Computer Hacking
Can “good” hackers help fight cybercrime?
By Marcia Clemmitt

Hackers made headlines this year when the international protest group Anonymous shut down government and corporate websites, and U.S. and European police moved in. But likely more significant than the antics of so-called “hacktivists” is rising interest by corporations, government security officials and Internet companies in hiring “good” hackers, who can counter attacks by. . . .

Read the Full Report (Subscription Required)
Buy Report PDF

• Does hacking have a useful role to play?
• Does hacking require a new legal framework?
• Is hacking a legitimate tool of political protest?

Is the administration taking the right approach on cybersecurity?

James A. Baker Associate Deputy Attorney General, U.S. Department of Justice. Written for CQ Researcher, September 2011	Paul Rosenzweig Visiting Fellow, Heritage Foundation. Written for CQ Researcher, September 2011

Once Shunned, Hackers Are Embraced by Industry

Many “good” hackers — those who, for example, work on collaborative “open-source” software projects or alert authorities to security flaws in computer networks — operate outside the corporate world. It's not unusual for them to pursue their hacking passion on their own time, for free.

Yet while hacking may not promise much financial return, its transparent, collaborative, enthusiasm-driven processes are a proven winner for technology development — so much so that technology companies increasingly look for ways to incorporate hackers into their business plans.

Traditionally, hackers who create software have worked for the pleasure of creation and respect, not cash, says Douglas Thomas, an associate professor at the University of Southern California's Annenberg School for Communication and Journalism. “You make your name writing good code, and then you give it away to everybody” so others can expand on the work, he says. “It's a prestige culture. But you can't eat prestige.”

“Working open source” — creating software innovations whose source code is published openly for others to improve and expand upon — “you don't get paid, but you get to do what you want,” a huge boon to those with a hacker mindset, says Eric S. Raymond, a hacker and open-source software developer.

In fact, even in the corporate world, history shows that some of the most successful computer products have emerged when developers behaved like hackers — pursuing their individual interests, then making their creations available for others to build on if they wished, wrote Tim O'Reilly, founder of O'Reilly Media, a Sebastopol, Calif.-based technology-book publisher.

Microsoft'sASP.NET software for building Web pages, for example, was created after two Microsoft developers whose brainstorm was nixed by their bosses “hacked up their vision anyway” in their spare time. The project “spread within Microsoft in much the same way as open-source projects spread on the open Internet,” picking up expansions and improvements and ultimately becoming a successful product for the company, wrote O'Reilly.

Nevertheless, hackers’ stubborn individualism has kept them in an adversarial relationship with some technology executives, who favor a top-down approach to product development. Manufacturers of software-driven electronics such as cell phones and video games, for example, have generally looked askance at software tinkerers who create and disseminate custom modifications of the devices because they say it violates the companies’ intellectual-property rights.

For example, when users began modifying the iPhone operating system to allow non-Apple-approved apps, “Apple quickly declared the practice illegal,” wrote Wired reporter Jason Tanz.

George Hotz, famed for hacking the iPhone and PlayStation 3, now reportedly works for Facebook. (laughingsquid.com/Scott Beale)

And, Tanz wrote, “when a hacker named George Hotz published code allowing anyone to run applications on the PlayStation 3, Sony responded by pursuing subpoenas against Hotz, investigating his PayPal account, and collecting the IP address of anyone who visited his website.” Sony eventually reached a largely undisclosed settlement with Hotz that bars him from disseminating further details about hacking Sony devices.

But the innovation potential of hackers and hacker-driven, open-source electronics development is gradually dawning on traditional business, says Raymond.

“Increasingly, people who hire programmers are looking for your open-source résumé” as evidence of superior skills, he says. Beginning in the early 2000s, “the relationship began becoming pretty cordial” between at least some software companies and the open-source community.

Part of the change stems from the proliferation of high-quality open-source software that today underlies many of the most basic operations of the Internet and other systems, Raymond says. The universe of open-source software developed and maintained by hackers “has been expanding for the last 30 years” and has “gone beyond my expectations,” he says. “When I got started, there were three or four thousand of us in the entire world. Now it's three orders of magnitude more — there are millions. It boggles my mind when I think about it.”

Having smaller, faster machines with bigger memories has helped drive the increase, Raymond says. “When I first got involved, personal computers weren't powerful enough, but now you can do software development on a cell phone.”

Furthermore, both consumers and companies are becoming more aware that hacker-driven, open-source projects can be of high quality, Raymond says. An example is the CyanogenMod version of the Android mobile-phone and tablet-computer operating system developed by a group of technology companies led by Google. This hacker-modified version of the underlying Android software that runs the phone's most fundamental processes has been developed and distributed “entirely independent of Google” and is thriving, Raymond says.

By July, 500,000 people were using the CyanogenMod, which speeds up Android-using devices, maximizes memory usage and makes applications easier to install, among other features. CyanogenMod is gaining “about 4,000 users each day, which is amazing” since such custom software generally has been entirely off the radar screen of mainstream consumers, observed a blogger at Google's TalkAndroid website.

“This is emblematic of the sort of thing that's going on,” Raymond says.

The Korean multinational electronics manufacturer Samsung in August hired CyanogenMod's head developer, Steve Kondik. The move was a bit of a surprise, given the original hostile reception Kondik got from companies selling Android devices, wrote Indian hacker and blogger Rajesh Pandey.

“It's ironic that at the beginning of this year, most of the manufacturers [of devices that used Android] were against the work of the developers [such as Kondik] and the custom” modifications, wrote Pandey. In fact, he said, they were “shipping their phones with an encrypted [start-up program called a] bootloader” to prevent such changes. But that move brought complaints from some consumers as well as hackers, and, just months later, “not only did they ease their stance on the bootloader policy, they have also started hiring these talented developers.”

In addition to software-development hackers, so-called “security researchers who secretly hack into computer networks looking for security-compromising software bugs also are getting warmer responses from industry,” says Maxim Weinstein, president of StopBadware, an industry-supported nonprofit group that was created at Harvard University. Unlike a decade ago, a growing number of companies “will pay a bounty for finding the bugs,” he says.

“There's no question that there is a rapprochement” between some of the computer industry and hackers today, says Thomas. Nevertheless, it remains “extremely hard to make money” as a full-time hacker.

But open-source evangelist Raymond speculates that a bigger change may be under way. In the Industrial Age, the primary means of improving efficiency has been to consolidate production into large organizations, usually with top-down management. But that's not the best way to efficiently produce the computer software that increasingly underlies the entire world, he says. Hacking is. He dubs the trend “reverse industrialization” and suggests that “we could be going back to cottage industry,” in which small operators, not huge ones, are the key players and reap the rewards.

— Marcia Clemmitt

[1] Tim O'Reilly, Tim O'Reilly in a Nutshell, p. 32, www.oreilly.de/oreilly/oreilly_inanutshell.pdf.

Footnote: 1. Tim O'Reilly, Tim O'Reilly in a Nutshell, p. 32, www.oreilly.de/oreilly/oreilly_inanutshell.pdf.

[2] Jason Tanz, “A Thousand Points of Infrared Light”/”Kinect Hackers Are Changing the Face of Robotics,” Wired, July 2011, p. 114, www.wired.com/magazine/2011/06/mf_kinect/all/1; Tor Thorsen, “Sony/Hotz Settlement Details Surface,” Gamespot, April 12, 2011, www.gamespot.com/news/6308347/sony-hotz-settlement-details-surface.

Footnote: 2. Jason Tanz, “A Thousand Points of Infrared Light”/”Kinect Hackers Are Changing the Face of Robotics,” Wired, July 2011, p. 114, www.wired.com/magazine/2011/06/mf_kinect/all/1; Tor Thorsen, “Sony/Hotz Settlement Details Surface,” Gamespot, April 12, 2011, www.gamespot.com/news/6308347/sony-hotz-settlement-details-surface.

[3] Robert Nazarian, “CyanogenMod Now on Over 500,000 Devices,” TalkAndroid.com , July 17, 2011, www.talkandroid.com/47031-cyanogenmod-now-on-over-500000-devices

Footnote: 3. Robert Nazarian, “CyanogenMod Now on Over 500,000 Devices,” TalkAndroid.com , July 17, 2011, www.talkandroid.com/47031-cyanogenmod-now-on-over-500000-devices

[4] Rajesh Pandey, “Samsung Hires CyanogenMod Founder Steve Kondik,” Techie Buzz, Aug. 16, 2011, http://techie-buzz.com/mobile-news/samsung-hires-cyanogenmod-founder-steve-kondik.html.

Footnote: 4. Rajesh Pandey, “Samsung Hires CyanogenMod Founder Steve Kondik,” Techie Buzz, Aug. 16, 2011, http://techie-buzz.com/mobile-news/samsung-hires-cyanogenmod-founder-steve-kondik.html.