Q&A Friday #18: Should Hacking Be A Crime?
Question: “Should all ‘hacking’ be a crime? Or do you think that some hackers actually do some good.” — Chairman_Mao
Answer: Way back in the day when I ran Brass Knuckles Webzine, I read a couple of books about hackers, read some of the online hacking websites semi-regularly, interviewed a couple of hackers, and even had a hacker on my ICQ list. I certainly wasn’t an expert on the subject (and never did any hacking myself), but I had an opportunity to at least see where some of the hackers were coming from.
Since then, I’ve also had an opportunity to work for an ISP wholesaler, talk to some online security experts, and got a general idea of the sort of problems hacking caused on the other side of the fence.
The truth is that most hackers aren’t doing anyone any good. Sure, you’ll find the occasional white hat hacker who harasses terrorists or finds a vulnerability in a system and quietly informs the people involved of the problem without exploiting or damaging their system, but hackers like that are rare.
From what I’ve seen of hackers, most of them are bored teenagers and college age kids who get a thrill out of breaking into systems and maybe doing damage, maybe not. In any case, they’re a huge pain in the butt because once they break in, you have to ASSUME they’re looking to do harm.
It’s like finding out that someone is sneaking into your house. Maybe, they just like to sit on the furniture and watch the TV. In any case, they’re not supposed to be there and in order to keep them out, you may spend countless manhours and piles of money.
This is what a lot of hackers just don’t seem to get: even if they’re not malicious — and that can be a big if — companies may still have to spend tens of thousands of dollars on software, new routers, consulting time, you name it, just to keep them out.
A few years back, the counter to that I’d always see was: “Well, it’s the fault of the people who got hacked for not keeping their security up.” No, no, no. If you leave your wallet — stuffed with cash — in an unlocked car, that’s not a smart thing to do. However, that doesn’t mean it’s OK to steal the cash or even just to get in the car and listen to the radio. It’s not your car; you shouldn’t be there.
So, yeah, I think hackers should be prosecuted, although I do think the costs incurred by the person or company hacked as well as whether the hacker was malicious or not should be taken into account. The sort of hackers who are destroying files, stealing credit card info, creating viruses, and doing denial of service attacks? They deserve jail time as far as I’m concerned. On the other hand, if you’re talking about a first time offender who’s trying out some script online, is non-malicious, and doesn’t do any damage: a slap on the wrist and a stern warning would probably be more appropriate.