Friday, March 30, 2012

Thoughts on Hackers & Handles

Recently I re-watched the testimony provided by L0pht Heavy Industries to the U.S. Senate on May 19, 1998 (available on YouTube here). As members of the "hacker think tank" were introduced by their aliases it gave me pause to contemplate my own online identity.

Personally, I hesitate to call myself a hacker. There's nothing wrong with the word.  Unlike the media I place no stigma on hackers and hacking.  Penetration Testing is part of my day job but when I think of hackers my mind turns to members of the L0pht and other well known names like Johnny Long, Chris Nickerson, Rob Fuller, David Kennedy and Adrian Crenshaw. I believe myself to be a competent pentester (good enough to make a living and not embarrass myself in conversations with the people mentioned above) but it's unlikely you'll find me discovering 0days or writing new tools or exploits.

I've operated under a number of handles over the years, mostly N∅MAD or TAGG (a name given to me in the early 90's by a dutch hacker... a story for another time). Unfortunately, by the time I finally decided to register a domain all the TLDs for every four and five character combination was long gone. This was equally true when it came to social media.

Currently you can find me on twitter as @ITSecurity. With such a simple name most people assume I was an early adopter. This is not the case. Twitter was launched on July 15, 2006 and I did not create an account for almost three years (Feb 18, 2009). Even then I did not start out as @ITSecurity. Originally my username was @smaske. It wasn't until June 24, 2010, almost four years after Twitter launched that I renamed my account.

I don't recall what prompted me to change my username. Originally I created an account at the behest of my employer and at some point I figured using my given name was, well... boring. Since Twitter names can be changed I thought I'd fall back on handles I've use in the past.

When selecting a username, Twitter automatically checks for availability as you type without the need to press enter. I tried them all:
TAGG ↻ Checking… This username is already taken!
N∅MAD ↻ Checking… Invalid username! Alphanumerics only!
N0MAD ↻ Checking… This username is already taken!
NOMAD ↻ Checking… This username is already taken!

After dozens of combinations I figured I’d try something industry specific:
InfoSecGuy ↻ Checking… This username is already taken!
ITSecurityGuy ↻ Checking… This username is already taken!

ITSecurity… I paused to think of something else to append. "Dude?" No, that’s lame. "Pro?" No, too arrogant.
ITSecurity ↻ Checking… Username is available.

Wait... really? It was too good to pass up. I clicked *Save*

As @ITSecurity, I'm just shy of 1400 followers (spammers & bots are blocked). I'm honestly not sure why people follow me. Perhaps they find my tweets interesting, perhaps it's the username and they assume I know what I'm talking about, perhaps they clicked follow by accident.

Using this account has had undesired results. @ITSecurity seem to be too professional of a username and I find myself occasionally censoring tweets. It also feels pretentious to introduce myself by my twitter handle (a common practice at cons):
"Hi, I'm @ITSecurity." - Ugh.
So, assuming you made it to the end of this blogpost, what do you think? Should I change my username? Is is pretentious? Have I invested too much time in the username to abandon it? I'd greatly appreciate your feedback. Please hit me up on twitter or leave a comment below.

*This post originally appeared on Maske[d]Crusader.net