The loosely-organized but unquestionably effective hacking group Anonymous has gotten its hands on what it claims are confidential NATO documents. It’s the latest in a line of seemingly arbitrary attacks, the arbitrariness being the result of their somewhat haphazard and crude methods. I don’t describe it this way to invite their vengeance, but as part of making a point about them. Their crudeness is part of their legitimacy.
Unsurprisingly, the response was one of boilerplate outrage, albeit with a truly classic quote from FBI deputy assistant director Steven Chabinsky: “We want to send a message that chaos on the internet is unacceptable.”
I’m hoping this one will go down in history with chestnuts like “a series of tubes” and “just don’t hold it that way.” Chabinsky continued in his interview with NPR:
…it’s entirely unacceptable to break into websites and commit unlawful acts.
The investigative opportunities that present themselves in this area are transnational. The resolution of these cases will involve international cooperation. The Internet has become so important to so many people that we have to ensure that the World Wide Web does not become the Wild Wild West.
Leaving aside the curious implication that the web was not always wild, his choice of words is interesting. “Transnational” and “international cooperation” imply a global alignment on internet issues that simply doesn’t exist, though I’m sure the well-established channels of international police cooperation function as advertised. Anonymous issued a response of sorts to Chabinsky’s words, in which they are a bit less optimistic.
Tracking and collecting hackers of this type is like herding cats that move at the speed of light. The arms race in the detection/evading detection field is lopsided, and hackers are unquestionably at an enormous advantage. They’re savvy enough to avoid the pitfalls set for them by aging heads of security, and even cooperation at the level of internet providers is unlikely to be too effective. Besides, it’s survival of the fittest: script kiddies running LOIC on their mom’s unencrypted open wifi are going to get picked up while the shrewd hacker who pays for a Swedish VPN and codes his own tools won’t even be on the radar.
The fun part is that all this hacking really isn’t even very sophisticated. I mean, it’s not something you can just pick up and do on a Sunday afternoon, but these people aren’t sneaking into access tunnels and jacking into corporate mainframes. They freely admit it; part of LulzSec’s mission was to show just how poorly protected much “secure” information is. This NATO hack (like many high-profile hacks recently) was accomplished with a little SQL injection, an embarrassing oversight by a security team that, if anything, should be far more circumspect in its work than the average security-conscious organization or company. I wouldn’t go so far to say that those who are so easily hacked deserve it, exactly, but they deserve the dressing down they get later. The Sony hacks, for instance, almost certainly harmed the consumers and as such are deplorable acts — but Sony is more deplorable for its irresponsibility and tone-deaf response.
It’s like leaving your bike unlocked on the street as a kid and coming back to find it gone. It’s not that you deserved to have your bike stolen, but you clearly don’t value it much if you don’t take even elementary precautions. You may not agree with the thief’s motives (probably mercenary), but they don’t have to be paragons of virtue to be the bearers of an important lesson: yes, this can happen to you.
To come back to Chabinsky’s claim that chaos on the Internet is unacceptable, though. Mr. Chabinsky, I admire your dedication to orderliness, but you may as well try to straighten out a rainbow. Chaos isn’t the problem — chaos is the point. I don’t envy anyone whose stated job is to reverse entropy.