Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management

// // //
9/8/2017
08:05 AM
Chris Roberts
Chris Roberts
News Analysis-Security Now

Think You Know Hackers? Think Again

Hackers are more than the stereotypes. This list gets you started on understanding those who understand your IT systems.

So, there's the distinct possibility I might have gone on a recent rant about hackers and hoodies, masks, gloves and how the media stereotypes us. Yes, it's true. We’ve all seen and read the stereotypes.

However, at the same time, we've managed to do the same to ourselves thanks to some over-zealous marketing departments. Now is as good a time as any to set the record straight.

With all of that being said I thought I'd build off the involvement I had in a recent piece by Ellen Chang of TheStreet.com in which she highlighted a few of the key things people don't know about those of us in this industry.

Without further ado, here are ten things (plus one bonus) that you may not know about hackers:

  1. Most of us do own hoodies. They are warm, versatile and comfortable to wear when out and about on physical penetration tests. However, most of us don't sit at the keyboard with the hood up, gloves on and our faces covered. Let's adjust the stereotypes, please.
  2. Most of us prefer black or darker colors. We travel a lot. We are not always able to stay in the best of shapes and black works to hide the extra padding we've accumulated (temporarily in many cases…) Let's face it, you don't want a bunch of slightly chubby hackers breaking into your offices wearing fuchsia or orange do you?
  3. Some of us will wear kilts a lot of the time. We wear them to conferences, to work, to meetings etc. Our community has no problem with kilts just as we have no problem with people identifying with anything they want to wear or be. Whatever you want to wear, whatever or whomever you want to be is acceptable in our community; the rest of the world needs to learn that lesson. However, if you call my kilt a skirt, I will hollow out your head with a spork and replace it with the guts of a ZX80.
  4. Many of us are self-taught. We have a thirst for knowledge that goes beyond just technical/traditional "geek" things. You'd be surprised if you engage us in conversation that we are typically well read and articulate if we could just work out how to converse with people sometimes.
  5. We are not always the best at communication. We typically think in patterns that are different than most others. We too often ask people to move out of the way and just let us "fix it" as opposed to taking the time to help educate all around us… and unfortunately, we don't like explaining things multiple times. We have to do a better job of communication with others at the user, manager and executive level, and they in turn need to do a better job of listening. It's a symbiotic relationship that both parties have to do a better job of understanding… we know it.
  6. Unfortunately we are a male-heavy industry. We don't want to be. We have a lot of work to do to be better at inclusiveness and understanding barriers and pretty much everything necessary to address the balances. We know it, we are working on it, the rest of the world could also take some lessons just as we have learned from others.
  7. We typically like to disassemble things. This is not done to cause problems but to understand how they work, to test them, to see if we can improve them and then to work out how to reassemble... often in a better form than the original. It's in our blood and our brains, accept it please. I took the household vacuum cleaner apart when I was eight to both see how it worked and to make a hovercraft... these days I do the same thing with companies and their tech.
  8. Most of us are in this realm to do good. We don't always go about it the right way, but the ultimate aim is to help things improve, to help humanity not go over the precipice or be sunk under the tsunami of technology that is upon us. We're not perfect but we want to help. So let us.
  9. Many of us are former military, government or something that involved using things other than keyboards. We are not the weak nerds that Hollywood likes to insinuate (neither are we the chiseled man-stud known as Chris Hemsworth) but again, when talking with us please understand that not only can we lob an exploit into your enterprise from across the globe, we can probably also shoot out the escape key on your keyboard from 1,000 yards.
  10. Get out of the "English" mindset. Again, thanks to mainstream media the "hacker" is a white male in their 20s and nothing could be further from the truth. The top country by scale is China, followed by the US and then we have a heap of other countries, most of whom don't have the pale white skin associated with the typical "hacker".
  11. Hacker and hacking is not a negative thing. The primary driving force for change and new inventions in this field is hacking, it is the simple ability to understand the status quo and be able to change it.

Want to learn more about the technology and business opportunities and challenges for the cable industry in the commercial services market? Join Light Reading in New York on November 30 for the 11th annual Future of Cable Business Services event. All cable operators and other service providers get in free.

So, there you have just a few insights into the hacker world. As a community, we could probably write a book's worth more. We have our issues and our challenges. We are growing up and working on how to be part of the enterprises we are charged with securing, how to be part of society even though many of us prefer to avoid it, and trying to work out how to navigate a path forward in this fragile technologically challenged world we exist in.

I hope that has helped. Let the debates begin!

Related posts:

Regarded as one of the world's foremost experts on counter threat intelligence within the cyber security industry, Chris Roberts is the chief security architect for Acalvio Technologies.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-40942
PUBLISHED: 2022-09-28
Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.
CVE-2022-40912
PUBLISHED: 2022-09-28
ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in cont...
CVE-2022-22523
PUBLISHED: 2022-09-28
An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.
CVE-2022-22524
PUBLISHED: 2022-09-28
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .
CVE-2022-22525
PUBLISHED: 2022-09-28
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function