Live from TED

Some hackers are bad. But a lot are good: Keren Elazari at TED2014

Posted by:
Keren Elazari. Photo: James Duncan Davidson

Keren Elazari. Photo: James Duncan Davidson

In 2010, the late security researcher — or as cybersecurity expert Keren Elazari would like you to call him, the late hacker — Barnaby Jack found a security flaw in two different models of automated teller machines (ATMs). Onstage at a tech security conference, he publicly demonstrated his ability to make these machines spit out paper money, Elazari says at TED2014. “Barnaby Jack could have easily turned to a career criminal,” she says, “but he chose to show the world his research instead. Sometimes you have to demo a threat to spark a solution.”

How we think about people like Jack is immensely complicated, Elazari says. Hackers scare us and fascinate us at once, and our reasons for these feelings are valid, she says, but we shouldn’t let fear get the best of us. “They scare us, but the choices they make have dramatic outcomes that influence us all,” Elazari says.

Yes, there are hackers doing things like stealing identities, leaking false information, and taking money that is not theirs, she says, but there are also hackers like Jack pointing out vulnerabilities in the devices we use to live, and doing things like fighting against government corruption and advocating for equal rights to privacy, security, and information. If we see hackers as only the bad guys, we are doing our society a disservice: risking ostracizing all those doing great things in the world, working to help us

Growing up idolizing hackers, with a special affinity for Angelina Jolie as Acid Burn in the movie Hackers, as a teenager Elazari ached to execute her own hacks. After her first break-in to a password-protected website, she felt a rush of power, she says, “like I had discovered limitless potential in my fingertips.” And that potential is the great and terrifying thing about hackers — their power for good or bad: “It’s geeks just like me discovering that they have access to a superpower, one that requires the skill and tenacity of their intellect.”

Like superheroes or supervillains, Elazari says, with hackers’ great power comes great responsibility (though not necessarily radioactive spiders.) “We all like to think that if we had such powers we’d only use them for good,” she says, “[but] what if you could read your ex’s emails, or add a couple of zeros to your bank account?” she asks. Would you do it? Hackers have to face that choice every day, and though several of them choose to do malicious things with their power, many instead work to do hard things that benefit the greater good.

One such hacker is Kyle Lovett — who in June 2013 discovered “a gaping vulnerability in wireless routers you might have in your home or office,” Elazari says, a vulnerability that allowed hackers to easily access users’ files and passwords. Choosing not to use this leak for his own advantage, Lovett reported the vulnerability to the manufacturer. Eight months later, the manufacturer still had not repaired the bug, so Lovett used the leaky routers to send a message directly to their users, letting them know just how vulnerable they are to hacks, and encouraging them to ask the manufacturer to fix the flaw.

Another hacker — Khalil Shreateh — found a security bug in Facebook’s system that allowed him to post on any users’ wall, despite whether or not he was the user’s “friend,” Elazari says. Shreateh reported this bug to Facebook via their bug bounty program, an initiative that invites hackers to report all vulnerabilities in exchange for a “bounty” that starts at $500 USD. When Facebook mishandled Shreateh’s report, he used the vulnerability to post on founder Mark Zuckerberg’s personal Facebook wall, Elazari says. He was denied the bounty because he hadn’t reported through proper channels — so hackers all around the world came together to raise over $10,000 USD as a reward.

This shows that — whether we want them to or not — hackers will discover the things that are broken in our world, Elazari says, and either report them or exploit them. If companies as progressive as Facebook — companies “founded by hackers,” Elazari says — still have a complicated relationship with hackers, how will more conservative organizations fare when dealing with hacker culture? This is something we need to address, Elazari asserts, because — more and more — in a changing world, with a growing dependence on technology, hackers are key players. “It’s worth the effort,” she says, “because the alternative, to blindly fight all hackers, is to go against a power you can’t control.”

The power of a creative, intelligent, engaged and curious hacker is immense, Elazari says, and not just regulated to Facebook accounts or local ATMs. “Hackers can do a lot more than break things,” she says. Hackers were key players in the Egyptian revolution, she explains, noting how the group Telecomix worked to provide Egyptians with dial-up access to the Internet — asking two European ISPs to switch old phone-line modems back on — after Mubarak shut down all Egyptian ISPs, “This worked so well one guy used it to download an episode of How I Met Your Mother,” she laughs, “… and when the same thing happened in Syria, Telecomix were ready.”

But there are two sides to every issue, Elazari says, noting: “One man’s hero can be another villain.” Not all people will agree with Telecomix’s actions, or the actions of many other big hacker groups, like the Syrian Electronic Army, who in the same country “have taken down multiple high-profile targets over the years, including the Associated Press’s Twitter account.”

The power hackers yield is great and is one of information, Elazari says, and right now, in the digital age, “access to information is a critical currency of power.” Hackers are shaping our future whether we like it or not, Elazari explains, and it’s up to us whether we want to help them make it better … or believe they will make it worse.

But the most fundamental characteristic of a hacker, according to Elazari? “They can’t just see something broken in the world and leave it be.” So, she says, “I think we need them to do just that, for after all, it’s not just information that wants to be free. It’s us.”