When Keren Elazari said that hackers are the immune system of the Internet, she knew she would get pushback. People, after all, have a similar reaction to the word hackers as they do to the word bacteria—even when it’s the good kind, it can still make you cringe. But what Elazari was suggesting in her TED Talk about hackers was that good hacking is as integral to security as good bacteria is to health. As Elazari describes it, the Internet would become static without hackers.
This year’s keynote speaker at ShmooCon, Joseph Lorenzo Hall, gave much the same opinion concerning hackers and their role in the vitality of the Internet. While the general public only sees hackers breaking things on the Internet, most people ignore the way that hackers also build up the Internet. Hall, along with many other security researchers, pointed out that the government's recently proposed amendments to the Computer Fraud and Abuse Act may in fact cause more harm than help to the future of Internet security. In the words of one security researcher, Jeremiah Grossman, "Defining security laws that would only target the bad guys is a very tricky thing." The question becomes how do we control the bad hacks while supporting the good?
Acknowledging the distinction between good and bad hackers can dramatically change the conversations we have about hacking. The hostility towards hackers that Joseph Lorenzo Hall discussed in his keynote has made our global conversations one-sided, and these conversations lack the understanding of the good that hacking does for Internet security. This lack of understanding stems, primarily, from failure to acknowledge the distinction between good and bad hacking.
When most people think of hackers, they envision black hat hackers, or people who hack for personal monetary gain or power. When speaking in simple terms, these are the “bad” hackers; they are the hackers represented on television shows and movies. These stereotypical hackers, of course, can cause major havoc for the companies or governments that they exploit, but they don't represent the entirety of the hacking community.
Not all hackers are out to bring harm to organizations—white hat hackers exist to improve the security industry. These hackers, otherwise known as “good” or ethical hackers, use their hacking skills to find security vulnerabilities in order to help companies, organizations, and the Internet in general improve security. A white hat hacker works to poke holes in the security infrastructures already in place in order to strengthen security and thwart off bad hackers. Many security researchers would argue that white hat hackers strengthen Internet security because their hacks reveal areas of weakness and inspire better security practices. As Barnaby Jack said, "Sometimes you have to demo a threat to spark a solution."
If there was ever a need for good hackers, the time is now. 2014 was the biggest year of hacking that the Internet has ever seen—with 85,611,528 records exposed in the U.S. alone. Big hacks are becoming commonplace and the amount of affected individuals and companies continues to grow.
Although many companies continue to feel uncomfortable with the idea that hacking can be good, most experts will argue that hacking has an integral role in the health of our Internet security, and that without it information security will suffer. "It is going to take time and adapting in order to embrace hacker culture and the creative chaos that it brings with it. But I think it’s worth it," says Elazari. "The alternative, to blindly fight all hackers, is to go against a power you cannot control at the cost of stifling innovation and regulating knowledge."