Friday, January 25, 2013

Mitnick: Both sides of the law

[Ed: this is adapted from an essay for class, so the style might deviate from the usual]

Kevin Mitnick is a perfect example of Paul Graham's “unruly” hacker who breaks into things not out of malicious intent but simple curiosity. Or so Mitnick claims. Before he was arrested, he was the most wanted “cyber-criminal” on the FBI list. After his release, he has authored several books and become a world-famous consultant. In a recent Twitter update looking back on his incarceration, he says “Glad that nightmare is far behind me. How things have changed.” [0]

Apollo Robbins (a theatrical pickpocket in Vegas who some consider to be the best in the trade[1]) also had dreams of creating a team of ex-cons turned good consulting with security forces around the world. Apollo found that his teammates were “nervous” when working with law enforcement and both members of the team with a criminal record had relapsed.

There are many other examples of criminals turning the tables and working in the same field, this time as law-abiding citizens. Some relapse, some don't. Most people are reluctant to hire an ex-con which contributes to the relapse rate. The potential downside is so strong that many don't consider the statistics.

Back in the days of Mitnick, cybersecurity wasn't nearly as understood as it is today. (Heck, they still used “cyber” as a prefix). One didn't go into “Information Security” as a profession. Even tech companies dropped the ball on security. The lack of employment opportunities combined with the social “hacker” stigma and corporate resistance to change meant that most security opportunities lay outside the law. This is not to say that everyone working in security was malicious. Many were initially motivated by simple curiosity – there was a whole new world to be explored. Some, like Kevin Poulsen started using newfound skills for material gain. (Poulsen manipulated the phone lines of a radio station to win a Porsche [2].)

As rogue crackers exposed the need for technical security, large organizations found that these very crackers were the ones who were the best at what they did. It suddenly became advantageous for hackers like Mitnick and Poulsen to consult. A new breed of hacker emerged: the reformed criminal. Suddenly, having a criminal record meant that you knew what you were doing, rather than being a liability.

Technology continued its explosion across the world, leaving little untouched. With this explosion came new security opportunities, and the field flourished. Security workers began to be able to learn the tricks of their trade without illegal activity. Once able-bodied workers sans criminal record were available, the industry turned to them, shunning most crackers.

Today, if anyone wants to enter the world of information security, they would do well to stay well within the confines of the law. It's incredibly cheap to set up a test system (thanks OSS and FSF!)

1 comment:

  1. You might find this interesting (and amazing):

    Our need to 'protect' our stuff gets to be pretty ridiculous after a while, whether the 'stuff' is your server, or the 'original' Picasso, or your nice blank ugly wall.