Hacker is a term with negative connotations for most of the technology community. "I used to call myself a hacker in the sense that I like to twiddle with stuff, but I don't use that word to mean that any more," says Marcus Ranum, senior scientist at TruSecure Corp., a risk-management and security vendor. "That word has been ruined by little selfish punks."
It's more than a question of semantics. Some of the positive that hacking represents--intellectual curiosity, tech savvy, innovative thinking--is overshadowed by its criminal aspects--the potential for grave harm and mass destruction--but it's a difficult line, especially for young people, who need to be encouraged to embrace technology and its potential. Also, recent laws such as the Digital Millennium Copyright Act and the USA Patriot Act may criminalize what some security researchers see as legitimate avenues of inquiry, limiting the technology industry's ability to help itself and eliminating necessary research or driving it further underground.
That's why it's illuminating to inquire about hackers: Who they are, what they do, and why.
Chris Wysopal is a hacker. Wysopal, VP of research and development at security consulting firm @stake Inc., advises businesses and government agencies how to better secure their computer networks and systems. He has also held jobs at GTE Internetworking and Lotus Development Corp.
Wysopal used to be known as "Weld Pond," a member of security-research group L0pht Heavy Industries, a legitimate but unconventional business that made its name in the 1990s by uncovering and disclosing software vulnerabilities. In 1997, it released L0phtCrack, a tool that could be used to audit and reveal Windows passwords. L0pht (pronounced "loft") was condemned for releasing the password cracker, but Wysopal says the group's mission was misunderstood. The goal of L0pht was to raise security awareness and to provide security professionals with tools "as powerful as the tools people use to break into things," he says. And some organizations saw the advantage. "I think the General Accounting Office was our first paying customer."
