In 2010, the late security researcher — or as cybersecurity expert Keren Elazari would like you to call him, the late hacker — Barnaby Jack found a security flaw in two different models of automated teller machines (ATMs). Onstage at a tech security conference, he publicly demonstrated his ability to make these machines spit out paper money, Elazari says at TED2014. “Barnaby Jack could have easily turned to a career criminal,” she says, “but he chose to show the world his research instead. Sometimes you have to demo a threat to spark a solution.”
How we think about people like Jack is immensely
complicated, Elazari says. Hackers scare us and fascinate us at once,
and our reasons for these feelings are valid, she says, but we shouldn’t
let fear get the best of us. “They scare us, but the choices they make
have dramatic outcomes that influence us all,” Elazari says.
Yes, there are hackers doing things like stealing
identities, leaking false information, and taking money that is not
theirs, she says, but there are also hackers like Jack pointing out
vulnerabilities in the devices we use to live, and doing things like
fighting against government corruption and advocating for equal rights
to privacy, security, and information. If we see hackers as only the bad
guys, we are doing our society a disservice: risking ostracizing all
those doing great things in the world, working to help us
Growing up idolizing hackers, with a special affinity for Angelina Jolie as Acid Burn in the movie Hackers,
as a teenager Elazari ached to execute her own hacks. After her first
break-in to a password-protected website, she felt a rush of power, she
says, “like I had discovered limitless potential in my fingertips.” And
that potential is the great and terrifying thing about hackers — their
power for good or bad: “It’s geeks just like me discovering that they
have access to a superpower, one that requires the skill and tenacity of
their intellect.”
Like superheroes or supervillains, Elazari says, with
hackers’ great power comes great responsibility (though not necessarily
radioactive spiders.) “We all like to think that if we had such powers
we’d only use them for good,” she says, “[but] what if you could read
your ex’s emails, or add a couple of zeros to your bank account?” she
asks. Would you do it? Hackers have to face that choice every day, and
though several of them choose to do malicious things with their power,
many instead work to do hard things that benefit the greater good.
One such hacker is Kyle Lovett – who in June 2013 discovered “a gaping vulnerability in wireless routers you might have in your home or office,”
Elazari says, a vulnerability that allowed hackers to easily access
users’ files and passwords. Choosing not to use this leak for his own
advantage, Lovett reported the vulnerability to the manufacturer. Eight
months later, the manufacturer still had not repaired the bug, so Lovett
used the leaky routers to send a message directly to their users,
letting them know just how vulnerable they are to hacks, and encouraging
them to ask the manufacturer to fix the flaw.
Another hacker — Khalil Shreateh –
found a security bug in Facebook’s system that allowed him to post on
any users’ wall, despite whether or not he was the user’s “friend,” Elazari says. Shreateh reported this bug to Facebook via their bug bounty program,
an initiative that invites hackers to report all vulnerabilities in
exchange for a “bounty” that starts at $500 USD. When Facebook
mishandled Shreateh’s report, he used the vulnerability to post on
founder Mark Zuckerberg’s personal Facebook wall, Elazari says. He was
denied the bounty because he hadn’t reported through proper channels —
so hackers all around the world came together to raise over $10,000 USD as a reward.
This shows that — whether we want them to or not — hackers
will discover the things that are broken in our world, Elazari says, and
either report them or exploit them. If companies as progressive as
Facebook — companies “founded by hackers,” Elazari says — still have a
complicated relationship with hackers, how will more conservative
organizations fare when dealing with hacker culture? This is something
we need to address, Elazari asserts, because — more and more — in a
changing world, with a growing dependence on technology, hackers are key
players. “It’s worth the effort,” she says, “because the alternative,
to blindly fight all hackers, is to go against a power you can’t
control.”
The power of a creative, intelligent, engaged and curious
hacker is immense, Elazari says, and not just regulated to Facebook
accounts or local ATMs. “Hackers can do a lot more than break things,”
she says. Hackers were key players in the Egyptian revolution, she
explains, noting how the group Telecomix worked to provide Egyptians with dial-up access to the Internet – asking two European ISPs to switch old phone-line modems back on — after Mubarak shut down all Egyptian ISPs, “This worked so well one guy used it to download an episode of How I Met Your Mother,” she laughs, “… and when the same thing happened in Syria, Telecomix were ready.”
But there are two sides to every issue, Elazari says,
noting: “One man’s hero can be another villain.” Not all people will
agree with Telecomix’s actions, or the actions of many other big hacker
groups, like the Syrian Electronic Army, who in the same country “have taken down multiple high-profile targets over the years, including the Associated Press’s Twitter account.”
The power hackers yield is great and is one of information,
Elazari says, and right now, in the digital age, “access to information
is a critical currency of power.” Hackers are shaping our future
whether we like it or not, Elazari explains, and it’s up to us whether
we want to help them make it better … or believe they will make it
worse.
But the most fundamental characteristic of a hacker, according to
Elazari? “They can’t just see something broken in the world and leave it
be.” So, she says, “I think we need them to do just that, for after
all, it’s not just information that wants to be free. It’s us.”
0 comments:
Post a Comment