It took about five minutes to cripple Visa.com. By the time Dutch police arrested the 16-year-old boy they say was responsible Thursday, the damage had been done. Of course, the boy wasn’t alone. He was aided by a volunteer army of thousands. The scary thing: They were using tools anyone can get.
If the WikiLeaks dump, and the subsequent cyberattacks, have made anything clear it’s this: 2010 belongs to hackers.
Hacking, the practice of getting your hands on computer tools, systems and documents – especially when it’s unauthorized – is nothing new: from MIT students in the 1950s to “phreakers” who manipulated telecom systems around the globe.
But their impact has suddenly skyrocketed. Over the past decade, the digital medium in which hackers operate has become the single most important driver of cultural, commercial and geopolitical change in the world. And online, the limbs of everything from credit card companies to national security agencies lay far more unguarded than their real-world counterparts.
From easily obtainable cyberwarfare tools to being glorified in Stieg Larsson novels to jailbroken iPhones, hacker culture is also cycling from the underground to the mainstream.
“Hackers used to break into networks and pull classified data, but back in the day this information was kept amongst the community,” says Michael Calce, who, under the pseudonym Mafiaboy, became one of the most famous computer criminals in the world a decade ago when he managed to temporarily bring down the websites of several major companies, including Yahoo and CNN.
“Now that information is on a global pedestal. WikiLeaks is just an example, there’s going to be a lot more of this to come.”
MATTERS OF STATE
The most significant breach of a U.S. military computer network ever, according to deputy secretary of defence William J. Lynn III, took place in 2008.
“It began when an infected flash drive was inserted into a U.S. military laptop at a base in the Middle East,” Mr. Lynn wrote in a recent issue of Foreign Affairs magazine. “The flash drive’s malicious computer code, placed there by a foreign intelligence agency, uploaded itself onto a network run by the U.S. Central Command.”
For the first time, a senior government official had confirmed what most security experts already strongly suspected – the U.S. was under constant cyberattack from foreign enemies, and some of those attacks had succeeded prying information from some of Washington’s most sensitive computer networks.
In recent years, Western nations have switched much of their security policy focus to computer networks, cognizant of the fact that a growing number of malicious actors, from petty criminals to state-sponsored “patriotic hackers,” are constantly probing government networks for weaknesses. U.S. President Barack Obama created a new White House office to deal with cybersecurity. Earlier this year, a group of 15 nations, including the U.S., China and Russia agreed in principle to work on limiting cyberattacks.
In 2007, Estonia’s critical infrastructure, including the computers of banks and broadcasters, came under attack. In that case, the culprits included pro-Russian “patriotic hackers,” as well as vast networks of maliciously co-opted computers around the globe, whose users had no idea they were aiding an act of war.
The overlap of state agencies, multinational companies and borderless hackers has become a defining theme of 2010. Canadian BlackBerry-maker Research In Motion saw many of its overseas markets at risk this year, after governments in India, Saudi Arabia and the United Arab Emirates threatened to ban BlackBerrys unless they were given more access to information passing through the devices. Google was the victim of state-sponsored hacking in China – something the WikiLeaks cables helped shed light on. Indeed, the growing popularity of cloud computing – hosting data and using software on third-party servers that are accessible from anywhere in the world – has only increased the potential reward for anyone capable of breaking into the servers of companies such as Google or Amazon.
The realization that the world’s critical infrastructure is moving online – and often in a far less secure version than in the physical world – has already changed the way information warriors operate. This summer, a malicious piece of code called Stuxnet surfaced on the Web. But unlike previous iterations of viruses and worms, Stuxnet was designed with one target in mind: large-scale industrial processes. And in many ways, it succeeded – the Iranian government recently acknowledged Stuxnet had played a role in damaging its nuclear program.
But despite concerted efforts by nations to beef up digital security, it’s unclear just how effective those efforts have been. In the wake of the 2008 incident, the military temporarily banned the use of flash drives, and put more emphasis on software and hardware to detect unauthorized users.