SUMMARY: Ed Wilson talks about ways that hackers work. Today he talks about the desire to learn how things work.
Today I want to talk about how hackers work. But before that, I should perhaps talk about motivation.
NOTE: In this series of articles, I am providing a high level overview of hacker activities for the purpose of providing some insight for writers. I am not going to discuss details of specific techniques, nor is my intention to provide a “Value judgment”. If I say something is cool, I am not implying it is legal.
Learning and exploration
For some, it simply may be about learning. The hacker wants to see what they can do, how things work, and they may wish to explore. These types of hackers wish to push the boundaries of what is possible, and they delight in finding flaws.
Often they write their own tools, they seek to answer the question of whatif. What if I type 500 different numbers in this input box. How does the program handle the unexpected input. Does the program fail? If it does, is there a routine designed to handle the failure in a graceful manner, or does it fill the computer monitor with the contents of the computer memory.
The efforts of these types of hackers is not to be destructive, nor is it to “take down systems” but they are simply trying to see how things work. They view their activities with the detachment of scientific investigation. Of course, as with other scientific experiments, sometimes things go wrong, and this is when systems crash. Many times when a system crashes, it is because the original developer did not properly handle the exception, or did not anticipate the program being utilized in that manner. These types of hackers, view such circumstances as actually helping the original developer by pointing out flaws in their logic, and in the security of their program.
When the learning and exploration type of hacking becomes more formalized, these types of hackers often become “Security Researchers.” Most reputable software companies now have programs setup to solicit security researchers, and even to provide cash bounties for the discovery of new bugs and flaws in their systems. They provide assistance, answer questions and otherwise try to work for the betterment of the ecosystem. In return, when a flaw is discovered, reputable security researchers notify the software company, provide them with details of the exploit, and code to reproduce the problem. They also agree to wait for a certain amount of time, until the software company can produce a fix for the problem, before they publish the exploit (to the web via their blog, or as a paper at a conference).
Join me tomorrow when I will talk about another motivation for hackers.
I hope you have a great day.