because I talked about Hackers and system security?

And really, how can you claim your sys-admin or infosec team is at it's best if you haven't at least one member who can think outside the box, find creative solutions, try the unexpected and take a detail oriented enthusiasts interest in developing and implementing a solution?

My point stands; if your responsible for system management and security, you should be hiring Hackers not nine to five folks looking only for a pay cheque with no real interest in the job topic outside of work hours. You want the type of person who will go home, duplicate wifi settings using there own router, break into it then report back on how easy/hard it was and how your business system can be improved. You want people who spend all day managing and fixing your systems then go home and play with there own systems for the pure joy of developing skills and learning down to the smallest details (aka. Hackers).

Reply Parent Score: 3

RE[8]: Bah - hacking skills
by Soulbender on Sun 19th Jun 2011 21:14 in reply to "RE[7]: Bah - hacking skills"
Soulbender Member since:
2005-08-18

And really, how can you claim your sys-admin or infosec team is at it's best if you haven't at least one member who can think outside the box, find creative solutions, try the unexpected and take a detail oriented enthusiasts interest in developing and implementing a solution?

My point stands; if your responsible for system management and security, you should be hiring Hackers not nine to five folks looking only for a pay cheque with no real interest in the job topic outside of work hours.


Ok, so you're definition of a hacker is someone who's passionate about his job and thinks out of the box and is not a 9-5 paycheck person? Sure, then you should hire hackers but I'm not so sure that's the definiton most have of "hacker".
What we're talking about here is the media-hyped "hacker" who breaks into other systems and those are not the guys I need on my team. I need creative and skilled engineers, not hot-shot media darlings who's claim to fame is to deface websites.

Reply Parent Score: 2

RE[9]: Bah - hacking skills
by jabbotts on Mon 20th Jun 2011 00:47 in reply to "RE[8]: Bah - hacking skills"
jabbotts Member since:
2007-09-06

How many Hackers do you know? How many hacker conferences have you attended and/or watched talks from? Have you been to HAR over in europe? Been to Maker Fair? Been to your local Hacker Space? The definition of "a criminal who specializes in breaking into computers" does fit most Hackers.

With regard to Lulzsec, yeah, we're talking about a group of crackers who break into systems end expose private information. We can even drop the sensationalizing and simply call them by the more accurate term; criminals. The fact that they demonstrate hacking skills does not make them criminal; the fact that they break into systems without permission does. They'd be just as criminal if they demonstrated no hacking ability at all.

With regard to the admins who have to implement, maintain and defend information systems. Yeah, having real hackers on the staff would help a significant amount. I mean real hackers not kids who haven't yet matured beyond throwing rocks through windows just because they are walking past.


so you're definition of a hacker is someone who's passionate about his job and thinks out of the box and is not a 9-5 paycheck person?


Honestly, I was trying to keep it short and on topic. Defining hackers could easily be a sever page essay. Let's try and keep it short though.

Consider www.lifehacker.com which provides a view of a broad cross-section of hackerdom.

Hackers are nearly obsessive self directed learners who value hands on experience. Don't just read about programing; write a program. Don't just read about a vulnerability; test it in your own lab systems. Don't just look at knitting patters; make a sweater.

Hackers focus on there topic of interest down to the lowest details. It's not enough to press a key and see a letter appear on the screen; they want to know how the electric signal travels along the bus to end up on the monitor. Why and how does a thing happen not just "wow.. a thing happens". A normal user wants to open email and write a letter to a friend. A power user wants to customize the email programs options and probably has solid reasons for preference of program. A Hacker wants to understand how all the settings affect the program, what addons are available, how the email is stored and managed, how the email is transmitted and probably how to encrypt the whole process. What is the minimum needed to send an email? (telnet or netcat..) What is the most one can do with email beyond it's intended purpose?

Hackers take creative "out of the box" approaches to problems. Who cares if the manual says a thing can't do this; let's see if it can. Sometimes it's an ugly McGuiver hack, sometimes it's so elegant you won't believe it's not originally designed that way.

Hackers share what they learn. Information should be free if one has the authority to distribute it. Learn from each other and build on that. Keeping discoveries secret benefits no one. Your hacker on staff wants to come into work the next day and talk about what they learned the previous evening. They are very social people when not being pidgeon holed by stereotypes based on ignorance.

Hackers find exploiting what they've learned for financial gain and/or harming other's distasteful. Social engineering is not for committing fraud. System vulnerabilities are not for breaking into systems and exposing data. An open window spotted when walking past a house should not be used to commit robbery. Such things should be responsibly disclosed and fixed. Security hackers using there skills to help other's protect there systems; very much so. Security hackers using there skills to steal stuff; this is the minority.

Hackers, my majority, are as ethical and law abiding as anyone else. We don't call all doctors criminals because one is caught speeding through a red light. Why should we call all Hackers criminals because one is caught breaking into a system? Being a hacker does not make one a criminal any more than being a bus driver makes one a criminal.

Financial gain is not the most important motivation. They don't hack a subject because it will bring them money; they do it because they love the subject. Security hackers work in security because they get to spend all day at there hobby; being paid is a bonus. Improving security systems is what brings the satisfaction. Computer hackers tend to work in IT because they get to spend all day at there hobby; being paid is a bonus. Improving and refining computer network is the motivation. Someone's not going to strike it rich making chess pieces on a 3D printer; woopty do, they get to make stuff on a 3D printer which is satisfaction in itself.

There are hackers that focus on pretty much every topic of interest one can think of. Political hackers, computer hackers, case hackers, food hackers, physical hackers, psychology hackers, body hackers, stereo hackers, radio hackers. It's not simply "your a hacker so you must only be into programming or security." It's about the commonly found way of learning, thinking, solving and creating across all kinds of areas of interest.

Sure, lulzsec may be a group of crackers representing the media mis-representation of hackers. That doesn't change the fact that those maintaining and defending systems can benefit from having hackers - in the real sense - on staff. Those attacking your systems think creatively beyond how things are supposed to be used. You need people who think just as creatively beyond how things are "supposed" to behave and well into how things can be made to behave. You need people who are skilled and self motivated beyond professional obligation to remain on top of technological advancements.

Reply Parent Score: 2