Wednesday, October 14, 2020

Hacking is not a crime, and other problems with words in cybersecurity awareness (Day 14 of 31)

If you've been seeing messages about Cybersecurity Awareness Month you may that find you're now more aware of news headlines like these: 

Hackers steal data from school district, post it on the internet 

Coronavirus: How hackers are preying on fears of Covid-19?

Well, on the one hand, I'm very pleased if you're more alert to news of this nature, and I hope that you keep reading about the problems described in the articles. On the other hand, I have to say that those headlines are somewhat misleading. I'm not saying they are fake news, far from it, but those headlines wrongly confuse hackers with criminals. They should read:

Criminals steal data from school district, post it on the internet 

Coronavirus: How criminals are preying on fears of Covid-19

To be clear: people who hack computers for criminal purposes are criminals, not hackers. There are many people who engage in perfectly legal activities that definitely are hacking. And some hackers are very noble and selfless people. For example, right now there are people constructively "hacking" together programs and devices that can help the world deal with the Coronavirus pandemic, for example:

So, when editors and journalists lazily use hackers instead of criminals they are doing the world a disservice. As someone who has spent the better part of three decades trying to explain why the world needs to do more to shut down the criminal abuse of information technology, I can assure you that confusion over the word "hacker" has been a serious distraction if not an outright impediment. 

I have written about this criminal/hacker problem here and there is a whole "Hacking is Not a Crime" organization devoted to remediating the problem. The non-profit organization's mission statement says that it is: "seeking to raise awareness about the pejorative use of the terms "hacker" and "hacking" throughout the media and popular culture. Specifically, the negative connotation in which the terms are so often associated." 

The statement goes on to explain why that matters: 

"Hackers are often vilified and portrayed as evil, menacing, and even threatening individuals. Because of this, many hackers refrain from publicly disclosing physical and information security vulnerabilities they discover due to fear of legal retaliation. Subsequently, this is creating an increasingly hostile digital frontier due to compromises perpetrated by cybercriminals and threat actors. We therefore advocate state and federal legal reform which provides a safeguard for hackers conducting security research."

So, as your cybersecurity awareness grows, know that hacker does not equal criminal. and criminals who use hacking techniques to commit crimes are, simply criminals. 

For more on this, check out the Hacking in NOT a Crime website and follow @HackNotCrime on Twitter.


No comments: