The hacking stories just keep on coming. Of course, The News of the World is the big one at the moment, matched, for the moment at least, by the hacking of The Sun’s website by celebrity – and proficient – hacking group LulzSec.
Other interesting stories on hacking exploits keep cropping up, but are perhaps not getting the same high-profile coverage. One well worth having a look at is the fact a Pentagon supplier recently lost 24,000 files to a foreign intelligence service.
There are several interesting things about this hack:
1) It was an unidentified defence contractor, and not the Pentagon, that lost the files.
2) The Pentagon believes the perpetrator was a foreign intelligence service.
3) The response has been a confirmation by the US military that cyberspace is a legitimate theatre of war.
That it was a military contractor that was hacked, and not the Pentagon itself, is significant. A chain is only as strong as its weakest link. The Pentagon itself might have the best security systems and procedures imaginable.
But if its contractors do not have comparable standards it can all be for nought. As more and more business moves into the “cloud” this is going to become a matter of increasing concern. There is an element of irony here.
The internet was born of a US Department of Defense-sponsored research project into survivable networks. The network is robust in that it deals well with sudden node failures but the systems that run on it seem to be much less robust.
It is significant that the Department of Defense has reacted by calling for increased research and development that will provide protection from system vulnerabilities.
The Pentagon believes the perpetrator was a foreign intelligence service. This really is not surprising. Internet based espionage is just another variation on signals intelligence.
Despite efforts by authors such as Ian Fleming and John Le Carre, the image of espionage as the work of James Bond and George Smiley characters is outdated.
Human Intelligence gathering (HumInt) has not been the main source of useful intelligence for decades. SigInt (the common abbreviation for signals intelligence) has, according to Geoffrey Robertson (in “The Justice Game”) been the main source of intelligence for Western powers since at least the 70s.
Of course, excessive reliance on SigInt took a hammering following the Iraq war, but it should not come as a surprise that Intelligence agencies have strong capabilities in cyberspace hacking. Nevertheless, it is interesting to see that confirmed.
Perhaps what is most interesting though is that the Pentagon has declared that cyberspace is a legitimate theatre of war and that offensive capabilities are needed as well as defensive ones.
There is a great asymmetry in the internet. It is much easier to attack a site than defend it. We have all seen, only today, organisations such as LulzSec (apparently made up of only six people) humble a huge organisation with an attack.
It only needs a poorly-written piece of code, a misconfigured firewall or an unpatched operating system to give the hacker an opportunity. It is intriguing to speculate what sorts of attacks might be possible if the might of US military were thrown behind this.
It’s also intriguing that attacks in cyberspace may be responded to with military action. These are certainly interesting times and are probably going to become even more interesting.
Join the conversation
Comments (6)
Byron Smith
(PhD candidate in Christian Ethics at University of Edinburgh)
"The hacking stories just keep on coming. Of course, The News of the World is the big one at the moment, matched, for the moment at least, by the hacking of The Sun’s website"
Did I misread this? Have I missed a story about the NotW website itself being hacked at some stage? Or did Dr Branch just compare the spoof hacking of a newspaper site by a handful of pranksters for a laugh to the systematic abuse of thousands of people's mobile phones by a major news organisation in collaboration with corrupt police for sensationalised media?
Philip Branch
(Senior Lecturer in Telecommunications at Swinburne University of Technology)
Thanks for the comment Byron.
The LulzSec hack was the big story at the time of publication, but my comment implied no moral equivalence between them. My interpretation of the LulzSec hack was that it was just another angle on the NotW story - "Hackers hacked" that sort of thing. I suppose there's a lot of issues that could be explored there, but that's not what my article was about.
mixmaxmin
(logged in via Twitter)
Good point Byron. Hacking the hackers who hacked the... and on it goes! Looks like there is an Us and Them in the virtual world as well and the do as I say not as I do rule applies.
Felix Lawrence
(PhD candidate in Physics at University of Sydney)
"It is intriguing to speculate what sorts of attacks might be possible if the might of US military were thrown behind this."
Such an attack may look something like the Stuxnet worm: http://en.wikipedia.org/wiki/Stuxnet
Philip Branch
(Senior Lecturer in Telecommunications at Swinburne University of Technology)
Yeah, the Stuxnet story really is fascinating. There is a great asymmetry in the Internet. The comparative effort needed to defend against attacks far outweigh those needed to attack. Stuxnet shows what can be done when some serious resources are devoted to attack.
mixmaxmin
(logged in via Twitter)
Stuxnet is truly concerning... Explained by Ralph Langer on TED Talks
http://www.ted.com/talks/ralph_langner_cracking_stuxnet_a_21st_century_cyberweapon.html