With the US Thanksgiving holiday, it seems a perfect time to give thanks to the cadre of hackers out there who work on the side of good. They’re often called White Hat hackers, as opposed to Black Hat hackers. And sometimes, like in life, they’re not black or white–they’re a little grey.
Last month, a mysterious hacker named Alexey was breaking into old Mikrotik routers. Seeming to be a type of cybersecurity fairy (or vigilante, if you want a tougher vibe), the hacker was zeroing in on thousands of outdated routers in use, adding firewall rules that blocked access from outside the router’s local network. After putting in safeguards for about 100,000 users, a handful expressed thanks, but many were angry. Not surprising, as ZDNet notes that “technically speaking, Alexey is on the wrong side of the law. Despite his good intentions, it is illegal to access another person or organization’s equipment without consent.” Well, it’s the thought that counts.
But if you look at the roots of White Hat hacking, it’s about rejiggering what exists to improve functionality and/or security.
Motherboard reported a couple weeks ago about a CPAP machine hacker. For people with sleep apnea, there’s a danger that they could stop breathing while sleeping. To treat this disorder, patients are given a continuous positive airway pressure (CPAP) machine and face mask, which keeps airflow stable. However, one patient was finding that the machine was not quite helping her.
After doing some research, she discovered open-source software called ‘SleepyHead.’ As Motherboard reports, “The software gives patients access to the sleep data that is already being generated by their CPAP machines but generally remains inaccessible, hidden by proprietary data formats that can only be read by authorized users (doctors) on proprietary pieces of software that patients often can’t buy or download. SleepyHead and community-run forums like CPAPtalk.com and ApneaBoard.com have allowed patients to circumvent medical device manufacturers, who would prefer that the software not exist at all.”
Thanks to that hack, the patient who stumbled upon SleepyHead is experiencing a dramatic difference with her CPAP. In fact, she believes she’s alive because of the software.
And on this holiday, there are even things for hackers–at least the White Hat variety–to be thankful for. As The Washington Post noted several months ago, “Laws such as the Computer Fraud and Abuse Act and the Digital Millennium Copyright Act (DMCA) don’t contain protections for researchers who disclose bugs, creating a legal gray area discouraging ethical hacking.” But the good news The Post was reporting on was that a new project dubbed Disclose.io was in the works, which provides tools and standards to help ensure best practices for good-faith cybersecurity research.
Adding to the good news for White Hats, Motherboard recently reported on some modifications to the Computer Fraud and Abuse Act and DMCA. “This go round, they’ve extended some essential exemptions ensuring that computer security researchers won’t be treated like nefarious criminals for their contributions to society,” writes Motherboard.
Cheers and thanks all the cybersecurity researchers and good people out there working to make the world more secure.