It used to be that hacking was all about finding security flaws in the computers of rich targets and exploiting the weakness for as much money as possible.
Now, it seems a lot of hackers are doing it just for fun. Or as they say in hacking parlance, they’re doing it for the “lulz,” a variation on the Internet acronym LOL for “laugh out loud.”
“There’s a kind of return to the way things were 15 or 20 years ago, in the ‘90s in particular, when we saw most cybercrime was kind of like digital graffiti and cyber-mischief,” said Chester Wisniewski, a senior adviser for security firm Sophos.
“It was harmful but it wasn’t for personal gain, it was mostly ego and competition. It seems the digital graffiti people have come back out of the woodwork, people who are doing hacking, data theft and website defacement for, as they call it, the lulz.”
A hacking group nicknamed LulzRaft made news in Canada last week after it claimed responsibility – through Twitter – for defacing the website of the Conservative party with a fake story about Prime Minister Stephen Harper choking on a hash brown. The group also claimed it had leaked party donors’ personal information onto the web.
But those actions should not be viewed as politically motivated attacks, said an anonymous spokesperson who replied to questions directed at the group’s e-mail account.
It just as easily could’ve been Jack Layton, Elizabeth May or Bob Rae who were featured in the prank. Those party leaders were only spared, the spokesperson said, because the NDP, Green and Liberal web servers had no obvious holes to target.
“It was just a hack of opportunity. In truth, we checked all the party websites and the Conservatives just stood out as being the easiest – and had the most potential for lulz,” the spokesperson wrote.
The group has since taken credit for another two lower-profile hacks, adding to the spree of cyberattacks that have stormed the web in recent weeks. Most have been triggered by the group Lulz Security, which has taken credit for repeatedly striking websites operated by Sony, PBS and even the U.S. Senate and the CIA.
There are different motivations and codes of ethics among hackers. So-called white hat hackers will notify IT administrators if they discover security holes, before any damage can be done by others, and sometimes work for corporations to hack-proof servers. On the other end of the spectrum are the black hats, who seek out ways to hack computer systems for their own gain. Somewhere in the middle are the grey hats, which Lulz Security is usually labelled as. They have no qualms about taking down web targets but generally aren’t looking to profit off any damage they cause.
In some cases, those lulz-seekers are choosing their targets for political reasons and harnessing their technical skills to take down unprepared targets, said Rafal Rohozinski, CEO of the Ottawa-based SecDev Group, a cybersecurity consulting firm.
“Hacking is a nascent form of politics,” Rohozinski said.
“You’ve got this new generation of digital natives, generally people between the ages of 14 to 25, who have grown up with this technology. That generation is coming of age, so to speak, in terms of having political views, social values, and the way they’re starting to express that is through online activism.
“It’s really the first indication of this digital-native generation starting to flex its muscles.”
The PBS hack – Lulz Security posted a fake news story reporting that the late rappers Tupac Shakur and Biggie Smalls were alive and well in New Zealand – was seen as retribution for the documentary “WikiSecrets” and how it focused on the personal life of whistleblower Bradley Manning.
