Mixed Signals
Any sufficiently advanced information is indistinguishable from noise
Friday 8 August 2008, 3:44 PM
What colour is my trilby? The ethics of hacking by hacks
I have mixed feelings about this. Yes, it is wrong -- in the sense of against the law -- to hack. But at a place called Black Hat, where the creatures of the press room really, really should know about wirelesss security? The French, who have perhaps the most finely tuned irony on the planet, can scarcely be faulted for smelling a story. And the various journos who fell foul of the wi-fi fiends don't seem particularly angry about it: a bit shamefaced, if anything.
My reticence in judgement is at least partially because I've done the same myself, at least as far as scanning the SSIDs in a reputably secure location, attempting to connect to those without security -- and succeeding. I talked myself into thinking this was a valid bit of investigation - but I also felt it was a breach of hospitality and, well, something to still feel guilty about. That, I think, is because my motives were mixed: I've been a hacker in the (far distant) past and it is a very addictive activity. I loved it, and the only reason I don't do it now, if I'm honest, is fear of the consequences. And there's always a part of my mind that's mulling over how to do it untraceably, and deciding on targets and techniques.
So I find it hard to condemn others with the same tendencies - which rarely stretch beyond curiosity and pranks to serious vandalism or actual harm - let alone those who find themselves in such a richly rewarding environment. But is that because I'm trying to justify my own tendencies?
Your moral guidance would be appreciated.
PreviousComments on this post
Yes the irony is especially droll, however I find it disturbing that the Black Hat WiFi Gestapo evidently doesn't have a sense of humor. What a bunch of crap. Journalists were able to deduce/detect the open systems and log onto them? How absolutely rich. The people that should have been ejected were the BH "wanna-bees" with the open systems. Maybe the Black Hat convention ought to re-bill itself as the Propeller Beanie Club. Its obvious that Black Hat has become just another geek convention.
Now that everybody is presumably making money on the Internet, its become "serious business". Because most business idiots that own systems do not understand the need for security, system backups and fail-over systems, you see incredibly inflated loss of business claims when they stupidly let themselves get cracked. They'll claim thousands of dollars of lost business when a $500 net appliance could have prevented an intrusion in the first place.
At black hat events in the long-a-go It used to be that unsecured laptops and other systems would have their hostnames posted on a blackboard along with user names and passwords and they'd stay there until the open systems got buttoned up! They didn't just pick on the journalists. Everybody in the meantime would laugh at the idiots that got themselves cracked.
The ethical point happens when you decide NOT to do anything to the system you've discovered open. I usually tell the "open-fly" owner how to seal up his system to prevent it happening again, assuming I can RDF them and locate their open barn door.
