Most Hackers Aren’t Criminals大多数黑客不是罪犯

来源 :英语世界 | 被引量 : 0次 | 上传用户:jchangmafco
下载到本地 , 更方便阅读
声明 : 本文档内容版权归属内容提供方 , 如果您对本文有版权争议 , 可与客服联系进行内容授权或下架
论文部分内容阅读
  幼儿园老师问我儿子爸爸做什么工作,他解释道:“他偷东西,不过没事儿,因为人家给他钱让他这么干。”
  我儿子说得没错。
  2我是一名黑客,并且管理着一支黑客团队。我们整天寻找方法强行进入可以与互联网相连的任何设备,如服务器、自动取款机、灯泡等,努力获取本不该被看到的信息。如果我们在罪犯之前获取这些信息,那么我们就尽到了自己的职责。
  3正如医生或律师为他们所从事的工作感到自豪一样,我也对賴以谋生的工作感到自豪。然而得克萨斯州机动车管理局最近却对我的职业持批判态度。我为自己的爱车购买了个性车牌,该机构迅速将它们没收,声称“HACKING”字样的车牌支持违法和犯罪行为。
  4尽管有这种反应其实不是出于好心没收我车牌的市政人员的错,但它却表明对我职业根深蒂固的曲解如何造成了错误的认知和刻板印象。
  5好莱坞以及安防行业本身对黑客形象的描述促使“黑客”这个词成为“罪犯”的同义词。黑客经常被描绘成在黑屋里罩着帽兜敲击键盘从事非法活动的人,并且几乎清一色是男性。近年来,像电视剧《黑客军团》和电影《瞒天过海:美人计》也引入了女性黑客角色,但不幸的是男性黑客的刻板印象依然盛行。
  6这些刻板印象并不适用于安防行业的大多数黑客。黑客不是独自工作的社会弃儿。我已经干了30多年黑客工作,并且不穿连帽短衫。一些黑客甚至选择穿正装上班。另外,剧透一下,女性也做黑客。进攻型的安防文化本质上是包容的:这种安防业务就是公司雇用能力更强的黑客在罪犯动手前抢先找出机构的失控点。为公司测试安全性并想出侵入公司的创造性方法需要多样化的团队和思维模式。
  7“黑客”这个词的现代用法是20世纪50年代在麻省理工学院校内创造的。多年后,黑客定义为用电脑编程和解决问题的专家,可以拓展电脑和电脑程序最初设计的任务完成能力。
  8黑客行为是一项活动,将任何一项活动与犯罪区分开来的通常是获得许可。人们有权自由驾驶,但没有权把车开到时速150英里,这是野蛮驾驶,是一种刑事犯罪。银行家可以将客户的钱转账,但如果没有获得许可而这样做,那就是侵占。你从未听说过有人仅仅因为是证券经纪人而被捕,因为没有人会因为选择金融领域作为职业而受指控,但如果他们参与非法活动,如内幕交易,就会被捕。
  9多亏安全研究人员的黑客攻击行动,2019年发现了最常用Wi-Fi加密标准一个新版本存在的漏洞,使罪犯无法利用这些漏洞侵入家庭和商业网络。相反,就在此前的那个月,罪犯在安全研究人员之前发现了谷歌安卓操作系统的一个未知漏洞,让坏人完全控制了十多个手机型号。
  10黑客行为本质上并不是犯罪。从事非法黑客攻击活动的人不应该叫作“坏黑客”,而应该称之为“网络罪犯”“威胁行动者”或“网络攻击者”。黑客是像我和我的IBM团队一样寻找漏洞的安全专业人士,希望抢在被罪犯利用之前找到我们电脑系统的薄弱环节。
  11电脑犯罪分子分为两类:“黑帽”和“灰帽”。黑帽是恶意侵入的(如刺探情报、盗取数据),利用漏洞寻求经济或个人利益。灰帽是可能没有恶意但没有获得许可而侵入系统的人。某个特定的罪犯属于黑帽还是灰帽,描述的只是已经确定为非法活动的背后动机。
  12发展进程中,安全行业也引入了道德伦理帮助解释黑客行为的正当性,给予我们“道德黑客”称号,给始于20世纪50年代的这个职业添加了一层人工防护膜。然而不幸的是,连安防资格证书也在其名称前面加上了这个形容词。我们不能也不应该指责公众将我们称为道德黑客,但请问:把某人介绍为道德证券经纪人听起来是否合适?道德工程师或道德教授呢?
  13黑客在维护公司和个人安全方面发挥着关键作用。黑客未能正确地履行职责等同于让公司以为穿着防弹背心而事实上却穿着羊绒衫。在IBM,我的X-Force Red团队开展的一项工作是攻击自动无人驾驶汽车、飞机和火车,以便确保每台机器发货之前发现并纠正每一个可能出现的安全漏洞。想象一下如果这些运输工具在出厂前未能发现并纠正安全缺陷会发生什么糟糕的事情吧。
  14对“黑客”一词的曲解不仅损害了进攻型安防行业,也扭曲了立法者对所有黑客的理解和认知。例如,《计算机欺诈与滥用法》严重依赖这个词及对它的误解。为了社会就安全研究和渗透测试展开公开和富有成效的讨论,我们需要澄清黑客到底是谁,他们做的是什么。与我交流的许多政府官员理解这一点。其他人则选择将我的车牌没收。
  When asked what his father did for a living, my son explained to his kindergarten teacher that “he steals things, but it’s O.K. because he gets paid to do it.”
  He wasn’t wrong.
   I’m a hacker, and I run a team of hackers. We spend our days discovering ways to break into anything that can connect to the internet—servers, automated teller machines, light bulbs—in an attempt to access information that was never meant to be seen. If we get to it before a criminal does, then we’ve done our job.
   I’m proud of what I do for a living, just like doctors or lawyers are proud of the work they do. The Texas Department of Motor Vehicles, however, recently took a critical stance on my profession. When I purchased vanity plates1 for my car, the agency was quick to take them away, claiming that a license plate displaying “HACKING” endorsed illegal and criminal activity.    While this reaction really isn’t the fault of the well-intentioned municipal employee who took away my license plates, it’s a symptom of how a deeply rooted misrepresentation of my profession has created flawed perceptions and stereotypes.
   The way that hackers are depicted in Hollywood and by the security industry itself has contributed to the word “hacker” becoming synonymous with “criminal.” Hackers are often portrayed as hooded figures in dark rooms who are engaged in illegal activity while jabbing at keyboards and are almost always male. In recent years, television shows like “Mr. Robot” and movies like “Ocean’s 8” have introduced female characters as hackers, but the male hacker stereotype unfortunately prevails.
   The stereotypes don’t apply to most hackers in the security profession. Hackers aren’t social pariahs2 who operate in silos3 and work alone. I have been a hacker for over 30 years, and I do not wear hoodies. Some hackers even choose to suit up for the job. And—spoiler alert—women hack too. Offensive security culture is innately inclusive: This is a business in which companies hire hackers to outsmart them, to find an organization’s breaking point before criminals do. Testing a company’s security and coming up with creative ways to hack into it is something that requires diverse teams and diverse mind-sets.
   Back in the 1950s, the modern use of the term “hacking” was coined within the walls of the Massachusetts Institute of Technology. For many years after, a hacker was defined as someone who was an expert at programming and problem-solving with computers, who could stretch the capabilities of what computers and computer programs were originally intended to do.
   Hacking is an activity, and what separates any activity from a crime is, very often, permission. People are free to drive, but they do not have permission to drive 150 miles per hour—that’s reckless driving and it’s a criminal offense. Bankers can transfer their clients’ money, but if they do so without permission, that’s embezzlement. And you’ve never heard of someone being arrested simply for being a stockbroker, because no one is charged for choosing a career in finance—but they’d be arrested if they engaged in illegal activity like insider trading.
   Thanks to security researchers’ hacking practices, in 2019 vulnerabilities in a new version of the most common Wi-Fi encryption standard (WPA3) were found before criminals could use them to break into home and business networks. Conversely, just the month before criminals found an unknown vulnerability in Google’s Android operating systems before security researchers did, giving the bad guys full control of more than a dozen phone models.    Hacking isn’t an inherently criminal activity. Someone who engages in the illegal use of hacking should not be called a “bad hacker” but a “cybercriminal,” “threat actor” or “cyberattacker.” Hackers are people like me and my team at IBM—security professionals who are searching for vulnerabilities, hoping to find weak links in our computer systems before criminals can exploit them.
   Those who commit computer crimes fall into two categories: “black hat” and “gray hat.” A black hat is someone who hacks with malicious intentions (espionage, data theft), seeking financial or personal gain by exploiting vulnerabilities. A gray hat is someone whose intentions may not be malicious but lacks the permission to hack into a system. Whether a particular criminal is a black hat or a gray hat is simply descriptive of the motivation behind what has already been established as illegal activity.
   Somewhere along the way, the security industry also recruited ethics to help justify hacking behavior, giving us “the ethical hacker” and adding an artificial defensiveness to a profession that has existed since the 1950s. Unfortunately, even accredited security certifications use the adjective in their very title. And while we can’t and shouldn’t fault the general public for referring to us as ethical hackers, I ask you this: Does it sound right to introduce someone as an ethical stockbroker? How about an ethical engineer or ethical professor?
   Hackers play a critical role in keeping companies and people safe. A hacker failing to do the job right is the equivalent to letting a company believe and function as if it’s wearing a bulletproof vest when in fact, it’s wearing cashmere. At IBM, one thing my team, X-Force Red, does is hack autonomous vehicles, planes and trains to make sure that every possible security vulnerability is found and corrected before each machine is shipped. Imagine what bad things could happen if security weaknesses aren’t identified and corrected before those vehicles are out the door.
   The misrepresentation of the term “hacker” not only undermines the offensive security community but also distorts legislators’ understanding and perception of hackers overall. The Computer Fraud and Abuse Act, for example, relies heavily on the term and its misinterpretation. For society to have open and productive discussions about security research and penetration testing, we need to set the record straight on who and what hackers really are. Many government officials whom I’ve spoken with understand this. Others choose to take my license plate away.
其他文献
四 级  Directions:  For this part, you are allowed 30 minutes to write an essay on online libraries. You can start your essay with the sentence “Online libraries are becoming increasingly popular”. Yo
期刊
全世界都在聚焦应对气候变化之际,几大主要经济体开发绿色清洁能源和太阳能电池板、电动汽车等高技术工业产品的速度将受到考验。  2过去10年里,中国在清洁能源技术和可再生工业产品的研究和应用方面取得了显著发展,这为中国获得了显著的竞争优势,为其继续引领世界绿色创新和高质量经济增长铺平了道路。  3如今,作为太阳能装机量、太阳能制造能力和太阳能电场出口的领跑者,中国企业在风力涡轮机制造、电池电力研发和存
期刊
那家孤儿院坐落在卡罗来纳山地高处。冬日里,有时积雪堆得颇厚,封锁了孤儿院通往村庄乃至外界的道路。缭绕的云雾遮蔽了重重峰峦,山谷里雪花飞落。在凛冽的寒风中,孤儿院的男孩们每天跑两趟婴儿房送牛奶,当他们伸手推门时,手指都已经冻得不听使唤。  2我是秋天去那儿住的,当时想找个安静偏僻的环境处理一些棘手的写作任务;我想呼吸山间的新鲜空气,摆脱久居亚热带沾染的一身瘴气。我也想念故乡十月枫林尽染,想念那成堆的
期刊
小的时候,我在金鱼养殖场长大,那是一段我曾珍藏的记忆。养殖场位于一片天然湿地,水来自纵横交错的小溪小河,湿地四周林木环绕。清晨,鱼塘水汽升腾,方圆数里便弥漫着悠悠薄雾。然而,如此美景,背后却是繁重的工作:白昼苦长,劳作无尽。现在,身处新冠疫情危机,我却常常想起那个地方。  2 20世纪20年代末,曾祖父创办了猎溪渔业公司。相传,罗斯福总统曾在丘吉尔首相的陪同下从曾祖父手里买过金鱼,当然只是传说而已
期刊
2020年6月,24岁的解放军战士肖思远在中印边境加勒万河谷冲突中为保卫国土壮烈牺牲。媒体报道他的英勇事迹后,无数人为之动容,而人们发现他的微信头像是爱国主义动漫《那年那兔那些事儿》中的兔子后,更加感动。  2这部热门爱国主义动漫的创作者是漫画家林超。他在新浪微博写道:“看着用行动保家卫国的烈士能从《那兔》里得到精神上的慰藉,真的让我感动到不行。”该作品旗帜鲜明地爱国爱党,在网上广为流传,深受年轻
期刊
放眼全球經济,迄今为止,发展最迅速、增长最快的行业之一无疑是以清洁、可再生为特点的替代能源行业。  2目前,最清洁、最高效的能源解决方案包括以下几种:  1.太阳能  3太阳能来自太阳。太阳能电池板“捕获”太阳的能量,将其转化为可用的能源形式,为供暖和制冷系统、热水、照明、电器等提供能量。  4太阳能的优点是,太阳能电池板可买可租。如果你家的太阳能电池板并入国家电网,你甚至还能因为用电节余获得补贴
期刊
【譯者言】 机器翻译基于对翻译系统所带语料库里语料的计算,这样做有两个优点:第一,可以根据词频选择最常用的对应词,保证译文有比较高的准确率;第二,语料库范围内的词义、用法不会有遗漏。不过,目前的机器翻译软件也有两个缺点。第一个缺点是,原文里万一出现超出语料库词汇范围的表达式,机器便束手无策。例如本篇的agon,机器和译者都是第一次遇到,机器一般只能照搬原文或音译为“阿贡”或“阿攻”,这等于没有译,
期刊
在“雅思写作词汇”系列里,老雅已经指出,雅思写作(即使高分段写作)并不需要特别高端的词汇。老雅的基本观点是:如果能准确使用4500左右的词汇,就能达到写作7分的词汇标准。本专栏上期,老雅已经介绍了5个万能雅思写作高分词汇,本期将再介绍5个高分词汇。需要说明的是,所谓“万能”,是指这些词汇在多数题材中都可用到,因此考生既可以为了意思表达需要使用这些词汇,也可以为了让这些词汇出镜而调整需要表达的意思。
期刊
在18世紀中叶的七年战争中,法军药剂师安托万一奥古斯丁·帕尔芒捷被普鲁士士兵俘虏。身为战俘,帕尔芒捷被迫以定量配给的土豆度日。在当时的法国,土豆被认为是家畜饲料,导致人类患上麻风病,因而这几乎相当于一种非比寻常的残酷惩罚。由于人们普遍对土豆感到恐惧,法国在1748年通过了禁止种植土豆的法案。  2但帕尔芒捷在狱中发现,土豆并不会致人死亡。实际上,土豆非常可口。这名药剂师在战争结束时获释,此后开始向
期刊
看北極光必须去芬兰或挪威?你要是这样想,那就错了。在美国中西部的北部地带,从明尼苏达州北部到密歇根州上半岛甚至更远,都能一睹这超凡脱俗的美景。明尼苏达州北部的雷尼湖地区是通往探险家国家公园的门户,如果天公作美的话,这里每年可以看到多达200次极光天象。  2首先解释一下:地球的磁场在两极上方和周围较弱,极区上空各有一个称为“极光卯”的环带状区域。沿着极光卯的弯曲边缘,太阳耀斑释放出的带电粒子进入地
期刊