Another week goes by, and another series of hacks. One wonders what is sat on which PR agency’s desk this morning, ready for release and rebuttal?
The question I keep coming back to is ‘why now?’ Why are these attacks occurring now, and to what end? And can we ever condone hacktivism?
In the (good) old days, the phrase in vogue was ‘script kiddies’, pertaining to a notion of adolescent nerds in darkened rooms writing bad stuff. This was a godsend for film makers, leading to clichés abounding in films such as the Matrix, where the hackers/nerds break out from their odor-filled lairs and save us from our commercialised blindness. The reality is far from this sexy, and the world is no longer as simple. The notion of state-sponsored hacks, and hacks for commercial gain have passed beyond fantasy into day-to-day reality.
And yet there persists this line that hacktivsm is hacking for the common good, fighting for the little man – the Banksy of the computer world if you will. The argument runs (and I am paraphrasing) that by exposing weaknesses, we all benefit, because it forces those holding data to tighten up their procedures. The problem as always with this sort of argument, is that one man’s freedom fighter is another man’s terrorist. Wikileaks threw up the dilemma: if one of our people gets compromised by such an action, will the family of the deceased operative thank you? And on a lesser scale, will the people whose credit card details get exposed be grateful when they get an iPhone ordered in their name (as happened).
Can we assume that all hacks are bad? In another time for example, Nixon was exposed by actions that equated to a modern day Wikileak. But then, leaks did not expose people’s credit cards, and those who were leaked to did not generically expose information to the detriment of hundreds or thousands of innocent people.
My view is that there is no such thing as a good hack, no matter how laudable the results immediately appear. The volume of information is too vast, the motivations too complex. The people compromised by the volumes of data released are defenceless and without remedy, and this is therefore bad.
So why is this important to us in the Public Sector? It comes back to the net results of increased mobility, of channel-shift, of cloud, of Open Government. We are systematically pushing data to the fringes of our sphere of influence, and we need to take care in building our defences. The majority of failures are procedural and process driven, and continued focus needs to be given to refining these. And clearly security companies need to be providing solutions to back this up and help bolster defences.
So say no to hacking in any shape or form. Until these people can demonstrate their ability to handle data better than those of us who do it for real, it is always going to end in tears.