Why hackers are being asked to have a go

File photo

File photo

Published Feb 11, 2012

Share

London - Security personnel tend not to challenge the public to sneak unnoticed into buildings they're guarding, preferring to give the impression that the entrances are impregnable and they themselves are invincible.

But the “keep out or else” approach doesn't work online, where cyber attacks are rampant and the task of thwarting them is too colossal for stretched IT departments.

Instead, companies are encouraging us to discover weaknesses by hacking their websites: to have a go if we think we're clever enough. At a recent TED (Technology, Entertainment, Design) event in Hawaii, web-security expert Jeremiah Grossman gave a talk entitled “Hack Yourself First” which outlined this principle of ethical hacking; permitting people to hack systems provided that they disclose their findings.

Thinking of hacking as a benevolent practice runs contrary to everything we've ever been told, but there's a growing movement of crusading “white hat” hackers, partly encouraged by the huge sums that companies pay out in rewards for uncovering flaws. An annual white-hat conference, ShmooCon, took place in Washington DC a few days ago and was attended by 1,800 people whose interest in gaining access to restricted areas is totally benign - at least, that's what they say.

Google has a roll-call of people who've pointed out coding errors and helped make its products safer, grandly termed the “Security Hall Of Fame”; one of the latest additions is a 15-year-old boy from Norway, Cim Stordal. In an interview with CNET he revealed the time it took him to uncover flaws (four days for Facebook, five minutes for Apple) but the more surprising revelation was that he's only been doing this kind of thing for a year.

When you know that an inexperienced teenager can quickly find holes in the world's most popular websites, it's easy to see why hacking of the non-white-hat variety is so widespread. And why some companies are now having to place their trust in white-hat hackery.

Despite its bad-boy name, jailbreaking is legal, for now...

When spiffy new features appear on your smartphone during software upgrades, you can be sure that a handful of those ideas emerged from the jailbreak community. Jailbreaking - or rooting - is about getting under the bonnet of the phone, gaining access to features that the operating system (OS) wouldn't normally allow, and exploiting them with apps. Jailbroken iPhones, for example, could sync over Wifi and record video clips long before their squeaky-clean, Apple-approved cousins.

Unsurprisingly, jailbreaking isn't smiled upon by manufacturers; it wrests control of the device away from them, transporting it away from a safe, fluffy, cosseted world and into one full of possibility and (so we're told) danger. So it probably invalidates your warranty, and keeping it jailbroken when your phone's OS is upgraded can be tiresome - but it's not illegal, and hasn't been since a ruling by the US Copyright Office in 2010.

These rulings come up for renewal every couple of years, however, and so the issue of jailbreaking is once again being kicked around furiously. The Electronic Frontier Foundation (EFF) is campaigning for the exemption to be extended to tablets and video game consoles, arguing that it provides an essential platform for innovation, and allows the untapped potential of our devices to be explored and tinkered with.

The Apples and Googles of this world will be submitting incredibly detailed legal arguments as to why this isn't a good idea. It seems unfair to me that a niche activity borne out of curiosity and enthusiasm should ever be punishable by a fine or a jail sentence - but then again I'm not a multinational technology company, so what do I know?

Intrepid geekery may also have a big part to play as emerging legislation begins to affect the way we use the internet.

Much has been written about Sopa (Stop Online Privacy Act) and Pipa (Protect Intellectual Property Act) that are currently being debated in the US, along with the global Anti-Counterfeiting Trade Agreement (Acta); all three seek to criminalise certain types of internet activity, but some vague definitions and lazy wording seem to jeopardise some legal activity, too.

Last week, Infoworld's Paul Venezia lamented the internet becoming “crippled by greed and ignorance”. But, as the slogan goes, information wants to be free. And there'll be thousands upon thousands of tech-savvy netizens working hard to circumvent any measures that are put in place.

Anonymising services such as Tor are already used by whistleblowers and human rights workers, alternative domain name servers (DNS) can circumvent countrywide blocks, while proxy servers and virtual private networks can run rings around attempts to censor the web.

Venezia envisages a jailbroken internet, where all these circumvention measures are wrapped up into a package you can install to bypass the standard internet pathways, prolonging this digital game of cat and mouse. Many might deem it frivolous, wilful lawbreaking, but those whose voices are being silenced by oppressive regimes will relish the idea of a jailbroken internet. - The Independent

Related Topics: