Claudio Guarnieri, hacker – letter

Post By RelatedRelated Post

We’ve been building technology that should have had a positive impact on our lives, and now we got to know that it has been silently and actively subverted to exercise control over everyone’

Claudio Guarnieri is a core member of The Shadowserver Foundation and the Honeynet Project, two of the longest-living non-profit organisations dedicated to making the Internet a safer place.

In this exclusive letter to PartB, he shares his reflections on what it means to be a professional in the Internet community.

‘Dear career-minded student,

Here is a little insight into the worlds of cybersecurity and privacy. I hope it serves you well.

I’ve been involved in cyber-security since my very early teenage years, first exploring the mysteries of computer systems and breaking chip boards apart in my bedroom, then discovering the fascinating and vibrant world of hacking, in the most positive connotation that word can have.

Hollywood used to portray hackers in the 90s as dyed-haired renegades with roller skates, wandering in virtual realities and breaking into unsuspecting government agencies and evil corporations.

Truth is, several years ago security was still an obscure craft mastered by few, discussed and documented through chats and e-zines on the Internet by passionate tinkerers, who would also occasionally meet at small and rustic camps filled with lights, cables, sleeping bags and electronic devices of all sorts. We still do that sometimes; however, the days of the romantic hacker underground are long gone. The journey that brought the small and largely misunderstood security community to the global industry it is now has been drastic and fascinating.

Translating a passion and a hobby into a career has been a natural consequence for me as for many others. The rejected, and occasionally also persecuted, masters of computer security grew to become very desirable professionals called to address the risks of the sudden and radical adoption of information systems in corporations and critical infrastructures worldwide.

The Internet boom changed the core functioning of our societies, revolutionising the way we communicate, inform, produce and trade. Computer and network systems grew way beyond what even their creators had ever imagined. Soon enough hackers had to be hired to become guardians of such systems.

Now we’re not hackers anymore, we are security professionals. Instead of filthy hacking camps with barely any electricity and toilets, we now have luxurious hotels, conferences and parties in Las Vegas.

The security industry is a challenging and competitive environment: you’re faced with puzzles to be solved creatively and with adversaries trying to subvert your work and attacking your networks, constantly. It’s a continuous learning experience. It’s also very profitable. All of these are the reasons I worked in it.

It’s an industry that knows no recession; it keeps growing exponentially. However, because of a disconnection with technology producers as well as because of business strategies, we’re miserably failing to secure the Internet. Frankly, there isn’t that strong an interest in securing it for real.

Security has become a market of accessories. Information technology is an incredibly diversified field and offers both many career paths as well as opportunities of creation and experimentation. Security is just a fraction of it and not necessarily the best one. I’m taking a break from it.

Claudio Guarnieri

The recent revelations regarding the far-reaching capability of global surveillance has placed everything under a different perspective. We’ve been building technology that should have had a positive impact on our lives, and now we got to know that it has been silently and actively subverted to exercise control over everyone. This has discouraged me somewhat. Privacy is the basic requirement of a functioning democracy and technology should empower, not corrode it.

When the core foundations of our communication systems are weakened, sabotaged and abused, we need to take a step back and fix the many mistakes we made. Engineers need to rebuild a secure, open and accessible Internet, but it isn’t just a matter of code.

If you study economics you could explore alternative and sustainable business models for Internet ventures that would enable privacy rather than damage it. Targeted advertisement turned us into revenue sources rather than service consumers , and our data is the raw material. We need something better than that.

If you study law or politics you could work on drafting and campaigning for privacy-enabling policies that protect our data and the neutrality of the Internet, as well as stopping its militarisation. The Internet is a collective good and ultimately we’re all participants in shaping it, regardless of our expertise or our profession.

I’m sure that whichever career path you decide to take, you’ll have the opportunity to make a change for the better. I just hope you’ll take it.’

Picture: Claudio Guarnieri

PartB