Hackers: The Good, the Bad and the Ugly
By Emmett Jorgensen
When someone mentions hacker, what is the first thought that comes to mind? Admit it, you picture a shady criminal hacker attempting to access your private data for nefarious reasons.
In general, hackers get a bad rep within the media. They are portrayed as social outcasts or criminals looking to steal from or defraud the unsuspecting public. The media frequently makes little or no distinction between hacker types; simply lumping them all together into a malevolent group. The truth is hackers come in all shapes and sizes. Black hat hackers, white hat hackers, hacktivists, script kiddies, pen testers, etc.
White hat hackers (or ethical hackers) and pentesters are generally the good guys of the hacker world. Their services strengthen IT security through collaboration with organizations to test their information systems and processes.
Pentesting generally falls into two categories: Black box, which simulates an outside attacker with no existing knowledge of the system attempting to be hacked; or White Box which simulates a possible attacker with insider knowledge of systems. (There is also a Grey Box which resided somewhere in between.)
While pentester's generally concentrate on software and hardware systems, an ethical hacker may also encompass testing systems and personnel through phishing attempts, leaving flash drives or CD's in a parking lot, investigating for written passwords and more.
By identifying potential vulnerabilities, organizations can then enhance their security systems and policies and train (or retrain) personnel as needed.
Black hat hackers are the bad guys of the hacker world. They're the ones who are stealing and selling personally identifiable information (PII), financial information, credit card numbers, and more. This segment gets the majority of the press coverage and is responsible for incidents like the Sony Playstation hack.
Hacktivists generally fall into the bad guy category as well. Their goals may occasionally be good, but their methods for achieving them are often questionable, mischievous and costly. Hacktivists include groups like Anonymous and the now (supposedly) defunct Lulzsec.
While I appreciate the efforts of white hat hackers and can sometimes understand the motivations of hacktivists, some hackers simply make no sense to me. Worse yet, they make me question human nature.
Take for instance, the hack of the Sesame Street Youtube account a few weeks ago. The hackers replaced Sesame Street's Youtube content with porn. Although it was only available for 20 minutes, who knows how many children stumbled onto this.
The problem I have with this, beyond the obvious effect on innocent minds, is that this wasn't demonstrating a lack of security within a large corporation with massive amounts of personally identifiable information. It wasn't about making a political statement or bringing to light the relative lack of security of an organization thought to be secure. This was simply for shock value and, frankly, is the worst type of hacking.
People often aren't sympathetic when million or billion dollar corporations get hacked. If government entities get infiltrated it is somewhat expected. But Sesame Street? Educational puppets, seriously?
If they (the hackers) wanted to show their skills, they could have replaced the Sesame Street videos with something other than porn.
Put simply, this is hacking at its ugliest. And hackers of all types should be up in arms about this, because incidents like this are a black eye on hackers of all creeds.