Kindervag is a hacker – sort of. But he is not the sort of hacker we have come to expect.
John Kindervag is best known for developing the Zero Trust Model in 2009 while he was a principal analyst at Forrester Research. In essence, zero trust is based on the principle of ‘never trust, always verify’.
He is currently, since September 2023, Chief Evangelist at Illumio, where he is tasked with “driving the adoption of Zero Trust Segmentation through high-touch advocacy and forward-thinking thought leadership”.
He is not the typical hacker in today’s terminology.
In our series of conversations with hackers, we always start with a single question: ‘Are you a hacker?’ Kindervag’s reply was unexpected. “No, not anymore. Although by various definitions of hacking. I used to do it for a living for the first seven or eight years of the 20th century.” He was referring to his time as a professional pentester. “I transitioned out of doing that. But, you know, hackers have various definitions.”
He was putting the ball back in our court: what is a hacker? So, let’s accept that challenge based on what we’ve learned from various hackers in this series.
A hacker is a person with an intense need to understand how something works, and to explore whether it could be made to work differently or better. Fundamental to this is the process of disassembly – effectively synonymous with ‘breaking’ – to get a better understanding of the ‘thing’. So, a computer hacker breaks computers via their software with an intent to alter its operation.
There are different uses that can be made from the outcome of this disassembly and reassembly. An adversarial or malicious person could use it to damage the system for his or her own purposes. In recent years we have called these people’ blackhats’.
Other people could break the system with no malicious intent but simply to find out and demonstrate the system could be improved. We tend to call these people ‘ethical’ hackers.
Other hackers break the system to find out how it could be broken so that it can be fixed and not broken by malicious hackers. When employed by the system owner to do so, we call these hackers ‘penetration testers’, or pentesters.
“I don’t know if we still use those terms,” he said. “These days, If you’re a red teamer, or blue teamer, or purple teamer, you’re one of the good guys. If you’re a malicious actor hacking for personal profit or political gain, you’re one of the bad guys.”
But whatever the description and whatever the motivation, these people are all hackers, and the motivation is relative: if you are a member of the Russian or Chinese or North Korean military tasked with stealing western IP, you are – in those regions – simply performing your patriotic duty.
Kindervag pointed to Russia and Ukraine, where both sides are creating new exploits and new ways of waging cyberwarfare. “If you’re Russian, I guess the Ukrainians are the bad guys; and if you’re Ukrainian, the Russians are the bad guys.”
The point he makes is that our understanding and our description of a hacker is relative to our sociological and technological point of view. He goes further, suggesting the view of the hacker is also relative to the history of technology and education – and that all these conditions change over time. This is an important part of understanding his view of both hackers and hacking, and how and why he is a hacker.
Most of the people we currently class as hackers started in their early teens by playing pranks on schoolfriends or simply trying to gain free access to very expensive early technology and internet. Kindervag did none of this.
“Personal computers didn’t exist when I was in school. The only computers were big mainframes using punched cards.” He didn’t grow up with computers but witnessed their arrival.
His earliest personal encounters with technology were simply trying to make it work or get it to do that little bit extra that he wanted from it. “Just getting it to work was a win,” he explained. “I had to write my own printer drivers. I got used to the idea that this stuff wasn’t going to work the way I wanted it to – so I had to figure out how to make it work.”
This is hacking of a sort, but more focused on making than breaking. Over the years, his views haven’t changed much. “I’m never freaked out when things break,” he said, “I’m more amazed when they work, knowing how they organically came about and how this whole internet is held together with bubble gum and baling wire, and duct tape and super glue. It’s very, very fragile.”
In short, Kindervag comes from that early age of technologists described by Steven Levy in his 1984 book, Hackers: Heroes of the Computer Revolution. These were hackers, but not as we think of hackers today: they pre-date the concept of breaking computers to steal things, and focused on making things work.
Levy’s book is fundamentally a libation to those early heroes and their role in the initial days of the computer revolution: people like Bob Albrecht, Steve Wozniak, John Harris and so on. But although coming from this era, Kindervag is better understood through a different book published 20 years later in 2004 and written by McKenzie Wark: A Hacker Manifesto.
While Levy describes the early hackers almost journalistically (today he is Editor At Large at Wired), Wark analyzes hacking at a more philosophical level (today she is a professor at The New School for Social Research). In her book, she describes Levy’s heroes as people who “produce extraordinary work out of desires shaped almost exclusively by the gift economy”.
The gift economy in this context is basically give and receive at a personal level rather than give and receive at a commodity or community level. Wark adds an additional philosophical motivation. “A Hacker Manifesto,” she writes, “offers a crypto-Marxist response” to the gift economy motivation.
Wark’s view is that hacking is more about making something completely new from ideas that already exist rather than ‘breaking and remaking’ something better. “To hack is to produce or apply the abstract to information and express the possibility of new worlds, beyond necessity,” she wrote, adding, “Hackers create the possibility of new things entering the world.”
To demonstrate Kindervag’s alignment with Wark’s definition of hacking, although not for that purpose, he described the creation of Unix as ‘a hack’. Ken Thompson and Dennis Ritchie at Bell Labs knew what they wanted to do but didn’t have the technology to do it – so they created Unix.
In 1969, Unix was created out of the ashes (figuratively speaking) of the early Multics (Multiplexed Information and Computing Service) project that existed in the mid- to late-1960s. Multics was, for its time, conceptually an advanced operating system intended to include time-sharing, high-availability, information sharing and security – but the hardware then available was inadequate and too expensive for the project to succeed.
Bell Labs withdrew from the project in 1969. But some of its engineers – most notably Thompson and Ritchie – didn’t want to completely abandon their theories, work and ideas. They asked for internal resources to continue their work. This was declined, but they were told they could use an existing PDP-7 – which had no operating system.
To test their Multics ideas, they needed to develop a new operating system that would work on the PDP-7 with comparatively little compute power. The TLDR is that they developed UNICS (a pun on MULTICS) which later became Unix. The test was whether it would run a simple video game that Thompson had developed called Space Travel. It involved navigating a space craft through the solar system– all very advanced for its day. The rest, as they say, is history.
Kindervag describes Unix as a hack. And the creation of something new and beneficial out of existing ideas aligns with Wark’s definition of hacking. The creation of Unix evolved out of the failure of Multics. But it was, within Wark’s theories, a true hack: the making of something new and beneficial rather than the breaking of something existent.
This concept of hacking can equally be applied to Kindervag’s own work. He is best known for developing the zero trust model. The model was new, but the underlying ideas were not. The Russian proverb ‘Trust but Verify’ is hardly new. The problem of misused or missing communication authentication is hardly new. Kindervag combined the two by adapting the proverb, making it ‘Always Verify first, and only then Trust’, and then applying that to the authentication issue – thereby creating the basic model for something new: zero trust.
In this sense, Kindervag is a hacker, and zero trust itself is effectively a hack. This is very different to the more commonly held view of hackers and hacking today. It is easy to see how the former can transform into the latter; but the simplest, albeit over-simplified, way to understand the effective difference is that in the Wark / Kindervag view, pure hacking is ‘making’, while contemporary hacking is ‘breaking’.
Kindervag is a making, not breaking hacker.
His view of contemporary hacking, and why he uses the terms red and blue teamers for the good guys and malicious actors for the bad guys, may partly be due to his personal history. In being confronted by computing effectively before useful computers existed, he was never tempted by the desire to ‘break’ computing to learn more about computing. Many hackers started in their early youth by hacking the telephone system. The desire was to learn more about computers from other enthusiasts via IRC and BBS – but they couldn’t afford the very high telephone costs at their young age in those early start up days.
Now there are more formal and acceptable ways to study and understand the technology without breaking the telephone system. This tends to involve personal study rather than discussions with a like-minded group. He believes the early hacker community spirit is disappearing, partly through better educational options.
“The old hacker conventions are going by the wayside,” he said. “We’re not that cohesive unit of people looking out for each other anymore,” he said. “We’re losing people, like Kevin Mitnick and Dan Kaminsky – we’re losing that generation of people who were part of the initial hacker history.” He noted that CDC (Cult of the Dead Cow) is no longer what it was, L0pht Heavy Industries has gone, and even the ShmooCon hacker convention, which ran for more than two decades, is finishing after the January 2025 event.
“I think the true hacker history is being lost to a lot of newer people who don’t understand the motivations behind why we all did this. We did it to learn things and discover things and try to make things better. I don’t know if that same motivation continues today.”
Our Hacker Conversations series tries to understand the mind and motivations of the hacker. John Kindervag shows us the concept of hacking is more complex than we might commonly believe, and the motivations can include sociology and philosophy (Wark’s ‘crypto-Marxist’ approach) and historical context just as much as the more easily understood curiosity, patriotism and sometimes simple greed that exists in our modern entrepreneur-driven, multi-political society.
Kindervag is a hacker, but not within our common definition of a hacker today. That is a loss.
Related: Hacker Conversations: Joe Grand – Mischiefmaker, Troublemaker, Teacher
Related: Hacker Conversations: Kevin O’Connor, From Childhood Hacker to NSA Operative
Related: Hacker Conversations: HD Moore and the Line Between Black and White
Related: Hacker Conversations: Chris Wysopal, AKA Weld Pond
