Until recently, network insecurity was attributed to one figure alone: the hacker. The hacker was the perpetrator, was the bad guy, was the dark overlord of insecurity, the effing reason why your identity, social security number, credit cards, bank records, hospital records, and gawd knows what else, were stolen (over and over again).
These associations are still commonly invoked during the security blame game. Still, over time, critics, journalists, and commentators came to find a host of other characters to take the blame: software vendors, bureaucratic myopia around critical infrastructure, and election machines. In no small part, this change came from hackers themselves–hackers who successfully changed the minds of media and politicians in the 1990s, often by joining the very institutions that they had previously been accused of jeopardizing–as defenders and security researchers.
Indeed, back in the 1980s and 1990s, many of today’s security professionals cut their teeth by illegally—though typically non-maliciously—working their way into phone and computer systems. These hackers were affiliated with exclusive crews that doubled as secret intellectual societies. Their members competed with each other to discover vulnerabilities, write exploits, and barter their secrets for the discoveries of others. In the process, they developed expert understandings of system security, knowledge that could be used to attack or defend. Over time, many left the shadows, said goodbye to their illegal ways, and went pro.
At first, many companies viewed them with suspicion. But as the negligence of big software vendors was increasingly demonstrated to the public—the pressure increased to take security seriously. Over the 1990s and early 2000s, hackers shamed software vendors into patching their bugs, joined auditing teams to engage in penetration testing, collaborated with the security industry to develop protocols for disclosing vulnerabilities, developed bug bounty programs, and joined (and shaped) the nascent security industry.
And today, the industry they helped create is booming. While security and insecurity online is nothing new, the tenor and character of this field have significantly changed. As more services, data, and transactions occur online, there are more opportunities to both hack and to stop the hacking. From the surveillance of dissidents to the hacking of elections, cybersecurity has become an evergreen issue that touches on all domains of human affairs.