If you know me well, you’ll know I am excellent at all things security-related. Its like I was touched by a higher power or something. I can figure out how anything works in little to no time and I make experts in technology feel miniature. I don’t do this purposefully. Its like getting a permanent hook into the signal while everyone else can only see the noise. The irony is my talent showed itself late and I never got a chance to be “classically trained.” I don’t always use jargon the way a “true” expert would. I don’t try to enhance my argument with difficult explanations. Computers have always been a hobby of mine but even then I didn’t care about the terminology so much as I cared how it worked. Imagine being permanently Shakespearean in your philosophy on life: a rose smells just as sweetly whether the name conjures images of sweetness or not. The process of how the rose came into existence and operates is more important than the terms that pervade its space. I guess I understood at a very young age terms are not always meaningful when compared to the importance of understanding.
I never liked the word hacker. It conjures images of cool. It makes people think the manipulation of systems is important to technology. In reality, I’ve found hacking is usually a result of a failure in security and hackers don’t understand systems well enough to actually manipulate them. If the front or back door to a house is wide open and a burglar enters and starts stealing from the house, they are absolutely a burglar in the technical sense. And yet, to other burglars who take pride in their trade (and criminals do take pride in their trade), they aren’t really burglars. The problem with hacking, like in the problem with the example I mentioned above, is people want credibility and social status. They don’t actually want to be a hacker. They just want to be cool. This problem is pretty paramount to our society…
If everyone who enters a home with the front or back door wide open calls them-self a burglar, it becomes extremely hard to identify the actual burglars. A law enforcement officer who gets a ton of tips and leads on hacking cases eventually becomes desensitized, blaming the home owner as the first source of any problem while the criminal is allowed to subsist and thrive in their secretive tactics. There are only two groups of people on the planet that are professionalized and would benefit from this form of desensitization. I call this the pirate vs. privateer problem.
The pirate is your traditional hacker that contrives to gain access to systems that are difficult to gain access to. Their reasons aren’t really that important but how they operate is extremely important to their eventual operations. Pirates are not state-sponsored. They do everything with the looming threat of being caught and going to jail. They also, like any movie, have limited resources at their disposal. Their ability to hack indiscriminately against targets without getting caught is virtually nonexistent. They prefer silent and persistent threats when it comes to access over harassment and psychological abuse. Strangely, we think of governments as being silent and deadly and, yet, the reason non-state hackers survive so long is because they are truly nondescript, hidden, and keep out of the limelight. The best hackers are hackers you will never hear about. They don’t use names and they don’t take credit for their hacks. Although, some of them did initially. I’ll bet they wanted to see just how good government was so they could establish the left and right limits of what they could get away with. As soon as governments co-opted this process of “taking credit,” they shed this tactic, knowing governments were just trying to make their lives easier by making hacking “cool”, catering to their ego, in order to identify them later more easily. The unintended consequence of this government media campaign was that it modified the hacker counterculture into the cult of cool, making the field increase substantially, giving the best ones even more anonymity. A pirates curiosity is more important to them than their ego and governments learned that far too late.
The privateer is a non-traditional hacker that literally no one in the cyber-security industry ever discusses. They are only non-traditional because governments around the world keep funding movies about independent hackers so you can’t see the truth: most hackers today are government backed. Privateers do not just try to gain access to systems. They attempt to effect an outcome for gain that does not have to be about money. In fact, money is usually never the motive, even when they are using ransomware. It’s just a way to throw law enforcement off their scent. These hackers have unlimited resources. When they run out, they can go back to their government for some more black budget funds. They do not care about going to jail, as they will likely trade their services from one government to the next, figuring they are already screwed because they got caught in the first place. They prefer trolling, harassment, and psychological abuse by a matter of fact. If you can’t get caught or in trouble for anything you do, it tends to bring out the worst in your behaviors – like people who feel anonymous online and take that as a shield to say and do hurtful things. Plus, since they no longer respect themselves as hackers for getting caught, this is the natural progression from empowerment to jackboot thug.
This dichotomy is extremely important in security, as it allows you to diagnose security problems based on means and motive – a fundamental investigative technique that leads to extremely high probability analytical conclusions.
There is another form of hacker that is also not often discussed: the state. A government sometimes thinks it has the ability to hack people or organizations indiscriminately for the greater good. These hackers are just as abusive as their privateer counterparts. In fact, they are even more protected and have even more resources. If at any point you are being harassed by a hacker indiscriminately, you are undoubtedly being targeted by a privateer or a state. Due to the way our networks are constructed, these are the only people who can pull off a hack and not get caught. All developed countries have a firewall surrounding their country, allowing them to hypothetically monitor all traffic through junctions or nodes where all traffic flows into and out of their country to connect them to other countries. Further, all developed countries have junctions and nodes within the country that hypothetically allow them to monitor all traffic within it. These are usually subleased to Internet Service Providers (or ISPs). We do not tend to think of these structures as a firewall, like China’s or Egypt’s, because the branding has been perfectly managed to make certain countries look like their version of a firewall is benevolent while other versions are not-so-benevolent. In the U.S., our firewall is to protect critical infrastructure from cyberattack. In China, their firewall is to keep their citizens from discovering the truth by censoring content. In both cases, a state can hack indiscriminately.
Why are these forms of security characterization important? Recently, there has been a ton of coverage towards making systems zero trust. Meaning, some entities want us to make a system or design it in such a way that the aggregate parts can operate in coordination without trusting each of their outputs unconditionally. I think this cult-like adherence to zero trust is not a security metric nor a security method. Trust is essential in systems but telling people to construct a system where trust is decentralized keeps them from actually decentralizing the system with trusted protocols and implementations. Curated News was designed to be a hackers nightmare. You cannot accomplish anything of value on our platform. You cannot manipulate people, you cannot hack for an effect, you cannot gain access to valuable information that matters, and you cannot engage to decrease trust in the system. It is immune to manipulation at the technical level, in its statistical process, and with human checks in the off chance someone “defeats” our system by gaining access to it.
Imagine consuming news that is actually news instead of manipulation. Imagine hackers loosing all of their ability to effect outcomes on complex systems, giving you back your ability to make decisions freely. Curated News is a fundamentally new security process that changes, reverses, and re-establishes the most successful security system that has ever existed, decentralization and dis-aggregation, without losing the convenience of aggregated content consumption. This means no more algorithmic hacking, malvertising, or destructive social behaviors from marketing frameworks. It also means you can increase information quality while socializing information or privatizing it for your own use.
Whether you are a pirate or a privateer, you rely on a security subsystem that can be compromised as a fundamental feature to your technological existence. Maybe you are looking for an administrative account, to steal or ransom data, or harass someone psychologically. All of these require a system that can be compromised. And yet, there are systems that cannot be compromised. We know this because we invented them. They include things like decentralized networks where no two people necessarily know the same set of people within a given network. Many terrorist organizations and intelligence services operate effectively using this paradigm. We know creating these systems is absolutely possible. And yet, Curated News is the first and only platform that I have been able to find in the entire world to do it.
As the original inventor, developer, and founder of Curated News, I say this not as an egoist but as a humanist: I may be the only cyberist who ever lived…