|
A sea change in Senate |
|
Suddenly, hackers look like heroes |
|
A sea change in Senate |
| COMMENTARY |
| WASHINGTON, May 21 — It was an amazing turnaround. A Senate panel Tuesday heaped praise on a so-called “hacker think tank,” praising it for ferreting out security vulnerabilities in everything from satellite communications to software to the Internet. Just five years ago, during a hearing in the House, hackers were upbraided for their arrogance and derided as common criminals. |
|
'You guys are wearing the white hats here.’
— SEN. JOHN GLENN Addressing hackers during congressional hearing |
“ROCK STARS of the hacker community,” is how members of L0pht Heavy Industries (pronounced “loft”) were introduced at the Senate hearing on computer security. As a sign of respect, Sen. Fred Thompson, R-Tenn., chairman of the governmental affairs committee that held the hearing, allowed the seven members of L0pht to use their hacker “handles” rather than their real names. Sen. John Glenn, D-Ohio, told the hackers, “you guys are wearing the white hats here,” after members testified time and again about the various weaknesses in computer security, including the satellite communications systems on which Glenn’s life will depend when he returns to space on a NASA shuttle mission. Sen. Joseph Lieberman, D-Conn., said he didn’t think of the hackers so much as rock stars, but as latter-day Paul Reveres, “performing acts of good citizenship” and sounding the alarm about computer security. “You’re performing a valuable service to your country,” Thompson added. Why all the praise? It comes from their efforts to intentionally poke holes in well-known security systems and exposing those holes to the public. “We do not spend our time breaking, defeating, and researching hardware and software to be appreciated by the industry,” the group said in its prepared remarks to the Senate. Pushing and prodding commercial and governmental systems until they break has been seen by some as criminal activity. Five years ago, during a House telecommunications subcommittee hearing, Emmanuel Goldstein, the publisher of the hacker journal 2600, found himself on the receiving end of a scalding tirade hurled by then committee chairman Ed Markey, D-Mass. Because 2600 publishes the findings of hackers, often giving step-by-step instructions on how to penetrate this system or that, Markey said Goldstein was nothing more than an outlet for criminal behavior. Yet Goldstein’s efforts then, as with L0pht’s efforts now, are one in the same: To expose the apathy, arrogance and unwillingness of greed-infested companies interested more in profits than in producing bulletproof products. GOOD DEEDS DONE TOO WELL |
|||
|
Hackers goal: To expose the apathy, arrogance and unwillingness of greed-infested companies interested more in bottom line profits than in producing bulletproof products.
|
With my head spinning, trying to digest this apparent sea change in attitude toward hackers and their work, up cropped an ugly proposition at the Senate hearing: Should there be laws to drive the technology, forcing the software and computer industries to be more accountable for their security lapses? Look at the events just this week. Reports came out detailing serious vulnerabilities in computer security at the State Department and with the FAA air traffic control system. And the recent story of the Galaxy satellite that suddenly went dark, sending a host of communication and broadcast outlets into a near panic. All of these situations are making security issues a fat target for Congress. During the hearing, the hackers repeatedly were asked about possible legislation to make the computer industry take security issues more seriously. The answers weren’t very satisfying. The ugly truth is that these companies have little incentive to produce rock-solid secure systems. INTO THE ABYSS Indeed, the antitrust actions leveled at Microsoft by the Justice Department strikes at this issue. (Microsoft is a partner in the venture that operates MSNBC.) Because Microsoft has a monopoly in operating systems, the Justice Department says, it is stifling innovation. If Microsoft is the only game in town, what incentive does it have to make sure their products are as secure as possible? Answer: none. The problem, however, isn’t isolated within the Microsoft universe, it’s epidemic in the hardware, software and telecommunications industries, according to any number of security experts. Companies are merely reactive when it comes to security issues, instead of being pro-active. This reactive/pro-active message is what the hackers brought to the table during the Senate hearing and it clearly frustrated the committee. And lawmakers reacted the only way they know how: to leave the computer industry staring into the abyss of possible legislation as a way to solve the problem. |
|||
|
While I’d love nothing more than to see some of these arrogant corporate giants taken down a notch or two for allowing shoddy systems to proliferate, legislation is not the answer. |
While I’d love nothing more than to see some of these arrogant corporate giants taken down a notch or two for allowing shoddy systems to proliferate, legislation is not the answer. Microsoft Chairman Bill Gates is right when he says that government has no business designing software. This means that the work of groups like L0pht and 2600 magazine are all that more vital to making the industry accountable. To be sure, some hackers are nothing more than digital juvenile delinquents. But there are just as many, if not more, performing what I like to call the “eloquent hacks,” bending and breaking systems no one else has and then exposing those breaks to the public. This forces companies to meet the situation head on, rather than try and cover it up or deal with one disgruntled customer at a time. It’s about time hackers received their rightful praise, in Congress and in the press, for that matter. Without them and their efforts, we’re all made insecure or worse, left muddling through the fog of a false sense of security in the computers, software and communications that are now an inseparable part of our everyday lives. Meeks out… |
|||
|
L0pht Heavy Industries 2600 Magazine |
|||