
Hackers are the new lawyers - calebm
http://calebmadrigal.com/hackers-are-the-new-lawyers/
======
sandworm101
Lol. The OP really doesn't understand what lawyers do all day. Running a a so-
called 'hacking back' team isn't done lightly. And instigating an attack,
hacking without the 'back', is just plain dangerous. I may not be the sort of
lawyer that is sent to openly attack rivals via abusive legal process, but I
do have a slide deck of hacking back stories that ended badly. One ends with a
panicked call to an attorney after a response team snapped a pic from the
webcam of the attacking machine ... an virus infected desktop in a kid's
bedroom. That team suddenly found the need for legal process and advice,
something they eschewed only minutes previously.

~~~
calebm
Just to clarify, I am NOT suggesting companies should be hacking back :) I'm
just pointing out a trend, which could continue to evolve.

~~~
quanticle
Except that it's not even a trend. Which companies hack back? Every major
internet firm publicly disavows hacking back (much less launching offensive
attacks) specifically because of the massive liabilities it could expose them
to.

~~~
calebm
The trend is Chinese companies attacking other companies. Hacking back is not
a trend, as of yet.

~~~
l33tbro
Then why make such a big, global statement in your title if you know it is not
an actual thing? No offence, but it's just hard not to see this as click-bait.

------
trjordan
I think lawyers are still the new lawyers.

One of the major benefits of society is to remove the need for individuals to
keep their own firepower. You're allowed to defend yourself, but the goal is
to make it so you can feel safe in a city of 8 million people with no more
than a heavy bag, cell phone, or can of mace.

In the digital world, you still need self-defense (network protections, strong
passwords, small attack surface), but hopefully not everybody has to hire
cyber-thugs to defend their turf. If another cyber-thug attacks you, you
figure out who they are, call your lawyer, and let the state deal with it.

It's not perfect, but I'd think lawyers will learn unmasking techniques before
corporations hire body-guard divisions full of black-hat crypto types. And
international conflict is always messier...

~~~
AnthonyMouse
> In the digital world, you still need self-defense (network protections,
> strong passwords, small attack surface), but hopefully not everybody has to
> hire cyber-thugs to defend their turf. If another cyber-thug attacks you,
> you figure out who they are, call your lawyer, and let the state deal with
> it.

That doesn't actually work here. If someone attacks you from Russia or China
or Nigeria, there are no lawyers that can help you.

The reason hack back is unwise and unnecessary is that you don't need
deterrence to prevent cyber attacks. In meatspace anybody with a rock and two
hands can steal your television and the defenses necessary to prevent that are
significantly more expensive than relying on the state to use prison as a
deterrent.

But it's a lot more practical to maintain a secure digital system than a
secure physical system, because digital systems fail closed rather than fail
open. If you can't pick a physical lock you can still break a window or bust
down the door, but the equivalent brute force against digital systems yields
only denial of service rather than unauthorized access.

That doesn't mean you can't screw it up. Possible to succeed is not the same
as impossible to fail. But it means it's possible to have a good enough
defense that you require no offense.

~~~
hienyimba
> If someone attacks you from Nigeria, there are no lawyers that can help you.

This statement is all shades of Wrong. In Nigeria at least, I know you can
easily report to the Country's Economic and Financial Crimes Commission
(EFCC), which is currently doing a very good job of getting back foreign
stolen money through internet scams.

~~~
AnthonyMouse
Your contention supposes that Nigerian scammers are stealing money because
they're keen to invest in easily confiscated securities instruments rather
than spending the money like it's burning a hole in their pocket. And that the
purported successes of the Nigerian "EFCC" are real and typical rather than
government propaganda from a government trying to spin their country's
association with 419 scams. And that having your money stolen and then going
through an international bureaucratic process to maybe get some of it back is
in any way comparable to not having it stolen to begin with.

But let's suppose all of that is true. If someone in Nigeria steals your
money, you pick up the phone and in five minutes they're in jail and your
money is returned. Then you're doing this:

[http://slatestarcodex.com/2014/05/12/weak-men-are-
superweapo...](http://slatestarcodex.com/2014/05/12/weak-men-are-
superweapons/)

Because there are still many places where no such process is available. Many
of the attacks from China are state-sponsored. Many of the attacks from Russia
are from organized crime who have law enforcement on payroll. ISIS. You
haven't done anything to refute the point, you're just arguing about which
examples I should be using this year.

------
jeffreyrogers
I think this greatly overestimates the importance of IT and high technology in
the modern economy. Outside of the pure tech companies that are well known on
HN, most technology is used to facilitate the rest of whatever the company in
question does. It _isn 't_ the business itself.

Most economic value is due to labor and tangible products, and cyber attacks
can only indirectly touch those. Cyber attacks are unfortunate, sure, but
they're hardly all that damaging to the core operations of the organizations
they affect, unless, of course, it's something like Stuxnet, where physical
damage is done.

~~~
josu
>It isn't the business itself.

Neither is lawyering, that's his point. Lawyers do not (usually) create value,
they protect it, same as the hackers he is talking about.

>Cyber attacks are unfortunate, sure, but they're hardly all that damaging to
the core operations of the organizations they affect, unless, of course, it's
something like Stuxnet, where physical damage is done.

The Sony hack: [http://www.vanityfair.com/hollywood/2015/02/sony-hacking-
set...](http://www.vanityfair.com/hollywood/2015/02/sony-hacking-seth-rogen-
evan-goldberg)

Bangladesh Bank hack:
[https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist](https://en.wikipedia.org/wiki/2016_Bangladesh_Bank_heist)

~~~
mathattack
Additionally, software is eating much of the enterprise. By and large software
makes companies more efficient. Lawyering makes them less. Adding hackers
doesn't just protect the enterprise, it improves it.

~~~
emodendroket
The point of lawyers is not to make companies "more efficient," so that's a
strange criticism of them.

~~~
mathattack
I'm not criticizing them, just pointing out another reason why Hackers are
replacing them.

------
83457
off topic... after listening to Hackers: Heroes of the Computer Revolution
during my commute over the last month (and to a degree Masters of Doom) it is
distracting to see the word "hacker" in relation to cyber attacks/espionage.
When I was growing up hacker always meant someone who broke into computer
systems/networks, then I started hearing about hacking actually meaning
something else originally and of course in more recent years with hacker news,
hardware hacking and other usage of the word becoming more popular "hacker"
seemed to take back its original meaning. Now after listening to some books
that only use the word under its original meaning it is hard to take articles
seriously that use it in relation to breaking into systems. When I saw the
title of this article I misunderstood their usage of "hackers" /rant

------
taesu
Catchy title, almost like a click bait. Lack of content and it failed to back
itself up. These kind of posts...I don't understand how they are first page of
hackers news.

------
MichaelBurge
This isn't really a statement about the relative importance of certain
professions, it's mostly a statement about China. They're a lawless country,
and we should probably just disconnect their country from the rest of the
internet until that changes. Or at least fine them and issue sanctions until
they pay up.

It would be a very bad idea for a US company to start a renegade hacking team
that broke into other companies and stole their documents. That would get you
thrown in jail, no matter who you were.

It would be an even worse if you started counter-hacking random ips that
attacked your machines, because you'd end up with soccer moms crying to
politicians on national television about what you did to their kids.

------
tdeck
I expected this to be about how tech has replaced law as the recommended "just
learn this and you'll have a good job" career path for today's students.

This is something we as a community should probably have a conversation about.
Too many people went to law school, and now they can't find jobs. Meanwhile,
the "tech" (read: software) zeitgeist has enthusiastically taken up the mantle
by proclaiming that everyone should learn to code and start making $100k.
We're only devaluing our own work and setting unrealistic expectations by
doing this.

------
noxToken
I mean...I guess? I can see where this analogy is supposed to go, but I feel
the author is dismissing how close corporate espionage toes the line between
legal and illegal. Even if it's in a scummy manner, lawyers use the laws at
hand to protect IP both offensively and defensively.

Finding business strategy is one thing. "Let's run through their service,
deconstruct it, and see how we can make ours better than theirs." That's above
board."Find a hole, pivot, take what you can." Pump the brakes there, sweetie.

Or maybe I'm just interpreting this wrong.

------
_audakel
this is a great insight, i have been thinking the same thing for some time.
Another angle is the "media image" your company has. I read the book "Trust-
Me-Lying-Confessions-Manipulator" after watching some YC videos and was blown
away how a few people can use technology (bots, tweets..etc) to influence
small local blogs, which influence larger blogs and in turn media outlets like
CNN etc.. He talked about using this strategy to shape public opinion which
eventually called in the lawyers and caused congress member to resign, and in
another case help his friend promote a low budget movie to a national level
etc.

I can't help but wonder if the competitors of Theranos understand this idea
(use tech to influence media to influence regulators)and used it as a weapon
that Theranos has not done a good job of defending against.

It would be fun to run an analysis of all news articles mentioning Theranos
and see historically the sentiment analysis of each one, and at what average
sentiment point the regulators got involved.

You could extrapolate and see if there is an average media sentiment that can
predict when regulators will get involved. Could be a great "weapon" to use.

------
goffley3
In certain aspects corporations already do have more power than government.
However that's because of money rather than tech chops. It's important now
more than ever for companies to have a viable security model.

------
taesu
Catchy title but lack of content and it failed to back itself up.

------
Ileca
I am disappointed. I thought "Lawyers are the new Knights" was a Serial
Experiments Lain reference. Nothing new under Neuromancer's sun.

~~~
calebm
You know, I just watched Lain for the first time like 3 months ago. It's quite
plausible my subconscious was influenced by it.

~~~
Ileca
When you will design the login button of your site in development with "Open
the nExt", you will know for sure you have been influenced. When you start
praying Lain before accessing any network, it's time to call a doctor.

------
ezoe
I was expecting to see an article which predict hackers will develop AI which
obsoletes many lawyers. It turns out an article predicting crackers becoming
military force by acquiring secret information of competitors.

A company who don't spend their effort on R&D and just cloning competitors
technologies cannot dominate the market. A company which doesn't seriously
concerns security deserve to die.

No worries at all.

------
Kinnard
This doesn't even account for the emergence of crypto-law which drives the
point home.

~~~
calebm
Very good point.

------
meeper16
How is this getting upvoted?

------
sqeaky
Except China does do the most hacking, us Americans do. We have more
computers, computer scientists, money and government sanctioned orgs doing
hacking.

Also this article is super-naive. If a country were not the USA and caught
hacking a bunch of western businesses then the US political and military
machine would start up. Look at what we pressured others to do about the
pirate bay and megaupload.

~~~
calebm
As far as corporate espionage via hacking goes, China is way ahead of the US
or any other country.

------
seajosh
A hacker is really the red-shirt ensign on the away team

------
unimpressive
This title is truly unfortunate, because if the article becomes popular it
will contribute to the Computer Programmer Licensing movement.

