What's happened to corporate hackers?
The people that were once the scourge of the IT systems of big business have switched sides, writes David Rae
I haven’t written a single word about IT security for more than a year. This is refreshing because it wasn’t that long ago that you couldn’t get away from articles on hackers, viruses and a host of other terms that I’ve since had the good fortune of being able to forget. But it got me thinking: is IT security, as a corporate issue at least, a thing of the past?
Before I go any further, I’d like to qualify a couple of things. I’m not suggesting for a second that companies should switch off their corporate firewalls. Nor am I inviting any remaining hackers out there to try and prove me wrong by honing their skills on my online banking service. But I do think I’m onto something.
Software is written far more robustly than it used to be. The gaping holes that hackers could not resist are no longer there. The security industry has also come on in leaps and bounds. Companies such as Symantec are now so large and powerful that they can afford to employ the best coders and spend hundreds of millions of dollars on software development.
But to try and add a more scientific approach to my thoughts, I performed what will go down as the least scientific experiment in history: I did a search on the term ‘computer hacker’ in an online news cuttings service. In 2001, there were 3,256 articles written about computer hackers. In 2005, there were a mere 1,983. There you have it, concrete proof that hackers are no longer a major threat to business.
Well, maybe not, but what is certain is that the situation is very different now to what it was when cyber criminals were more interested in the challenge, rather than the reward.
A recent ‘scandal’ involving HSBC’s online banking service is a case in point. According to The Guardian, a group of researchers at Cardiff University discovered a “glaring hole” in the security of the service that left 3.1 million UK customers wide open to fraud. This “glaring hole” had been there for the best part of two years.
Following a stint of community service for hacking into AT&T’s computers and changing their internal clocks so that daytime calls would be charged at evening rates, Ian Murphy, the inspiration behind the film Sneakers, can now be found testing companies’ security defences. Perhaps the reason why security is no longer a business issue is that the majority of hackers responsible for the techno-fear of the 1990s now work in some capacity for the very companies that were being targeted.
Another fascinating recent story is that of the alleged wire-tapping scandal at Hewlett-Packard (HP). Having been subjected to the annoyance of boardroom leaks, the company set about trying to discover where the leaks had come from.
Amazingly, the company employed private investigators to get to the bottom of the matter using the very same tactics that hackers would have used in their heyday. As well as hacking into the company phone records of several journalists who had reported on HP’s boardroom discussions, the private investigators also tailed HP’s own directors and (the most impressive bit) tried to install spyware on the computer of a CNET reporter by sending him a secret programme embedded in an email.
The story illustrates just how things have changed. Where hackers used to be feared and loathed by the business community, they are now welcomed with open arms. It appears that hackers are alive and doing very well: they have just switched sides.