Hackers hack for five main reasons, according to Parisa Tabriz, Google’s official “Security Princess”:
- They want security (in software).
- They enjoy the challenge (of breaking “unbreakable” defenses).
- They have something to say (and, perhaps, a point to prove).
- They want money (mostly, of the illegally procured variety).
- They want information (usually to sell, subvert, or sabotage).
Hackers who hack in response to the first two motivators (to secure software and enjoy the thrill of sleuthing through lines of code) are usually painted as positive coder-types: “whitehats.” Whitehats are the good guys of the hacking world, protecting vulnerable services and users from attack. Hackers who are primarily motivated by proving points, making dirty money, or stealing information in a quest for power, are usually branded as bad-guy “blackhats.” Whether they're good or bad, they’re almost always guys. The event Tabriz spoke at last Sunday—the second Harvard Women Engineers Code (WECode) intercollegiate conference—wants to change that.
The aim of WECode and its founders, the Harvard Women in Computer Science (HWiCS) student group, is simple to state but difficult to achieve: to create and encourage opportunities for all genders in technology and computer-science fields. The event drew 516 students (between 5 percent and 10 percent of them male) from 40 universities across the United States. The male turnout was encouraging, but vastly misrepresented the realities of the high tech world, which is infamously dominated by men—a problem deep-seated in gendered stereotypes about math and science aptitude and in industry-wide pay gaps.
Tech’s gender clichés also appear in pop-cultural portrayals of coders in television shows and movies. HBO’s new hit series, Silicon Valley, focuses on a group of quirky men working at a tech start-up who are rendered speechless and inept in the presence of female characters, who are uniformly personal assistants and/or love interests. The recently released thriller Blackhat twists the geeky stereotype of coders by starring the hulking Chris Hemsworth (think, Thor) as a renegade hacker who tries to save the world's financial markers from a malicious cyberattack. He codes and fights, James Bond-style, with his beautiful side-kick, Wei Tang, in tow. In the Blackhat trailer, Hemsworth does handstand pushups in a jail cell, because that's just the kind of guy he is. When Tabriz jokingly admitted during her keynote speech that she couldn’t do that kind of pushup, her comment met with chuckles of recognition: tech is a man’s world. Serious strength is required to change it.
For Tabriz, the secret to out-smarting hackers is to employ their own strengths against them: to think like blackhats. Her philosophy echoes Sun Tzu's advice on war: know your enemies so you can defeat them. Google’s official code of conduct is “Don’t Be Evil.” Tabriz tweaks that slightly to “Do Know Evil.” In her role as head of security for the Google Chrome Web browser, she urges her team to employ blackhat tactics to identify their code's weaknesses, plug up its holes, and de-bug its defenses. Breaking defenses, she pointed out, results in stronger rebuilding: that’s why Google pays bug-chasers a lot of money to identify its weaknesses.
Tabriz encourages rewarding such hacking practices in the service of strengthening software defenses. She emphasised that “not all hackers are bad”—indeed, a lot of them are responsible for the secure technology customers depend on. She even invited WECode attendees to train their own blackhat tendencies by pointing them to an xss encryption game used to train new hires at Google. She also asked attendees to consider (as a purely theoretical exercise, of course) all the different ways to break into a vending machine to steal snacks. One audience member’s suggestion appeared suspiciously specific and knowledgeable. “It seems like you’ve done this before,” Tabriz said, with a grin.
Even as she urges young coders to think like hackers, Tabriz is wary of dividing hackers themselves into strict good/bad, blackhat/whitehat camps. She doesn’t find these strict divisions very useful, she explained, because their contrasts aren’t as clean-cut as their binaries make them appear. Hats are merely props. Hacking is all about a frame of mind, not an objectively good or bad political action or motive. Hackers think outside the box—they approach problems differently. For these reasons, Tabriz encouraged the crowd to think like hackers, and use the results of their hacks for good.
In many ways, the WECode and HWiCS mission and plan of attack already employ all the objectives of hacking—with pep and pragmatism—to achieve their goal of gender equality in tech: their members are seeking security, they love challenges, they have something to say, money to earn, and information to gather. They're also thinking outside of the strict binaries of the gender box: all genders are welcome at their conferences.
After Tabriz's speech, attendees broke into groups of six to collaborate on a number of puzzles prepared for them by the conference organizers. The aim of their game was to chase clues across Harvard’s campus to save Ada Lovelace, the Marie Curie of the programming world, who was being held hostage by Mr. BlueScreenofDeath, a nefarious villain. In true hacking style, the damsel in distress wasn’t rescued by traditional knights in shining armor. Instead, she was saved by groups of students of all genders: they trekked across Harvard's campus as the winter storm Marcus brewed overhead and they wore an eclectic variety of multicolored hats.
