Poetry #32: Dream Infested Waters

[This was originally published in F.U.C.K. poetry Issue #32. The publish date is approximate.]

dream infested waters
    baseline of negativity
    your happiness isn't wanted
    a little numb in spirit
    a lot weak in morale   
    as if to say
    justify my thinking
    to my self, as if i care
    any semblance of respect
    not for me, certainly no
    for her, the caring one 

In Response To: Hackers in the Workplace

[This was originally published on attrition.org.]

On June 2nd, Bob Sullivan released an excellent MSNBC article entitled “Perils of moonlighting as a hacker”. This article opens with information on a Microsoft employee who found himself on the wrong side of an
FBI raid. Sullivan goes on to question “Are hackers working all over the software industry?”

Corporate minglers by day, hackers by night. But how prevalent are these types of characters, and are they a threat to your organization? Where do they stand ethically?

Hackers in the Work Place

After spending almost five years in the computer industry (most of it spent in security related positions), the amount of hackers working along side you may be astonishing. Every new contract, each new job, I would
inevitably run into another person with some sort of ‘hacker’ background. Some were hackers long ago when the term held real meaning while others had simply read Phrack or 2600.

Often times while working with a team doing a penetration test of a client system, I would find myself surrounded by hackers. By day, we addressed each other by first name. Our clients gave no sign they were aware of our background. By night, the team reverted to nicknames and a lighter atmosphere, and the real work began. Creativity hit its peak during the late evening and success achieved more often than not on ‘off’ hours.

Was the fact that our group had hacker backgrounds of concern? Not at all. Each and every one of us were there to give the client what they wanted, no questions asked. To date, security audit teams populated with hackers have operated more ethically and more precisely than any other team I have been on. Hackers know their job is on the line and they could be looking for new work over the slightest screw up. That in mind, there is no reason to risk anything at all.

Do hackers populate the security industry? You bet they do. Companies like ISS, NFR and NAI are littered with them. Those companies admitting to it is an entirely different story.

Beyond Security

The computer world doesn’t revolve around the security of the systems. The entire basis of computer networks running from day to day is handled by a different set of techies. Network engineers and system administrators are the true backbone of any network. Often times these are the folks with an understanding of networks and protocols unmatched in the industry.

Often times, these admins are hackers too. Some may use their knowledge to romp around the internet during the night, while others may be part of teams developing or upgrading free software. Regardless of their nocturnal or extracurricular activity, they typically perform their jobs better than most.

More passive, and less noticed are the hackers that are just gaining speed in the world of hacking or business. Looking to get a foot in the door, they take positions doing low level tech support, helpdesk, or often hardware support. Despite some hackers having piercings or tattoos that match the stereotype, thousands interact with you day to day and go undetected. You eat lunch with them, you trust them with your keys and more. Like you, they dress in white shirt and a tie and blend in just fine.

The Coverup

Hackers (thanks largely in part to media hysteria) are considered to be malicious, unethical, and irresponsible. On the other hand, they are rumored to be the most technically gifted as well. This puts companies in a bind: do they hire hackers or not?

Not surprisingly, they don’t know (in more ways than one). To satisfy public opinion and customers, companies do NOT hire hackers, especially in the security industry. Behind closed doors, they hire hackers left and right. In some cases, they do it in ignorance of their new employee’s background. They hire young men and women capable of doing the job, often willing to work for a lot less than national average salary.

In other cases, security companies in particular, they hire hackers knowing full well the background and training that lead to their expertise. They know that the individuals have broken into computer systems, defaced web pages, and even deleted entire servers. These companies rely on the newly employed hackers to blend in with the rest of their team, or more often than not, work behind closed doors, away from customers.

In today’s computerized and supposed ethical world, image is everything. When you work with security firms, you can almost count on a small percentage of staff having a ‘hacker’ background. We all know it, why can’t they admit to it?


As you go about your daily work schedule, there are a few pointers that can help you spot these hackers. Odds are they will be the top technical people in your organization. They will be the ones coming up with ingenious
solutions to bizarre problems. Often they will be the first in to work, and the last to log out at night. They are ethical and can be trusted as much as any of your other friends.

Poetry #31: Debt of Time

[This was originally published in F.U.C.K. poetry Issue #31. The publish date is approximate.]

	 unknown pre-requisite, debt of time
        service for the unworthy
        labor of love and duty to self
        how refined can we make our punishment
        self sacrifice, self driven
        it is our way by our choice alone
        twisted path only we see clear
        our way is not chosen, more second nature
        giving what we may
        under scrutiny for the most demanding;
        we live and breath this resolve
        our own cross to bare
        destined to be forgotten
        meek, downtrodden
        the way we
        want it.