Note: I was asked by Jonathan Green, the producer of the ABC programme, The Drum, for permission to reprint this piece, which I was very happy to do. I spent a couple of hours early this morning revising the piece to make it more suitable to their style (and, I confess to try to shore up some weaknesses in it). The revised version is on the ABC website. I could replace the version below with what appears there, because it is more polished, but decided that this one should stay as it was - a bit rough and ragged, but part of my archive. Call it the historian in me to do it this way.
The content of this article is backed up by a news item on the BBC this morning. It deals with major cyber attacks in the past few hours. Quite a coincidence. DW 04/08/11
The problem with LulzSec and other ‘hackers’
(or 'crackers'. Yes, I know the term 'hacker' is used variously! Here, I'm using it to describe those who gain entry illegally to computers via the internet, and manipulate or steal data from there. Technically, 'cracker' would be a better term, but in popular parlance, a hacker is a cracker. 'Hackers' can be the good guys.)
A major organisation gets hacked, and there’s a great outcry. There are times when I secretly enjoy the discomfort of some corporations or government bodies that have done things I don’t like and now find their secret data in the hands of people they don’t know and often can’t touch.
That unworthy feeling doesn’t last long, but there is a positive side.
In one way, hackers do a service to us all when they gain entry to the computers of organisations that should be hack-proof. They show us time and again just how poorly protected the entire web is, including strategically critical areas of corporate, social and government activity interacting with it. They demonstrate how vulnerable the whole fabric of how we operate in a modern society is to those outside a system - people who decide to exert power over it when and for how long they choose. They make their own rules, and they aren't the conventional ones. Think Sons of Anarchy.
They warn us to Be Afraid.
That’s the message they probably don’t mean to send, but it should be getting through to every one of us. Power is in the hands of the accepted authorities mainly because, at this stage, it suits skilled hackers not to rock the boat too much. That sounds melodramatic, but the system of electronic interaction depends on how much confidence users have in it.
LulzSec leaders have been taken into custody. Look at their faces as they are carted off for interrogation. A lot of them are no more than kids; some indeed are juveniles by internationally accepted legal definitions of that term. Many of them are simply playing the ultimate computer game: fooling around and testing limits with real targets and real opponents, and don’t have world domination in mind (though we can’t guarantee that either!)
LulzSec is only one of a deliberately anarchic group of individuals who have particular goals in common. Some are vandals (very few, I suspect), and others have a genuine social conscience. They might want to use their talents for what they perceive to be the good of humanity. Some, I suspect, develop a social conscience purely to justify their interference in digital networks and communication.
It’s on that mind-boggling interaction, the internet, that we now depend so heavily, or at least, those of us with access to a computer and the net. It doesn’t matter if it’s government, a corporation, or someone paying their electricity bill. You might check your bank balance tomorrow and find it’s been cleaned out, but in the grand scheme of things, you or I as individuals don’t count for all that much in this vast game of digital leapfrog.
Right now these kids have millions of usernames and passwords for all sorts of accounts on their computers. They trade them, sell them, and if they chose to, they could play merry hell with them, even if they did no more than release them into the cyberwild. Yet we know from neural research that people up to age 25 have parts of the brain as yet undeveloped, so that they don’t have the capacity or the experience to understand the nature of personal risk of their actions, let alone that to the society that sustains them.
They represent just the tip of the greatest iceberg in the past hundred years, and the Titanic of modern society is heading straight at full steam in its direction. It is obvious that mature, highly skilled professionals are in on the act as well, and these aren't kids playing around. Their motives could be anything - pick a card. It’s not the motive that matters as much as the effect. Some public utilities and facilities are appallingly insecure and vulnerable to attack. By manipulating the program, the power grid of a major city or even a whole country could be taken down, or the water supply for a region released, or the stock exchange turned to chaos. Once access to the relevant program or data is achieved, it’s not that hard to sabotage it.
Combine that with sheer accidental damage in the digital arena. Let’s not forget that one old Georgian lady scavenging for scrap metal in April 2011 created spectacular chaos when she cut off the entire internet to Armenia by digging up and pilfering twenty metres of the fibre-optic cable. Now that’s hacking (but with nothing more than a pick-axe and no intention to send a country into a tailspin)!
It’s not just about individual hackers. Governments are in on the act as well, in pursuit of what they regard as national interest. They’d be stupid not to be working on it, if for no reason other than to protect themselves from cyber attack either from individuals, hostile groups or the prying eyes of other governments eager to gain some sort of advantage - be it political, military, commercial or industrial. It would be the height of irresponsibility not to be. Hacked information of all kinds streams across international borders, to be used by governments, groups and individuals for their own purposes.
But that’s not the only reason governments have gathered their own professional hackers. If there is to be cyber-war at any level, then governments must feel the need to be in an attacking position and not just a defensive one. Don't get with the game, and you're pwned!
We know pretty much for certain that at least one government has developed an attack mode. It’s clear from the cyber-attack on Iran’s nuclear facility in January 2011 that they can do that. No-one is admitting anything, naturally, but... hello, Blind Freddy.
So that feeling of poetic justice directed towards nasty multi-national giant A or B doesn’t last long. The inherent destructiveness of the revelation of secrets or data sabotage can go well beyond the good it can do.
Let’s be clear. I have applauded Wikileaks for some of its revelations based on hacked data, and believe it has performed a great service for the world in some ways; but sadly, its victory is both patchy and Pyrrhic. When power goes outside recognised institutions into the hands of those with no responsibility for the consequences other than to release sensitive information, or if they have a belief in some higher purpose for their actions, then we are in the danger zone.
How much does it cost to combat cyber crime or government hacking? Billions, maybe more. And I haven’t even mentioned the knock-on effects and the cost of those. Just look at what started as a major natural disaster as in March 2011 in Japan and the multi-billion dollar cost, and start multiplying.
The supreme irony is that hackers depend for their effectiveness on the highly organised and highly technological society that is their host, however selectively they attack it. They make it their right to choose their targets, and this is what must be contested, even when we might agree from our own moral high ground that they have attacked targets we enjoy seeing brought to public account.
They do not have moral authority for that. Even when they expose terrible human rights abuses, as they have, I may feel justice has been done, but my joy is short-lived. That sort of power is too dangerous in the hands of individuals or groups with no public accountability, no matter what their intentions. If they assume that right, then they must be prepared to accept the consequences.
World, we have a problem, and the ostriches are looking for the sand dunes. Make no mistake, if public confidence in the security of the net is shattered, it can all come tumbling down like the house of cards that it is.
(DISCLAIMER: I’ve been working with computers for thirty years. I know nothing of hacking techniques, and I don’t have the will or savvy to learn. I wish I did. Maybe I could save the world! **joke**)
The need to write '**joke**' made me laugh.ReplyDelete
A little bit superfluous, you think? You may have a point. I suspect being a little bit superfluous is like being a little bit pregnant....ReplyDelete