FLAMING RETORT: Hacktivism, hacking and hackers - what do these words really mean?

Filed Under: Featured, Law & order, Privacy

I keep getting asked - by journalists, friends, colleagues, competitors, delegates at conferences, people on the bus - what my attitude is to hacktivism, hacking and hackers.

I usually answer by saying, "What do you mean by hacktivism?" And the answer is frequently, and impassably, circular. "Y'know - all that hacking that hacktivists are doing these days."

No! I don't know! And I'm not willing to guess what you mean just so I've got something to say!

Fortunately, a few days ago a friend alerted me to a cartoon in the XKCD series ('a webcomic of romance, sarcasm, mathematics, and language', in its own words) which - like many XKCDs - cuts through most of the ambiguity and misunderstanding which surrounds the abovementioned H-words. (Don't forget to hover over the image below to read the pop-up text.)

CIA

And we need to cut through the ambiguity, because every time we use the H-words on Naked Security, we seem to end up in comment wars over their relevance, meaning and imputation.

Does calling someone a hacker imply they're a cybercriminal, even if they aren't, and even if they might use that word to describe themselves? Does calling a cybercriminal a hacker demean everyone who ever took the term hacker as a badge of honour?

More importantly, does the sort of stuff which many so-called hacktivists get up to actually count as hacking, even if you allow the word to denote criminality?

For example, Anonymous recently bragged about a hack Down Under in which it revealed to the public a database of already-published web pages belonging to a local council. One publication blared this to the world as 'Council falls prey to computer hacking gang'. Another avoided the H-word, but still rather extravagantly announced that 'Anonymous releases government records including Australian council data.'

If that's hacking, then perhaps walking to the bus stop is a major athletic achievement worthy of coverage in sporting magazines worldwide?

As the always-amusing Richard Chirgwin pointed out in The Register, the truth about this Down Under 'hack' was a little less dramatic.

Under the wry headline Council Website copied by Anonymous - Wget would have worked nearly as well, Chirgwin noted:

Australian democracy stubbornly fails to teeter on the brink of collapse this morning, after a bunch of script-kiddies mistakenly published a backup copy of a public Website in the delusional belief that they'd achieved yet another stunning coup in the "anti-sec" campaign.

In a world under clear and ongoing economic erosion by cybercriminals - not by hacking, or by hacktivists, or by hackers, but by cybercriminals - the overuse of the H-words in the media actually works against computer security in general.

Firstly, calling most self-styled hacktivists by their own name of choice imbues them with a social conscience and a justification they don't seem to possess - rather like legitimising the looters currently on the rampage in Britain by labelling them as protesters.

Secondly, with all the attention that so-called "hacktivism hacks" against high-profile organisations are getting, it's easy to fall into the trap of assuming that individuals and small businesses are safely under the radar. After all, who would target the website of Uncle Fred's Garden Mowing Service when they could be taking on the mighty CIA?

The answer is that cybercriminals generally don't care.

You might not have any data worth stealing (though it's almost certain you do), but even if all you have to offer them is a badly-protected PC infected with zombie malware - a resource they can use to line up their next attacks whilst keeping out of the frame themselves - you are inadvertently aiding, if not abetting, their criminal activities.

So why not take one step tonight which will improve your attitude to security, and your personal resilience to compromise?

For example:

* If you use the same password for many websites, make tonight the night you change that approach.

* If you've been leaving your virus scanner turned off or out-of-date, make tonight the night you get it back up-to-date and activated.

* If you've been putting off downloading and installing the latest security patches for your operating system and software, make tonight the night you catch up.

* If you're in the habit of friending people on Facebook just because they're there, make tonight the night you treat Facebook friendships like you do real-life ones - based on knowing, liking and trusting the person.

* If you give inadvertent succour to hacktivists by simply following along and watching "for the lulz", make tonight the night you search out something more visibly positive to do online for the greater good of all.

(Writing documentation for open source software projects is something most people can help with, even if they're non-technical. It's not glamorous but it's important, useful, and can teach you a lot. You'll be much more of a hacker than someone who joins in a DDoS attack - and you can put it on your CV, too!)

, , , , , ,

You might like

5 Responses to FLAMING RETORT: Hacktivism, hacking and hackers - what do these words really mean?

  1. stace8383 · 1168 days ago

    Thanks for retaining some common sense and perspective in a world gone mad!

  2. mythiq · 1168 days ago

    LOL; the actual "raid" against the misuse of the H-words is in the last PS. Thanks! (says the actual hacker).

  3. J_T_ · 1168 days ago

    You left off patch your dang computer!! Even MORE important than your AV..

    • Paul Ducklin · 1168 days ago

      I meant to give four examples of quite different sort - but you're right about patching. It's something lots of people put off "until later", so I'm going to add it into the article as a fifth example of something you might as well do right away. Like tonight.

      Not sure that it's more important that your anti-virus: the two really ought to go together as security steps which don't tolerate delay.

  4. Elle Woods · 1168 days ago

    What action do you recommend if you suspect your own operating system and anti-virus is (are) patching and poisoning you into oblivion? For a true cyber-criminal mastermind, wouldn't that(those) be the weapon(s) of choice?

    PS Any plurality disambiguation courtesy of Microsoft (c); credit where credit is due!

    PPS If you saw the movie "the Social Network," you'll note my own Justin Timberlake/Sean Preston attempted contribution: include the hyphen; it's much more ostensible.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog