Opinion The hacker mind is a curious way to be. To have it means to embody endless analytical curiosity, an awareness of any given rule set as just one system among many, and an ability to see any system in ways that its creators never expected. Combine this with a drive to find the bad and make things better, and you become one of the fundamental forces of the technological universe.
When you also see crime, politics, and power in the same light as rule sets and systems that can go wrong, and can be made better outside the limits they set, then anything is possible. Take this interview with Jake Braun, a digital activist. For years, he has been applying the hacker mind in the service of lawfulness, democracy, freedom, science, and human rights, creating projects, teams, and organizations in their defense. The landscape here of late has been changing, not necessarily in a good way. As he points out, 500 years of progress is now being pushed back by authoritarianism.
One way to push back is to bundle tools and techniques that allow oppressed communities to communicate ideas and data beyond the reach of disruption, censorship, or control by those in power. This puts some of that power back in the hands of the powerless. Arsenals of democracy, if you will.
It's an enticing vision. If your despot closes down your network access to prevent you from spreading news and organizing, turning your router into a mesh network node gives you back those powers – in theory. In practice, enough others have to do it too. Enough others have to know how to spot attacks using that network as a vector. The same rule of thumb is true in any hostile, dynamic environment. You need enough local expertise to create and protect trusted networks, because you can't assume you can reach outside help, or that it will understand what's happening where you are. Arsenals for democracy are very necessary, but long supply chains are the devil in times of need.
Hackers are very good at creating toolkits, sharing information, and building resources. These can be extremely high quality – Kali Linux, for example, is universally recognized as the unparalleled environment for learning and deploying cybersecurity skills. Without the dedication and opportunity to learn those skills, though, it's not much good, possibly even dangerous if someone else is looking for non-standard network activity. In the hands of an expert user, Kali's tools and scripting can do all the network configuration and traffic analysis needed to protect and enable individual freedom online. Without expertise, not so much.
What's missing in so much of the digital defense of democracy, human rights, and the freedom to protect identity and privacy is convenience. The word itself is often derogatory, signalling laziness and an unwillingness to do things properly. It is quite the reverse. Throughout the history of computing, convenience has been a force multiplier. Compilers are much more convenient than machine language – in fact, that's their entire raison d'être. Ditto GUIs. Ditto the web. Each of these vastly expanded the constituency of users, amplifying what was previously limited by expertise.
That needs to happen to security, and only hacker minds can make it so. It doesn't much matter if your local despot, corrupt state organization, foreign adversary, or cybercriminal is the entity surveilling, attacking, or abusing your digital self. Protecting yourself and your community is a right, one that's hard to exercise in cybersecurity.
This doesn't mean that every individual has to have accessible deep packet analysis. Not everyone has to know how to fix a broken lock. They do need to find a local locksmith when necessary. There are no community cybersecurity experts who can economically and effectively secure your family network, and no pathway to create them. The expertise is too expensive. The tools to democratize it do not exist. The Kali for the rest of us does not exist. That leaves too much power in the wrong places.
What would the democratization of Kali-level security analytics look like? Pick a problem and work it through. Protection against IoT exploits could start with putting all devices on their own network segment, then doing traffic analysis over time on that segment, sharing information and building a communal whitelist based on knowledge of devices and functionality. A lot of that could be built and packaged so it can be deployed on a naive user's system by someone with reasonable technical chops. Making that process and that tool safe and reliable isn't simple, which is why hackers should build it rather than vibe code it.
Seeing the process of distilling security into something that can be bottled and distributed locally means looking at things differently, and the rules about how security and humans interact as a system to be analyzed and made better.
The best hacks make something difficult, easy. Something impossible, inevitable. Nobody else can take the job on. ®
Source: The register