posted October 06, 2007 01:39 AM         

--[ 2. The security paradox.

There is something strange, really strange. I always compare the
security world with the drug world. Take the drugs world, on the
one side
you have all the "bad" guys: cartels, dealers, retailers, users...
On
the other side, you have all the "good" guys: cops, DEA,
pharmaceutical
groups creating medicines against drugs, president of the USA
asking for
more budget to counter drugs... The main speech of all these good
guys
is : "we have to eradicate drugs!". Well, why not. Most of us agree.

But if there is no more drugs in the world, I guess that a big
part
of the world economy would fall. Small dealers wouldn't have the
money to
buy food, pharmaceutical groups would loose a big part of their
business,
DEA and similar agencies wouldn't have any reason to exist. All the
drugs centers could be closed, banks would loose money coming from
the
drugs market. If you take all thoses things into consideration, do
you think that governments would want to eradicate drugs? Asking the
question is probably answering it.

Now lets move on to the security world.

On the one side you have a lot of companies, conferences,
open source security developers, computer crime units... On the
other side you have hackers, script kiddies, phreackers.... Should
I explain this again or can I directly ask the question? Do you
really
think that security companies want to eradicate hackers?

To show you how these two worlds are similar, lets look at
another
example. Sometimes, you hear about the cops arrested a dealer,
maybe a
big dealer. Or even an entire cartel. "Yeah, look ! We have
arrested a
big dealer ! We are going to eradicate all the drugs in the
world!!!". And
sometimes, you see a news like "CCU arrests Mafiaboy, one of the
best
hacker in the world". Computer crime units and DEA need publicity -
they
arrest someone and say that this guy is a terrorist. That's the
best way
to ask for more money. But they will rarely arrest one of the best
hackers
in the world. Two reasons. First, they don't have the intention
(and if
they would, it's probably to hire him rather than arrest him).
Secondly,
most of the Computer Crime Units don't have the knowledge required.

This is really a shame, nobody is honest. Our governments claim
that
they want to eradicate hackers and drugs, but they know if there
were
no more hackers or drugs a big part of the world economy could
fall. It's
again exactly the same thing with wars. All our presidents claim
that we
need peace in the world, again most of us agree. But if there are
no more
wars, companies like Lockheed Martin, Raytheon, Halliburton, EADS,
SAIC...
will loose a huge part of their markets and so banks wouldn't have
the money generated by the wars.

The paradox relies in the perpetual assumption that threat is
generated from abuses where in fact it might comes from inproper
technological design or money driven technological improvement
where the
last element shadows the first. And when someone that is dedicated
enough
digs it, we have a snowball effect, thus every fish in the pound at
one
time or an other become a part of it.

And as you can see, this paradox is not exclusive to the security
industry/underground or even the computer world, it could be
considered
as the gold idol paradox but we do not want to get there.

In conclusion, the security world need a reason to justify its
business. This reason is the presence of hackers or a threat
(whatever
hacker means), the presence of an hackers scene and in more general
terms
the presence of the Underground.

We don't need them to exist, we exist because we like learning,
learning what we are not supposed to learn. But they give us
another good
reason to exist. So if we are "forced" to exist, we should exist in
the good way. We should be well organized with a spirit that
reflect our
philosophy. Unfortunately, this spirit which used to characterized
us is
long gone...

posted October 06, 2007 06:32 PM         

This has happened quite a bit- and they DO arrest them, they are not jailed. Laughs.... hire them? SouthLand Corp [7-11] hired an X-Con who used to rip them off as their "Security Expert" who better to asess the stores?