HACKERS AND THE LAW

     This posting can be found at http://www.homerwsmith.com
 
     PREAMBLE

     The idea that one should use proprietary non open source software
to protect the integrity of our voting systems is a joke.

     THE LAW OF THE SKY AND THE LAW OF THE LAND

     There is the law of the sky which tells us what is right and wrong.

     There is the law of the land, which tells us what is legal and
illegal.

     Just because something is legal doesn't mean it is right.

     Just because something is illegal doesn't mean it is wrong, and it
may in fact be mandatory according to the law of the sky.

     Thus civil disobedience can be a morally mandated duty.

     People who claim that something is right just because it is legal,
or that something is wrong just because it is illegal are hiding behind
the law.

     We have a moral duty to do what is right first and what is legal
second.

     Neither God nor Angel hide behind the law (of the land.)

     When you get to the Pearly Gates, Saint Peter won't be asking you
if you have done what was legal, he will be asking you if you have done
what was right.

     HACKERS

     There are three kinds of hackers.

     White hat hackers obey the law of the land.

     Their prime directive is to do the greatest good
for the greatest number as long as they can stay within the
the law of the land.

     "I want to do good, but I ain't going to jail just to
save the world."

     Gray hat hackers are willing to break the law of the land to
protect the law of the sky.

     Their prime directive is to do the greatest good for the greatest
number period, regardless of personal cost.

     Black hat hackers break the law of the sky.

     Their prime directive is the do the greatest good for themselves
regardless of the expense to others.

     SOFTWARE

     There are two kinds of software.

     Proprietary and Open Source.

     Proprietary code is private or secret and it is illegal to hack
into it and reverse engineer how it works.

     Open Source code is public and it is legal to hack into it and
reverse engineer how it works.

     CODE ERRORS AND SOFTWARE BUGS

     All code has errors, many of which provide security holes which are
dangerous to those using the software.

     PROPRIETARY CODE

     Black hat hackers will reverse engineer proprietary code, and if
they find a security flaw, they will keep it to themselves and exploit
it to their own benefit at the expense of others.

     The CIA does this to all bugs it finds in Microsoft or other
software.

     Gray hat hackers will also reverse engineer proprietary code, but
if they find a security flaw, they will inform the manufacturers of the
code and give them time to fix it.  Then a certain reasonable time
later, they will also broadly publish the security flaw and how to
exploit it.

     This pressures unethical or sleazy manufacturers to fix their code
rather than leave it broken for Black Hatters to find.  When the Gray
Hatters publish the security flaw the Black Hatters get it also, but by
that time it should be fixed so they and no one else can do anything bad
with it.

     Manufacturers of proprietary code dislike Black Hatters, but they
dislike Gray Hatters more.  The Black Hatters keep the security flaws to
themselves where only they can exploit them, or they blackmail the
authors to guarantee they won't exploit the flaws.  Many code authors
would jump at the opportunity to keep a serious flaw quiet, to protect
their reputation, even if they did fix it, so there is money in this for
the Black Hatters.

     Gray Hatters make the security flaw public after a fair amount of
time to force the manufacturers to fix it.

     Some people think that Gray Hatters are those who alternate between
Black Hatters and White Hatters.  That's like shooting someone today and
not shooting someone tomorrow.  That's not Gray, that's psychotic.  They
are like loose cannons without a prime directive at all.

     White Hat hackers will not touch proprietary code because it is
illegal to do so.  If they consider they have a moral mandate to break
the law of the land to protect the law of the sky, they become, in that
moment of choice, Gray hat hackers.

     OPEN SOURCE CODE

     All three kinds of hackers will review and vet open source code for
security flaws, and use them for their own purposes.

     Black Hatters will use the security flaws they find to benefit at
other's expense which is a violation of the law of the land and the sky.

     Gray Hatters will disclose the security flaw first to the author of
the software to give them time to fix it, and then disclose it to the
general public to make sure it is "fixed and stay fixed or else."

     White hat hackers will do the same as the Gray hat hackers.

     It might be tempting to say that the Gray Hatter should not
disclose the security bug publicly, but only privately, to the software
author, particularly if it is 'fixed', so that the annoyance of endless
script kiddies exploiting the code without any understanding themselves
can be avoided.

     It's one thing to have a few highly intelligent Black Hatters
exploiting your code, it is quite another to have 10 million grade
school kids who know a little linux, posting the exploit along with
naked selfies to all their friends, exploiting it for fun from all over
the world.

     You understand?

     However script kiddies are the Gray Hatter's guarantee that the
software author will fix the flaw lest everyone and their blond
girlfriend start causing trouble with it.

     And in any case, if a flaw is 'fixed' by the author and then kept
under wraps, the other Gray and White Hatters won't have an opportunity
to check out the corrected work, thus it may still be wrong, or related
to something near by that is also or more wrong.

     No Gray Hatter wants to take the responsibility of personally
offering to guarantee that a serious bug is fixed, even if the original
author he informed says it is.  So the flaw gets published publicly.
Everyone else's vetting of the same code is the Gray Hatter's personal
guarantee that the code was almost assuredly fixed right.

     Any hacker can think code is right when it is still wrong but
thousands of hackers are probably not wrong.  Anyhow this kind of
guarantee, one, that code is fixed, and two, that code is fixed right,
is as good as it can get, so accept the process we must, even if we have
to suffer the relatively harmless slings and arrows of outrageous script
kiddies taking our system down from time to time, before the author
fixes it for good.

     If the flaw is not fixed, and a Black Hatter finds it, then all
hell may break loose.  That will be the day that we will pray to God
that the script kiddies had done their job ahead of the Black Hatters.

     To publicly publish or not to publish a security flaw is a moral
choice, and each Hatter is responsible and accountable for the quality
of his conscience and the consequences of their actions.

     PROPRIETARY vs OPEN SOURCE

     Proprietary code provides security through obscurity.  Since the
code can not EASILY be reviewed by anyone interested, security flaws can
remain undiscovered for a very long time.  When they are discovered, if
they are discovered by Black Hatters, they can be exploited forever
until someone else discovers the same security flaw and is willing to
reveal it to the author.

     Thus proprietary code often provides the illusion of security, all
the while the code may be infiltrated and infected at many installations
of importance, including national importance.  If all of the security
flaws are hidden through obscurity, then all will be well until a Black
Hatter or the CIA finds one anyhow.

     In general then, over time, security by obscurity means you are
owned by the enemy lock, stock and barrel.

     Open Source codes does not have any security through obscurity,
because the day it is set in operation anyone and everyone who is
interested in security flaws, whether Black, Gray or White, will be
combing through the code trying to find flaws before anyone else.

     The Black Hatters want the flaw so they can exploit it for a while,
to inure to their own benefit at the expense of everyone else.

     The Gray and White Hatters want it so they can get it fixed quickly
and get a public gold star for their record.  They love this, its an ego
thing.  "I saved the world!"

     Be grateful.

     Thus when open source is first published, it tends to have a lot of
security updates resulting from global full time scrutiny by the hacker
community, but then it becomes rock solid and much safer to depend upon
than proprietary code ever will.

     There are two main goals of the Black Hatters.

     TO USE AND TO DESTROY.

     The primary goal of Black Hatters is not necessarily to destroy the
system but to suck off of it, money or useful resellable data, for a
very long time, so they tend to use extreme stealth in their exploits.
They don't want anyone to know they are there, ever.  They won't crash
your computer because their daily take stops flowing.

     These are the criminal Black Hatters.  
 
     Or the CIA who wants their freedom to spy on everyone through
exploits in their computers to remain available forever.

     The other goal of some Black Hatters is to destroy the system
completely, these are the terrorist Black Hatters.

     Although Terrorist Black Hatters can bide their time, in general
they want a quick and overwhelming public show of their presence,
usually for political or religious ends, rarely for money per se.  They
have considered that their law of the sky has been so egregiously
violated by their target, that they are willing to violate the law of
the land to hack and destroy, even if little or no personal gain comes
to them, often at great personal risk even to themselves.

     It is tempting to call these kinds of terrorists cowards, we do so
because their moral mandate scares the hell out of us.

     The Black Hatters who invade banking systems to siphon off free
money to themselves so they can live better are criminals, they have no
interest whatsoever in destroying the system or society.  They are
parasites who know the importance of their host remaining alive,
unsuspecting, and feeling well.  Their relationship with their targets
is often symbiotic, its just not agreed to by both sides, and of course
the fair trade is out of balance.

     The Black Hatters who invade banking systems to shut them all down
one day, are often on a suicide mission from on high, because should the
banking system or all power/food/transportation etc shut down the
results would be apocalyptic and harm the hacker himself along with
everyone else.

     At that point the common man's only option would be to become real
religious real quick, apologize to the Lord, and wait for some kind of
rapture or something to take them up, because it will be fire and smoke
for everyone else down here on Earth for the rest of time.

     You wouldn't recognize the next stable society that might arise.
whose economy was based on carbon embers.

     CYBER WEAPONS OF MASS DESCRIPTION

     Relative to any particular given country, most of the terrorist
Black Hatters are foreign to that country, and those who have declared a
covert war against that particular country.  Some Black Hatters will be
working within the targeted country as operatives behind enemy lines.

     The governments of all countries are putting covert cyber weapons
of mass destruction (CWMD) into the computer's system of all other
countries, particularly their enemies but friends too, just in case they
are needed.

     So now we have chemical, biological, atomic, genetic and cyber
weapons of mass destruction.

     The purpose of infecting other nation's cyber infrastructure is to
create mass destruction or interruption to those computer systems if
needed.  But since all of society depends on these computers at every
level of its existence, the mass destruction of computers means the mass
destruction of that society.

     One advantage of cyber WMDs is they are cleanish, you can turn off the
water without polluting it and even turn it back on again easily if you
are lucky.

     And of course each country is in turn infected by the cyber WMD of
many other countries.

     Except for America of course.

     America doesn't have the weakness in its systems to be infected by
its enemies.

     And America doesn't have the ethical paucity to stoop to such
shenanigans in return.

     Not under the eternal vigilance of the American Flag.

     For the rest, it is Mutual Assured Destruction (MAD) all over
again, much worse than any nuclear war we could do.

     But it all plays out the same way, "If you push your little red
cyber button, we will push ours in retaliation."

     Until then let's hope a fan doesn't burn out and push the red
button for us.

     And pray the Good Lord blows a UPS dead on those intending a
preemptive strike.  UPS = uninterruptable power supply.

     Most of the merely criminal Black Hatters should be rounded up and
put to work as Gray Hatters working for the world against the terrorist
Black Hatters working against the world.

     Give them a jail cell if you wish, but give them access.

     The jail cell merely becomes a bunker where they can work safely,
and perhaps redeem their sorry asses.

     They will be needed.

     Homer

------------------------------------------------------------------------
Homer Wilson Smith   Clean Air, Clear Water,    Art Matrix - Lightlink
(607) 277-0959       A Green Earth, and Peace,  Internet, Ithaca NY
homer@lightlink.com  Is that too much to ask?   http://www.lightlink.com

Sun Jan 18 21:10:25 EST 2015