A white hat or Good Samaritan hacker is really out to provide himself amusement or pleasure as his/her first motive. He will explore networks in the hope that he will find an interesting open port or security vulnerability, just as one might try to rig a vending machine. To use the street analogy, a hacker, essentially just a curious and interested mind, would walk down a street and rattle doorknobs just to see if he could open them. Selflessness does not exist. Although a material reward may not be evident, an emotional or egotistical one will surface. I have done my own explorations of networks in my less-than-perfect days, and I have done just what a white hat might.

Thus, entertainment is one motive for mostly-harmless hacking, commonly seen as mail spoofing by new computer aficionados.

Another motive, however, is often a feeling of superiority and greatness. I know I have felt a motivation to find how far I could go within a network, and then leave some graffiti and a message to alert the sysadmin. This would make the perpetrator feel as though he/she was a god or godess, and he or she might think the sysadmin would be grateful. However, sysadmins are obviously the same as a hacker, but motivated by money and with more pressure. Thus any display of superiority over a sysadmin, supposed to be a godlike figure and know-it-all for his or her network, makes him or her feel threatened and defensive, often eliciting great anger and possibly a followup search for network traces to find the hacker, however harmless an exploration he/she might have made. This anger, when displayed to company officials and common workers with little knowledge of computers, can cause an uproar and a feeling of helplessness that corporations and especially those in administrative positions hate.

In many instances, the reality of a hacker exploring a sysadmin's network will jerk him or her into reality, and make the company and the sysadmin feel vulnerable, which is never accompanied by a pleasant reaction and sincere gratitude.

Thus, expecting anything, even a thanks from a corporation or sysadmin, is usually quite in vain and a mistake. Often the best thanks served to a hacker is a court summons. In this light, the entertainment value and supposed anonymity of hacking is undermined by the unhappy replies most often received.

The world of the internet is different from the real material world in that anonymity to a certain degree is possible, and often there are no consequences for any action. This causes a different mindset to appear among security professionals and many computer enthusiasts. When this mindset is juxtaposed with the corporate and more real world's mindset, stark differences almost always favor the corporations. While something seemingly harmless and "all in fun" for a hacker may be considered good-natured and responsible by the security community, the corporate world and the consumer world, not harboring the same mindset, finds any compromise of any security measure, no matter how weak or detrimental to its own purposes, a threat and an insult to intelligence. The most unfortunate difference for computer users is that when the corporate world fights back, it does not play by computer rules. The corporate and physical world seeks out the person containing the mind, and deals in real life situations and physical beings, not in idealogy or DoS retaliations.

The difference between these mindsets, the consequence-less, carefree existence of netizens, and the consequence-laden, responsibility- and accountability-filled world of the corporate and consumer entities, causes the rift into which many good arguments fall, and fail to be translated from one to the other, only serving as propoganda to the originating party and its value system. Governments and corporations are trying to merge the two and bridge the gap by imposing real consequences to the internet world, but the defining question, which will determine the workings and structure of all future laws and precedent cases, is:

Will the world we know today be defined by reality, or by a parallel universe, consequence-less but still just as real, and becoming more real and intermingled than ever before?

In essence: What is the future? Reality or a parallel reality? Will the value systems ever find a compromise?

I hope so... We're wasting so much bandwidth and time arguing, hackers could be pulling our feet out from under us while we speak! :-P

Peace and love,

Alec Zopf
fresh540 +at+ aol.com

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/70/11596#11596