In it for the LOLs We need to understand hackers, not just lock them up, says Milo Yiannopoulos
The world of the ‘hacker’ sounds terrifically exciting, if a little nerdy. We typically think of characters like Boris Grishenko from the 1995 Bond movie GoldenEye: wiry Russians with dextrous, pen-twirling fingers, intergalactic-sized brains and amazing ‘cyber skills’. The reality of hacking can be more prosaic: some of the most successful hackers in history have been more like estate agents than autistic basement-dwelling geniuses.
Kevin Mitnick, author of Ghost in the Wires, says that his greatest skill was ‘social engineering’, not programming: he manipulated people into giving him access codes and information by impersonating authority figures, often simply over the phone or via email. Mitnick was able to squeeze out personal information about FBI informants through a combination of homework and chutzpah. ‘People, as I had learned at a very young age, are just too trusting,’ he says.
That’s not to say that there isn’t some sophisticated digital wizardry going on out there, as the expert on this subject, Misha Glenny, explains, in terrifying detail, in his 2011 book DarkMarket. Money, he says, can be ‘stolen by a Russian in Ukraine from an American company and paid out in Dubai — and the whole transaction need last no longer than 10 minutes’, reminding us that cybercrime operates so fluently across geographical borders that international criminal agencies can barely even reconstruct the architecture used to illegally transfer money and data, less still police it.
Th a t m e n t i o n o f m o n e y shouldn’t mislead you into thinking that hackers are only in it for the cash. They do it for the challenge: for the thrill of solving puzzles and cracking a combination of human and digital systems. They also do it simply to amuse themselves:‘for the LOLs’, as they say on the internet. The motivations of hacker groups can be scarier than those of traditional organised crime syndicates, because sometimes it can seem as though their only real motivation is to cause havoc. As Mitnick puts it: ‘There’s always something that’s more challenging and fun to hack.’
Hackers are a very unique sort of criminal, often socially awkward and introverted. Under other circumstances, they would find the idea of joining any sort of gang intimidating. Yet, online, protected by the distance afforded them by digital technology, they coalesce into groups with odd names like Anonymous, LulzSec and The Cult of the Dead Cow.
They’re people who learned their hacking skills in their early to mid teens — in other words, before their moral compasses were fully developed. Unusually gifted at maths and the sciences, they tend to be people who do not demonstrate many social skills outside the digital world, with personalities consistent with Asperger’s syndrome. These social disabilities become assets in the online world.
Any and all industries are potential targets for hackers who are either addicted to mischief and problem-solving or who become seconded into online gangs for financial gain. As these underground communities become more complex, ‘off the shelf’ software that, for example, clones credit card numbers gets offered up for sale in escrow marketplaces. You can now buy ‘carding’ software as easily as you can a copy of Windows.That’s why so many professional carders aren’t particularly sophisticated hackers: they no longer need to be.
As a result, many criminal justice systems see hackers as simply another kind of criminal. Glenny thinks that’s short-sighted: given the flow in both directions between security consultancies and the digital criminal underworld, he reckons that we should be engaging with hackers, not simply locking them up.
Actually, that’s been going on for some time already, particularly in China.And when governments get involved in hacking, you start to see the terrifying possibilities of malicious digital activity in a world almost entirely reliant on software. On 1 June, we learned in the New York Times that, just two months into his administration, President Obama had ordered ‘increasingly sophisticated attacks on the computer systems that run Iran’s main nuclear enrichment facilities’: an order that resulted, it is thought, in the creation of the Stuxnet virus. Today, Stuxnet is available for anyone on the internet to download and modify. In an online environment where so many hackers are in it ‘for the LOLs’, that should give us grounds for fear.
Businesses aren’t any safer. Misha Glenny likes to joke that there are two types of companies: those who know they’ve been hacked, and those who don’t. The reality is that both companies and governments are deficient when it comes to protecting their data. That’s the value, researchers at the UN’s Hacker Profiling Unit say, in understanding the psychological make-up of hackers, because in order to hire them, you have to understand what makes them tick.
A lot of money is being spent on cybersecurity by today’s corporations, but there isn’t a great deal of human intelligence brought to bear on one of the greatest challenges the world will face over the next decade: how to engage and negotiate with a generation of brilliant, mischievous computer obsessives, some of whom want little more than to see the world burn.
The Cyber Threat | 30 June 2012 | in association with BAE systems DETICA