HACKERS AND THE LAW This posting can be found at http://www.homerwsmith.com PREAMBLE The idea that one should use proprietary non open source software to protect the integrity of our voting systems is a joke. THE LAW OF THE SKY AND THE LAW OF THE LAND There is the law of the sky which tells us what is right and wrong. There is the law of the land, which tells us what is legal and illegal. Just because something is legal doesn't mean it is right. Just because something is illegal doesn't mean it is wrong, and it may in fact be mandatory according to the law of the sky. Thus civil disobedience can be a morally mandated duty. People who claim that something is right just because it is legal, or that something is wrong just because it is illegal are hiding behind the law. We have a moral duty to do what is right first and what is legal second. Neither God nor Angel hide behind the law (of the land.) When you get to the Pearly Gates, Saint Peter won't be asking you if you have done what was legal, he will be asking you if you have done what was right. HACKERS There are three kinds of hackers. White hat hackers obey the law of the land. Their prime directive is to do the greatest good for the greatest number as long as they can stay within the the law of the land. "I want to do good, but I ain't going to jail just to save the world." Gray hat hackers are willing to break the law of the land to protect the law of the sky. Their prime directive is to do the greatest good for the greatest number period, regardless of personal cost. Black hat hackers break the law of the sky. Their prime directive is the do the greatest good for themselves regardless of the expense to others. SOFTWARE There are two kinds of software. Proprietary and Open Source. Proprietary code is private or secret and it is illegal to hack into it and reverse engineer how it works. Open Source code is public and it is legal to hack into it and reverse engineer how it works. CODE ERRORS AND SOFTWARE BUGS All code has errors, many of which provide security holes which are dangerous to those using the software. PROPRIETARY CODE Black hat hackers will reverse engineer proprietary code, and if they find a security flaw, they will keep it to themselves and exploit it to their own benefit at the expense of others. The CIA does this to all bugs it finds in Microsoft or other software. Gray hat hackers will also reverse engineer proprietary code, but if they find a security flaw, they will inform the manufacturers of the code and give them time to fix it. Then a certain reasonable time later, they will also broadly publish the security flaw and how to exploit it. This pressures unethical or sleazy manufacturers to fix their code rather than leave it broken for Black Hatters to find. When the Gray Hatters publish the security flaw the Black Hatters get it also, but by that time it should be fixed so they and no one else can do anything bad with it. Manufacturers of proprietary code dislike Black Hatters, but they dislike Gray Hatters more. The Black Hatters keep the security flaws to themselves where only they can exploit them, or they blackmail the authors to guarantee they won't exploit the flaws. Many code authors would jump at the opportunity to keep a serious flaw quiet, to protect their reputation, even if they did fix it, so there is money in this for the Black Hatters. Gray Hatters make the security flaw public after a fair amount of time to force the manufacturers to fix it. Some people think that Gray Hatters are those who alternate between Black Hatters and White Hatters. That's like shooting someone today and not shooting someone tomorrow. That's not Gray, that's psychotic. They are like loose cannons without a prime directive at all. White Hat hackers will not touch proprietary code because it is illegal to do so. If they consider they have a moral mandate to break the law of the land to protect the law of the sky, they become, in that moment of choice, Gray hat hackers. OPEN SOURCE CODE All three kinds of hackers will review and vet open source code for security flaws, and use them for their own purposes. Black Hatters will use the security flaws they find to benefit at other's expense which is a violation of the law of the land and the sky. Gray Hatters will disclose the security flaw first to the author of the software to give them time to fix it, and then disclose it to the general public to make sure it is "fixed and stay fixed or else." White hat hackers will do the same as the Gray hat hackers. It might be tempting to say that the Gray Hatter should not disclose the security bug publicly, but only privately, to the software author, particularly if it is 'fixed', so that the annoyance of endless script kiddies exploiting the code without any understanding themselves can be avoided. It's one thing to have a few highly intelligent Black Hatters exploiting your code, it is quite another to have 10 million grade school kids who know a little linux, posting the exploit along with naked selfies to all their friends, exploiting it for fun from all over the world. You understand? However script kiddies are the Gray Hatter's guarantee that the software author will fix the flaw lest everyone and their blond girlfriend start causing trouble with it. And in any case, if a flaw is 'fixed' by the author and then kept under wraps, the other Gray and White Hatters won't have an opportunity to check out the corrected work, thus it may still be wrong, or related to something near by that is also or more wrong. No Gray Hatter wants to take the responsibility of personally offering to guarantee that a serious bug is fixed, even if the original author he informed says it is. So the flaw gets published publicly. Everyone else's vetting of the same code is the Gray Hatter's personal guarantee that the code was almost assuredly fixed right. Any hacker can think code is right when it is still wrong but thousands of hackers are probably not wrong. Anyhow this kind of guarantee, one, that code is fixed, and two, that code is fixed right, is as good as it can get, so accept the process we must, even if we have to suffer the relatively harmless slings and arrows of outrageous script kiddies taking our system down from time to time, before the author fixes it for good. If the flaw is not fixed, and a Black Hatter finds it, then all hell may break loose. That will be the day that we will pray to God that the script kiddies had done their job ahead of the Black Hatters. To publicly publish or not to publish a security flaw is a moral choice, and each Hatter is responsible and accountable for the quality of his conscience and the consequences of their actions. PROPRIETARY vs OPEN SOURCE Proprietary code provides security through obscurity. Since the code can not EASILY be reviewed by anyone interested, security flaws can remain undiscovered for a very long time. When they are discovered, if they are discovered by Black Hatters, they can be exploited forever until someone else discovers the same security flaw and is willing to reveal it to the author. Thus proprietary code often provides the illusion of security, all the while the code may be infiltrated and infected at many installations of importance, including national importance. If all of the security flaws are hidden through obscurity, then all will be well until a Black Hatter or the CIA finds one anyhow. In general then, over time, security by obscurity means you are owned by the enemy lock, stock and barrel. Open Source codes does not have any security through obscurity, because the day it is set in operation anyone and everyone who is interested in security flaws, whether Black, Gray or White, will be combing through the code trying to find flaws before anyone else. The Black Hatters want the flaw so they can exploit it for a while, to inure to their own benefit at the expense of everyone else. The Gray and White Hatters want it so they can get it fixed quickly and get a public gold star for their record. They love this, its an ego thing. "I saved the world!" Be grateful. Thus when open source is first published, it tends to have a lot of security updates resulting from global full time scrutiny by the hacker community, but then it becomes rock solid and much safer to depend upon than proprietary code ever will. There are two main goals of the Black Hatters. TO USE AND TO DESTROY. The primary goal of Black Hatters is not necessarily to destroy the system but to suck off of it, money or useful resellable data, for a very long time, so they tend to use extreme stealth in their exploits. They don't want anyone to know they are there, ever. They won't crash your computer because their daily take stops flowing. These are the criminal Black Hatters. Or the CIA who wants their freedom to spy on everyone through exploits in their computers to remain available forever. The other goal of some Black Hatters is to destroy the system completely, these are the terrorist Black Hatters. Although Terrorist Black Hatters can bide their time, in general they want a quick and overwhelming public show of their presence, usually for political or religious ends, rarely for money per se. They have considered that their law of the sky has been so egregiously violated by their target, that they are willing to violate the law of the land to hack and destroy, even if little or no personal gain comes to them, often at great personal risk even to themselves. It is tempting to call these kinds of terrorists cowards, we do so because their moral mandate scares the hell out of us. The Black Hatters who invade banking systems to siphon off free money to themselves so they can live better are criminals, they have no interest whatsoever in destroying the system or society. They are parasites who know the importance of their host remaining alive, unsuspecting, and feeling well. Their relationship with their targets is often symbiotic, its just not agreed to by both sides, and of course the fair trade is out of balance. The Black Hatters who invade banking systems to shut them all down one day, are often on a suicide mission from on high, because should the banking system or all power/food/transportation etc shut down the results would be apocalyptic and harm the hacker himself along with everyone else. At that point the common man's only option would be to become real religious real quick, apologize to the Lord, and wait for some kind of rapture or something to take them up, because it will be fire and smoke for everyone else down here on Earth for the rest of time. You wouldn't recognize the next stable society that might arise. whose economy was based on carbon embers. CYBER WEAPONS OF MASS DESCRIPTION Relative to any particular given country, most of the terrorist Black Hatters are foreign to that country, and those who have declared a covert war against that particular country. Some Black Hatters will be working within the targeted country as operatives behind enemy lines. The governments of all countries are putting covert cyber weapons of mass destruction (CWMD) into the computer's system of all other countries, particularly their enemies but friends too, just in case they are needed. So now we have chemical, biological, atomic, genetic and cyber weapons of mass destruction. The purpose of infecting other nation's cyber infrastructure is to create mass destruction or interruption to those computer systems if needed. But since all of society depends on these computers at every level of its existence, the mass destruction of computers means the mass destruction of that society. One advantage of cyber WMDs is they are cleanish, you can turn off the water without polluting it and even turn it back on again easily if you are lucky. And of course each country is in turn infected by the cyber WMD of many other countries. Except for America of course. America doesn't have the weakness in its systems to be infected by its enemies. And America doesn't have the ethical paucity to stoop to such shenanigans in return. Not under the eternal vigilance of the American Flag. For the rest, it is Mutual Assured Destruction (MAD) all over again, much worse than any nuclear war we could do. But it all plays out the same way, "If you push your little red cyber button, we will push ours in retaliation." Until then let's hope a fan doesn't burn out and push the red button for us. And pray the Good Lord blows a UPS dead on those intending a preemptive strike. UPS = uninterruptable power supply. Most of the merely criminal Black Hatters should be rounded up and put to work as Gray Hatters working for the world against the terrorist Black Hatters working against the world. Give them a jail cell if you wish, but give them access. The jail cell merely becomes a bunker where they can work safely, and perhaps redeem their sorry asses. They will be needed. Homer ------------------------------------------------------------------------ Homer Wilson Smith Clean Air, Clear Water, Art Matrix - Lightlink (607) 277-0959 A Green Earth, and Peace, Internet, Ithaca NY homer@lightlink.com Is that too much to ask? http://www.lightlink.com Sun Jan 18 21:10:25 EST 2015