I love #infosec, but hate Skiddies

I love the Information Security world. I love the free flow of information, and the hard work of great people smarter and more amazing than I who fight every day for your privacy. I’m a hacker, I love to trick you into giving up your privacy, or working on breaking things.

one of the main problems I’ve seen in the current fighting in the interwebs, is that many new hackers try to fight for fame, or their 15 minutes, by releasing some DB. These “hackers” generally use cookie-cutter attacks that they copied off some forum or blog. we “affectionately” call them Script Kiddies (Skiddies) because they have no idea how the attacks they are using work, or WHY, but simply just try everything they can find and hope that SOMETHING sticks. This presents a few problems that I would like to outline.

Collateral Damage:
When a company is compromised, and the entire database is leaked publicly for the “lulz” you’re not really hurting the company. You hurt all the users, most of whom have no way to know that an attack happened, or that their account information just got leaked. Compounding that, many of those users reuse the same email/password or username/password combinations on multiple sites to make things easy. This now has impacted other potential customers and companies than the one you were targeting. Many who hack under the banner of Anonymous claim they are targeting companies and governments for corruption and they are trying to help the users, but by releasing the data in the manner that happens most often lately, they do the opposite.

Trust, or the Lack of:
Our industry is an industry of secrets. A secret is the most important and powerful weapon you can wield, and when you scream to the rooftops that you have no ability to keep a secret, you will not gain the trust of ANYONE. and you stand a great chance of losing any trust you have managed to aquire in a field where trust is everything.

Placing Bullseye on your back:
The last drawback I’ll cover regarding public release of data, is that you instantly place a target on your back. The government really seems to be working hard lately on busting hackers, so when you announce “HEY LOOK OVER HERE, I’M DOING ILLEGAL THINGS” all it does is get you in trouble.

I enjoy hacking as much as anyone else, I just worry that all the negative attention thats coming from skiddies is going to undo much of the hard work to bring hacking to the front lines as a legitimate industry.

Advertisements

Comments are closed.