Information Warfare: December 10, 2002

Archives

The war on terror has had some positive effects. One is that it is becoming easier for black hat hackers to "come in from the cold." This means being able to get a job protecting networks, rather than hacking into them. For over twenty years, the principal outlet for people curious about the inner workings of the Internet and networks in general, was hacking. "Network security" has long been considered an esoteric bit of work practiced by a few engineers. But for over a decade, the network security engineers, and many network administrators have been clamoring for more network security staff. Gradually, over the last decade, more universities and training organizations have been offering network security courses and certification. But not everyone calls it network security. The National Security Agency supports "Centers of Academic Excellence in Information Assurance Education" at major universities (like Carnegie Mellon.)

For a long time, people in the computer business thought that anyone who enjoyed poking around the innards of the Internet had to be up to no good. Those who took a closer look at this behavior could see that the majority of those so involved were there out of curiosity and a compulsion to figure out how the Internet "really worked" (fact it, no one is really sure.) But since 911, and the surge in fear about terrorism via the net (and the growing incidence of viruses and DDOS attacks), the demand for network security experts has skyrocketed. What this means is that you can use your hacking experience as a resume enhancer. In the recent past, the last thing you wanted to mention was that you "hacked the net" for fun. Now you can talk about it, especially if you never caught. Getting arrested for hacking, even if you don't get convicted, is still the mark of a hard core Internet bad guy. Although even here, desperate corporate network security executives are still willing to give a (closely supervised) job to a hacker of exceptional skill. This is particularly true if the applicant has demonstrated that "it takes a thief to catch a thief." 

But the biggest change in hacker behavior coming out of this is the reduction of hostile hacker efforts. Part of this has to do with the harsher penalties coming out of the "Homeland Security" effort and increased ability of the cops to catch hackers. But with better chances of getting a good job as an network security expert, far fewer really skilled hackers will risk that opportunity with impressive, but illegal, stunts against someone else's server or network. While there will always be hackers who prefer to run with the bad guys, most prefer to be on the other side.