Hacker Conversations: Casey Ellis, Hacker and Ringmaster at Bugcrowd

/in


In this edition of Hacker Conversations, SecurityWeek talks to Casey Ellis, founder, chairman and CTO at Bugcrowd – and hacker. Bugcrowd provides a crowdsourced ethical hacking cybersecurity platform, best known for operating bug bounty programs on behalf of individual organizations.

“A hacker,” says Ellis, “is someone who takes the assumptions of a system and tips them upside down to see what falls out. Hackers will learn how a system works, to the extent they can manipulate it into doing things it was never originally intended to do.” That desire is almost a default condition. “When I see a new technology, the first thing I often do is try to get it to misbehave.”

There are several factors in this definition. For example, it is not computer specific – it could apply to almost any engineering technology. Here we are solely discussing the computer hacker variety.

Most importantly, however, the act of hacking is amoral; it is driven by curiosity rather than a desire to do bad things. The process of hacking is neither moral (a good action), nor immoral (a bad action); and the term ‘hacker’ simply describes someone who likes to deconstruct and then reconstruct with additional or different outcomes.

Casey Ellis, founder, chairman and CTO at Bugcrowd
Casey Ellis, founder, chairman and CTO at Bugcrowd

It is the use made of these outcomes, for moral or immoral purposes, that forces us to divide hackers into two camps: the ethical hacker (Whitehat) and malicious hacker (Blackhat). The ethical hacker finds ways in which the system can be manipulated so the developer can prevent the malicious hacker from finding and abusing the same manipulations for his or her own benefit (usually financial or political).

Both schools of hacker have the same skill set. The question then is, why do some become immoral while others remain strictly moral; and yet others flip between the two? This is what we sought to discover in conversation with Casey Ellis. 

The motivating factors between the ethical and unethical hacker are many and varied. They could come from a personal moral compass; the vagaries and conflicts with and within national and international law; the hacker’s economic and cultural background; and social pressures…

Source…