“My other computer is your computer”, “Sniff networks, not drugs”, “Hacking is not a crime”. Anybody who knows cyber security will have seen laptops adorned with such stickers and when you see one in the wild, you know you’re in the presence of a hacker.
As an accidental cyber security journalist, this reporter often uses the term “cyber community”, and as a social anthropology graduate I am fascinated by stories of human communities and ideas, and am motivated to write about hacking because I want to know why people do the things they do.
We can talk all we like about indicators of compromise and common vulnerabilities and exposures, but at its heart, the story of cyber is far more human than it is technological.
What is a community anyway?
What does this have to do with stickers? To answer this, it’s helpful to understand how stickers, and other forms of cyber swag such as t-shirts or socks, tie to concept of community.
Anthropologists have struggled to define community for as long as the discipline has existed. American anthropologist Robert Redfield proposed four fundamental elements of a community. First, they are small in scale; second, their members exhibit homogeneity in activity and state of mind; third, they are aware of their distinctiveness; and finally, they are self-sufficient and sustaining. Others went deeper; George Hillery, who specialised in observing Trappist religious communities, identified more than 90 distinct characteristics – many of them highly specific to a silent order of monks.
Broadly speaking, Redfield’s four tenets show that the idea of sticking together in a community is an evolutionary advantage in humans, whether armed with spears and facing a sabre-toothed tiger, or armed with Dells and facing a Cozy Bear.
And for a group of humans who enjoy breaking things that other humans don’t want broken, it is easy to see how and why hackers stick together.
As BugCrowd founder and CEO Casey Ellis explains, being beyond the law was a fact of life for early hacking groups such as Cult of the Dead Cow, which pioneered hacker branding in the 1980s, and disseminated ideas and content that educated a generation of hackers, including Ellis.
“This was a time when you could get potentially thrown in jail for even being suspected of being a hacker. That was the environment that they were living in – talk about being isolated and marginalised,” says Ellis.
In the 1980s and 1990s, many misunderstood hackers also appropriated prevailing cultural narratives about themselves to create a sense of unity and purpose among themselves. Take movies such as Sneakers or Hackers, which many community members see as seminal cultural texts.
Ellis says: “Two years ago, I sat with a bunch of folks that are about my age and I watched a couple of grown men start to tear up watching Hackers, which is an absurd 1990s techno-thriller.
“The reason they were doing that was because they remember that that was the only expression that captured how they how they felt [and] the closest representation to how they viewed the world as a hacker. Hackers tried to push it all together and nailed it quite well. It’s kitsch, it’s funny, it’s lots of different things. But there are origin stories in there as well.”
[embedded content]
The producers of Hackers helped to create the image of the archetypal hacker, but hackers had some ideas of their own. Nate Drier is a technical lead on the Secureworks Adversary Group (SWAG) team, a seasoned ethical hacker who spends his days doing adversarial testing. He got into security in the 2000s, so he wasn’t present for the birth of the community, but he has some thoughts about how it did get going.
“I was thinking, there are other groups that have stickers, like the skateboarding scene. Probably the skateboarding scene in the US was like the birth of that kind of counterculture,” he muses.
“So I started to ask how it ended up with hackers, and I thought, looking at my laptop, if you’re an artist, you make things with your hands. It’s very easy to see your creativity and your art because it’s there and you can see it.
“Hackers like to see themselves as artists too,” says Drier, “but our art is code contained in a nondescript laptop that doesn’t look cool. So maybe that’s where stickers come in. It was an expressive outlet in a niche you didn’t otherwise have.
“I identify with that underground, grungy, underdog type. I mean, we’re total sellouts these days, we sell pen-testing to customers, right? It’s not like we’re actual underground hackers anymore. But I could totally see it as a nod to that – we’re doing something that’s not supposed to be done. We’re in places that we’re not supposed to be in, and that was part of skateboarding too.”
James McQuiggan, security awareness advocate at KnowBe4, agrees the use of stickers is a fundamental representation of a hacker’s identity, but suggests the culture around them may also have arisen for another reason.
“Hackers are usually introverts and do not enjoy conversing and interacting with others. The stickers show their personality, accomplishments or interests. They represent online groups where they are a member. Whether it’s unicorns, favourite quotes, favourite movies, operating systems, conferences they’ve attended, hacking groups and electronics they like to use,” he says.
There may be a secondary function too, he adds. “When everyone has similar laptop models and colors and looks very much the same, it allows the user to identify their machine quickly and easily. The second perspective is theft prevention. Thieves want to steal a computer to sell it online or for cash as soon as possible. When a laptop or machine is covered in stickers, it’s easy to identify if the victim comes looking for it, and it will take too long for the thief to remove them before selling the laptop.”
Everybody’s got the right
So cyber stickers and other forms of merch serve to reinforce ideas of community, connection and protection in the face of adversity, and in humans that creates in-groups and out-groups.
As veterans of multiple cyber incidents, DEF CONs and so on, folks such as Drier, Ellis and McQuiggan could be considered part of an in-group of hackers, connected by shared experiences that bond them as a collective.
Elllis talks about his involvement in election security as an example. “I got involved pretty early on and I’ve got stickers all over my laptop about that. Early on, it was a group of people sitting around the table on this particular issue, and it was something to tie us together through that period.”
He further relates the story of how he relocated his family back to Australia from the US in a hurry at the start of the Covid-19 pandemic but left without a DEF CON flag.
“A wonderful human got wind of this and they had a spare one. They said, give me your address and I’ll ship you one, and it was basically something that reminded me of my connection to the community during a period that was otherwise intensely isolating,” he says. The flag hangs proudly in the background of the Zoom call, and Ellis has since met up with his benefactor.
Shared experiences forge communities, but in my own experiences of community, I know communities can be somewhat exclusive in how they police who gets in, and how they police their community markers, such as stickers.
As a cycling fan, in the world of amateur cycling I know there is an unspoken rule that one does not buy or wear a replica Tour de France yellow jersey. This is something that it takes three weeks for an elite, superhuman professional to earn, and wearing it without earning it marks you out as a bit of a Johnny-come-lately. I wanted to see if similar tropes exist among hackers. Is there an earned right to stickers?
It turns out that it depends. Ellis, who does a lot of work with the military and intelligence community, says there are some situations in which indicators of community do take on the status of an earned right, particularly when they relate to the intersection of cyber with national security. But on the whole, he proclaims himself pretty easy-going about who gets to display what.
And if it was ever the case that stickers were an earned “right”, the corporatisation of cyber security means that everybody is giving out stickers to anybody who wants them anyway; Drier says he sees sticker culture as pretty democratised these days.
“Secureworks produces a tonne of stickers because we know people in tech like them. We’re hoping they’ll put a Secureworks sticker on their laptop and we’ll get some free advertising,” he says. “I don’t think you have to earn those.
“I don’t make any judgement towards anybody based on the stickers that they have on their laptop. Most stickers today don’t have a tonne of meaning just because there are so many of them out there.”
In some instances Secureworks will issue limited runs of stickers linked to major incidents, which retains some meaning, but to Drier, most stickers today don’t carry a great deal of meaning, simply because there are so many to choose from.
“The guys that have been underground on the scene for longer probably feel that same nostalgia for stickers that I do, and maybe it doesn’t matter as much to somebody that’s just coming in. But, you know, stickers are still cool. So we’re still gonna put them everywhere.”
Ellis, to some extent, says he feels the same way. “I’ve got challenge coins that there are 50 of in the world, which is inherently exclusive. But on the other hand, I’ve got stickers that I know 100,000 other people have, and that’s just part of being in the community.”
[embedded content]
This may have been different in the days of Hackers and Sneakers, of course. Drier recalls how characters in Hackers at one point spray-paint their keyboards, something that as a teenager growing up in Michigan, he thought was beyond cool.
“Maybe back then you did need to earn a creative outlet you put on a computer, whether it was, like the LED lights or the clear case sides and things like that. I don’t know if I feel that way today, though,” he says.
Diversity advocates
One of BugCrowd’s best known stickers – Ellis also had T-shirts printed – is a picture of Grace Hopper, American computer science pioneer and literal discoverer of the computer bug. Superimposed on the image is the text: Grace Hopper has a posse. It has become a bit of an accidental diversity icon for the firm.
“We didn’t set out to do a gender diversity in tech statement,” says Ellis, “it’s just that Grace Hopper was a total badass. She’s a phenomenal figurehead in computer science and computer security, so that one kind of blew up, and then it became a rallying point for allyship and women in cyber security – other subcultures come out within hacking.”
As a legitimate trade, hacking is probably one of the more diverse corners of the industry already, as these things go. And if there’s any part of the IT sector where the misfits, freaks and weirdos congregate, it’s cyber. It turns out there’s a reason so many TV and film producers think hackers are something in-between goths and club kids.
“The only thing that’s quirky about me really is I’m a redhead and I’m Australian, and that doesn’t count,” says Ellis. “Those things aside, you’re having to go through a learning process to actually understand what diversity and inclusion looks like and what it feels like and how to interact with that.”
For Ellis, stickers and cyber swag helped form part of his journey into understanding and advocating for allyship and diversity within the sector.
He now believes that items highlighting the cyber achievements of various groups – women, people of colour, LGBTQIA+ people – serve an important role in establishing common ground within the community, and helping people feel welcomed and included within it.
“You have people like me wearing a shirt that’s inclusive to the LGBTQIA+ community because it’s a rallying point around interest. It’s not punching the topic in the face as such, rather saying, yeah, we all like hacking stuff and here’s an expression of that that’s unique to your niche.
“Art and stickers and t-shirts are an incredibly underrated tool when it comes to community. People who identify as hackers are already marginalised, and then there are other kinds of marginalisation happening underneath that, but we’re tied together by the fact that we are hackers and the world was out to get us. As that becomes less true surfacing some of those other identities has become important, and it’s an opportunity to build more inclusivity into the cyber community,” says Ellis.
A human story
So, just as cyber security throws up some of the most human stories in technology, we can start to see how amid all the technical language, sticker culture serves to help make the security community a bit more inclusive and a bit more human.
When companies such as BugCrowd were starting up, humanising hackers was critical to the concept of crowdsourced security, says Ellis.
“Unless the internet finds a way to accept the hacker community as a part of the solution at the very least, we’re not going to be able to plug in, and that was an imperative for BugCrowd – it’s been a mission of mine for quite some time,” he says.
Non-technical customers whose only understanding of hacker culture stems from stereotypes will understandably consider inviting them in to take pot-shots at their networks or products a scary prospect.
“The more you humanise that, the better,” says Ellis. “And I’m not sure that hackers were super-motivated to humanise themselves when we first started. But 10 years on there are different dynamics – cyber security as a subject is dinner table conversation now, it wasn’t so 10 years ago.
“Part of what people are thinking about now is, ‘How do I make sure that I can actually be perceived as legitimate as I build a career around this stuff?’”
But the professionalisation of the trade may yet spell trouble for sticker culture, and not without reason. Drier explains: “I was talking to a couple of members of our incident response team, and they have no stickers policy because they don’t want attention drawn to them.
“If you’re working at a large company and have a bunch of stickers on your laptop, people think, hey, maybe that’s a hacker or a pen-tester,” he says.
Clearly tipping off ordinary users at the client that a penetration test or red team exercise is underway is unwise. But stickers carry other connotations too; Drier says he has stopped putting stickers on his laptop for operational security reasons, because he doesn’t want to draw attention to himself and attract the wrong sort of hacker.
“If I’m an attacker trying to target an organisation and I have a choice between a plain laptop, or a laptop with a bunch of Black Hat stickers and a Free Kevin sticker, I’m going to take that one, because it probably has more interesting data on it,” he says.
So will legitimacy and professionalism ultimately kill sticker culture? To this anthropologist, it seems unlikely. The need for authenticity and self-expression among humans is an all-consuming urge that cuts to the very core of our existence. We crave community and recognition and we want to be celebrated for our achievements. Hackers are, at the end of the day, no different.