Who’s afraid of the big bad hacker?

There’s been a great deal of discussion about the “digital divide” in regard to people who have access to affordable broadband and those who don’t. But there’s another, more fundamental divide – related but different – that has been developing over the years since computing went mainstream: the psychosocial division between those who understand how computers work and those to whom the machines remain a mystery.  Once upon a time, there were geeks and there was everybody else. The latter thought of the former as smart and a little weird, but what the geeks did with their computers didn’t really have much impact on the rest.

Now computers are a part of everybody’s life, but to many folks, computer expertise is still considered something akin to magic.  And increasingly, those with advanced computer skills are regarded with suspicion by those without. If an account gets hacked into, a virus turns up on someone’s system, or the software just goes wonky because a file got corrupted, the resident “computer expert” is likely to be suspected of being to blame.  IT pros can find themselves the object of suspicion from acquaintances, co-workers and family members, even the legal system, when something computer-related goes wrong.  What can we do to avoid getting caught in the cross-fire of the media and law enforcement’s war on hackers?

One might think this division runs along age lines, but that’s not necessarily the case. While it’s true that many older folks are behind the curve technologically, I also encounter plenty of people in their 20s who know how to use the apps on their phones and tablets or search the web and post to social networks on their laptops but don’t really understand the software and hardware “under the hood.” In fact, with the trend toward simplification (we geeks call it “dumbing down”) of computer interfaces in the interest of user-friendliness, it’s easier today than ever for digital natives to grow up able to navigate through their apps at top speed without having a clue about coding and the command line. They know “how to work it” but they don’t know “how it works”.

That’s both good and bad for those who know both. It’s good because, even with the cloud taking over so much of the maintenance and on-going management of software, things still go wrong and someone needs to know how to fix them when they do. That makes our skills valuable. Co-workers, friends and relatives, and clients (if we’re in that business) come to us for help with their computer problems.

We bring up the command prompt and go into the “dark place” and type a few mysterious lines that, to them, appear to be in a foreign language. Or we summon some dialog boxes they never even knew were lurking in their operating system’s innards and click through a bunch of options. Suddenly, miraculously, things are working again. They don’t know what we did and they don’t want to know. They’re just happy that we did it.

But it pays to remember that most people harbor a fear of the unknown. And while it might make you feel powerful to think others are afraid of you and what you can do, that fear can turn against you and cost you friends, your job or even your liberty.

All it takes is for something bad to happen. Confidential company files get leaked. Or a really bad virus shows up on somebody’s system. Or the servers’ hard drives get wiped clean. Or an attack shuts down the company network. If forensics show that the hack originated inside the LAN, or even if it didn’t, the “usual suspects” are likely to include those members of the organization who are considered tech savvy enough to do the dirty deeds – especially if any of them seem to have a motive for such an act.

That means if you’ve had an argument with the boss, or you’ve spoken ill of the company lately (even in what you thought was confidence to a fellow malcontent) or even if you’re not mad at anyone but other people think you have reason to be (passed over for that promotion? Got a less-than-stellar performance review? Didn’t get the bonus you were promised?), you might suddenly find yourself the focus of an investigation. And heaven help you if you have the bad luck to get fired right before a major security breach occurs.

What can you do to make yourself less of a target in such situations? If IT isn’t your primary job, it might be best not to reveal just how technologically talented you are at work. And refraining from showing off your skills to friends and family has the added bonus of saving you from countless hours of free tech support work. If your computer skills are what you were hired for, obviously you don’t want to appear incompetent – but you’ll be less of a suspect if you always maintain maximum professionalism.

That means never abusing your position and/or abilities by using them to access others’ information when your job doesn’t demand it – even when it seems harmless. Don’t call yourself a “hacker,” talk about hanging out with hackers or express admiration for those who commit illegal acts involving computers, no matter how stupid you might think the particular laws being violated are. Don’t bad-mouth the company or those you work with, and don’t brag about how easy it would be for you to read the boss’s email or change your kids’ report card grades “if you really wanted to.” Don’t even joke about hacking into the payroll system and giving your best friend a well-deserved raise. Don’t paint yourself as a black hat on your Facebook page or retweet posts made by others who are. Never use your skills as an idle threat, even an implied one.

It’s really just common sense, but those who have never been on the wrong end of accusations of wrongdoing often don’t realize that being innocent isn’t enough; you also have to not appear to be guilty. You already have one strike against you simply by being good at something that most people don’t know how to do. Don’t add to the “building blocks of evidence” by saying and doing things that will make people wonder just how you’re using those skills.