Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management

9/8/2017
08:05 AM
Chris Roberts
Chris Roberts
News Analysis-Security Now
50%
50%

Think You Know Hackers? Think Again

Hackers are more than the stereotypes. This list gets you started on understanding those who understand your IT systems.

So, there's the distinct possibility I might have gone on a recent rant about hackers and hoodies, masks, gloves and how the media stereotypes us. Yes, it's true. We’ve all seen and read the stereotypes.

However, at the same time, we've managed to do the same to ourselves thanks to some over-zealous marketing departments. Now is as good a time as any to set the record straight.

With all of that being said I thought I'd build off the involvement I had in a recent piece by Ellen Chang of TheStreet.com in which she highlighted a few of the key things people don't know about those of us in this industry.

Without further ado, here are ten things (plus one bonus) that you may not know about hackers:

  1. Most of us do own hoodies. They are warm, versatile and comfortable to wear when out and about on physical penetration tests. However, most of us don't sit at the keyboard with the hood up, gloves on and our faces covered. Let's adjust the stereotypes, please.
  2. Most of us prefer black or darker colors. We travel a lot. We are not always able to stay in the best of shapes and black works to hide the extra padding we've accumulated (temporarily in many cases…) Let's face it, you don't want a bunch of slightly chubby hackers breaking into your offices wearing fuchsia or orange do you?
  3. Some of us will wear kilts a lot of the time. We wear them to conferences, to work, to meetings etc. Our community has no problem with kilts just as we have no problem with people identifying with anything they want to wear or be. Whatever you want to wear, whatever or whomever you want to be is acceptable in our community; the rest of the world needs to learn that lesson. However, if you call my kilt a skirt, I will hollow out your head with a spork and replace it with the guts of a ZX80.
  4. Many of us are self-taught. We have a thirst for knowledge that goes beyond just technical/traditional "geek" things. You'd be surprised if you engage us in conversation that we are typically well read and articulate if we could just work out how to converse with people sometimes.
  5. We are not always the best at communication. We typically think in patterns that are different than most others. We too often ask people to move out of the way and just let us "fix it" as opposed to taking the time to help educate all around us… and unfortunately, we don't like explaining things multiple times. We have to do a better job of communication with others at the user, manager and executive level, and they in turn need to do a better job of listening. It's a symbiotic relationship that both parties have to do a better job of understanding… we know it.
  6. Unfortunately we are a male-heavy industry. We don't want to be. We have a lot of work to do to be better at inclusiveness and understanding barriers and pretty much everything necessary to address the balances. We know it, we are working on it, the rest of the world could also take some lessons just as we have learned from others.
  7. We typically like to disassemble things. This is not done to cause problems but to understand how they work, to test them, to see if we can improve them and then to work out how to reassemble... often in a better form than the original. It's in our blood and our brains, accept it please. I took the household vacuum cleaner apart when I was eight to both see how it worked and to make a hovercraft... these days I do the same thing with companies and their tech.
  8. Most of us are in this realm to do good. We don't always go about it the right way, but the ultimate aim is to help things improve, to help humanity not go over the precipice or be sunk under the tsunami of technology that is upon us. We're not perfect but we want to help. So let us.
  9. Many of us are former military, government or something that involved using things other than keyboards. We are not the weak nerds that Hollywood likes to insinuate (neither are we the chiseled man-stud known as Chris Hemsworth) but again, when talking with us please understand that not only can we lob an exploit into your enterprise from across the globe, we can probably also shoot out the escape key on your keyboard from 1,000 yards.
  10. Get out of the "English" mindset. Again, thanks to mainstream media the "hacker" is a white male in their 20s and nothing could be further from the truth. The top country by scale is China, followed by the US and then we have a heap of other countries, most of whom don't have the pale white skin associated with the typical "hacker".
  11. Hacker and hacking is not a negative thing. The primary driving force for change and new inventions in this field is hacking, it is the simple ability to understand the status quo and be able to change it.

Want to learn more about the technology and business opportunities and challenges for the cable industry in the commercial services market? Join Light Reading in New York on November 30 for the 11th annual Future of Cable Business Services event. All cable operators and other service providers get in free.

So, there you have just a few insights into the hacker world. As a community, we could probably write a book's worth more. We have our issues and our challenges. We are growing up and working on how to be part of the enterprises we are charged with securing, how to be part of society even though many of us prefer to avoid it, and trying to work out how to navigate a path forward in this fragile technologically challenged world we exist in.

I hope that has helped. Let the debates begin!

Related posts:

Regarded as one of the world's foremost experts on counter threat intelligence within the cyber security industry, Chris Roberts is the chief security architect for Acalvio Technologies.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
9 Tips to Prepare for the Future of Cloud & Network Security
Kelly Sheridan, Staff Editor, Dark Reading,  9/28/2020
Malware Attacks Declined But Became More Evasive in Q2
Jai Vijayan, Contributing Writer,  9/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15216
PUBLISHED: 2020-09-29
In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revisio...
CVE-2020-4607
PUBLISHED: 2020-09-29
IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation. IBM X-Force ID: 184884.
CVE-2020-24565
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25770
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...
CVE-2020-25771
PUBLISHED: 2020-09-29
An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the ...