As hacking evolves and attacks become more sophisticated, the threat continues to escalate, writes Patrick Kingsley.

Late last month, the US media group PBS ran a strange story on its website. ”Prominent rapper Tupac has been found alive and well in a small resort in New Zealand,” it reported. ”The small town – unnamed due to security risks – allegedly housed Tupac and Biggie Smalls [another rapper] for several years.”

For two reasons, this was a surprising piece of journalism. First, Tupac died in 1996. Second, the piece wasn’t written by PBS. It had been planted on their site by a group called Lulz Security, a loose collective of anonymous hackers who wanted revenge for a recent PBS program that criticised WikiLeaks.

”Greetings, Internets,” Lulz wrote on their own website. ”We just finished watching WikiSecrets and were less than impressed. We decided to sail our Lulz Boat over to the PBS servers for further … perusing.” Above the message the tagline: ”Set sail for fail!”

Advertisement: Story continues below
A message from  Lulz Security.A message from Lulz Security.

The extraordinary episode was by no means isolated. In March, hackers stole a database of email addresses from the marketing group Epsilon in what one commentator called the largest email address heist in history. Then the computer security firm RSA had their servers breached in an attack that may have led to the hacking of defence giant Lockheed Martin, an RSA client. In April, persons unknown cracked Sony’s PlayStation network and stole 77 million users’ data. And in the past month, the IMF, Citibank, the Spanish police, Google, the Turkish and Malaysian governments, the US Senate and (earlier this week) the CIA have all been hacked.

In simple terms, there are three kinds of attack taking place. Hacktivism is the most prominent: raids by amateur groups such as Lulz (who took down sites belonging to the CIA, the Senate and the Spanish police) or Anonymous (PayPal, PlayStation, MasterCard and Visa), for fun – ”for the lulz” – or, increasingly, as an act of political protest. There is the criminal kind: professionals hunting for credit card details or email address directories. Finally, there’s state-sponsored espionage, or even cyber-warfare. ”Google, RSA, Lockheed Martin, IMF – the strong suspicion is all those were state-sponsored, or state-approved,” Dave Clemente, a cyber security expert at Chatham House, the international affairs experts, said..

Are all three categories really on the rise? Well, possibly. Disclosure laws obliging companies to come clean about data breaches have been in place in many parts of the US for several years. But, when Google went public last year with the news it had been hacked by Chinese sources, ”that got the ball rolling”, Clemente said. ”It suddenly seemed more permissible to report a hack.”

If increased openness in part accounts for the apparent hike in hacking, there has still been an exponential rise in cyber threats. In 2008, security giant Symantec counted 120 million malware variants; last year, that figure was 286 million. Symantec security strategist Sian John has also noted a large increase in ”targeted attacks”. Hackers are using a new tackle called ”spear phishing”, which enables them to be more specific about who they target. ”In the past, if you got a phish attack, it would be from a Nigerian offering you lots of money,” said John. ”Now it’ll be from someone saying: ‘Oh, we saw you at that conference last week. Here’s some minutes of that conference’.” Contained within those minutes will be a virus.

This kind of targeted attack has become dangerous because of the amount of information we divulge on the internet. ”One of the first places a hacker will visit is LinkedIn,” said Rik Ferguson, director of security research at computer protection firm, Trend Micro. ”[There] you can see all my connections, see everyone I’ve worked with, everyone I know … I’m far more likely to open an attachment from your email, because it’s far more credible.”

However, the arrival of groups such as Anonymous and its offshoot LulzSec does mark a changing of the guard. ”Hacktivism is definitely on the rise,” said Ferguson. ”Anonymous were previously quite a cliquey underground community. But as the WikiLeaks thing unfolded … they have garnered a lot of coverage.”

The anarchist collective Deterritorial Support Group recently posted an essay ”Twenty Reasons Why it’s Kicking Off in Cyberspace”, which aimed to explain the rise of Anonymous and Lulz. ”Make no mistake, this is not a minor struggle between state nerds and rogue geeks,” they wrote. ”This is the battlefield of the 21st century, with the terms and conditions of war being configured before our very eyes.”

It is tempting to think of this kind of debate as irrelevant to our everyday lives. Symantec says mobile phone technologies will be hacking’s next target, and perhaps it is physical problems such as this that we should be more concerned about. But as we increasingly live more of our lives online, and as that boundary between physical and virtual is increasingly blurred, perhaps it is the conceptual questions posed by hacking that will prove more significant.

Guardian News & Media

Sourced & published by Henry Sapiecha

Tags: , , , , , ,

Leave a Reply