UPDATED 12:32 EST / JULY 25 2011

NEWS

Freakonomics asks: Is There More Actual Hacking or More Reporting of Hacking?

Now that we’ve all seen the recent explosion of articles in the media following different types of hacking, people are beginning to wonder what exactly is going on. Even before this year, hacking had been more of an armchair affair with distant actors, corporations and foreign powers stealing information from one another. Nowadays, we hear about police action against teenagers in the US and UK, game networks being crashed, and governments getting sensitive documents released into the public.

But, it raises the question, is there actually more hacking going on or is the media just latching onto it with a tighter grip because they find it more popular?

Just this year we’ve seen multiple breeds of hackers emerge from the ether and grab public and media attention. We had high-profile hacks hit major and popular video game networks like the hack that took the PlayStation Network offline for almost a month. Then we saw the rise of Lulz Security (and their exaggerated dissolution, which didn’t really happen) as their rising star garnered media attention with hacks against Fox News and the release of numerous account credentials from random websites alongside a dump of sensitive documents from the Arizona Department of Public Safety.

We’ve also seen a lot more attention given to collectives that involve disparate groups such as Anonymous and AntiSec and Anonymous. Both of whom follow a hactivist mindset: attacking politically charged targets in order to deliver almost sci-fi manifestos about government’s control of free information flow. Subfactions of the Anonymous collective and the AntiSec movement have hit affiliates with the FBI such as IRC Federal and defense contractors such as Booz Allen Hamilton using extremely primitive break-in techniques. Showing how poor their security is.

But the really interesting hacks came from more ordinary sources against targets that actually mean something in an espionage sphere such as the theft of RSA SecurID tokens and the subsequent break ins at Lockheed Martin, Northop Grumman, and other defense contractors. Of course, we’ve also had the startling discovery revealed by Pentagon staff themselves that their own security had been penetrated by foreign operatives that lead to the compromise of over 24,000 documents.

The economics and social currents blog, Freakonomics, decided to gather a quorum of IT security experts to ask them this question: “Why has there been such a spike in hacking recently? Or is it merely a function of us paying closer attention and of institutions being more open about reporting security breaches?”

The answers have run the gamut from the noting that hacking hasn’t really been on the rise over the past year but media interest has been much bigger than before and that hacking is on the rise because connectivity and Internet intrusion into our everyday lives has increase. From the looks of it, actually hacking itself may not be on the rise; but the type of hacks designed to capture the hearts and minds of the media might be.

It’s news reporting that’s on the increase:

“The apparent recent hacking epidemic is more a function of news reporting than an actual epidemic,” said Bruce Schneier, renowned security analyst and author of Applied Cryptography. “Like shark attacks or school violence, natural fluctuations in data become press epidemics, as more reporters write about more events, and more people read about them. Just because the average person reads more articles about more events doesn’t mean that there are more events — just more articles.”

He even went on to mention about how hacking for fun, such as LulzSec has happened to be around since the days of Captain Crunch and Kevin Mitnick, among other hackers of the 1970s and 80s.

It’s a resonant relationship between both hacking and reporting:

Tal Be’ery, senior web security researchers at Imperva, believes it’s both: “There are more hacking incidents and there’s more visibility to it – so the combined effect gets squared. But there’s much more to it,” he says. “The economic drivers behind hacking have evolved dramatically over the years.  In the past, before we put data online, hacking was done for amusement.”

He mentions that we’ve been slowly moving towards a singularity of data online verses data offline; at a certain tipping point, we would have so much digitized content that it would become much more interesting to criminals to seek out the digital counterparts to real-world scams. As a result, there’s been a rise in potential targets and therefore hacking possibilities. Along with that, media companies have become more savvy about what constitutes a digital crime (alongside the evolution of the would-be hackers) and latch onto it sooner.

Hacking has already been pretty sophisticated for a while now, media is just catching up:

David Jevans, CEO of internet security firm, IronKey said, “The hacking headlines have been fast and furious this year, both because of more disclosure and the high-profile list of large and sophisticated victims. But that’s the tip of the iceberg.”

According to him, hacking has been on the rise a lot longer than media coverage of it has been. In fact, hackers have been doing a lot more interesting and grim things than the media has managed to sink their teeth into for quite some time now and what the media is pinning down is only when they get caught and only those that they deem interesting.

The common thread I noticed amid all of the security researchers wraps up around the culture of security in cyberspace is poorly trained and not very street-smart. Julie Conroy McNelly, senior analyst within Aite Group, mentions that technical innovation is beginning to outpace the willingness of companies to follow it. Tal Be’ery mentions that companies are still poised on old cybersecurity models that don’t take into account the high amount of interconnectivity and savvy of modern Internet groups who benefit from the combined knowledge of individuals who harness the power of crowds. And Jevans points out that the proliferation of hacker toolkits (which are digital) has made even more amateurs capable of hitting the weakest points in the security chain—customers rather than banks themselves.

What does this mean for the future?

It means that all points in the security chain need to be reexamined by corporations as well as governments. As with the real world, the Internet provides a great deal of opportunity for potential criminals to pin pry bars under cracks in the wall. Hacking has already entrenched itself and the news media hasn’t caught onto as much until recently because of the rise of publicity-seeking hacks. Corporate and government espionage hacking, skulking in the dark with the other hackers and trying to stay out of sight and covering up breaches is becoming a thing of the past; especially with hactivists forcing disclosure when they publicly release stolen information.

The real question I want to know is: Will the rise in media attention on hacking galvanize the corporate and government institutions to change their culture of security from one of reactivity and bettering on insurance into something proactive?


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU