When Sandra Bullock’s The Net opened 16 years ago, it didn’t get a lot of fanfare — from the public or the critics. At the time, those scenarios all seemed so crazy and far-fetched, didn’t they? The sheer idea of someone’s credit cards and identity being hackable like that. The whole scenario seemed kind of laughable then.
Well, no one’s laughing now.
Not unlike that of Bullock’s character, the data of any person, company, or even nation can be compromised. And we’re seeing more incidents occur, especially over the last few months. The list of targets is varied, including Lockheed Martin Corp., PBS, several South Korean banks and companies, and of course Sony‘s PlayStation and other networks.
There’s no single type of hack or hacker, which is what makes the scenarios so challenging. Some consider themselves “technological libertarians.” Their exploits are based on the concept that imposed limitations for irrational or greedy reasons deserve to be blasted. Others are just freewheeling, fun-loving people with a penchant for pranks, or a love of uncovering vulnerabilities for security reasons, like the “white hats” on Christian Slater’s Breaking In. Then there’s the flip side of that — the cyber attacker who’s purely in it for revenge, blackmail, political extortion or other malevolent reasons.
So it seems that just about anyone is vulnerable, for practically any reason.
Last weekend, a group calling itself LulzSec reacted to a PBS WikiLeaks documentary titled WikiSecrets by breaking into the website of one of the broadcaster’s shows. LulzSec, which posted a fake NewsHour article online alleging that deceased rapper Tupac Shakur is still alive in New Zealand, also made internal passwords and logins publicly accessible. Just prior to that, U.S. government defense contractor Lockheed Martin experienced an attempted attack on its on May 21, but managed to stop the mission before any data was leaked.
Email marketer Epsilon Data Management wasn’t so lucky. Not only did the attackers mine email addresses that could be used for “phishing” scams, but the info didn’t even belong to them — it was client EMC Corp.’s data.
Then there’s South Korea’s Hyundai Capital. When the customer database of this large auto finance provider was broken into, the attackers accessed personal info on 1.7 million customers — then demanded a ransom for it. The caper went awry when authorities apprehended one of them trying to tap the funds at an ATM. Needless to say, the company has locked down the vulnerability that made this possible, and has reworked its IT security operations.
Elsewhere in that country, a major farm cooperative was also hacked via its Seoul office, rendering ATM, credit-card and online services useless for almost a week. Prosecutors believe North Korea was actually behind this one, since it uncovered the same North Korean internet servers involved in the hack of the South Korean government’s websites last year.
Hacking has gone from the domain of lone geeks in their sheltered basements, having a little fun (or letting functionality loose via jailbreaks) to high-profile crimes and matters of national security. Case in point: The Pentagon has begun considering cyber attacks by other nations as acts of war, classifying them as worthy of military retaliation.
It’s a stark contrast to the white hats and their upcoming Random Hacks of Kindness conference, isn’t it? Well, at least it’s heartening to see that there are still some people who understand the old comic book mantra, “With great power, comes great responsibility.” We hope they aren’t the only ones.
[via The Wall Street Journal]
UPDATE: A Chinese hacker broke into hundreds of Gmail accounts this week. Google found the breach and alerted victims of the attack. Several high-profile accounts were compromised, including government staffers in the U.S. and South Korea, and Chinese political activists. The hack was a phishing scam that encouraged people to input their user names and passwords at a particular website. Google emphasizes that the attack was not on Gmail’s internal security systems or servers. For more, check out Google’s blog here.