Sophos Cloud Optix
The website of British football superstar David Beckham has been hacked, with an image of a hapless dog attempting to eat a bowl of food painted on a street sign.
A message on the picture reads
"ScooterDAshooter = FAIL"
To be fair, Beckham probably has other things to distract him than his website’s security right now. Yesterday, his celebrity wife Victoria Beckham gave birth to a daughter, who they have decided to name – in the style of a science fiction android – Harper Seven.
That does mean, of course, that more people than usual might be visiting Beckham’s website in the hope of reading more information about their happy event.
Fortunately it appears that this particular hack is more about defacement than being malicious – if those who broke in had chosen to, they could probably have inserted malicious code into David Beckham’s website to install malware onto visiting computers.
And, in all seriousness, I doubt that David Beckham is a dab hand with an HTML editor and cascading style sheets, and he probably hires other people to maintain his website and be responsible for its security.
This isn’t the first time, of course, that a footballer’s website has been hacked. For instance, Diego Maradona was dubbed a “cry-baby” after his website was hacked by a Peruvian football fan in 2009.
And earlier this year, a hacker defaced Ronaldinho’s website with pictures that compared him to Star Wars hate figure Jar Jar Binks and Osama bin Laden.
If you run a website make sure you are doing everything to keep it as secure as possible. If you haven’t already done so, read this informative paper by SophosLabs, “Securing websites”, which covers some of the issues.
Still using the term "hacker" incorrectly? I like your articles ok. And think Sophos does a great job with information… especially on FaceBook. But the hacker term being used incorrectly is getting old.
You have to start to ask yourself why hackers would ever help (or even want to) when you classify them in a negative connotation. There are a lot of hackers out there from all walks of life… everything from Payment Processing to simple code manipulation…. that would help, but they are real hackers. Why would anyone help if they are just going to be destroyed for what the media classifies as criminal? You'd have a lot more help and following if you'd stop putting the wrong labels on people.
Unfortunately, media has destroyed the meaning of what a hacker is. You are now media. To continue down this road of media-whoring real hackers, and giving a title to someone that doesn't deserve it just perpetuates the wrong people to want to do it more. You're media. Do the right thing and start using the proper terms… or stop wondering why you're not getting more support.
It's an interesting debate – and one that, I admit, I disagree with some of my fellow Naked Security writers about.
I do have some sympathy with your pedantry over the term "hacker". If you're a long term reader of this site you may recall that I wrote at length about why we should say "Trojan horses" rather than "Trojans" for instance. (read http://www.sophos.com/blogs/gc/g/2008/07/17/is-it… from our archives)
But the folks who are trying to preserve the old definition of the word "hacker", and want to exclude the use of it being used to describe bad guys, are missing the fact that the world sadly has moved on.
One of the challenges we all face is that computer security is it is no longer an issue just of interest to those of us with a technical bent. It's also a problem for everybody with a computer. It's an issue for the woman who does my ironing, the vicar down the lane, my grandparents and your children.
Many of us are nostalgic for the language of yesteryear but it's more important that we spread advice and information using words that people understand, rather than tie ourselves in knots of our own making.
I view the word "hacker" as something that can be used to describe both good guys and bad guys, but the general public is most likely to associate it with criminality.
Some people don't like that of course. But language is dynamic and you're not going to outshout the general media, so we better get used to it and accept it.
While I agree with the general sentiment of moving on… technology, and today's actions, ideas, and ideals can be no better than the language that it is conveyed in. We think and speak in language, therefore, our ideas can be no greater than the construct and connotation of that that language. If we are to continually portray the negative side of a word, and the negative side of a word that has controversial meaning, then where is the positive and upside of articles?
History and psychology teaches us that a positive re-enforcing nature is more productive than a continual bombardment of negative images. Look at the news today. Housing Market – down (negative). National Debt – down (negative). Stock Market – down (negative).
Negative begets negative. Eventually, we are spinning downward in a whirlpool of no escape. Take a look at the Drug War in America. It's always (well 99% of the time) a negative news story that is shown. It's bad. Eventually, you start to think, well, we can't do anything about it, let's embrace it. "Drugs aren't too bad. Let's legalized them."
The internet – even now gaining popularity with the older crowd – and becoming second-nature for our children – is now the main stream media. Yes, that is dynamic. To continually portray the negative side of certain individuals is to give in to the dominant, negative market of the media is to tell us that we are all doomed.
The term "hacker" is a somewhat relatively new concept (only about 40 years old), so I can see how that is dynamic. The term "cracker" is also about the same age, but nobody uses that (except for the people that reverse engineer software – but that entire spectrum is a different conversation). There are no news stories over at Sophos that say that the hackers currently working @ Sophos, McAfee, Symantec, MS, etc are currently working on a fix for the crackers that broke into <insert X here>.
Yeah, I see that language is dynamic. I agree with that. But at the same time, the "advice and information" theory should not scare people into a negative view of the internet and the people on it. The internet can be a great place… to learn, to socialize, to catch up with old friend, etc, etc. So why can we not educate people on the internet as well as inform them of the harms that can come? And why can't we show them that there are hackers that do good. And report those stories? I'm a realist, and I know the world is not a pretty place, and that the internet can sometimes cause feelings of concern and worry. But, honestly, isn't everything in a bad enough state that we can't start using a little bit of positive energy (especially from internet media) that we aren't heading towards doom? Maybe not so much that we are trying to throw butterflies up everybody's <insert some clever comment here>… but at least that there are stories that put us on an even keel?
Again, G, I'm not picking a fight or saying that I don't love what you do, but … The internet is really a great place to be.
I'll shut up now and go grab a beer.
Blah asks, "So why can we not educate people on the internet as well as inform them of the harms that can come? And why can't we show them that there are hackers that do good. And report those stories?"
You mean, like these recent ones: http://nakedsecurity.sophos.com/2011/02/25/flamin…
http://nakedsecurity.sophos.com/2011/06/16/lulzse…
http://nakedsecurity.sophos.com/2011/06/21/lulzse…
Or this one, where the etymology and modern meaning of "hacker" is explicitly discussed: http://nakedsecurity.sophos.com/2010/05/25/may-20…
Graham is part-right and part-wrong 🙂 Hacker has certainly returned into mainstream usage as a neutral term – "Linux kernel hacking" doesn't imply criminality, for example. But the more common usage of the term is pejorative. In that sense, Graham is right.
I think the best way around this is to say "cybercriminal" when you mean "a hacker, for some accepted meaning of hacker, who used unauthorised access to achieve his or her result."
Now, you can complain all you like about "the media destroying the meaning of hacker." But language is bigger than the media. And English – the heavens be praised! – has never suffered the indignities of an Academie Anglaise to try to regulate it. So it's a very flexible language, and you need to let it exercise that flexibiity a little.
(You allowed yourself the luxury of this flexibility in your own comment, when you used the word "old" in an unconventional – and pejorative, and , indeed, ageist – sense, as though being "old" were somehow a bad thing.)
If more self-proclaimed hackers were genuinely and publicly vigorous about distancing themselves from what the public think of as "hacking" (notably, doing stuff without permission or in violation of civil or criminal law), then the word could more easily be reclaimed.
Or…you could just find a cool new word. The hacking community regularly manages to get lots of new phrases into mainstream use – +1, FTW, , lulz, "epic fail", and so forth – so introducing a new self-descriptive epithet shouldn't be terribly difficult. Consider it a hacking challenge…
It's all about context, you can switch either way and everyones correct. 🙂
I agree with David Bane, it’s all about context. But in the last months we have seen & heard enough hackers, the bad guys or may be the good ones…
Anyway, thanks for posting the article on securing websites!
I guess there's no right or wrong terminology here. I work in the security industry, I tend to use words like malicious user or malicious actor when describing what the mainstream media normally refer to as a hacker. The reason being that my colleagues and I are hackers (and proud of it) though we are professional hackers that carry out security work in a consensual, ethical and formalised process with proper sign-off and legal involvement. The word 'hacker' has negative connotations associated with it, not always good in a professional context and results in having to replace the word with other terminology like 'security professional', however I always make a point of noting that the word 'hacker' is used incorrectly, and that true hackers are not the bad guys.
Just my 2c worth.
Ha ha…. that dog is trying to eat food from that picture of a bowl.
Oh, sorry. Are you having an intelligent debate about descriptive terms?
Whom it may concern,
ScooterDaShooter was simply a skid who claimed to have done this hack but in fact it was not. Then after several contacts with him and the person who actually did the person who did uploaded that picture to show what a "Fail" he really is indeed.
When I heard the baby's name, I thought there was a slight conflict. Victoria wanted to pick a name from a book [1], whereas David wanted a boy called "Blake". [2]
[1] www.harpercollins.co.uk
[2] en.wikipedia.org/wiki/Blake's_7
Agree with the author, language evolve and unfortunately the term Hacker has been tainted for years so there is no way to rewind the past and associate it back to the good guys. White Hat seems to be the term for the good guys that is gaining acceptance. This subtopic is nonsense, we as IT know the history of the word. This is a debate that no one would win……. I got sidetrack so bad that I forgot to laugh on the dog defacement picture.
Jar Jar Binks a Star Wars hate figure???? I must have watched the the wrong film
I'm sure there are some people out there who like Jar Jar Binks, but I suspect you're in the minority.