High-profile hacking incidents have embarrassed two of the biggest names in digital media, once again casting the spotlight on the growing influence and ubiquity of freelance "anti-security" hacking groups.
Anonymous and LulzSec, two amorphous groups of computer hackers, released on Monday a short list of usernames and passwords allegedly stolen from one of Apple Inc. servers. The groups appear to have obtained the data from another hacker, who did not intend to release the information publicly. Although Apple has neither commented on nor confirmed the breach, the data appears to be of little strategic value as it doesn't directly relate to customer information such as credit card numbers.
Also on Monday, one of Fox News's Twitter accounts was compromised, as yet another hacker used the account to make a series of fake postings about a supposed assassination of U.S. President Barack Obama. Fox was forced to apologize for the posts, and has since asked the U.S. Secret Service to investigate.
In both cases, most of the damage inflicted by the hackers came not from the information obtained - Twitter accounts are generally protected by little more than a single password - but from the ensuing embarrassment caused to the companies involved. In recent months, the volume of such attacks appears to have risen significantly.
"Part of the problem is that companies don't have an incentive to disclose when a breach occurs unless it's required by law," said Ronald Deibert, director of the Citizen Lab at the University of Toronto's Munk School of Global Affairs. "But the volume [of attacks]suggests something is going on."
Thanks to the rise of "anti-sec" groups such as LulzSec and Anonymous, as well as the growing use of cyber-warfare tools by state-sponsored groups, high-profile hacking incidents have become an almost-daily occurrence.
Sony is still struggling to repair its reputation after hackers broke into the company's popular PlayStation Network in April, compromising as many as 100 million user accounts in the process. The Conservative Party of Canada website was hacked last month, sending Prime Minister Stephen Harper's communications team scrambling to correct a prank posting that was uploaded to the site. Visa and MasterCard, among other companies, have been the subject of hacking threats and attempts in the past year largely because they withdrew service to WikiLeaks, the pro-transparency group that many hacking groups support.
One of the key factors in the rapid rise of such successful hacking attempts is the sprawling nature of most major corporations' digital footprints. Only a few years ago, the average large company had an Internet website for public information, and a digital in-house "intranet" for employee use. Today, a company's public online presence includes myriad websites, YouTube channels, Facebook pages and Twitter accounts - any one of which can be compromised.
Compounding the problem is the high-profile nature of such services. Most corporate Twitter accounts are of little strategic value, because they aren't connected to other corporate databases that contain high-value data such as credit card numbers or customer information. But they can still be used to quickly and publicly embarrass a company - as was the case in Fox News, whose executives rushed to contain the effects of the fake Obama tweets.
"We will be requesting a detailed investigation from Twitter about how this occurred, and measures to prevent future unauthorized access into FoxNews.com accounts," Jeff Misenti, vice-president and general manager of Fox News Digital, said in a statement, adding that the news outlet "regrets any distress the false tweets may have created."
"The Secret Service, whose job it is to protect the U.S. President, said Monday it will investigate the hacking of the Twitter account," Mr. Misenti added.
The new wave of hacking groups, while amorphous, seems split along several lines: Some hackers target specific companies and organizations for philosophical or political reasons, while others simply want to prove that many corporations don't protect sensitive digital information.
Several observers see an upside to the slew of attacks, because the targeted companies are forced to invest more time and money to better secure customer and other sensitive data.
"Insofar as groups like this are exposing those companies, there's pressure on the companies to take care of it," said Mr. Deibert. Clamping down on the open nature of the Web to thwart such attacks may be more detrimental than the attacks themselves, he said. "This might just be the price we have to pay for an open Internet."Report Typo/Error
Follow us on Twitter: