More women joining the ranks of hackers

[InfoSec News <isn () c4i org>]

http://www0.mercurycenter.com/business/top/019849.htm

BY ELISE ACKERMAN
Mercury News 
Oct. 9, 2001 

Say the word ``hacker,'' and most people still think of an antisocial
teenage boy running amok in government computer systems, concocting
nasty viruses and defacing Web sites.

But during the past few years, as computers have become commonplace in
conventional homes and businesses, hackers have undergone a remarkable
transformation. Not only have hackers become friendlier and more
law-abiding, they are also more frequently female.

``It used to be a boy thing, and now it's an everybody thing,'' said
Alan Paller, director of research for the SANS Institute, a for-profit
organization in Bethesda, Md., that provides computer security
research and training.

Women have helped soften the hacker image. More interested in computer
security than in computer vandalism, they choose overwhelmingly to be
cops rather than robbers, experts say. That means they'll gladly break
into your computer, but only if they receive an invitation first.

During the past three years, female attendance at computer security
training courses run by organizations like the SANS Institute has
tripled, organizers say. They are also showing up in greater numbers
for Def Con, the hacker bacchanal and convention held each year in Las
Vegas.

``There's more and more women getting into the hacking movement,''
said Brazen, a 23-year-old member of the Ghetto Hackers, who asked to
be identified only be her online handle to protect her privacy. ``It's
not that I want to be destructive, but computers are becoming more and
more part of our lives, and it's important for me to know what this
technology is doing exactly.''

The Ghetto Hackers -- famous for holding the three-time title to the
Capture The Flag tournament, hacking's answer to golf's Masters
championship -- have a reputation as a female-friendly hacking group.

``With these guys, I'm just one of the boys,'' said Brazen, who began
using her parents' computer to hook up to computer bulletin boards
when she was 16.

Other women attending Def Con in July echoed her curiosity. Raven
Alder, a 25-year-old senior network engineer from Washington, D.C.,
said learning about computer networks is like solving puzzles. ``I
just find a whole lot of joy in figuring out something that is
difficult,'' she said.

The first woman to make a technical presentation a Def Con conference,
Alder spoke this year about a programming tool she wrote that enables
system administrators to trace electronic attacks. ``You have some
people who have this misguided idea that women are not technically
skilled,'' Alder said, explaining why she chose Def Con as a forum.

Though female hackers continue to be few in number -- the vast
majority of women at this year's Def Con were girlfriends or
hangers-on -- the presence of several dozen geek girls underscored how
much the hacking world has changed.

During hacking's golden era in the early '90s, the term ``hacker''
referred to highly skilled programmers who enjoyed the intellectual
challenge posed by unknown computer systems. Hackers regularly
trespassed but rarely caused damage.

By the end of the decade, however, some hackers had become more
malevolent. The ready availability of highly automated hacking tools
enabled pranksters with little or no technical skills to break in to
sophisticated networks and carry out complex, coordinated assaults.
Derisively referred to as ``script kiddies'' or, in cases when they
demonstrated some computer skills, ``crackers,'' the attackers gave
all of hackerdom a bad name.

In response, many hackers have been trying to reclaim the term's
original meaning and rehabilitate hackers' image. ``Everyone who was a
hacker five years ago is now a security consultant,'' observed Def Con
founder Jeff Moss.

And more and more women are joining the ranks of these ``white hat''
hackers.

``Hacking is the pursuit of knowledge,'' declared Anna Moore, a
15-year-old from Oklahoma who won the ethical hacking game at Def Con
this year. An innocent-looking blonde, Moore admits to going through
``a lamer phase'' when she first started hacking and discovered cool
tools that could be used to crash strangers' computers. But she soon
realized that was illegal, and after several talks with her mom and
dad, she resolved to stay on the right side of the law.

``The name of the game is you have to do the responsible thing,'' said
Anna's mother, Michele Moore, who chaperoned Anna at Def Con this
summer. The elder Moore spent most of the weekend working on
needlepoint as Anna and her friends competed in the Capture The Flag
tournament.

Of course, not all female hackers aspire to good citizenship awards.
Lee Curtis, who oversees high-tech investigations in the Western
region for Kroll Associates, said that in his experience, women are
just as likely as men to use their hacking skills to commit crimes.

In September, a 30-year-old Ohio woman pleaded guilty to remotely
logging into the computer system of her employer, executive recruiting
firm Christian & Timbers, and maliciously changing the password of the
chief information officer.

In recent years, a number of women have joined the ranks of virus
writers, said Sarah Gordon, a senior research fellow at Symantec.

But even there, Gordon said, women appear to take a gentler approach,
focusing more on the programming challenge than on the virus'
destructive impact. ``The payload is much less important,'' she said.
``They are more interested with the process than with the
destination.''

The same could be said for women programmers who practice electronic
burglary. Viki Navratilova, who co-authored a recent edition of
``Linux For Dummies Quick Reference,'' said she will break into a
computer only if the owners ask her to, usually because they want her
to test its defenses.

``It is really fun if an exploit actually works'' even after a
computer has been properly secured, Navratilova said.

Alder, who has also broken into friends' computers at their request,
said the intellectual challenge is part of the appeal, but so is the
feeling that she is helping people protect themselves.

``It's like being a doctor and diagnosing someone's complex illness,''
she explained.



--------------------------------------------------------------------
Contact Elise Ackerman at eackerman () sjmercury com or (408) 271-3774.


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.