Larry Pesce spends his days on the attack. From a computer inside his Rhode Island home, he hacks into computer networks and software looking for private data. “To gain access to their intellectual property, their money, or well, credit card data,” Pesce says. Pesce doesn’t pick the companies he targets, they pick him and pay him to find vulnerabilities in their information systems and report them.
“The privacy awareness issues for folks to be able to make informed risk decisions, to be able to help folks, as opposed to extort them for our own profit,” Pesce says. He is what is called a white hat. A large and often underreported segment of the diverse hacking culture.
Greater Boston has one of the largest white hat hacking communities in the world, with a high concentration of high tech companies and top notch universities like Harvard and M.I.T., the history runs deep. “One of the first papers to be put on the web was the history of lock picking. And this had always been passed around at M.I.T.,” says Judith Donath, a fellow at Harvard University’s Berkman Center for Internet and Society. She says hackers are often motivated by the thrill of pulling something off that nobody else can do, finding a flaw, cracking a cod. It’s what they do with the knowledge that sets them apart.
Black hat hackers use their skills in illegal or devious ways and the gray hats are somewhere in the middle. “To be able to show how a system can be made better is very different than the side tied to the thrill of being malicious or destructive,” Donath says. “It’s very, very different than organized international networks of bank robbers or people going after nuclear facilities.”
The so-called black hat hackers are the ones we hear the most about. Robert Tappan Morris unleashed the first computer worm. Alberto Gonzalez sole more than 135 million credit card numbers by hacking into chain stores. And Bradley Manning is the U.S. Army specialist accused of stealing classified information no the war in Afghanistan, and giving it to whistleblower website Wikileaks. “I think there are more people in the hacking community trying to prevent that than perpetrating these crimes,” says Chris Wysopal, the co-founder of Veracode, a Burlington-based computer security company.
Like Larry Pesce, he’s parlayed his hacking skills into a career helping companies protect themselves. Wysopal says there will always be a debate in the hacker community. How far is too far? Especially when it involves probing other people’s systems and exposing flaws. But he says the perception of hackers is changing, and he believes it’s for the better. “Just last year at Defcon, the largest hacker convention in Las Vegas, I think ten thousand people go, you had officials from the Department of Defense and the assistant secretary of defense went and gave a keynote and said ‘I need you guys-you need to come work for the Department of Defense’,” Wysopal says.
So instead of hurting us, many hackers may actually be protecting us. It all depends what color hat they decide to wear.