My Crime is that of Curiosity...

It's been some time since I've ranted or talked about something that "irks" me. I recently saw a post on The Register titled "Is your child a hacker? Liverpudlian parents get warning signs checklist". This article was done fine by The Register (that's not what irked me). I took issue with seemingly profiling children as potential cyber criminals for experimenting with computers. Some smoke dope, some hack the Gibson.

Link to the article if you don't trust an href:

That list...

The list that The Register had reproduced is seen as potential identifiers that your child is potentially a "hacker." The article also has a list produced by the National Crime Agency.

To me, a lot the items on the lists seem like curiosity. Surprise, kids are curious beings and love learning. Some of them feel at home with computers, whereas some may love sports. Spending most of their free time on a computer? This can sometimes be called learning (remember all that time you spent in history or math books?). The coding one really kills me. I was learning to code at an early age. Do you have any idea what it's like to build something and see it come alive? That's the kind of feeling you get from coding. Sure, some go to the hacktivism side or just plain malicious side. That's life! We have environmental activists, religious activists, equality activists, etc.. Are they all bad? No! Have some gone far enough to do harm? Yes. People will always stand up for what they believe. This post isn't about that, let's move on.

How are you, as a kid interested in coding and whatnot, supposed to learn about the thing you love if you're limited to an hour a day and are told that you cannot code or play games because it may be "bad." Again, I understand that some kids DO engage in some very serious crimes. One, however, should not punish or criminalize all based on the crimes of a few. I do agree that one should be watching their children's activities online and ensuring that they are on a good path/not becoming criminals. They are your children and our future.

If you have a child that is interested/loves computer security/hacking, encourage it. Encourage helping companies and to improve security...not end up in jail. Let's not forget about bug bounty programs! In the modern day, you can make money and/or earn stuff for legally finding security issues. It's a great time to get into hacking!

Check out:

There are even places like Vulnhub, where you can download hackable virtual machines to learn and play!

Perhaps, to understand my viewpoint, you need to take a walk in my shoes...

Back in my day...

Growing up, I was your typical lad. I enjoyed playing outside, seeing things, going on trips to the park, etc... My father was an electrical engineer and avid computer user. Without him, I would have never learned the possibilities (both constructive and destructive) of what computers can do and could do. I remember going to the library with my father (yea, we had those..Google searching was not really a thing) and checking out books on coding and computer science fundamentals. My world became HUGE when I ran my first Hello World. Computers became a tool and a passion.

Fast forward to teenage years...

Internet was EVERYWHERE and I had just discovered BBS. I met some really awesome people in there. People that would eventually get me into even more coding and answer computing questions that my father could not. I was a terrible student in grade school. I slacked off, sure. I even skipped. When I skipped, however, I was generally sneaking in to community college classes (I knew the professors) to learn as it was the only place that could satisfy my curiosity.

I had learned about viruses and worms. Heck, they were easy to make. VB6 made that even easier. Did I ever make one? Who didn't? Did I ever deploy it? No. This was my method, though. The thrill of "hacking" came from exploring and learning new concepts; making something from nothing and making something do what it is not intended to do. Again, it was all about that thrill and seeing something happen or be created. I understand that not all computer people are like this, however, this is just how I was raised and my hacking mentality. Don't learn to hack, hack to learn.

Later on...

I messed up once. It was a nice sunny day in New York (75 degrees with a light breeze) and I had received a call. Someone was NOT HAPPY about a vulnerability I had submitted; it was legitimate and was never posted publicly. Anything I did was non malicious, to help, and out of curiosity. Unfortunately, Legal was involved and wanted to pursue charges (curiosity isn't always a good excuse for potentially breaking the law). A day later, the establishment's head of security contacted me. He offered me something that I had no idea the value of at the time; a part-time security job and to learn from him. I happily accepted and legal never pursued. Apparently, the head of security convinced executives that I was just an unguided person with good intentions. The head of security taught me a lot as well as the value of authorized testing. From there, a few years later and multiple jobs later, life continued and now I work as a penetration tester, researcher, and mentor. Without hard work, passion, risk, and amazing guidance, I would have never become the person that I am today.

Tim, if you ever see this, thank you so much for all the teaching and guidance you have given me over the years.

Maybe I'm a bit too old school or just old and ignorant.

Until next time,

Join EFF!