6 Categories of Hackers and What They Want

Last time, I went over the three types of hackers out there.  To give you a stronger foundation from which to build your defense in this digital world, I’ve broken down the category of hacker once more into the various types underneath the hats.  In order to defend against impending subterfuge, it is important to know who may be targeting you or your company.

Importance of Password Expiration | Don’t have it – Why Not?

The importance of password expiration is an interesting topic for me.  It’s all over the place online – and rightfully so.  There are tons of questions floating around out there: what is the best duration for a password, should be the same expiration rate for each user, is password expiration beneficial.  It can sometimes be a bit overwhelming to look at.  That being said: there are also areas surrounding the importance of password expiration that are somewhat debated (much like the last question above). In that regard, I would like to take a look at an older article I found interesting and debate some of the claims therein.  Catch up after the jump!

What Star Wars Taught Me About Information Security

A belated May the 4^th to all of you Star Wars Fans out there! If you’ve never seen Star Wars: a New Hope, then beware: Spoilers ahead (also, you should go watch that.  Seriously, go now.  We can talk after).  Obviously, one of our favorite topics here at HackerAttacker is security in all its shapes and forms.  We’ve talked about various hackers, how to hack the government, and even how hacking is like picking a lock.  One thing that I never really take into consideration, however, is how much security is thrown in our faces throughout pop culture.  I’m not just talking about advanced techniques seen in movies like Mission Impossible or James Bond; I’m talking about popular culture both old and new.  Specifically, how Star Wars taught me more about information security than most any actual course or class ever could. 

Authentication Best Practices - Brief History of Security

We talk a lot about the digital age of warfare here at HackerAttacker.  It’s kind of the most popular aspect of the digital age today.  Just take a look at history; war is always resting at or about the pinnacle of the public forum.  Why mess with a classic? When it comes to security and authentication best practices, however, there are more avenues to peruse than simply the digital side of warfare.  In that element, we are going to take a look at some older forms of deception and how they play a role in the social relationships inherent in digital security and authentication.

The Secret is Out!

Who does not love a good secret? Being in on a secret is exciting! You know something that someone else does not know; you are instantly special and separated from the pack. Congratulations! But what if that secret is crap? A false façade someone has put up to cover up the truth or to mislead you to think differently about the person or situation.

Deception is real and happens every day. Everywhere you look there is deception being played out.

The guy sitting next to you right now, is that his real hair color? Are your neighbors really happily married? Did we really land on the moon? Is global warming real? Did Al Gore really invent the Internet? Is the dress black and blue or white and gold? What should I believe is the truth?

3 Different Hacker Types

You’ve been watching and reading the news right?  All of those data breaches that have made headlines; it’s a crazy, risky, digital world that we live in.  The digital world is one where knowledge and information equates to power, or scientias est potestas as the old Latin phrase goes. Sure, these digital attacks sometimes surround money, or politics, but it is the knowledge these hackers possess and gain from their subterfuge that grants them so much influence.  To be a substantial Hacker Attacker, you need knowledge of your own.  Here, I will give you the building blocks to form your own power base to better protect yourself against the biggest aggressors of the digital age. 

Phishing News: Windows Live Digital Certificate Risk

Looking to spend a little bit of that tax return on some sweet online deals? The latest news from Microsoft should make you do a double take before entering your credit card data. There is anew report of a windows live digital certificate risk making the rounds. They are reporting that an unauthorized SSL certificate was issued for “live.fi” that could have been used to leverage man-in-the-middle attacks or even spoof official Microsoft announcements.

Cyber Attack Defense: Are you a potential target?

The simple answer is yes. It seems that everyone is a potential target these days. Recently, even a major health insurance provider announced that they had been breached. Clearly, they lacked appropriate cyber attack protection. I would know, I am one of the 78.8 million people who got the letters in the mail. What were they saying? That they are doing everything they possibly can to ensure that my information is being protected. Great, now I get to join the countless people who suffer a successful cyber attack!

You may ask yourself: why me?

Defending against the Man in the Middle

I remember as a child trying to eavesdrop on conversations I would hear in school. They usually were centered around who kissed whom or who had a crush on someone. As an adult, like most others, I still listen in on other people’s conversations from time-to-time. Usually this happens when you’re standing in line somewhere, and it is hard to not listen in on the people next to you. After talking with a colleague over the weekend about man-in-the-middle (MITM) attacks, I found some similarities to the more typical activity of eavesdropping on others conversations.

TedTalks: Password Strength – Part II

Last time, we talked about the various polices mentioned in the first part of Lorrie Cranor’s video: What’s wrong with your pa$$w0rd? Today, we are going to look at how Hackers breach accounts, and some other methods to consider when trying to increase the strength of your password.  Forewarned is forearmed, after all.

You can find the video in our last article or at TED for reference. 

TedTalks: Password Strength – PART I

You’ve heard it time and time again in recent days.  On every new site that you try to register for, or any time that you have to change your credentials for your bank or reward program website, you see the ever-frustrating notification: password strength – weak.  That’s just the way things are these days.  With more and more hackers signing up to wear the black hat, even more everyday people are becoming the subject of digital theft and attack. 

FREAK and Geeks: Attack and Defense

The Best Offense is a Good Defense

Glass houses are always the worst choice to live in; unless, of course, you want to share your most private secrets with your neighbors.  Most people prefer a house with stronger, thicker, and less ‘see all’ walls where they can protect themselves and their personal information.  Neighbors can throw stones all they want, but they’re not going to crack the walls of an ancient, brick-mortar Victorian. 

It’s an issue as old as time: people will always want to protect their personal data from prying eyes.  Whether that means a thicker flap over the entrance to a straw hut, or a high-end security system that monitors every entrance and exit to a mansion on a hill. But as Hollywood has shown us time and again, where there is extra security, there is usually somebody trying to take what’s hiding inside. 

The digital age has only exacerbated this issue for most users and companies around the world.  The stronger the information security in place, the more vigorous hackers attack in order to find out what is hiding behind the high stone walls on the top of the hill.  Every so often, these hackers find a spot where the mortar is weak, and they drill and drill, under cover of night, until a hole is formed. Then, just out of sight, they sneak in and quietly make away with everything you value most.  So how do you stop somebody coming through the walls around your data? Find the holes, and seal them back up.

How to Hack the Government!

What do you think of when you think of the government? Do you think of greed, corruption, and wasteful spending, or do you think of pride, liberty, and equality? Chances are if you think of the latter you may feel that hacking into the government would be fun and prove a point that they are not as powerful as they make themselves out to be. These feelings of distrust can be seen in the eyes of many hackers that make it a point to take down .gov websites.

Jeremy Hammond felt that way and wanted to take down those sites and all that were connected to the government.

What Do Hackers Do With Our Data?

In the past couple of years, there have been more and more hacker attacks, leading us as consumers to feel a little uneasy. As a society, we almost seem desensitized to the news on TV at this point, and the only time we take real notice is when the brand that has been hacked is one that we frequent. Even then our brain signals us to be concerned for a little while, but as a group, we continue to shop ‘til we drop. From time-to-time we wonder, where does our information go once it is stolen?

They sell it.

End of story, but really, that is what they do with it. Everything has a price tag on it these days and like a knockoff Rolex, you can buy it on the black market. There are international trading sites that are the marketplace of choice for those both shopping for and selling the stolen data.

In early 2014, RAND Corporation’s National Security and Research Division reported that the trade of names and information has become more profitable than illegal drug trading.  

Like trading baseball cards, in these black market trading grounds some information is more valuable than others. For instance, medical records are worth far more money than credit card information. Why you may ask?

Unlike a credit card number that can easily be canceled at any point in time, medical records are solid and cannot be changed. Gaining someone’s personal health information exposes things like date of birth, full name, social security number, address, and even more information that can allow someone to create a fake you. This allows the person to apply for credit cards, loans, heck even government issued ID’s. Now that is scary.

According to Don Jackson, Director of Threat Intelligence at PhishLabs, medical records can trade at more than 10 times the dollar amount of a credit card or user name and password credentials. 

The social network effect

In 2012, Russian Hackers stole 6 million passwords from LinkedIn and eHarmony, this may not seem very serious since there is not a lot of pertinent information that could be had from these websites. Both are social networks, one with your work history and the other with descriptions that may sound more like the classic Rupert Holmes song about Pina Coladas, but that is not the data they are after. Breaking in and obtaining these passwords has more to do with gaining the user names and passwords than anything else. The hackers have hopes that you are like the typical computer user and use those credentials on other sites allowing them to access your accounts freely and sell them on the black market.

Personal insight

While researching to write this blog article it made me think about my account information and passwords, it inspired me to go in and change almost all of my passwords to unique account passwords. I suggest you do the same to protect yourself from identity theft. This can be a very effective way to protect yourself, and on accounts that offer a two-step or two-factor authentication option it is definitely a best practice to enable this feature. By adding two-factor authentication to your account you can ensure that you are doing everything you can to protect yourself online.

How many passwords do you use?

Benjamin Franklin: Hacker

This morning I was sent a link to a Ted Talk featuring Catherine Bracy, Why Good Hackers Make Good Citizens. A good friend thought I would be interested in this video since I write for this blog and they were right! In my life I like to look at the big picture and see what is beyond the painting or lyrics, what is the meaning of the words or imagery? It helps keep my mind open and fresh as an intellectual.

This Ted Talk was right up my alley and took a different approach to the term “hacker” and opened my eyes to a new term: “civic hacker.” A civic hacker is someone who sees a problem and wants to figure out a solution to make it better, improve a way of life or make a change for the greater good of society.  

She calls out Benjamin Franklin as a civic hacker, he invented so many things that we use everyday, however he invented something that is life saving and yet not something that immediately comes to mind when you think of the only non-president to grace a US currency note. He invented the first volunteer fire department. He recognized that Philadelphia’s fire department was struggling to put out fires in a timely manner, which was very troubling to him and he looked at the situation and thought there was room for improvement.

In 1733 he addressed this problem and a new concept to the city in the newspaper the Pennsylvania Gazette.

"Soon after it [a fire] is seen and cry'd out, the Place is crowded by active Men of different Ages, Professions and Titles who, as of one Mind and Rank, apply themselves with all Vigilance and Resolution, according to their Abilities, to the hard Work of conquering the increasing fire."

This action of civic hacking took a concept that existed and through innovation, improved on it to the point that it ended up revolutionizing the way we fight fires in America today. Growing up in a small town, we did not have a full time fire department; we had a volunteer fire department made up of men and women from all walks of life that would go into action when called upon.

The theory that Bracy presented of a hacker simply being someone who simply looks at something and makes improvements, it raised a question in my mind, who else could be considered a hacker? Henry Ford, Nikola Tesla, John D. Rockefeller, Andrew Carnegie, and so many leaders of industry took a concept and improved it to make a better system. What do all of these men have in common beyond implementing improvements? They were all around before the internet and computers were ever conceived.

Current day civic hackers

The civic hacker, in modern times, can actually be seen all around us. For example authentication companies that provide two-factor authentication solutions to protect not only the company’s information and assets, but their customer’s personal information as well. Companies like PortalGuard and others understand the importance providing a secure way to login and protect information from getting into the wrong hands. Although two-factor authentication is not the end-all-be-all answer for protecting data from the black hat hackers of the world, it is a secure step in the right direction. 

Benjamin Franklin was a hacker, who knew?

The Hackers Cookbook

The title suggests that this posting may have some delicious recipes that hackers might enjoy, but I am thinking more like the classic book The Anarchist Cookbook, by Steven Schragis. However, I will provide you with a link with directions on how to be a white hat hacker!

A little history lesson: The Anarchist Cookbook

“The Anarchist Cookbook, first published in 1971, is a book that contains instructions for the manufacture of explosives, rudimentary telecommunications phreaking devices, and other items. The book also includes instructions for home manufacturing of illicit drugs, including LSD. It was written by William Powell at the apex of the counterculture era in order to protest against United States involvement in the Vietnam War.” -Wikipedia

For those of you who were not around when this book was published, this book caused a lot of controversy when it was published and of course grabbed the attention of the Feds at the FBI. One FBI memo called the book “one of the crudest, low-brow, paranoiac writing efforts ever attempted.”

The lack of a Hackers Cookbook

When considering that The Anarchist Cookbook was written as a proverbial middle finger to the government and an exercise in freedom of speech, how has there not been a similar book written about hacking? Hackers are known to rage against the machine and expose the corruption in either a corporation or government, wait didn’t Ralph Nader do a similar type of thing? More on Ralph ahead.

What I see the hackers cook book containing is not just tips on how to crack into a network or take down a website, but how to successfully protest and plan a movement that can make a statement. Because at the end of the day, isn’t that what hacking is all about? Beyond those who hack for either personal gain or to support an organization, we forget that even these brilliant computer geniuses serve a purpose. They can keep the checks and balances of society online.

The Ralph Nader Effect

Ralph Nader, beyond having a few unsuccessful Presidential runs over the years, started life as a protector of the people. Not in the sense of a member of a police department or military movement, he was interested in exposing safety problems that affect the average Joe. In 1965, he claimed that many US made automobiles were simply not safe and even published a book Unsafe at Any Speed. The internet was not around back then, but I am willing to bet he would have taken his research online if he had the opportunity. Specifically, Nader took aim at the Chevrolet Corvair, a rear engine compact car that had been involved in many accidents that resulted in lawsuits against Chevy’s parent company General Motors.

In typical corporate fashion, GM took to the streets and tried to discredit the claims and even went as far as to hire prostitutes to try and trap him into compromising positions, look it up on Wikipedia, it is interesting stuff. Nonetheless they could not stop him, and his efforts made the government take notice and instate a new division of government: the National Highway Traffic Safety Administration.

Making the Connection

Nader was an activist, plain and simple. Many did not agree with his stance at the time, but like Schragis, he took his view of corruption and put his ideas out there, publishing them to make a difference. Even though The Anarchist Cookbook took a totally different angle of protest, are these two authors any different than White Hat and Black Hat hackers?

Nader being a White Hat hacker in the sense that he took his opinions of corruptions and wanted to put them to work in a positive light by publishing a book that spawned the development of a consumer safety organization, Schragis being a Black Hat of sorts by compiling a book of instructions to overthrow harm and cause chaos.

Perhaps I am far off here, what are your thoughts?

Oh yeah, here is the white hat instructions I promised you!  

Happy Holidays!  

How to Be a Hacker and Not Get Caught!

Now you may think that this is going to be a step-by-step guide with tips on how to skate the long arm of the law… eh, not so much. While researching to write this article, I Googled “How to be a hacker” of course and there were so many sites out there with step-by-step guides, even a wikiHow page with suggestions. Side note on this wikiHow page, there was a very interesting ad placed in the middle of this posting; “Ready to be a Pastor?” (See below)

 It seems that either the advertising traffic director has a sense of humor or it is the internet’s way of telling me “don’t do it!”

As mentioned before, the internet is littered with tons of websites that give you the direction you need to be a hacker, and a few of the steps are no brainers. Step one: get a good computer. Step two: learn how to write code. Step three: think like a hacker. Step four: learn to hate authority. Step five: join a hacktivist group. Step six: be smart and don’t get caught.

There you go, that is how you become a hacker.

I found it very funny that most of the sites came with a disclaimer, “Hacking is a serious crime and can result in major penalties, even jail time.” This disclaimer reminded me of the old disclaimers at the beginning of the classic MTV show Beavis and Butthead. (see below)

It is amusing to me that there are websites out there that give directions to do anything malicious like how to build a bomb. Can someone please tell me how this is helpful to the society? Outside of knowing how to take down an enemy James Bond style, I do not see the point in these sites and moreover how these sites exist. I am not suggesting that we censor the internet, but something’s should just not be easily available to consume on the internet.  

To quote Snoop Doggy Dog, “Back to the lecture at hand.”

Learning how to become a hacker and not get caught is much like learning how to become a bank robber and not get caught. Looking at any successful criminal from history, most show power in numbers is a good thing, so that is something to consider. Let’s look at Bonnie and Clyde, according to Wikipedia these outlaws were suspects in 12 successful bank robberies between 1931-1934, several small store robberies, and the slaying of at least nine police officers. Granted they were brought down in a shootout with the police, They had a very successful run as criminals and people are still talking about them 80 plus years later.

What we can learn from stories like this is, it is very likely that criminals end up getting caught one way or another. Even the infamous Boston Irish Mobster James “Whitey” Bulger, who was on the run for nearly 20 years and was living under a complete alias on the other side of the country, was caught and brought to justice. Some reports even suggest that Whitey was an FBI informant that helped bring down the Italian Mob in Boston while he knowingly was running amuck of the City’s South Shore.

My suggestion… don’t become a hacker. If you are interested in coding and are a problem solver, put those interests to good use, take some classes at your local college or community college, and build a name for yourself in a positive light. Become a hacker attacker, instead of joining the dark hackers of the world.

Would You Hire a Hacker?

 

This is a tricky question and is best answered with an “it depends.” Looking at the different perspectives on this can bring many questions to mind: Are they just here to gain knowledge for a competitor? Will they turn against my company and hack into our own system? Are they still hacking into other companies? Are they hacking while they are at work?

All of these questions and more are very valid points that should be considered when looking at candidates for a tech position within your company.

But that raises another question, how many “straight laced” employees are actually hackers in disguise?

The guy or girl in the next cubicle could be a serial hacker, working in the dead of the night stealing secrets, taking down company and government websites, or even worse. So you never know who you are dealing with these days. When watching the news, what is the one thing you hear over and over again about criminals that get caught; “He was just a regular guy. Kind of kept to himself, but was always friendly and even helped me with…” This image that a criminal, especially a cyber-criminal, like a hacker is hunkered down in a shack in the woods Unabomber style may be true for a small percentage of this subculture, but is unlikely for the masses.

Paranoid yet?

Let’s go back to the thesis and one theory; let’s say you are a technology firm, and you are looking to protect your proprietary project that will be ground breaking bringing your company to the next level. You are concerned about the security of your company and protecting the front door, so you deploy a solid two-factor authentication solution, secure the network with a strong firewall, and buy the best anti-malware software on the market. But the thought of someone hacking in and stealing your life’s work is still keeping you up at night.

So what do you do?

Hire a hacker to protect your castle. Crazy? Not so much. Who understands a hacker better than someone woven from the same wool; they speak the language, and can see holes within a security system better than most. Sometimes when you are so close to the trees it is hard to see the forest; there may be vulnerability right in front of your face that you have missed. That tree that is right in front of you is blocking you from seeing a backdoor entrance that a hacker can just walk right in and gain access to the whole company and suck it dry.

Like mentioned in a previous article, the FBI has been hiring criminals for years to catch other criminals and fight crime. Heck if they are doing it successfully, why not follow suit?

Keep your hacker happy, pay the hacker a very healthy salary, get them the most high-tech everything that they ask for, and let them do their job. You take care of them, and they will protect you; they will not bite the hand that feeds.

There are even companies, like Neighborhoodhacker.com that offer the services of hiring an ethical hacker to handle cleaning up after a hacker attack. Hackers are smart people who have a very select set of skills that can be used for good if channeled correctly.

Now the flip side of this question and the true catch 22 of the question. Say you do hire a hacker, get them set up in your company and they are still hacking on the side. Like a junkie trying to get clean they just cannot seem to break the ties and get the monkey off their back. They love the rush of breaking into a company and bringing them to their knees, a real evil dude.

They come into your company and protect your castle, but they are breaking into other castles while at home or even worse… while at work. They get caught, the FBI raids your company looking for all of the machines they were working on and confiscates it for evidence. What are you to do? You not only just lost your defense department, you also lost company hardware, and now have to testify in court. Wow, that escalated quickly!

Although the second scenario is less likely it could happen, unlikely but still a possibility. So would you roll the dice and hire a hacker?

 

Hacker Magazine 2600

“Technology empowers individuals, it empowers voices, it empowers democracy in a way that can turn one man into a movement or a woman into a world power,” Snowden, a conference speaker from Russia once stated.

Technology is a powerful force.

This past summer, Dozens of hackers, journalists, and activists came together for the tenth biennial Hackers on Planet Earth  (H.O.P.E) conference, sponsored by the hacker magazine 2600.

This magazine is essential in building community within the hacker environment.  2600 provides key forums for hackers to come together and share insight regarding current issues.  Some of these include surveillance, Internet freedom, and even the security of the nation’s nuclear weapons.  Nothing is off limits.

Named after the frequency that allowed hackers to gain control of land-line phones in early years, this magazine is on its 13^th year.

In today’s world, hackers are typically looked down upon by society. They are the ones who break into these so-called secure systems and steal confidential information.  But, maybe there is something to be said about these hackers. They are the ones discovering loopholes in our security systems, and they are the ones who are consistently revealing the inconvenient truths. To clarify, I am not condoning illegal security cracking, but many times these cracks give us the push we need to enhance and evolve in the cyber world.

Now, my first impression of this magazine was not a good one, as I am sure many of you feel the same way. I could not understand why there needed to be a “how to” guide on hacking into someone’s secured systems.  In fact, Massachusetts Senator Ed Markey called the publication “a manual for computer crime.” How could anyone support this type of publication?

It wasn’t until I did some more research and found out that the magazine is less of a how-to guide, but more of a place for hackers to come together and stories be shared. Golsdstein, the founder of 2600, said that he wanted to create a place where these stories could be heard. 2600 strives on being known as a collection of intriguing stories, not on teaching the public how to hack into the cyber world.

The actual term, hacker, is a complex world itself.  It has only developed the stereotypical definition of a cyber criminal in more recent years. In fact, a hacker can have quite the different meaning. According to the New Yorker, the actual definition of a hacker is someone who is passionately obsessed with a hobby. An Olympic medalist is a hacker, a mountain climber is a hacker, even a good journalist earns the definition of a hacker.

So, who are we to judge these types of magazines, especially without performing the necessary research?

Committing cyber crimes is corrupt, and should never be done. However, is having a place to share information and empower one another with knowledge bad?

There are many questionable topics out there, but it is up to us as individuals to choose what information to take in and what information to disregard. As Snowden’s quote states “technology empowers individuals,” but it is up to the individual to choose the path in which they want to be empowered.

http://www.newyorker.com/tech/elements/print-magazine-hackers?int-cid=mod-latest

Hackers Have All The Fun!

 

Let’s think about that statement for a minute. Hackers in the movies (some movies at least) are cool, sexy people who live life in the fast lane without a care in the world!

“Never send a boy to do a woman’s job.”  A line from the classic movie “Hackers,” from the lips of Angelina Jolie, a.k.a. Kate Libby, a.k.a. Acid Burn.

This movie glorified the life and excitement of a hacker; cracking the code, getting the money, and taking down big business. Even though this movie is a bit dated in the current scheme of things the motives are still there.

In the modern world, there is a mix of hackers; some hackers do it for fun, some for glory, organized crime, to change grades, or just to prove a point. In a twisted way, it is the old adage of good vs. evil; however, depending on which side of the hacker attack you are on, your point of view of good or evil can change.

For groups like Anonymous they live by their own “code:”

“Knowledge is free.

We are anonymous.

We are legion.

We do not forgive.

We do not forget.

Expect us!”

When you read this mantra, it can sound much like the thoughts of any organized crime group. Let’s compare them to another group that believes that there should not be certain restrictions on items, the Mafia. The Mafia has been around for many, many years and can sometimes be invisibly involved in the background of your daily routine. Some of them believe that money should be made freely, without paying taxes or reporting anything to the government. In the movies and in real life, people identify with them and many look up to them as vigilante heroes. The John Gotti’s, Whitey Bulger’s, and Al Capone’s of the world are glorified criminals that inspired many books, movies, and TV shows like The Sopranos.

In the past the crimes that the Mafia committed were more in the physical form; however, organized crime now plays a huge part in the hacking business as well. But enough on the Mafia, the government now looks to combat hackers like they do the Mafia.

In a recent US News & Report article, they outline that many foreign countries actually sponsor the hackers to advance their countries economy, cracking into large, successful companies to steal trade secrets to build cheap knockoffs to sell on the black market. Within the past year, the FBI actually hired some hackers of their own to help track down, investigate, and capture cyber criminals much like the FBI did in the past by hiring members of organized crime to assist them.

But can the evil actually do something good?

In the battle of good vs. evil, Anonymous declared a cyber-war against the terrorist group ISIS. Their plan of attack is to go after the countries that harbor these terrorists:

“We plan on sending a straightforward message to Turkey, Saudi Arabia, Qatar and all other countries that evidently supply ISIS for their own gain,” the source said. “In the next few days we will begin defacing the government websites of these countries so that they understand this message clearly.”

This raises the question; does this make Anonymous more of a Robin Hood type of figure or is this a statement to the world’s Governments that they are a stronger unit than a country’s military?  

So let’s look at the statement again. “Hackers get to have all of the fun!” If you are a hacker you can be looked at as a potential to save the world from a terrorist group, get a sweet job with the FBI and assumingly take on a whole new identity, and you can get lucky with someone that looks like Angelina Jolie. So yeah, it does seem like they get to have all of the fun.

Unless of course you are one of those hackers who gets caught and sent to prison.