Originally posted on The Computer America Blog:
Shawn Henry, an executive assistant director at the FBI, is stepping down after twenty years with the agency, citing frustrations with fighting a losing cyber-war. Hackers have proven themselves capable enough to sneak into the mainframes of companies such as Sony, NASDAQ, the CIA, FBI, and a litany of others. Even HBGary Federal, a cyber-security firm, was hacked. They even stole the source code for Symantec’s Norton anti-virus software and published it to the internet. It is not surprising that the man in charge of cracking down on this mess has resigned, but it is surprising that he took another job with a private cyber-security firm. “I don’t see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it’s an unsustainable model,” Henry said. “Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security.” Well, I think it is time that We the People stepped in and started talking about the problem as a matter of national discourse, just like any other conventional war we have fought in the past.
The first step is to ‘know thy enemy’. Just as we mislabeled so many Muslims at the outset of the wars in Afghanistan and Iraq, it is our heavy-handed and reactionary response that has driven so many otherwise unmotivated, tech-savvy youths to taking part in this ‘war’. Hacking, the act of breaking through digital security, has existed in concept since the invention of the first thieves. When items worth stealing started appearing on the internet in the ’90s, “hackers” started getting worldwide attention. There were ‘black-hat’ hackers who would steal quietly for personal gain. There were ‘white-hat’ hackers who broke through security systems on behalf of companies to demonstrate the weak points in the system. There were some in the middle, dubbed ‘gray-hat’s, who would break into companies without permission but would nonetheless disclose their methods to the companies. All of these hackers were talented individuals acting out of their own volition; hacking has always been a hobby.
The new breed of hackers hitting the scene are different in a few respects that are worth understanding, it might even help ‘win the war’. Where old-school hackers were secret, these new hackers are brazen in their activities; they usually steal so much information the owner’s can’t help but notice, the information is often published without the owner’s permission for everyone to see, and the hacker collectives often take credit for their dirty work. That begs the second major difference; modern hackers are often working in groups. Not just private groups it turns out, in McAfee’s 2007 annual report states that over 120 nations are exploring the prospects of cyber-warfare, including both China and America which feature state sponsored hackers as part of their military apparatuses. China has been caught breaking through the US military’s security on satellite systems, but didn’t do anything once they took control. Remember when America’s spy drone crashed in Iran and caused a global kerfuffle? It had been postulated that perhaps para-military hackers had taken control of the craft over Afghanistan and then flown it to Iran where they crashed it.