In the era of the internet, hackers are seen as noble figures – anarcho-libertarians, standing up to the man, exposing government secrets and corporate misdeeds.
Actually, that's a myth. The bulk of people doing hacking are absolute scum. In the UK, we're starting to see a wave of cyber-criminals targeting businesses. On hacking forums, although many participants baulk at hacking individuals, going after a company is seen as perfectly morally acceptable.
While high-profile hacks like those on huge firms such as Apple and Associated Press make the headlines, the bulk of this hacking is aimed at small and medium companies – family businesses, in other words. Firms don't like to talk publicly about being victims but in anonymous surveys as many as 40% of firms admit being affected by it.
The mechanisms by which this cyber crime takes place are often exactly the same as those used on individuals – keylogging of passwords to get access to email accounts is common ways, although there are other more sophisticated means. The motivation for attacking businesses is a potent brew: a combination of anti-capitalism that justifies the assault, knowledge of how lucrative hacking a firm can be, and the hacker's disdain for people with people with poor online security.
Lots of hacks are about theft – if you know your way around business banking, you can make a fortune with a stolen email account belonging to a reputable firm, by taking out enormous loans or factoring contracts in their name. Simply put, even small businesses can borrow immensely more money than individuals, and as far as hackers are concerned, if you don't protect yourself, you deserve to be robbed and only have yourself to blame.
There's also a black market in buying a wealth of the information that's easily accessible from business email accounts – everything from tables of common passwords, to databases of customer emails, right down to the user keys for expensive software packages.
It's not just theft or selling data, though. Many business accounts contain valuable, often irreplaceable, data that can be held to ransom. Ransom is a common trick, often deployed when stealing a company website. The cyber criminal gets into the email of whoever administers the website, and moves it to a host domain they control, and changes all the password access.
They can then alter it at will, changing emails so customers don't receive them and even take the website down entirely. It usually takes the business a couple of days to realise they've been hacked, and then the criminals demand cash in return for returning web access to the rightful owners. One Shoreditch tech firm who were recently the victim of an attack like this told me they were told by the police to just pay the ransom, get the website back and be more careful in the future.
The police can't help much with any of this – untangling a web of IP addresses that stretches halfway round the world and usually ends in an internet cafe or a branch of Starbucks is more than they can cope with. The fact that the police usually can't catch these people adds to the hacker's sense of innate superiority, and justifies their community having epic tantrums when one of their own is arrested.
The damage the hacking community does is very real. We're starting to see specific cyber crime insurance policies being offered to compensate firms – such insurance is already worth over a billion dollars in the US alone.
This is the reality of cyber-crime and hacking: it's not anti-capitalist heroism, it's grubby extortion of your local florist, with gleeful criminals that can't be caught and insurance firms rubbing their hands together at the thought of double-digit growth in sales for them, which ramps up prices for everyone else. It's high time we stopped lionising hackers, and started treating them like the petty bottom-feeding crooks they are.
Posts
