Beachhead - What's in a Name?

Hackers, who are not always crackers, deserve a little Agape.

I was sanding down the hull of the Agape, my sloop that I sail from time to time, trying to get the boat ready for its annual painting when one of the younger Pollywogs, Yury, came up to me and complained that someone had called him a “hacker”.

“Why does that bother you?” I asked. “I do not break into other people's systems”, Yury said. “I program, I do systems administration and I help people a lot with their computer problems.”

I stopped sanding a bit and realized that Yury had confused the term Hacker with Cracker. It is easy to do, as the mass media has done much to mix the two terms.

“No Yury”, I said. “A hacker is a fine name to be called, it is someone who really knows programming, has studied it, enjoys doing it and shows exceptional skill at solving difficult problems with elegant code. Usually that code is relatively short, what we call a quick hack.”

Seeing me talking to Yury, more Pollywogs started coming up. “Then what is a cracker?” asked one of them. “A cracker”, I explained, “is someone that breaks into other people's systems, sometimes to do malicious damage, like destroy their Web site, but often just to show people that their sites or systems are insecure.”

I went on to explain that there were two main types of crackers, those who were extremely skilled and often very hard to detect without constant diligence and those who were less skilled, often relying on techniques developed by others, but applied to thousands or tens of thousands of systems over the Internet. Often these less skilled people are nicknamed script kiddies.

I also explained that in a lot of countries breaking into another person's system is against the law, even if it is relatively easy and no damage is done, and if the person is caught, there can be dire circumstances.

“But why do these people break in?” asked Yury, “Sometimes it is for financial gain”, I explained, and I continued:

Sometimes it is to steal records or change data that will bring some type of financial benefit to the cracker. Sometimes it is to see what other people are doing or to change their software so people will inadvertently send the crackers information that will be useful to them over time. Sometimes it is just for the challenge of breaking in, for peer respect of having “done the deed”.

A friend of mine named Marcelo Marques in Sao Paulo, Brazil, had been talking to the Brazilian FBI. They had empirical information that 80% of computer crimes were being either initiated or helped by teenagers. The FBI spokesman expressed frustration to my friend, because he could not understand why these teenagers were doing these things. Marcelo talked with me about crackers and hackers, and after planning for a while, he and his partners from 4Linux, a consulting firm in Sao Paulo, started a program called Hackerteen (www.hackerteen.com.br), under the premise that if you gave training to young people in how to be a really good systems administrator, programmer and community member, you could turn potential crackers into hackers. So far, the program has been in existence for two years and has graduated its first class of “Black Belt” students.

“Can anyone become a hacker?” asked Yury. I answered:

Well, there were a lot of young people who dropped out of Hackerteen along the way. The Hackerteen program is not an easy one. It is made up of on-line work, study and even on-site visits where the students are given courses in ethics, entrepreneurship, computer security, networks, programming and collaboration. My personal experience tells me that not every person can do programming. I have taught for too many years to say that every person has the gifts to become a top hacker. Nevertheless, a course set up like this can have a very positive effect on young programmers, and some of these graduates now have jobs with companies. I met with the first class of graduates, and I could see what the class meant to both them and their parents.

“Do you have to go to school or take a course to be a hacker?” asked Jay.

“No”, I answered, and I continued:

Lots of hackers I know are self-taught. One of the things that I like about free and open-source software is that there is nothing hidden from those who wish to learn. You can see other people's code and learn from it. There are plenty of books on the library shelves, magazines to read, Internet mailing lists and news groups and even electronic books to learn from. Things are very different now than from when I learned to code.

But some people find it difficult to learn by reading books, and some really like to have a guide or mentor along the way. Some do best with classroom instruction, and some are held back by it. My experience has been that a more structured approach gives a more balanced person, but this does not mean that you have to take a course or go to a school, you just have to define a path for yourself and stick with it. Some people find that difficult.

Ethics are particularly difficult, for what may be ethical for one person may not be ethical for many others. Here is where a lot of people may make the wrong decisions without proper guidance. If people think that ethics in computers are easy, they should attend a session of the Ethics Working Group of the SAGE Executive Committee.

“What about girls?” asked another young Pollywog, sort of crinkling his nose. “Can girls become hackers?”

“Definitely”, I said, and added:

One of my favorite people of all time, one of the earliest programmers and one of the pioneers of the Cobol language was Rear Admiral Dr Grace Murray Hopper. Dr Hopper encouraged early programmers to share common segments of code, reducing duplication of effort and errors.

In Malaysia, more than 70% of the people in data processing are women, and not just in “menial” tasks, but with jobs of influence and power. At my job in Bell Laboratories, my supervisor was a very talented woman by the name of Bea Fink. My observations have been that there is no inherent differences between a man and a woman doing a job in the computer field. As a former board member of the USENIX Association (www.usenix.org), I was very proud of the work USENIX did with organizations encouraging women to enter the field and acknowledging the women who contributed to it. I also met many fine women who would indeed fit the definition of hacker through USENIX and organizations like the ACM and IEEE.

Some of the Linux community has recognized the need to encourage women to enter the computer science field and started groups like LinuxChix (www.LinuxChix.org); GNUrias (www.gnurias.org.br), a Brazilian/Portuguese organization; Debian Women (www.women.debian.org); and ChicasLinux (www.chicaslinux.org), a Spanish organization.

“But how do you know you are a hacker?” asked Yury.

I had to sand the bottom of the Agape for a while before answering him. I had to think of all the many fine programmers that I had known over the years, all the people who were master craftspeople. I thought about the lists of hackers that I had seen, and the names on those lists. Yet, I did not remember any of these people referring to themselves, unless it was in a passing comment, as a hacker. Then I knew the answer for my young friend.

“Yury”, I said, “you are probably a hacker when some programmer that you respect as a good programmer calls you a hacker.”

The Agape is almost ready to sail.

Jon “maddog” Hall is the Executive Director of Linux International (www.li.org), a nonprofit association of end users who wish to support and promote the Linux operating system. During his career in commercial computing, which started in 1969, Mr Hall has been a programmer, systems designer, systems administrator, product manager, technical marketing manager and educator. He has worked for such companies as Western Electric Corporation, Aetna Life and Casualty, Bell Laboratories, Digital Equipment Corporation, VA Linux Systems and SGI. He is now an independent consultant in Free and Open Source Software (FOSS) Business and Technical issues.

______________________

Webinar
One Click, Universal Protection: Implementing Centralized Security Policies on Linux Systems

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Learn More

Sponsored by Bit9

Webinar
Linux Backup and Recovery Webinar

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.

Learn More

Sponsored by Storix