Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management

9/8/2017
08:05 AM
Chris Roberts
Chris Roberts
News Analysis-Security Now
50%
50%

Think You Know Hackers? Think Again

Hackers are more than the stereotypes. This list gets you started on understanding those who understand your IT systems.

So, there's the distinct possibility I might have gone on a recent rant about hackers and hoodies, masks, gloves and how the media stereotypes us. Yes, it's true. We’ve all seen and read the stereotypes.

However, at the same time, we've managed to do the same to ourselves thanks to some over-zealous marketing departments. Now is as good a time as any to set the record straight.

With all of that being said I thought I'd build off the involvement I had in a recent piece by Ellen Chang of TheStreet.com in which she highlighted a few of the key things people don't know about those of us in this industry.

Without further ado, here are ten things (plus one bonus) that you may not know about hackers:

  1. Most of us do own hoodies. They are warm, versatile and comfortable to wear when out and about on physical penetration tests. However, most of us don't sit at the keyboard with the hood up, gloves on and our faces covered. Let's adjust the stereotypes, please.
  2. Most of us prefer black or darker colors. We travel a lot. We are not always able to stay in the best of shapes and black works to hide the extra padding we've accumulated (temporarily in many cases…) Let's face it, you don't want a bunch of slightly chubby hackers breaking into your offices wearing fuchsia or orange do you?
  3. Some of us will wear kilts a lot of the time. We wear them to conferences, to work, to meetings etc. Our community has no problem with kilts just as we have no problem with people identifying with anything they want to wear or be. Whatever you want to wear, whatever or whomever you want to be is acceptable in our community; the rest of the world needs to learn that lesson. However, if you call my kilt a skirt, I will hollow out your head with a spork and replace it with the guts of a ZX80.
  4. Many of us are self-taught. We have a thirst for knowledge that goes beyond just technical/traditional "geek" things. You'd be surprised if you engage us in conversation that we are typically well read and articulate if we could just work out how to converse with people sometimes.
  5. We are not always the best at communication. We typically think in patterns that are different than most others. We too often ask people to move out of the way and just let us "fix it" as opposed to taking the time to help educate all around us… and unfortunately, we don't like explaining things multiple times. We have to do a better job of communication with others at the user, manager and executive level, and they in turn need to do a better job of listening. It's a symbiotic relationship that both parties have to do a better job of understanding… we know it.
  6. Unfortunately we are a male-heavy industry. We don't want to be. We have a lot of work to do to be better at inclusiveness and understanding barriers and pretty much everything necessary to address the balances. We know it, we are working on it, the rest of the world could also take some lessons just as we have learned from others.
  7. We typically like to disassemble things. This is not done to cause problems but to understand how they work, to test them, to see if we can improve them and then to work out how to reassemble... often in a better form than the original. It's in our blood and our brains, accept it please. I took the household vacuum cleaner apart when I was eight to both see how it worked and to make a hovercraft... these days I do the same thing with companies and their tech.
  8. Most of us are in this realm to do good. We don't always go about it the right way, but the ultimate aim is to help things improve, to help humanity not go over the precipice or be sunk under the tsunami of technology that is upon us. We're not perfect but we want to help. So let us.
  9. Many of us are former military, government or something that involved using things other than keyboards. We are not the weak nerds that Hollywood likes to insinuate (neither are we the chiseled man-stud known as Chris Hemsworth) but again, when talking with us please understand that not only can we lob an exploit into your enterprise from across the globe, we can probably also shoot out the escape key on your keyboard from 1,000 yards.
  10. Get out of the "English" mindset. Again, thanks to mainstream media the "hacker" is a white male in their 20s and nothing could be further from the truth. The top country by scale is China, followed by the US and then we have a heap of other countries, most of whom don't have the pale white skin associated with the typical "hacker".
  11. Hacker and hacking is not a negative thing. The primary driving force for change and new inventions in this field is hacking, it is the simple ability to understand the status quo and be able to change it.

Want to learn more about the technology and business opportunities and challenges for the cable industry in the commercial services market? Join Light Reading in New York on November 30 for the 11th annual Future of Cable Business Services event. All cable operators and other service providers get in free.

So, there you have just a few insights into the hacker world. As a community, we could probably write a book's worth more. We have our issues and our challenges. We are growing up and working on how to be part of the enterprises we are charged with securing, how to be part of society even though many of us prefer to avoid it, and trying to work out how to navigate a path forward in this fragile technologically challenged world we exist in.

I hope that has helped. Let the debates begin!

Related posts:

Regarded as one of the world's foremost experts on counter threat intelligence within the cyber security industry, Chris Roberts is the chief security architect for Acalvio Technologies.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
Slideshows
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
Commentary
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27941
PUBLISHED: 2021-05-06
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in the eWeLink mobile application (through 4.9.2 on Android and through 4.9.1 on iOS) allows a physically proximate attacker to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the...
CVE-2021-29203
PUBLISHED: 2021-05-06
A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gai...
CVE-2021-31737
PUBLISHED: 2021-05-06
emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php.
CVE-2020-28198
PUBLISHED: 2021-05-06
** UNSUPPORTED WHEN ASSIGNED ** The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode wh...
CVE-2021-28665
PUBLISHED: 2021-05-06
Stormshield SNS with versions before 3.7.18, 3.11.6 and 4.1.6 has a memory-management defect in the SNMP plugin that can lead to excessive consumption of memory and CPU resources, and possibly a denial of service.