2023 AHackersMindHowthePowerfulBendS

From GM-RKB
(Redirected from Schneier, 2023)
Jump to navigation Jump to search
  • (Schneier, 2023) ⇒ Bruce Schneier. (2023). “A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend Them Back.” W. W. Norton..

Subject Headings: Hacking, Hacker.

Notes

Cited By

2023

  • https://nytimes.com/2023/02/07/books/review/a-hackers-mind-bruce-schneier.html
    • QUOTE: ... “A Hacker’s Mind” reads like just such a briefing — fused with a manifesto about power and compliance. Hacking, Schneier argues, need not involve computers or even technology; a hack is merely “an activity allowed by the system that subverts the goal or intent of the system.” Any system, from a slot machine to the U.S. tax code, can be hacked. Hairsplitting, workarounds, weaselly little shortcuts: These are all hacks, and if you’ve ever found yourself uttering phrases like “technically legal” or “gray area,” you might be a hacker. The odds increase with your net worth. While “we conventionally think of hacking as something countercultural,” Schneier writes, “it’s more common for the wealthy to hack systems to their own advantage,” occupying “a middle ground between cheating and innovation.” To steal a car by smashing its window and hot-wiring it would be merely criminal; a true hacker would coax the car’s computer into unlocking itself. ...

Quotes

Book Overview

Legendary cybersecurity expert and New York Times best-selling author Bruce Schneier reveals how using a hacker’s mindset can change how you think about your life and the world.

A hack is any means of subverting a system’s rules in unintended ways. The tax code isn’t computer code, but a series of complex formulas. It has vulnerabilities; we call them “loopholes.” We call exploits “tax avoidance strategies.” And there is an entire industry of “black hat” hackers intent on finding exploitable loopholes in the tax code. We call them accountants and tax attorneys.

In A Hacker’s Mind, Bruce Schneier takes hacking out of the world of computing and uses it to analyze the systems that underpin our society: from tax laws to financial markets to politics. He reveals an array of powerful actors whose hacks bend our economic, political, and legal systems to their advantage, at the expense of everyone else.

Once you learn how to notice hacks, you’ll start seeing them everywhere—and you’ll never look at the world the same way again. Almost all systems have loopholes, and this is by design. Because if you can take advantage of them, the rules no longer apply to you.

Unchecked, these hacks threaten to upend our financial markets, weaken our democracy, and even affect the way we think. And when artificial intelligence starts thinking like a hacker—at inhuman speed and scale—the results could be catastrophic.

But for those who would don the “white hat,” we can understand the hacking mindset and rebuild our economic, political, and legal systems to counter those who would exploit our society. And we can harness artificial intelligence to improve existing systems, predict and defend against hacks, and realize a more equitable world.

1. Introduction

A company called Uncle Milton Industries has been selling ant farms to children since 1956. The farms consist of two vertical sheets of clear plastic about a quarter inch apart, sealed at the sides, and with a top you can open up. The idea is that you fill the space with sand and put ants into the two-dimensional environment. Then, you can watch them dig tunnels.

The box doesn’t come with any ants. It would be hard to keep them alive while it sat on the store shelf, and there’s probably some child safety regulation about insects and toys. Instead, the box comes with a card where you can write your address, send it to the company, and receive back a tube of ants in the mail.

When most people look at this card, they often marvel that the company would send a customer a tube of ants. When I first looked at the card, I thought: “Wow, I can have this company send a tube of ants to anyone I want.”

Security technologists look at the world differently than most people. When most people look at a system, they focus on how it works. When security technologists look at the same system, they can’t help but focus on how it can be made to fail: how that failure can be used to force the system to behave in a way it shouldn’t, in order to do something it shouldn’t be able to do—and then how to use that behavior to gain an advantage of some kind.

That’s what a hack is: an activity allowed by the system that subverts the goal or intent of the system. Just like using Uncle Milton’s system to send tubes of ants to people who don’t want them.

I teach cybersecurity policy at the Harvard Kennedy School. At the end of the first class, I announce a surprise quiz for the next time we meet. I tell the students that they will be expected to write down the first hundred digits of pi from memory. “I understand that it is not realistic to expect you to memorize a hundred random digits in two days,” I tell them. “So I expect you to cheat. Don’t get caught.”

Two days later the room is buzzing with excitement. Most of the students don’t have any new ideas. They’ve written the digits on a tiny scrap of paper, which they hide somewhere. Or they record themselves reading the digits, and try to conceal their earbuds. But some are incredibly creative. One student used an invisible ink and wore glasses that made the digits visible. One student wrote them out in Chinese, which I don’t read. Another encoded the digits in different-colored beads and strung them on a necklace. A fourth memorized the first few and the last few and wrote random digits in the middle, assuming that my grading would be sloppy. My favorite hack was from a few years ago. Near as I could tell, Jan was just writing the digits down in order—albeit very slowly. He was the last one to finish. I remember staring at him, having no idea what he might be doing. I remember the other students staring at him. “Is he actually calculating the infinite series in his head?” I wondered. No. He programmed the phone in his pocket to vibrate each digit in Morse code.

The point of this exercise isn’t to turn my class into cheaters. I always remind them that actually cheating at Harvard is grounds for expulsion. The point is that if they are going to make public policy around cybersecurity, they have to think like people who cheat. They need to cultivate a hacking mentality.

This book tells the story of hacking—one that’s very different from what’s depicted in movies and TV shows, and in the press. It’s not the story you’ll find in books teaching you how to hack computers or how to defend yourself against computer hackers. It tells the story of something much more endemic, something fundamentally human, and something far older than the invention of computers. It’s a story that involves money and power.

Kids are natural hackers. They do it instinctively, because they don’t fully understand the rules and their intent. (So are artificial intelligence systems—we’ll get to that at the end of the book.) But so are the wealthy. Unlike children or artificial intelligences, they understand the rules and their context. But, like children, many wealthy individuals don’t accept that the rules apply to them. Or, at least, they believe that their own self-interest takes precedence. The result is that they hack systems all the time.

In my story, hacking isn’t just something bored teenagers or rival governments do to computer systems or that less ethical students do when they don’t want to study. It isn’t countercultural misbehavior by the less powerful. A hacker is more likely to be working for a hedge fund, finding a loophole in financial regulations that lets her siphon extra profits out of the system. He’s more likely in a corporate office. Or an elected official. Hacking is integral to the job of every government lobbyist. It’s how social media systems keep us on their platforms.

In my story, hacking is something that the rich and powerful do, something that reinforces existing power structures.

One example is Peter Thiel. The Roth IRA is a retirement account allowed by a 1997 law. It’s intended for middle-class investors, and has limits on both the investor’s income level and the amount that can be invested. But billionaire Peter Thiel found a hack. Because he was one of the founders of PayPal, he was able to use a $2,000 investment to buy 1.7 million shares of the company at $0.001 per share, turning it into $5 billion—all forever tax free.

Hacking is the key to why we often feel that government is unable to protect us against powerful corporate interests, or wealthy personal interests. It’s one of the reasons we feel powerless against state authority. Hacking is how the rich and powerful subvert the rules to increase both their wealth and power. They work to find novel hacks, and also to make sure their hacks remain so they can continue to profit from them. That’s the important point. It’s not that the wealthy and powerful are better at hacking, it’s that they’re less likely to be punished for doing so. Indeed, their hacks often become just a normal part of how society works. Fixing this is going to require institutional change. Which is hard, because institutional leaders are the very people stacking the deck against us.

All systems can be hacked. Many systems are currently being hacked—and it’s getting worse. If we don’t learn how to control this process, our economic, political, and social systems will begin to fail. They’ll fail because they’ll no longer effectively serve their purpose, and they’ll fail because people will start losing their faith and trust in them. This is already happening. How do you feel knowing that Peter Thiel got away with not paying $1 billion in capital gains taxes?

But, as I will demonstrate, hacking is not always destructive. Harnessed properly, it’s one of the ways systems can evolve and improve. It’s how society advances. Or, more specifically, it’s how people advance society without having to completely destroy what came before. Hacking can be a force for good. The trick is figuring out how to encourage the good hacks while stopping the bad ones, and knowing the difference between the two.

Hacking will become even more disruptive as we increasingly implement artificial intelligence (AI) and autonomous systems. These are computer systems, which means they will inevitably be hacked in the same ways that all computer systems are. They affect social systems—already AI systems make loan, hiring, and parole decisions—which means those hacks will consequently affect our economic and political systems. More significantly, machine-learning processes that underpin all of modern AI will result in the computers performing the hacks.

Extrapolating further, AI systems will soon start discovering new hacks. This will change everything. Up until now, hacking has been a uniquely human endeavor. Hackers are human, and hacks have shared human limitations. Those limitations are about to be removed. AI will start hacking not just our computers, but our governments, our markets, and even our minds. AI will hack systems with a speed and skill that will put human hackers to shame. Keep the concept of AI hackers in mind as you read; I will culminate the book with that in the final part.

That’s why this book is important right now. If there’s any time when we need to understand how to recognize and defend against hacks, it’s now. And this is where security technologists can help.

Once — I wish I could remember where — I heard this quote about mathematical literacy. “It’s not that math can solve the world’s problems. It’s just that the world’s problems would be easier to solve if everyone just knew a little bit more math.” I think the same holds true for thinking about security. It’s not that the security mindset, or a hacking mentality, will solve the world’s problems. It’s that the world’s problems would be easier to solve if everyone just understood a little more about security.

So let’s go.

...

References

;

 AuthorvolumeDate ValuetitletypejournaltitleUrldoinoteyear
2023 AHackersMindHowthePowerfulBendSBruce SchneierA Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend Them Back2023