Meet the good hackers

By Isabelle Lai

HACKER and proud of it. To our small community of "good hackers", it is a label that conveys respect.

"When I call someone a hacker, I respect their skills. We only give that term to people who we feel are worthy of it," says Dhillon Kannabhiran, the 32-year-old founder and chief executive officer of Hack In The Box (M) Sdn Bhd.

He does not agree with those who equate hackers with individuals who delight in malicious computer attacks.

"A hacker refers to someone who tinkers, modifies and figures out how things work. For example, if a piece of equipment has only three functions, a hacker will see how it can be improved and made better," he explains.

"Anyone can be a hacker. It definitely isn't just about computer software."

To illustrate his point, Dhillon points to a shy young lady seated quietly in a corner with her laptop.

"Tracy is a sound hacker. She manipulates two pieces of sound to create something new," he explains.

His friend and fellow hacker, Meling Mudin, 35, gives another example a car hacker is one who does car modifications.

"A hacker has the ability to build something," says Meling.

That's how HackerspaceKL was founded as a community workplace for hackers to share ideas and carry out projects.

Imagine rooms filled with tables, chairs, workbenches and tools such as soldering irons, cables and spare parts.

"Yeah, this space was designed for people to come and hack things. By that, I mean build stuff, not break into stuff," Dhillon laughs.

Kick aside any mental images of a brooding individual hidden deep inside his den, plotting to unleash new computer viruses.

As a security professional for a multi-national company, he describes his role as a "legal thief".

"My job is to break through security measures set by our developers. We have to ensure that the web applications they build are secure. For example, if you manage to break into a house, for sure there's something wrong with the security system and design of the house," he explains.

"The whole point is to be a step ahead of malicious individuals who attempt to breach the apps and steal information."

This includes security for heavily-visited consumer websites such as bank and credit card websites containing sensitive information.

However, says Meling, the security field is a never-ending process as new attacks are discovered all the time.

On individuals who hack into bank websites to steal and sell credit card numbers, Dhillon does not see them as hackers.

"They are just technologically-enhanced criminals. They do it for the money."

A security consultant, he shares, may not be any different from a hacker.

"It just depends which side of the fence you're on. Before office hours, you're a security consultant, and after office hours you're a hacker," he adds with a laugh.

So what about the hackers who recently defaced Malaysian government web portals?

"Oh, I wouldn't call them hackers either," he replies.

"They are what we call script kiddies' or crackers"

Script kiddies is a derogatory term for individuals who use programmes to carry out malicious attacks but do not understand the technology behind it.

"They don't understand about hacking but think they're elite hackers," he laughs.

"Take people who want to jailbreak their iPhones for example. They just plug in the programme and wait for it to finish so they can download apps. But they don't know how it works."

As for hackers capable of writing their own tools but use them with malice, he calls them the "black hats".

The difference between black hats and script kiddies all boils down to their expertise and knowledge.

"If there's a locked door, I can either give you the key, teach you how to make a key or pick the lock. Most people just want the key to turn the lock and go in," he says.

He admits, however, that most hackers go through their own "script kiddy" phase.

"No one is going to become an expert overnight. It has to start somewhere. Hopefully, they graduate from that and move on."

And why would script kiddies want to break into websites?

"It is an exhilarating rush for them. It's being able to do something theoretically you think no one else can do and getting bragging rights."

According to Dhillon, Malaysian websites are unfortunately "not that secure".

"Maybe someone left the password as 123' and forgot to change it. Nine times out of 10, that's what happens."

Hackers too have their own ethics.

"I can't tell you what's right and wrong. Technology is a tool. If I give you a knife, you can stab someone or chop vegetables with it."

Dhillon stresses that there is a lot more to hacking than running and breaking stuff and dares the "bad hackers" to come for the first online hacking competition in Malaysia on July 2-3.

The 24-hour competition (see http://www.wargames.my) will see all sorts of challenges involving forensics, cryptography, security and software reverse engineering.

"If you think you're all that great, come play this game and show your skills," he grins.

Anyone game for the challenge?

-The Star/Asia News Network