gray hat hacking

In 1999, a seventeen year old hacker with the handle “ytcracker” exploited a weakness in Microsoft NT’s web service and replaced the homepage of three U.S. government agency web sites. The homepages of NASA’s Goddard Flight Center, the office of Land Management’s National Training Center, and a Defense Contracts Audit Agency suddenly showed an image of a graffiti-like rapper with gold necklaces and the message:

To the U.S. government and military–I have warned you about these security flaws. Please secure our military systems to protect us from cyber attack.

ytcracker’s message was accurate–he did send messages to the administrators of these systems notifying them of the vulnerabilities. When they did not fix the security flaws, he used them to breach their systems. The seventeen-year old was charged and fined $30,000 for unauthorized access of a computer system.

wi-fi piracy

In 2005, Benjamin Smith, III, was arrested and charged in Florida with unauthorized access to a computer network. In 2006, David Kauchak pleaded guilty in Illinois to “remotely accessing another computer system without the owner’s approval”. In 2007, Michigan resident Sam Peterson was charged under the state’s “Fraudulent access to computers, computer systems, and computer networks” law. Each time, the “criminal” was observed using a laptop computer from their vehicles outside of a business or home. They were taking advantage of unsecured wireless networks to gain access to the Internet.

look before you leap.

My jaw rarely drops when I happen upon another web professional’s blog. This article entitled “the problem vs the answer” made my jaw drop because it is something I have been ranting about for the past two weeks. I have been stumbling over the explanation; I couldn’t have said it better than Tom Knoll did:

Why is everyone more interested in the answer than the question?

When you have a problem that needs to be solved, you should be more interested in the questions than the answers. Solutions come from good questions, not prepackaged answers. I know you are pressed on every side and feel like you do not have enough time to worry about good questions. But good questions now, will save you exponential time in the future. If you allow many small under-pressure-solutions to stack up, you end up with a building that cannot be repaired, but can only be torn down and rebuilt.

There is a tendency in my field to provide a set number of answers, rather than taking time to consider the questions with people. I look forward to the day when we feel like we have time to ask the best questions and consider the best answers.