By Rodrigo Fragola is CEO of Aker N-Stalker
At the end of February, news of the sentencing to three years in prison of Tom Huddlestone (26) was broadcast in the United States, due to the creation and sale of a remote access Trojan. The young man from Hot Springs, Arkansas (USA) admitted to the court that, when creating the software, he imagined that it could be used by cybercriminals to break the law due to the program's appeal for profit. Although the initial motivation for the development of NanoCore, in late 2012, was to offer low-budget remote management software to schools, IT-conscious companies and parents who wanted to monitor their children's activities on the web, this software has come to wrong hands.
This case brings up a discussion: what exactly is illegal in hacker activity? If Huddlestone had pursued his plans, and had not marketed NanoCore in the internet underworld for US$25, would he still be considered a criminal? In other words, whoever manufactures a weapon is a criminal or is the transgressor who pulls the trigger to take a life?
The fact is that the Hacker terminology is quite worn out and carries a prejudice that is not justified, since there are hackers “for good” and those for “evil” (nomenclatures that I particularly loathe), as well as there are good and bad professionals in all areas of expertise. Hacking, by definition, aims to break paradigms. In practice, these specialists look for vulnerabilities at the most diverse levels and in the most varied areas.
There is a fine line between criminal and scientific activity in these cases. The search for flaws and vulnerabilities is one of the pillars for companies to be increasingly secure. Obviously, knowing that there are people with the capacity to break into your system and have access to bank, accounting, customer data, among others, causes some fear, but it is important to separate the wheat from the chaff.
As a rule, the origin of money is what differentiates a malicious hacker from a hacker that aims only at discovering vulnerabilities. Whoever buys the product can say a lot about it, and the way the product is used can say a lot about the product. Going back to the Huddlestone case, if the source of your income was from schools and / or IT companies, who could call you a criminal? However, there was a deviation from his original plan and he did business with the Internet underworld, becoming a threat that US justice is judging.
The main care and the main difficulty in this type of process is to establish this purposeful link between the hacker and the criminal action. This is also a major problem in other areas of research such as nuclear and biological. The artifact itself is not and cannot be considered as the only evidence, because if it were, it would put the entire Hacker and Scientific community in check.
Hackers are fundamentally extremely qualified professionals, without whom, the modern world would succumb to attacks such as WannaCry and several other activities of cyberterrorism. There is Kevin Mitnick, the most famous hacker in the world during the 80s and 90s and who, today, is a security consultant, who does not deny the relevance of the activity of hackers as a science.