Are Hacking Gangs Back?
During the past year, the world has seen the emergence of Anonymous and LulzSec hacking groups.
Anonymous, a "hacktivist" group that claims it hacks for its ideals, has attacked the Spanish national police, a Turkish government site, Iran, Sony, PayPal, and Mastercard. Today, the group says it will initiate "operation Empire State rebellion" against the Federal Reserve unless Board Chairman Ben Bernanke steps down.
LulzSec most recently hacked into the U.S. Senate and Bethesda Softworks. Other attacks include PBS, Sony, Nintendo and the FBI. Unlike Anonymous, LulzSec appears to be hacking for the thrill of it, often targeting game companies and insecure government systems.
What does this all mean? Hacking groups are not new, though they seem to have been mostly dormant over the last decade or so or, at the very least, not in the news as much as attacks from foreign nations or on critical infrastructures.
The 1970s saw "computer hobbyists" forming such groups as the Homebrew Computer Club and the Southern California Computer Society to share information and parts. Among the members of the Homebrew group were Steve Jobs and Steve Wozniak, who, before Apple, were among the early hackers creating "blue boxes" to tap illegally into the phone system.
The 80s and 90s saw such groups as the Legion of Doom, Chaos Computer Club, 414 gang, the Cult of the Dead Cow and Masters of Deception. Computer crime laws in the U.S. were strengthened because of many of these efforts and there was some increasing concern that some of these entities were linked to foreign operatives. For example, members of the Chaos Computer Club were arrested for breaking into U.S. government systems and selling source code to the KGB. For the most part, these hacking groups were not, as far as can be assessed, motivated by national security concerns but by curiosity, mischief, or criminal behavior.
Which brings us to the latest gangs. They are not the first and will not be the last group of affiliated hackers causing harm. Regardless of intent, their actions are criminal. Though, if they subscribe to the Hacker Manifesto, they do not see their action as such. That treatise, released in 1986, provides an explanation of hacking: "My crime is that of curiosity," it says. "I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all."
Truth of the matter is we cannot stop all of the hackers without a substantial change in how we approach cybersecurity. To do so, we need to build cybersecurity into all our technology effort -- whether cloud or mobile -- and not leave it as an afterthought. We need strong global,federal and state regimes in place to 1) work on cybersecurity issues from a policy and operational standpoint, 2) train workforce and personal users about best practices, 3) allow for investigations into criminal activity and 4) punish those who break into systems.