Hacking is a nightmare for every CEO and business and hackers are getting ever more ambitious. They are now targeting intelligence agencies and even governments. Giles Crosse reports
Everyone knows that no company can ignore the power of the internet, or its risks. But less well-known is the world of the ethical hackers – paid professionals who discover and repair IT security vulnerabilities. Similar hacking techniques are used maliciously, but ethical hackers use their skills for the common good.
This new breed of professionals is working away in the background to keep the wheels of industry turning. Without them banks and the stock exchange would eventually fail. The position has become so vital thats universities are offering courses. Northumbria’s Ethical Hacking for Computer Security BSc (Hons) gives students the knowledge to infiltrate secure computer systems and combat cybercrime.
Professionals are also coming together in “resilience centres” to combine their ethical hacking skills. The Scottish Business Resilience Centre offers a Cyber Security Assessment, profiling backdoors into company systems. The assessment analyses personal information which firms keep online, as it often prejudices their security. As the business world shifts online, such professionals will become essentials, not add-ons to the corporate team. But there are deeper complexities to the situation.
Ethical hackers inhabit a different world to hacktivists. Hacktivism is the use of computers and computer networks to promote political ends. These are chiefly free speech, human rights and information ethics. The premise is that the proper use of technology can produce positive results in the same way as protesting, activism, and civil disobedience.
Hacktivists target governments
Hacktivism targets corporations and governments. The hacktivists open up access to information they feel should be public. They deny services to users to cripple a firm’s activities, or post messages and place classified files for download on homepages.
A battle is developing between hacktivists and government agencies. Hacktivists argue that illegally opening up government portals, in China for example, is justified by an inviolable right to free speech. Making such information available develops a global discourse leading to a better future, they say.
On the other hand, governments themselves can be criminals who manipulate electronic weaknesses. This July, the US-based Electronic Frontier Foundation (EFF) filed a Freedom of Information Act (FOIA) lawsuit against the NSA and the Office of the Director of National Intelligence.
Defending digital rights
EFF is a non-profit group which defends digital rights. It filed the FOIA suit to uncover papers demonstrating how intelligence agencies choose to disclose software security flaws known as “zero days”. According to EFF, a zero day is a previously unknown software vulnerability, which has been discovered but not patched. EFF claims that governments, including in the United States, purchase information about these vulnerabilities, gaining access to target computers.
“This FOIA suit seeks transparency on one of the least understood elements of the US intelligence community’s toolset: security vulnerabilities,” EFF legal fellow Andrew Crocker said. “These documents are important to the kind of informed debate that the public and the administration agree needs to happen in our country.”
Government secrecy among intelligence services has precedent. Meaningful regulations remain lacking in today’s IT world. The ground is uncertain, and has implications for how openly business is carried out, as well as cross-governmental transparency. Governments should not be abusing electronic backdoors to mine data on people, the private sector or agencies. Doing so abuses principles of fundamental human rights.
New battle lines are being drawn up and businesses must arm themselves to protect corporate information. But few would imagine that their own governments could be stealing data on foreign partnerships, or the placement of business bank accounts.
The lack of central openness is troubling. Open business and open government are useful tools to deliver a more communicative and pleasant world. Not to mention the partnerships and deals that stem from this approach. But can these be achieved in an environment of mistrust? Must firms who deal with government accept central abuses on information protection? Or, equally importantly, must they become complicit in such dealings, using their own ethical hackers to hide the hold of data firms on government work?
The complexities suggest some regulatory framework is needed. Could the United Nations (UN) rule on a code of ethics for governments? Who would check they comply with it? In addition, do corporate firms working in the arms sector desire openness? Finally, where do the hacktivists sit? Are they illegal troublemakers, or simply individuals taking steps when the UN and governments are impotent?
The power of the internet is posing challenges for businesses and governments. To date, policy changes have not kept up and, until they do, the hacktivists will continue to expose the dealings of business and government. Information freedom and debate are being led by the few, not by a democratic process.
Please share your experiences and views in the comment section
PHOTO CREDIT: Daniel Foster on flickr