An Alternate Universe For Hacking/Security Tools
I usually think about the philosophy side of computer security on shower or when I can’t sleep. Alternate universes on computer security was one of my main topic. For the alternate universe, I mean how things may evolve if something was different from the beginning. For example, what if protocols like TCP/UDP were implemented so differently and denial-of-service attacks weren’t possible. Or, programming languages and their database connectors were perfectly implemented and SQL injection attacks never occur. In those cases, how the computer security world evolved, I am always curious about that.
Today I wanted to write down one of my shower tought on security. The topic is evolution of hacking tools.
In 2006, when I was 14, I started to learn programming and computer security. In those years, Github wasn’t there. We still got Sourceforge but it wasn’t helping much. The tools usually spread via local forums. Developers were publishing their tools publicly if they wanted to make a name for themselves. If you can’t find good tools on your local hacking forum, you need to research on foreign websites like antichat.ru without Google translate. Some other developers weren’t publishing their tools and sent them only to their close friends (they were called “private tool” on the Turkish security scene).
Also at that time, those tools weren’t open sourced, they were binaries. If you were not a rich boy, your hardware couldn’t deal with virtual machines. So, you had to use those binaries on your main computer which put you at greater risk. Finding and using hacking tools was very hard at that time.
Things have completely changed since then. Since 2009, developers are usually publishing their tools with their real names and as open sourced. Why? Quite honestly, there were too many different reasons. One of the main reasons, those developers needed real jobs and a good salary. To prove their skills, they couldn’t publish their tools using their h4x0r nicknames. As a result, we now have good hacking tools like Metasploit, sqlmap, empire for free and open source. So, what could be happen if it wasn’t evolved in this way?
Before answering this question, let’s look at the music industry. I like to compare songs with hacking/security tools. Both songwriters and developers spend a lot of time to practice, develop their piece of art, and publish them. After publishing, they wait for the public response. A song/tool can be liked too much and provide the artist with a lot of fame, or will just vanish over time. But the difference is songs are not free. You had to pay for the album until the 2000s, and then Napster appeared. People started to download songs via Napster, Limewire, Ares or Torrent for free. The music industry wasn’t able to deal with it. This was so huge that even the people who were leading the music industry started to think that songs should be free. But after Spotify and iTunes appeared, people agreed to pay for the songs and still many people buy albums to keep them in their libraries. The music industry evolved to where we are today. If it evolved differently, maybe today songs would be completely free and artists could only make money from concerts etc.
So, what if the hacking/security tool scene evolved the same way as the music industry? I mean what if developers actually could make money with their public/private hacking tools, instead of publishing them for free? If there was a platform like Spotify, in 2007, for hacking tools, that could have happened because the security scene already had a rock star culture. Popular security researchers and developers have their fans. 4K-5K people listen to their speech at DEF CON and some took selfies with them.
So in an alternate universe, there is a platform called “Hackify” in which programmers can publish their tools there and get paid for every download. Also, users can buy these tools in CD format to keep them in their libraries. Tools are also published with their own art covers.
I prepared some cover arts with my dank photoshop skills in 30 minutes. In an alternate universe, these tools are selled with those covers in a platform called “Hackify”