Exchange of Statuses vs. The Exchange of Ideas

I've been an introvert all my life. I dislike large groups of strangers, and thrive in one-on-one conversations. This has enabled me to go for "quality, not quantity" in terms of the friends that I have. I have 650+ friends in my friends list, but really only care about 20 of them. This is because with those 20 individuals, I've developed a deeper friendship that revolved around the exchange of ideas - a sharing of life and its share of troubles, triumphs, and inconsistencies.The other 630 people might know me from church, school, or work. I might know them on the surface, but I haven't invested time in getting to know them. I might know how they are through an exchange of statuses, but I don't really know what makes them tick.

This sets up a fundamental problem in a society inundated with social information technology, and a lack of user-based understanding of what it means to be "connected." Internet addiction has been in the limelight for the past 15 years, and is considered a serious disorder. Addiction to social media, as it has matured over the past decade, has been recognized as a cause of loneliness (1). While various factors that go into this addiction including personality and social lives outside of social media, the reality is that there has been a shift in the past decade from an exchange of ideas, to an exchange of statuses. This fundamental shift affects the way we communicate with each other as individuals, which ultimately affects the way we view ourselves and our roles in a technology-enabled society.

For example, I might update my twitter and facebook status daily, but if you take all the accumulated status messages I've ever written which has been read by my hundreds of online "friends" in the past 5 years, the accumulated content of these status messages will tell you very little about who I am as a person. I imagine that any person, however capable they are with working with the 140-character limit, can't be broken down into a series of pithy comments. The artificial connectedness that people feel via social technologies falls short of our social needs because it lacks CONTENT. You might know what I had for dinner, who I had it with, and where I had it - you might even get the gist of the dinner conversation - but you will never actually be there at dinner with me when I discussed the contemporary applications of Tolstoy with an equally geeky friend. We are at an age of communication where people try to speak in perfect pithy phrases.

Leo Tolstoy once remarked that as a person, we must choose between "conscience and life." This is a status-worthy message, but it means very little on its own without elaboration, context, and a basic understanding of philosophy (2). Can we consciously choose to commit to meaningful relationships, while still living out our digital lives? Can we use our current social technologies in a manner that enables and encourages its users to simply talk to one another where there is as much exchange of ideas, as there are memorable, pithy comments? I have to believe that it is possible if we focus on developing social technology to enable meaningful discourse. The exchange of statuses will continue to proliferate - the question is how can we enable social media users to move beyond the frivolous in order to feed on the substantive. This is one of the questions I will explore in my dissertation.


1) http://www.huffingtonpost.com/lisa-haisha/is-your-facebook-addictio_b_533530.html

2) http://www.ebooksread.com/authors-eng/lon-tolstoi/the-complete-works-of-count-tolstoy-volume-24-slo/page-25-the-complete-works-of-count-tolstoy-volume-24-slo.shtml

I like open source, but not when it comes to business applications.

Open source communities have successfully developed many pieces of cross-platform software amidst a plethora of proprietary applications. The usability of open source software was once regarded as a reason limited distribution, but presently most of us use it but might not notice that it is open source. For example, the wordpress platform is used worldwide, currently with over 200 million users, and is cross-platform and open source (1).  The existing evidence of the popularity of open source software and how the characteristics of open-source development influence usability is largely important in implementation. Currently, OSS is widely distributed to developers and the public via networked communities.

The thing with open source, especially free open source software, is its quality. There are millions of projects started and never finished. A look at SourceForge reveals that the majority of projects are abandoned. Good software is developed “when one or more very good programmers work closely full time together over a period of time developing, maintaining and improving it.” (2) Ultimately, distribution in the commercial world, especially corporate and government settings, is difficult because the available product does not meet the requirement standards. In contrast however, corporations support open source for competition against existing products. For example, IBM’s Lotus suite vs. Microsoft Office. The advantage is that if a corporation uses Lotus, it would be helping IBM against Microsoft. The disadvantage is that Lotus is vastly inferior to MS Office, and that just because IBM promotes (and financially supports) open source, it doesn’t mean it’s good for the individual developer and users as a whole.  

As a former IBM employee, I would never recommend using Lotus because it is very buggy and compatibility issues get in the way of communicating with clients who is already using MS office. Interestingly, I had both Lotus and MS Office on my laptop when I was a consultant, but never used Lotus software because it simply isn’t as good as MS Office. We were forced to use Lotus Notes, however. When I worked at GE Financial, there was also an effort to try to use OpenOffice instead of MS Office. This also failed because even though we had programmers working on this software, the open source software was still unable to provide the stability and usability needed. 

1) http://www.tripwiremagazine.com/2010/03/20-most-popular-open-source-software-ever-2.html
2) http://www.lambdassociates.org/blog/the_problems_of_open_source.htm

Social Engineering, Hacking, and the Improvement of Cyber Security

In 1986, Congress passed the “Computer Fraud and Abuse Act,” which made unauthorized access to computer systems illegal. The history of hacking, however, dates back to the early 60s, when MIT students experimented on the mainframe computer systems on campus. The first phone hackers in the 70s used toy whistles, which generated the same frequency signal as AT&T’s switching program, to make free phone calls. By the 80s, hacking moved to personal computers, and bulletin boards were used as hubs for hackers. During this time, it also became a social phenomena - a topic that became movies and the topic of interest in magazines. The reality is that hacking has evolved with computer information technology. Regardless of the various milestones in computer security, beginning with the mainstream software security movement in 1999 following the release of windows 98, hacking has always been the response to computer security. Currently, hacking continues to be in an asymmetric war with increasingly complex security layers, algorithms, and parameters.

Prior to the 1990s, hackers often had a loose “code of conduct” (5) which they would abide by. These included common ethics, such as “leave no trace,” and “information wants to be free.” Post-90s hackers are far less bound by restraints, and have very few ethical restrictions. Most younger generation hackers are ruthless, decentralized, and use their hacking skills to break into systems as a form of entertainment – or as the internet meme currently defines it, doing it “for the lulz.” (6) The most common network security exploits, including denial of service (DOS) attacks, Trojan horse, viruses/worms, and sniffing happen on a daily basis to all major service providers around the world. In 2000, the CIO of the Pentagon pleaded with the attendees at Defcon to stop targeting government systems (2), and offered jobs to “talented individuals” who wanted to help prevent these attacks. The Assistant Secretary of the DoD echoed the same thing. In 1999, there were 22,000 confirmed attacks against DoD’s systems. In 2009, there were 71,000 incidents (3). These numbers are indicative that cyber attacks have been steadily increasing, despite laws, regulations, and improved technology. In addition to Defcon, events such as the U.S. Cyber Challenge, seeks to draw hackers to show their skills, ultimately identifying the most talented so they can be hired to work as security specialists. These hosted events, and the actions undertaken by the government and other corporations, presents us with an unanswered question that also happens to be one of the topics covered in the old hackers’ code of conduct: does hacking help improve security?

The answer is complex depending on the effects of the hack, and the intentions of the hackers. Government and corporate entities have “Tiger Teams,” or a group of hackers, to try to infiltrate their systems so they can improve their security. The hackers would infiltrate a system using various exploits and attacks, and then provide details on how it was done so that vulnerability can be fixed. A combination of hacking techniques such as a vulnerability scanner, cracker, spoofing, rootkits, and impersonating legitimate users, are used to access the system. This is extremely valuable to organizations seeking to protect their data. External Tiger Teams can be attracted at websites such as FreeHackers.org, and ethicalhacker.net. Security teams from corporations anonymously set up test scenarios, then attract these hackers to see if they can break in to their system. If the system is compromised, their hope is that the hackers would expose how the exploit was accomplished. It is unclear how these external tiger teams, or “white hat” hackers, are compensated for their efforts. The demand of white hat hackers, “penetration testers,” or “ethical hackers” have been increasing steadily in the past decade. With millions lost due to security breaches and billions of dollars of data on the line, organizations are not only looking for security analysts, but talented hackers, often young computer users without formal educations, who want to use their skills in hacking to build a career. White hat hackers note that while they are inside a corporation, there is a 80-90% probability to accessing internal systems. This success rate drops to 20-30% when attempting to access company systems externally (9). Other instances of white hat hacking occurs when a professional reports a security vulnerability to an organization without exploiting it for gain, such as the recent Skype Zero Day vulnerability that only existed on mac clients (10).

On the other side of the spectrum, malicious “black hat” hackers such as members from Anonymous, presents to us “the epitome of all that the public fears in a computer criminal.” (7) The same techniques are used, but the hacker is generally ruthless in methodology. In addition to using technology, a black hat hacker often employs psychological methods to acquire access information that would otherwise be very difficult to obtain by using technological means. With phishing, a hacker can impersonate a supervisor via fake emails – a legal service that is widely available online (https://www.anonymousspeech.com/). With impersonation, a hacker can intimidate a user to give up access information. Additionally, a hacker can take advantage of someone’s helpful nature, drop names of important leaders in an organization, and feign involvement with law enforcement (8). Information such as company managers, domain owners, and email addresses can be easily found online. The exploitation of people, in some cases, is easier than the exploitation of technological vulnerabilities. Organizations spend millions every year on training their employees on cybersecurity for this very reason, and have updated policies on security on a yearly basis. Through the access of an individual’s email account, and by having access to one portion of a system, the entire network can be compromised. While malicious hackers always break a law of some form, communities for these hackers, such as the one found on www.hackanonymous.com (do not visit this link), operate legally under “educational” purposes when all of their general intentions and tools exist to cause general mayhem. Successful black hat hackers, such as Kevin Mitnick and Gary McKinnon, has cost millions of dollars in damage and crippled thousands of computers (11). Many black hat hackers remain anonymous after their illegal activity, leaving organizations struggling to patch up their system security.

Ultimately, hacking and exploiting systems improve the complexity of security measures either directly or indirectly. Directly as a result of a white hat hacker testing security vulnerabilities in a system, or indirectly as a result of attempted hacks by malicious black hat hackers. In 1998, a hacker group called L0pht (www.l0pht.com) described their behavior where members “grapples with questions of ethics and law in the line of their work.” Full disclosures are conditional and  vulnerabilities are found with the intention to “secure, rather than exploit.” Like many hacker groups that were present in the 90s, present hackers not associated with organizations doing “white hat” hacking often fell into a category of “grey hat.” The reason for this is two-fold: even though a hacker does not maliciously attempt to hack a system, they cannot reveal an exploit because they fear that there would be consequences to their actions. For example, in 2010, a group known as Goatse Security discovered and reported a network flaw that reveals iPad users’ emails (12.) Upon making this vulnerability available to the public, members of the hacker group have been investigated by the FBI and prosecuted. This is a grey area since originally the hackers did not intend to profit or to harm AT&T, but still revealed the exploit publically instead of reporting the exploit to AT&T. In the end, this was still done for entertainment and “for the lulz” in this case ultimately resulted in a breach of security for all iPad users. This vulnerability, had it been found first by a black hat hacker, would have been worth a lot of money to people who operate spam bots.

As an IT consumer and professional, I believe hacking is necessary for computer security to exist and remain a market. The U.S. federal cybersecurity market is currently valuated at $55 billion for the next six years (13). The protection of information and the reconnaissance of information will always be in focus. Current military programs such as the Navy’s Information Dominance program, provides us with an IT landscape that is always in preparation for the next contingency. Hacking has evolved from simple alterations in mainframes, to an equalizer that drives an entire market through its measures and countermeasures. Hacking is necessary because humanity has not changed since the inception of hacking. Most hackers, regardless of their alignment are true technology experts. There will always be malicious hackers and the security against them will continue to become more complicated, even though the advantage will always be theirs – and the answer to the question “how do I know I am being hacked?” continues to be as elusive as “how do I successfully hack a computer.” The scale of hacking is now international, as well as national and personal to an IT consumer. The natural progression of hackers vs. secure systems will continue into the future, as it has throughout the last three decades.

Sources used:
1) http://pcworld.about.net/news/Apr102001id45764.htm

2) http://edition.cnn.com/2000/TECH/computing/08/01/pentagon.at.defcon.idg/

3) http://www.defensesystems.com/Articles/2010/10/29/Pentagon-cyber-attacks-decrease.aspx

4) http://articles.cnn.com/2009-12-21/tech/cyber.challenge.hackers_1_hackers-computer-cybernetworks?_s=PM:TECH

5) http://www2.fiu.edu/~mizrachs/hackethic.html

6) http://www.wired.com/threatlevel/2007/07/investigative-r/

7) Moore, Robert (2006). Cybercrime: Investigating High-Technology Computer Crime (1st ed.). Cincinnati, Ohio: Anderson Publishing.

8) http://en.wikipedia.org/wiki/Hacker_(computer_security)                                    

9) http://www.usatoday.com/tech/news/computersecurity/hacking/2008-01-07-good-hackers_N.htm

10) http://www.purehacking.com/blogs/gordon-maddern/skype-0day-vulnerabilitiy-discovered-by-pure-hacking

11) http://www.junauza.com/2010/12/top-10-most-infamous-black-hat-hackers.html

12) http://arstechnica.com/apple/news/2011/01/goatse-security-trolls-were-after-max-lols-in-att-ipad-hack.ars

13) http://www.marketresearchmedia.com/2009/05/25/us-federal-cybersecurity-market-forecast-2010-2015/

Social Technology as a Reflection of the Idiosyncracies of Humanity

Currently, in any service that allows for user-generated content, there is a reward system set up to encourage member participation. Social engineering, or more bluntly, how to manipulate human behavior, is changing the way we communicate. In the past decade we've managed to ditch the idea of exchanging ideas through meaningful conversation, to adopt an exchange of statuses. Instant messaging, microblogging, emails, texts, and blogs keep us informed either directly or indirectly. There is no control of the quality of information.

Changes in our society and our culture have been equally drastic. For example, entire communities are based on ideas. From Anonymous to the Obama campaign, these organizations perpetuate a level of expression and existence that is without consequences and limitation. Free speech, taken to certain extreme levels that force the general public to adapt in order to stay as an active member of society. The questions that need to be addressed is how can we control our own consumption, and how do we stay safely informed in cyberspace without becoming addicted given the current speed of communication. 

Communicating through technology has now become our main way of fulfilling a basic need of interacting with other people. Social networking, as an outcome of social engineering, is an outlet of humanity that is untamed and largely unregulated. We can act anonymously without consequence, and with our names online we invite technology to become a pervasive part of our lives. This "grid" of users then becomes the largest goldmine in history. Artificial experiences substitute real life experiences. Artificial achievements substitutes real life achievements. The cyber-physical conditioning is gradual and ultimately leads to physical, mental, and spiritual depravity.

Considering the exponential growth of the major services we use, perhaps can curb consumption but not the actual trend. Defining adoption, adaptation, and addiction is an idiosyncrasy that depends on the demographic. As much as there are real consequences to changing the way we communicate, there are also real benefits. Just as virtual goods can have real value, virtual experiences can also have real-world value if we accept it as a supplement instead of a standard.