with 5 discrete categories of hacking:
Espionage Hackers and
Francis Bacon wrote: "Knowledge is power."
Kofi Annan added to this: "Information is liberating."
Robin Morgan goes further: "Knowledge is power. Information is power. The secreting or hoarding of knowledge or information may be an act of tyranny ..."
We live in a rapidly evolving Information Age. We are in peril of losing our right to personal privacy as a consequence of intrusive surveillance of "Big Brother" governments. At the same time, governments, organizations and large businesses that operate in the public trust (such as banks; financial institutions; insurance companies; and companies providing core public services such as power, water, transportation and communication etc) mislead and deceive us - with lies, various forms of deception and secrecy to cover-up what they have been doing.
Computers and computer networks are currently the core elements of information storage the world over. Desktop computers have only been around since the 70s. Yet, in just over 40 years, we have come to take computers for granted. We rely on them for communication, for transportation, for the provision of essential services (power, water, plumbing etc, as well as emergency and health services), for provision of financial services, to shop, for entertainment, for national defense etc.
If information is power and knowledge is power - than damaging or destroying access to vital computer data containing information on which we rely and services that we need - constitutes a serious crime.
Desktop computing is less than 50 years old. But from the beginning it drew the interest of those who were fascinated by it and wanted to know how computers worked. This fascination with the hardware and software was not (and is not) limited to hardware and software engineers. Experimentation and testing on how to push the envelope of knowledge about computer software is common with hackers.
According to the wiki definition - a hacker is someone who seeks and exploits weaknesses in a computer system or computer network.
All forms of hacking involve either accessing unsecured computer systems (much as a burglar accesses a house where the window is left open); or actively breaching or by-passing security systems.
It is not what hackers claim was their motive for hacking that matters. It is what hackers do with the information that they steal that is the true indicator of their intent.
In many (if not most) instances, hacking can be construed as a form of computer burglary. But hackers point out that hacking, versus criminal access to computer systems to cause harm are not the same thing. Because many governments actually employ hackers for various reasons - it's reasonable to look more closely at the categories of hacking.
The traditional approach is to categorize hackers as either "White Hat", "Grey Hat" or "Black Hat". According to this method:
- White Hat hackers are hackers employed by businesses, organizations or the
- Grey Hat hackers do the same thing as White Hat hackers. But they are not employees or under contract. They are not sanctioned to hack by the government, organization or business computer system that they penetrate. Grey Hat hacking is consequently a precarious exercise. If they are found out, and particularly if their unauthorized hacking results in harm to the target's computer system or operation - then they will likely have to argue their case regarding their benign intent. This is likely to require supportive evidence. Otherwise they may be accused by the target of being Black Hat hackers with malicious intent - and prosecuted for this. Usually Grey Hat hackers don't keep the weaknesses they find secret from the target whose computer network they infiltrated. Sometimes they also go public over these weaknesses.
- Black Hat hackers are those who hack in secret for personal gain for themselves or others; or for malicious reasons. Black Hat hackers take advantage of weaknesses in security systems to steal information or money for personal gain; and/or change, infect or damage the computer systems they access. Black Hat hackers also intrude into and take advantage of the data on personal computers.
The actions of White and Grey Hat hackers is largely geared to find security weaknesses in computer systems or software that Black Hat hackers might exploit so that these weaknesses can be fixed by the developer or major user of the software or computer system.
At the moment, democracy and justice are under fire the world over - owing to government lies, deception, secrecy and cover-ups of many matters, most of which have little or nothing to do with national security. We are also seeing the unprecedented growth of surveillance policies and procedures in so-called democratic countries. Our world is becoming eerily
reminiscent of George Orwell's famous novel - 1984.
As a consequence of rabid government secrecy, a new, different type of hacker has evolved over the past 10 years - socio-political "Hactivists" who have been acting to further the cause of freedom of information, open government and other socio-political causes. They have been hacking into government, organization and big business computer systems - and they have been releasing information to the public or to whistle blower organizations.
The objective of Hactivism is generally focussed toward facilitating the public good (open government, free speech, freedom of information, human rights, fair play and justice etc) by providing the public with truthful information.
Hacking, like lies, can be divided into major categories that reflect what the hacking is about, it's intent and consequences.
Much like my post on "White lies, Grey Lies and Dark Lies" (http://bit.ly/15gJf4R) the differences that relate to intent and consequences can be used to better differentiate benign (not harmful) vs malignant (harmful) hacking. Because the consequences for the target may be different from the public - these will be dealt with separately.
Hacking - A new Classification System
with 5 discrete categories of hacking:
1. Test Hackers
Test hackers explore how software and computer systems work and look for weaknesses and loopholes in it.
This is usually a relatively benign form of hacking.
- To warn the software developer and users so that the software may be improved.
Note: Unauthorized intrusion into private (personal computers) does not fit into this category, and is not considered benign. This is because the benefit to the public is not sufficient to warrant intrusion into personal privacy. Such intrusion would be similar to, and just as objectionable as unwarranted surveillance and intrusion into the privacy of individuals by government.
- Improved security for the end user. No personal gain for the hacker (other than possibly a pre-agreed fee for testing the system).
- Unfortunately, no one is perfect. Test hackers can unwittingly cause problems in the networks they test.
- Usually benign
- Usually for the benefit of the public.
Hactivists include hackers with a socio-political focus who use the internet as a tool for protest in order to facilitate socio-political change - their aim being, by their actions, to improve the situation for ordinary people.
Hactivism involves unauthorized intrusion into computer systems of government, industry or big business. Hactivists use various digital tools to breach security systems to protest or take a stand on political or social issues.
As with test hacking, unauthorized intrusion into private (personal computers) does not fit into this category, and is not considered benign. This is because - as with all hacking the benefit to the public is not sufficient to warrant intrusion into personal privacy. Such intrusion would be similar to, and just as objectionable as unwarranted surveillance and intrusion into the privacy of individuals by government.
Like anything, acts of hacktivism vary. Although hactivism does not generally involve the intent to damage computer systems - some actions may be detrimental to the target's computer system or operation. While some hactivists may leave a message indicating that that they were there - hactivists do not necessarily always do this. Some just take information they think the public should know about, and leave without changing the computer system and without leaving any intentional clues that they were there.
But, hactivism is a form of protest - and as with many forms of protest - some hactivists want the target (and the public) to know that they were there. Often they leave a message either in the target's computer system or in public.
Their statement by way of what they do to the computer system may be minor - and simply be a benign but overt form of digital civil disobedience - equating with a thumbing of their nose at the target.
However, hactivist actions may also include website defacement, denial-of-service attacks (DoS), redirects, website parodies, virtual sabotage and virtual sit-ins. The consequences of these types of actions are often not benign. This type of behavior definitely increases the likelihood that they will be caught and tends to increase the negative fall-out from their actions.
If hactivists significantly affect the performance of the target's computer system (and particularly if there are deleterious effects on the public) then they are at increased risk of being accused (and prosecuted) for causing deliberate malicious (Black Hat type) harm, rather than acting in the public good. The degree of damage done to the target's computer system or the target's operation may be reflected in subsequent punishment if/when the hactivist is discovered.
Hactivist "hack-tivities" may also include developing methods to bypass government censoring; or to provide means or methods to allow people to speak out anonymously to avoid persecution. Hactivists, like whistle-blowers, may also publicly release documents directly (or more commonly through the media) that the hactivists have obtained which they believe should be in the public domain, etc.
An important distinguishing point is that although hactivism is socio-political hacking, it is not done for the direct benefit of any political party, government or organization - but society as a whole. There is no direct financial gain for the hactivist or others. Hactivism does not include generating crack codes to bypass the serial numbers on commercial software.
- To take a stand on some social or political issue.
- To obtain information to give the public which is believed to be the true story vs what the public has been told.
- To facilitate or force revelations which should have been publicly accessible, if there were a truly democratic open government
- Disruption and anxiety on the part of the owner of the hacked system.
- There may be disruption to operations (which may in turn have secondary effects on the public).
- Embarrassment of the target when secrets come out that reveal wrong-doing which had formerly been kept secret.
- Unfortunately, this often results in increased efforts being made to more securely store secrets and tends to reinforce a "secret squirrel" culture.
- Caught hactivists are often persecuted and prosecuted by their target.
- Increased public awareness and knowledge of the truth related to issues.
- The revelations serve to force public awareness, and following on that public pressure for a change in those revealed political or business policies and procedures which are deemed unacceptable by the public.
- Generally the intent and consequences are for the public good
- Like whistle-blowing - whether a hactivist act is deemed good or bad may differ significantly depending on whether the judge is the target vs the general public.
Criminal hackers are also known as "Crackers" (named after safe crackers and bank robbers who cracked the code to get into safes.) Like safe-crackers they operate in secret.
These are Black Hat hackers who act for personal (typically financial) gain for themselves or others; or act through maliciousness.
This may involve accessing unsecured computer systems (much as a burglar accesses a house where the window is left open); or actively breaching or by-passing security systems.
- Criminal hacking is typically done to obtain information for personal gain, or for the personal gain of the person or organisation paying the hacker (often direct financial gain). This may include stealing strategic information that can be used by the hacker or the hacker's employer, or can be sold to the victim's competitor. Another objective of criminal hackers may be to find information to help damage or destroy the reputation of the victim.
- The target's computer system may be damaged in some way to deliberately sabotage the target's business or service - which secondarily benefits the hacker (or his employer).
- Criminal hacking includes other activities where there is financial gain such as generating crack codes to bypass the serial numbers on commercial software and/or generating the code to make fake copies of software. It also includes identity theft.
- Some criminal hackers do not have a financial agenda. Instead their malicious agenda is to destroy or damage data, or infiltrate a computer or computers or computer systems with computer viruses, worms, trojans and various other destructive forms of software for no particular reason other than the fact that they can do it, and want to cause damage.
- The intention of other black hat hackers in this category may be to find information to use to smear the reputation of competitors, or to act in other malicious ways so they can bully and intimidate their targets. This may be for personal ends, or it may be in the interest of political or business cronies.
- Loss of time and effort to rectify problems caused by the hacker;
- Loss of money, business opportunity, information and sometimes the reputation of the target.
- Loss of the victim's reputation, and in some instances loss of a job or position - when the hacking is directed to destroy the reputation of the victim.
- These types of hackers are usually prosecuted when found.
- It is debatable whether access to cheaper hacked software is to the benefit of the public.
- Theft of financial data or money is very bad, as is identity theft.
- Distribution of computer viruses etc not only creates havoc for specific targets or individual members of the public that are affected; but they may also potentially knock out banking and other essential services.
- The consequences of hacking to destroy the victim's reputation can be devastating.
- The overall effect of criminal hacking is negative to very negative on the public.
4. Espionage Hackers
These are hackers hired by a government to break into computers and networks (other than to test their own system for security holes). Espionage hacking involves hacking into individual's, organizations or other government computer systems.
Unless there is very good evidence (vs vague suspicions) that indicates that an individual has likely been involved in criminal or terrorist activity, and a warrant (so an independent person reviews the evidence to determine whether such intrusion is warranted) - the surveillance and hacking of data related to individuals is fundamentally wrong. The objective of personal hacking is often theft of financial or other data for personal gain of the hackers or others; the censorship of free speech, personal opinion and autonomy of individuals; or, it is done out of outright maliciousness.
Like all espionage, espionage hacking is done in secret and denied. Most governments deny doing this.
(Note - TV shows and movies tends to glorify the hacking acts of spies. The reality is that most countries consider spies who act against their country to be serious criminals, although many have their own spy systems in place to spy on other countries.)
- To secretly breach or by-pass security systems of a target (including individuals, organizations or countries) to obtain secrets that can be exploited.
- Espionage hacking inherently fits in the black hat class in its intent and potential actions.
- Important secrets related to national security, strategy for war or trade, and other information important to the state, organization or an individual may be stolen.
- All manner of activity, including but not limited to: theft of data, altering of data, sabotage etc may occur - which may in turn have far reaching consequences.
- Variable. This largely depends on whether you are in the country of the hacker or the hacked - and the particular circumstances, and consequences of the hack.
- It is a moot point whether espionage hacking is to the benefit of the public in any country. It certainly puts the public at risk of unwarranted surveillance state activities and pushes democratic countries towards authoritarian or totalitarian rule by a power elite.
- Unfortunately, as long as countries compete for resources and go to war with each other; and as long as terrorism can be used as an excuse - hacking espionage is likely to continue.
This is the blackest of the Black Hat form of hacking.
Unlike the wikipedia definition of cyberterrorism, which seems to lump the activities of hactivists , criminal hackers, espionage hackers and cyber-terrorism into one category - let's deal with cyber-terrorism for what it is - hacking as a form of terrorism.
- This is hacking with the intent and consequence to disrupt normal activities and vital infrastructure of a country or countries.
- It is a potential non-physical form of warfare which, in this information age - can severely damage the ability of a country to function.
- This is a form of terrorism.
- Think of the things you rely on each day, not just physically using a computer but things you use behind the scenes that rely on computers - power (light, heat etc), water systems, sewage systems, communication, banking systems, news and entertainment etc, not to mention matters related to national security (which might include control of missile systems, planes, ships etc) - all of which have many computerized components.
- Hugely negative.
Security of computer services is an important part of national security in the Information Age. While it is acknowledged that the government does need to have systems in place to look out for terrorists, that is no excuse to turn any country into a surveillance state. In doing this, terrorists win again.
There has been a rise in socio-political hactivism as a form of hacking due to circumstances that have nothing to do with terrorism - although terrorism is being used as an excuse to persecute and prosecute the hacktivists.
Hactivism is a consequence of an evolving surveillance, police state mentality - coupled with an unwarranted information lock down by governments. Hactivists have effectively become Robin Hoods of information - in an information age in which governments, institutions and big businesses tend to keep information secret so they can manipulate the public.
While it is acknowledged that hactivists can cause damage to computer systems - their objective is usually for the public good. It is rather hypocritical that governments tend to persecute and prosecute hactivists whose intention is the public good, while engaging in hacking themselves [ostensibly for the public good] for espionage purposes.
It is taken as given that burglary of any sort - including data burglary is wrong. But sometimes the wrong thing can be done for a good reason and can have good consequences for society. (Espionage hacking theoretically might fit in this situation. Hactivism certainly can). We think that hactivists, like whistle-blowers, if prosecuted, should be judged by a jury of ordinary people. Who better to decide whether it was more likely than not that their actions were for the public good than a group of the public?
In closing, hacking is an activity that can have many motivations and consequences.
A new classification system with 5 discrete categories of hacking are described in this post.
We think it is important to differentiate these and not lump them into one basket as if they were all a form of cyberterrorism. Portrayed as the same thing not only makes the relatively benign forms of hacking appear bad - but tends to undermine the seriousness of criminal hacking, espionage hacking and cyberterrorism.
If you want to leave a comment you are welcome to do so.
Click on "Post a Comment" below the very bottom of the Post
and a comment box will appear.
If you are interested in reading more on
surveillance, privacy and whistle blowing,
you might also be interested in...
Coffee Q4 - Who are the good guys vs the bad guys?
Whistle Blowing Tips
Whistle Blowing Tales
Blowing the Whistle - Official Authorities - Some tips for reporting in New Zealand
Coffee Q3. Should whistle blowers always be tried by jury?
Julian Assange, Robin Hood of the Information Age - and Pandora's Box
Strongbox for Security and Anonymity versus Big Brother
The Lies of War - 10 of the major revelations of the Manning/WikiLeaks leaked US military documents
5 Reasons Bradley Manning won't get a fair trial
Tax Maven's Tax Haven outed in the biggest financial leak every. $8 to $32 trillion in tax-dodged money
Follow the Money - the Libor Scandal - Interest Rate Fixing
Peeping Toms - Seventy years of government led domestic surveillance and repression through Spy Agencies
States of Surveillance: New - Mandatory blood testing of all Americans age 15-65
States of Paranoia - Evolution of a Police State and Constitution Free Zones
Can you recognize genuine Grass Roots from Astroturf Trickery.
Tip - This is not a gardening guide.
The New Zealand GCSB Spy Bill - 12 steps closer to Big Brother surveillance
Eye Spy - Echelon, Big Brother and New Zealand - in the Global Spying Network
Submission example for the NZ Spy Bill
Coffee Q5: Would you vote for, or respect any politician - who votes in favor of the GCSB Spy Bill?
Leaks, Peaks and Lost Letters
Privacy, Secrecy and Coverups
Secret Squirrels and the Office of the Privacy Commissioner
The information we are provided may be "truthiness" (which is not the truth, and involves all manner of deception), not truth. Lies and deception are often used to put a positive spin on matters we would not agree to, or would disgust us if we knew the truth. Secrecy is another tool of "impression management" to cover up wrong-doing, shameful or corrupt acts.
Freedom of information is a cornerstone of democracy and justice. Without it, the risk of a decline into an authoritarian form of government is virtually inevitable.
Are we "sheep-les" or mere puppets who can be led to believe and do whatever our masters say; or are we thinking people who want to be truthfully informed?
Are we willing to speak up and insist on the truth? Are we prepared to take action to guard our democratic rights and our rights to justice and fair treatment?
Thank you from
3 Monkeys & me