One defining characteristic of hacker culture is that it tends to defy concise description. The dark, sinister, anti-social teenage boy prominent in stock photos and mainstream portrayals is an unfair, and inaccurate, depiction of the broader hacker culture that persists today. Instead, the hacker culture has roots in creativity, breaking and fixing things, and welcoming individuals regardless of their demographics. This is the predominant culture today; one which continues to evolve just as technology, business, and society adapt to a digital world.
Over twenty years ago, the L0pht testified before the U.S. Senate Committee on Government Affairs and presented one of the first public warnings about the dual-use nature of the internet, largely using their online monikers rather than real names. Later that same year, a different group mobilized volunteers to digitally occupy (what we now call a Distributed Denial of Service or DDOS) high profile military websites as an act of civil disobedience, using their real names. These two groups of hackers represented the curiosity, drive, and public concern that permeates hacker culture but is often overshadowed by modern stereotypes—yet each was very different in their ideologies, approaches, and ends.
Security researchers have diverse motivations for investigating security flaws in software and systems. As companies, policymakers, lawyers, and others interact with the security research community, understanding this truth can unlock more fruitful engagement. I Am The Cavalry has been using a simple and useful framework to discuss the drivers of security researcher behavior. While this list isn’t comprehensive, and while most of us fit at least two of these categories, this framing can catalyze a dialog that allows a fuller appreciation of why we do what we do, and that is the value of the framework.
PROTECT: make the world a safer place. These researchers are drawn to problems where they feel they can make a difference.
PUZZLE: tinker out of curiosity. This type of researcher is typically a hobbyist and is driven to understand how things work.
PRESTIGE: seek pride and notability. These researchers often want to be the best, or very well known for their work.
PROFIT: to earn money. These researchers trade on their skills as a primary or secondary income.
PROTEST/PATRIOTISM: ideological and principled. These researchers, whether patriots or protestors, strongly support or oppose causes.
Some Great Hacker Movies
- War Games: “It features similar technology and techniques from when I was getting started in computers, and has some really accurate characters. Plus, the hero goes from Puzzler to Protector when he realizes the stakes of the game.” @BEAUWOODS
- The Martian: “It shows a hacker as a problem solver. If there would have been practical jokes in the movie it would have been a perfect showcase for the meaning of the word ‘hacker’.” @ihackforfun
- Hackers: “Sure it gets all the hacking wrong, but it nails a lot of what the defcon community is like & about. I’ll never know if it’s art imitating life or life imitating art, but there is no question it is still a strong influence on the hacker community.” @MisterGlass
- Superman 3: “Richard Pryor as a computer who uses his hacking skills to round pennies into his bank account AND synthesize fake Kryptonite to try to kill Superman. What’s not to love?” @PatChadwick78
- Catch Me if You Can: “Social Engineering at its finest!” @__winn