Think about that for a second, because it’s not obvious. No one is qualified to analyze their own security designs, because the designer and the analyzer will be the same person, with the same limits. Someone else has to analyze the security, because it has to be secure against things the designers didn’t think of.
This means that all of us have to analyze the security that other people design. And surprisingly often, one of us breaks it. Marcus’s exploits aren’t far-fetched; that kind of thing happens all the time. Go onto the net and look up “bump key” or “Bic pen Kryptonite lock”; you’ll find a couple of really interesting stories about seemingly strong security defeated by pretty basic technology.
And when that happens, be sure to publish it on the Internet somewhere. Secrecy and security aren’t the same, even though it may seem that way. Only bad security relies on secrecy; good security works even if all the details of it are public.
And publishing vulnerabilities forces security designers to design better security, and makes us all better consumers of security. If you buy a Kryptonite bike lock and it can be defeated with a Bic pen, you’re not getting very good security for your money. And, likewise, if a bunch of smart kids can defeat the DHS’s antiterrorist technologies, then it’s not going to do a very good job against real terrorists.
Trading privacy for security is stupid enough; not getting any actual security in the bargain is even stupider.
So close the book and go. The world is full of security systems. Hack one of them.
Afterword by Andrew “bunnie” Huang, Xbox Hacker
Hackers are explorers, digital pioneers. It’s in a hacker’s nature to question conventions and be tempted by intricate problems. Any complex system is sport for a hacker; a side effect of this is the hacker’s natural affinity for problems involving security. Society is a large and complex system, and is certainly not off limits to a little hacking. As a result, hackers are often stereotyped as iconoclasts and social misfits, people who defy social norms for the sake of defiance. When I hacked the Xbox in 2002 while at MIT, I wasn’t doing it to rebel or to cause harm; I was just following a natural impulse, the same impulse that leads to fixing a broken iPod or exploring the roofs and tunnels at MIT.
Unfortunately, the combination of not complying with social norms and knowing “threatening” things like how to read the arphid on your credit card or how to pick locks causes some people to fear hackers. However, the motivations of a hacker are typically as simple as “I’m an engineer because I like to design things.” People often ask me, “Why did you hack the Xbox security system?” And my answer is simple: First, I own the things that I buy. If someone can tell me what I can and can’t run on my hardware, then I don’t own it. Second, because it’s there. It’s a system of sufficient complexity to make good sport. It was a great diversion from the late nights working on my PhD.
I was lucky. The fact that I was a graduate student at MIT when I hacked the Xbox legitimized the activity in the eyes of the right people. However, the right to hack shouldn’t only be extended to academics. I got my start on hacking when I was just a boy in elementary school, taking apart every electronic appliance I could get my hands on, much to my parents’ chagrin. My reading collection included books on model rocketry, artillery, nuclear weaponry and explosives manufacture — books that I borrowed from my school library (I think the Cold War influenced the reading selection in public schools). I also played with my fair share of ad-hoc fireworks and roamed the open construction sites of houses being raised in my Midwestern neighborhood. While not the wisest of things to do, these were important experiences in my coming of age and I grew up to be a free thinker because of the social tolerance and trust of my community.
Current events have not been so kind to aspiring hackers. Little Brother shows how we can get from where we are today to a world where social tolerance for new and different thoughts dies altogether. A recent event highlights exactly how close we are to crossing the line into the world of Little Brother. I had the fortune of reading an early draft of Little Brother back in November 2006. Fast forward two months to the end of January 2007, when Boston police found suspected explosive devices and shut down the city for a day. These devices turned out to be nothing more than circuit boards with flashing LEDs, promoting a show for the Cartoon Network. The artists who placed this urban graffiti were taken in as suspected terrorists and ultimately charged with felony; the network producers had to shell out a $2 million settlement, and the head of the Cartoon Network resigned over the fallout.
Have the terrorists already won? Have we given in to fear, such that artists, hobbyists, hackers, iconoclasts, or perhaps an unassuming group of kids playing Harajuku Fun Madness, could be so trivially implicated as terrorists?
There is a term for this dysfunction — it is called an autoimmune disease, where an organism’s defense system goes into overdrive so much that it fails to recognize itself and attacks its own cells. Ultimately, the organism self- destructs. Right now, America is on the verge of going into anaphylactic shock over its own freedoms, and we need to inoculate ourselves against this. Technology is no cure for this paranoia; in fact, it may enhance the paranoia: it turns us into prisoners of our own device. Coercing millions of people to strip off their outer garments and walk barefoot through metal detectors every day is no solution either. It only serves to remind the population every day that they have a reason to be afraid, while in practice providing only a flimsy barrier to a determined adversary.
The truth is that we can’t count on someone else to make us feel free, and M1k3y won’t come and save us the day our freedoms are lost to paranoia. That’s because M1k3y is in you and in me—Little Brother is a reminder that no matter how unpredictable the future may be, we don’t win freedom through security systems, cryptography, interrogations and spot searches. We win freedom by having the courage and the conviction to live every day freely and to act as a free society, no matter how great the threats are on the horizon.
Be like M1k3y: step out the door and dare to be free.
Bibliography
No writer creates from scratch — we all engage in what Isaac Newton called “standing on the shoulders of giants.” We borrow, plunder and remix the art and culture created by those around us and by our literary forebears.
If you liked this book and want to learn more, there are plenty of sources to turn to, online and at your local library or bookstore.
Hacking is a