Tougher laws, cooperation necessary to battle hackers

The Sony hacking incident was a wake-up call, with countries attacking companies and other countries. Because the story is now off the front page doesn’t mean hacking is less of a threat.

Although some people define hacking as clever programming, as in the Hono­lulu Hackathon apps competition a few weeks ago, black-hat hackers take, modify, delete and misuse the data of others, and those are criminal acts.

In recent attacks on Anthem, JPMorgan Chase, Home Depot and Target, hundreds of millions of personal records were compromised. Sooner or later, those data will be used against us.

These are the attacks reported in the press. There are others we don’t hear about. These days, hackers can get into our infrastructure and our government and military systems.

Meanwhile, hacking has been romanticized. The Black Hat conference in Las Vegas now also goes to Abu Dhabi, Barcelona and Washington, D.C. The film "Blackhat" features a convicted hacker.

The sea change is that new software tools have democratized hacking. It’s not just big brother and the NSA (National Security Agency). More people are hacking more people. The little guy is both victim and hacker.

No surprise. We have seen and permitted the growth of a worldwide hacking subculture. You can find dozens of sites and videos on Google offering free tools for hacking and teaching how to use them. Any malevolent jerk or misguided kid can do it.

There are federal and state statutes, including some tough ones in Hawaii, subjecting hackers to prosecution and civil suit. But the law is in transition, and the culprits are hard to find. The tools to identify them have not caught up.

Meanwhile, hackers wreak havoc; billions are lost; more billions are spent for cybersecurity. The battle wages from shore to shore, sunrise to sunset, punctuated by attacks and defenses.

Since the 1990s, cybersecurity has tried to keep hackers out. Now hackers routinely overwhelm those defenses and lurk inside our systems for months or years. Experts now say it’s better to find and neutralize them after they get inside.

There’s more to hack all the time. By 2020, 80 percent of the world will have smartphones. These are juicy targets, even if not turned on. Drones, robots, the smart grid and the Internet of Things provide a smorgasbord of new targets that could allow cybersabotage and loss of life.

Enter HackersList.com, where you can hire a hacker. It says, "Hiring a hacker shouldn’t be a difficult process. … We believe that finding a trustworthy professional hacker for hire should be a worry-free and painless experience."

The hackers go on to offer services. Customers go on to contract for those services. The site says it’s legal but that’s probably not true. The site takes your credit card, holds your money and pays the hacker when the job is done.

What services would you contract for? Changing your grades? Cracking a password? Reviewing your spouse’s phone or email records? Getting a competitor’s mailing list or business records?

The New York Times published the Hacker List story in January, but the site is still up and so are other sites with tools, reviews and videos. It looks like hacking for hire is here to stay.

But that doesn’t mean you should try it. The agencies involved could come down on hacking for hire any day of the week, and you’d be sorry.

The hypocrisy is that hacking flies in the face of the freedom of the Net, which we should all care about. How can we argue neutrality when we’re using the power of the Net to abuse its purpose?

Perhaps we should redesign the Net to confirm the identity of the user. That will tell us who’s doing what, but it would also be costly and impractical. We will probably have to live with the design we already have in that regard.

Sure, we should spend more on cybersecurity. Our tech community should also advocate for tougher laws and international agreements, and watchdog extraditions and enforcement. Can our Office of Information Management help?

State laws should be made uniform and merged with federal and international law so hackers can be more easily prosecuted, although it does seem strange to rely on the federal government when it is doing so much of its own hacking.

This is a battle the hackers seem to be winning. We are paying dearly for damage control when we also need global collaboration. The longer we wait, the more we’ll pay, so we should roll up our sleeves and do what it takes to shut them down.

———
Jay Fidell, a longtime business lawyer, founded ThinkTech Hawaii, a digital media company that reports on Hawaii’s tech and energy sectors of the economy. Reach him at fidell@lava.net.