.

OMG HE IS A HACKER!

<<

pizza1337

Full Member
Full Member

Posts: 156

Joined: Mon Mar 08, 2010 5:29 pm

Post Wed Mar 10, 2010 9:13 am

OMG HE IS A HACKER!

If you go to school or went to school, you probably have been called hacker(in a bad way), and if anything goes wrong, they look at you.
It happens all the time, if someones computer doesn't shutdown, they get error,
wireless doesn't work, get virus, and list goes on.

of course they don't know we have ethics, and rules we live by.

How do you guys deal with that?
Knowledge Resource is Power.
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Wed Mar 10, 2010 9:29 am

Re: OMG HE IS A HACKER!

I've been accused of sniffing network traffic. There were some latency problems, and a few people knew about my special interests so they pointed at me. I laughed and said, "Nope, not this time."

You're not to blame for their ignorance. It's easy to look at someone when you have no idea of what's truly going on. Just tell them to stop surfing for porn :P
ZF
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Mar 10, 2010 9:46 am

Re: OMG HE IS A HACKER!

LOL... I agree with zeroflaw, and I'll offer some more.

Honestly, I didn't have that issue, and here's why...

I understand the typical world thinking, that hackers are evil, and anything wrong MUST be their fault.  One thing I've learned is to lay low.  (Meaning, not necessarily avoid public awareness of me, etc, but not to make it 'obvious')  I still let the folks running things know who I was, and even offered to let them monitor my activity, if I even thought I might be touching something that bordered on unacceptable use.  I still do, today.  The key is to make sure that the people to whom this truly matters (the school administrators, the IT staff, etc) are aware of who you are, and what you're doing, especially if you're already labeled a hacker or a problem, and you want to change that perception, in their view.

Mind you, as you read on, I'm not assuming you have or haven't done anything that I mention, just that this is how you SHOULD be doing things -

If you're working or doing security 'learning' on systems at your school, then you should have full approval from those in authority, to be doing ANYTHING on them.  These systems don't belong to you.  That being said, the authoritative folks generally wouldn't be allowing you to do anything 'risky' on public systems, unless it was specifically spelled out as some sort of classroom exercise, where they had full control, and could reimage / rebuild at will, at the conclusion of the exercise.  If it's not specifically setup for a class, etc, they'd typically set you up on lab machines, or something, on an isolated (keyword = isolated) network.  This is, again, assuming that they give you ANY permission to do ANYTHING on their machines and network, other than the normal browsing and school work.

Thus, IF odd things are occurring on machines around you in a 'production' or frequently used REAL environment, then it should be well understood by them, and handled accordingly, that you have not been doing any of the testing on said network or machines, and that your activities are not malicious or troublesome, any more than the next person's.  When I administered the network at the school district that I used to be IT Director for, I had proxies (with NO way around them,) and logged EVERYTHING that went in and out of my publicly accessible computers in the buildings.  If I saw an IP that looked off, I checked it, etc., especially for any students or staff whom I had ANY question about.  We had very clearly spelled out 'Acceptable Use policies' and it was very well known that we'd monitor what you're doing, what sites you're hitting, etc.  If you're at a level where you're bypassing these proxies (assuming they have them in place,) then you're possibly a little further ahead in your security learning then you're letting on, in your initial posts.   ;)

The idea here is that, if you're being ethical, you MUST get approval for anything you're doing at school, and if you have that approval, and the administrators KNOW when you are doing what you're supposed to be doing, there shouldn't be any issues.  It's a trust factor.  If they don't trust you, then they won't even give you a LAB to play with, or any outside opportunity.  And if that's the case, you shouldn't use the school machines for ANY purpose related to hacking (ethical or not,) and save it for home.

If you're having issues, and being labeled a hacker (malicious or not,) then my suggestion would be to open a very clear discussion with the administrators at your school, and communicate what you will and won't do, what they'll allow you to do or not, and to make sure everything's clearly understood.  If that's in place, and you've correctly covered your backside, then I wouldn't worry about labels, and do what you're supposed / allowed to do.

HTH.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Wed Mar 10, 2010 11:48 am

Re: OMG HE IS A HACKER!

I usually start mumbling something very quietly and make my eye twitch.  They leave me alone. 

Honestly, most people will fear what they don't know.  They understand that you know more than they do about security, and that scares them.  It's natural.  It usually doesn't take more than 10 to 15 minutest to explain the process of something like pen-testing and how it is different from being a "bad guy."
~~~~~~~~~~~~~~
Ketchup
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Wed Mar 10, 2010 1:35 pm

Re: OMG HE IS A HACKER!

Ketchup wrote:They understand that you know more than they do [...], and that scares them.   It's natural.


I think that is true in all aspects and not only applies to security. Great point.
<<

pizza1337

Full Member
Full Member

Posts: 156

Joined: Mon Mar 08, 2010 5:29 pm

Post Wed Mar 10, 2010 3:38 pm

Re: OMG HE IS A HACKER!

I tell the person to look up pentesting and ethical hacking on google, but i don't expect them to do it. I also help the person in some way, they don't annoying a lot then. if they keep being ass, you can always find few emails, phone numbers and pictures, and make a webpage.  ;D

I blame media, you hardly ever hear about people who have help stop the bad guys. Lots of movie and TV shows portrayal hackers as people who break into government computers or banks and stealing money, secrets, and data.
Knowledge Resource is Power.
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Thu Mar 11, 2010 4:27 am

Re: OMG HE IS A HACKER!

I find that if anything out of the ordinary happens at work, my boss and people in my group ask/think I had a hand in it.  One person thinks I write viruses...lol!  I echo Ketchup's post 100%.
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Thu Mar 11, 2010 9:28 am

Re: OMG HE IS A HACKER!

one valuable lesson i've learned in situations like this: people only know what you tell them (props go to Frank A. for this one). leave them guessing!
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu Mar 11, 2010 11:28 am

Re: OMG HE IS A HACKER!

I would agree with your 'specific' statement that, "people only know what you tell them." The key word is know. But they will 'guess' at the rest. As is commonly said, "Nature abhors a vacuum." As I've been known to say in simpler terms, "In the absence of the facts, people will fill in the blanks with something. Unfortunately that something is usually not accurate and not positive."

So, although I know it was in jest, I would have to disagree with leaving them guessing. I've seen too many cases where people even got fired for this attitude. Communicate with them during the User Awareness Training, during help desk calls, during project planning... any way you can think of to let them know that it is totally ridiculous to think that IT/Security staff is to blame. Our jobs are there to keep things going, not to tear them down.

Inner voice: Deep breath, Don.
Don: Sorry. I get a little worked up.
Inner voice: That's OK. Better to do it here, then in the workplace.

Hope that helps,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Mar 11, 2010 11:31 am

Re: OMG HE IS A HACKER!

Agreed with don, and this goes back to my earlier post.  As far as general user population, they'll likely NEVER fully understand / care, etc.  But for admins and folks to whom this should truly matter, you should always have things very clearly spelled out for them, so as to minimize confusion, and standardize how / when  / where you are doing ANYTHING out of the accepted norm, so as to avoid being blamed for issues that may arise, outside of your 'practice.'
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Thu Mar 11, 2010 11:48 am

Re: OMG HE IS A HACKER!

don wrote:
So, although I know it was in jest, I would have to disagree with leaving them guessing. I've seen too many cases where people even got fired for this attitude. Communicate with them during the User Awareness Training, during help desk calls, during project planning... any way you can think of to let them know that it is totally ridiculous to think that IT/Security staff is to blame.


sometimes that doesn't work. I've explained how the firewall works more times than I can count. Until I've been blue in the face. They'll understand it for about a week, but the following week they'll turn around and ask the, site is giving me a 500 error, is the firewall blocking it? or the I can't to another server on the internal network, is the firewall blocking it?

Yes telling them is better than not telling them, but they have to want to know and remember, not just be at the training because they have to be, and forget what they were told when they stop pretending to care.

Sorry, just my rant on user training (I actually enjoy it, and am fairly good at it).
OSWP, Sec+
<<

KamiCrazy

Jr. Member
Jr. Member

Posts: 78

Joined: Wed Jun 17, 2009 8:40 pm

Post Thu Mar 11, 2010 3:14 pm

Re: OMG HE IS A HACKER!

I may just be lucky.

I've never had anyone find my skills weird or suspicious.

Maybe there are a few rules I live by.

1) Don't flex your security skills. If you want to use it for good use it appropriately.

2) Tell people about what you know in a comfortable social setting. I usually do it when I feel they are ready to know and I am building rapport with them. In those times they usually go "Wow!" (only if not to offend me maybe lol).

3) I try not to be a nazi paranoid schitzo security dude at work. If I see something as insecure I may make a suggestion to fix it but I won't go in and just tell people that its bad.

Basically it all comes down to this, you want your friends, colleagues, school mates etc on your side. It makes your entire life easier, they understand your better, their information technology risk decreases and everyone benefits from your expertise and mutual co-operation.
<<

pizza1337

Full Member
Full Member

Posts: 156

Joined: Mon Mar 08, 2010 5:29 pm

Post Thu Mar 11, 2010 4:34 pm

Re: OMG HE IS A HACKER!

KamiCrazy wrote:1) Don't flex your security skills. If you want to use it for good use it appropriately.


Agreed. If they know you can do something, they also come ask you to do favors (illegal) for them.
Knowledge Resource is Power.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Mar 12, 2010 4:41 am

Re: OMG HE IS A HACKER!

don wrote:I would agree with your 'specific' statement that, "people only know what you tell them." The key word is know. But they will 'guess' at the rest. As is commonly said, "Nature abhors a vacuum." As I've been known to say in simpler terms, "In the absence of the facts, people will fill in the blanks with something. Unfortunately that something is usually not accurate and not positive."

So, although I know it was in jest, I would have to disagree with leaving them guessing. I've seen too many cases where people even got fired for this attitude. Communicate with them during the User Awareness Training, during help desk calls, during project planning... any way you can think of to let them know that it is totally ridiculous to think that IT/Security staff is to blame. Our jobs are there to keep things going, not to tear them down.

Inner voice: Deep breath, Don.
Don: Sorry. I get a little worked up.
Inner voice: That's OK. Better to do it here, then in the workplace.

Hope that helps,
Don


i see your point, and i totally agree with you in that situation. especially within organizations communication is key! there is nothing more important to communicate with management about situations that have occured, how they happened, and how they have been solved (and why we need more budget  ;)). its good people know your skills and even more important, you know them yourself! always be honest about your knowledge and dont sell bs, cause karma will come back and bite you!

however, the situation the topic starter described is he's being called a hacker by friends/other people (in school, so none of the above applies). as long as you know they are "no member of the club" its fun to play around with them a little bit. some friends of mine dont know anything about computers, but i just like to have some fun with them just to boost my ego a little bit. so at this point i like them to keep guessing 8)
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sat Apr 03, 2010 10:43 am

Re: OMG HE IS A HACKER!

Roll my eyes and laugh it off. What's the most absurd thing you've been accused of? I was performing an IT Audit, doing a policy review at the moment, and a 100MB WAN connection went down. Guess who they suspected? It turned out their ISP accidentally disconnected the wrong circuit, and it remained down for 2-3 hours. *whoops*
The day you stop learning is the day you start becoming obsolete.
Next

Return to Opinions

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software