We are all in this together.
Earlier this year a renowned security journalist made a personal attack against two researchers who published findings that an organization had made false statements about its practices. Many have speculated that this journalist receives financial gain from this organization.
Specifically, we are referring to Brian Krebs who published with malice the person & location data of these two researchers.
When Krebs doxxed these two security professionals he endangered their families and friends as well. Now his last name has made its way into the Urban Dictionary, and we all hope we don’t get “krebbed” online.
Krebs put profit or power (or both) over people, and continues to defend his decision.
Regardless of what occurred between these security researchers, SpamHaus and Krebs, the use of doxxing was a clear intent to threaten and silence these researchers and therefore every single researcher who speaks truth to power. Further details and screenshots are available at Hacked WTF online.
Security researchers dedicate their life to finding the problems we all want to ignore in blissful innocence.
We all would love to believe that technology is perfect and there is no harm that comes from its use. The reality is that there is harm or potential harm everywhere, some of it without intent, but when technology is used with the intent to harm it is especially egregious. And when it is a public figure welding technology with the intent to harm, it is even more concerning yet.
Solidarity against the persecution of truth seekers is key to the preservation of truth. No one person owns the Truth – it is a collective decision based on the collection of data. Harming those that pursue truth is harm against the collective.
An attack of security researchers is an attack on the security industry.
As a workforce, security professionals are overworked because there isn’t enough of them to do the piles of work to be done. Many of them continue to contribute these long hours because they genuinely care about their communities. Some are just cuckoo, sure that’s true in every industry. But the majority of security professionals want to make things better.
An attack on the industry is an attack on workforce development.
Recruit Bit Security takes workforce development very seriously. We need to encourage more people into the career, not threaten professionals for doing the heavy lifting. At Recruit Bit Security we advocate for security professionals who work to advance security and give back to our communities.
We are taking a stand in defense of the security researchers, the hackers and their families.
Our goal is to spread the word that security researchers make our world better. We have made smallish stickers (about 1”x 2”) to fit places where you may already have lots of stickers. Rock one of these free stickers and you too can show your support of security researchers.
We’ll bring these to events to give away for free. Or send us a DM and we’ll snail mail you some.
This is a stand against the bad actors, the marketing hype of vendors, the anti-virus company that writes malware and sells protection against its own malicious code. It is a stand for making the right-hand admit what the left-hand is doing. It is a stand that asks each of us to remember that we are fallible humans, that it is okay to admit our mistakes, and that ultimately we are not each other’s enemies.
We are more similar than not.