In Defense of Hacking
Faculty Q&A / Timothy C. Summers
photo courtesy of istock and John ConsoliWhat if instead of being villains, hackers are the heroes of the cyber underworld? That’s the position of Timothy Summers, director of innovation, entrepreneurship and engagement in UMD’s College of Information Studies. A self-taught hacker who was breaking into computer systems before he could drive, Summers today studies hackers’ cognitive psychology and touts “ethical hacking” as a way to improve society. The challenge for the United States, he tells Terp, is to ensure a steady supply of computer whizzes with a passion to protect.
TERP: How did you start going beyond the basics with computers?
Summers: I’d gotten a game from a computer store, and there was a glitch that wouldn’t let you boot back into Windows. I had to call tech support and stay on the phone all night—back in the days when you paid for long-distance by the minute—typing in codes and scripts to fix it. Doing that was a revelation to me. (The next big thing for me was learning about phone phreaking, where you’re hacking phone lines to make long-distance calls.)
TERP: What pushed you to ethical hacking?
Summers: When I was 13, I got into an argument online with a hacker. He sent me a file that turned out to be a virus, and it was really, really cool. It showed me a movie on the left side of my screen, while on the right it was literally deleting every file on the computer. That was a pivotal moment in my life. I never wanted it to happen to my mom or my aunt or my grandma. I realized I needed to learn to create viruses myself so I could understand how to stop them.
TERP: So it’s not all about making mischief?
Summers: For many of us, hacking is about protecting people. It’s what motivated me, starting at home and then taking that to the Department of Defense, where I worked in cybersecurity. Hackers have been described as “the immune system of the internet,” which I think is accurate. When a new technology comes out, it’s the hackers that break it apart and find out everything that’s wrong with it or vulnerable about it, so it can be fixed before harm can spread.
TERP: How do we encourage more ethical hacking, and less of the other kind?
Summers: In terms of ethical hacking, there’s actually a huge lack of qualified people. Many of our adversaries actually have a lot more able hackers than we do. One of the biggest challenges at the moment is training. Unfortunately, for people with necessary skills, Silicon Valley is much more attractive than the government. So the government is doing a lot of work to develop cyber talent [including through UMD’s Maryland Cybersecurity Center and Advanced Cybersecurity Experience for Students program], my research focuses on the cognition necessary for effective hacking, and we basically have to keep encouraging people to enter this field.
2 Comments
Leave a Reply
* indicates a required field
Apple support number
Good thoughts of Timothy C Summers are really commendable.You are a true inspiration for the society to choose ethical hacking rather than to be motivated by fiend hackers.
Michael Hicks
Whether hacking is ethical or non-ethical, it is not the whole story with security. Of course we need clever people thinking about how to break into systems. But the focus on security today is skewed far too much toward this "black hat" part of the spectrum. Instead, we need to rebalance our priorities, getting more people to think about how to build systems securely in the first place. As an analogy: One does not build sound bridges by continuously building a shoddy ones, knocking them down, and then pointing to the fact that they didn't stand up. We need to understand the root defects that make systems vulnerable and then figure out how to build systems that don't have those defects. Hackers tend not to close this loop, but instead turn to the next hack. As example UMD efforts that try to find the right balance, check out the Build-it, Break-it, Fix-it programming contest (https://builditbreakit.org) and the IEEE Cybersecurity Development conference (http://secdev.ieee.org). I also gave a talk on this topic as part of my DST lecture, http://www.pl-enthusiast.net/2015/09/30/penetrate-and-patch-to-building-security-in/