Category: Computer Hacking

Should Computer Hacking Be Justified?

We are currently at war. We’ve been at war for many years, whether it’s battling a civil war or sending out resources to our allies’ wars. Every day, many brave soldiers are out there, fighting to prevent horrors from happening in the world, but we also have people fighting from the home front. By subtly hacking enemy databases, leaking classified information or taking down online threats, these cyber vigilantes help our soldiers in their own way. Though their hard work has gotten a lot of praise, there are still many people not feeling comforted by the fact that the privacy law is being breached, even if their skills in cybersecurity is used for good. With this in mind, I choose to use this report as an opportunity to examine whether or not hacktivism should be justified, both morally and lawfully. I will draw on both global and national perspectives, focusing especially on perspectives within the United States, as the biggest hacking cases took place there, but I will also be focusing in on the perspectives my home country, Denmark, has on cybercrime.

Hacking is something that’s sparked a heavy debate over the years. They trigger both outrage and eulogy as they push both the boundaries of online crime, and the morality of cyber justice. Though there are many other issues to discuss, I have chosen to work specifically with these two, as, to get a better understanding on hacktivists, I find these issues the most relevant to look into and discuss further.

Boundaries of Online Crime

Hacking started already in 1950s, where students of Massachusetts Institute of Technology’s early artificial intelligence department played around with track circuitry. Other hackers then later found out that toy whistles produced the right frequency for them to be able to ‘phreak’ telephone systems, enabling them to place long-distance phone calls for free. Amongst the other ‘phone phreaks’ was Stephen Wozniak and Steve Jobs, the future founders of Apple (Foreign Policy, 2013). Ever since then, hacking have become a very big phenomenon and is used both in cyberwarfare, and for personal vendettas. But if the two founders of apple could hack into phone systems illegally and not get punished for it, why do some people get sentenced years of prison for hacking into servers that can help them potentially win a war?

Though hacking is the most known and used computer crime, it actually wasn’t up until 1986 that the first hacking-related legislation, the Federal Computer Fraud and Abuse Act, was enforced, and it was due to the lack of people with the right programming competences, the right amount of resources and the lack of material for prosecution. As a result of this new legislation, during a new project called Operation Sundevil, the FBI seized 42 computers and thousands of floppy disks that were being used to do criminal activities, including illegal credit card use and telephone service (Florida Tech, 2017).

In Connecticut, 1st degree of computer crime is punishable with up to 20 years in prison or a fine of up to $15,000, if not both (CGA, 2012). This punishment is approximately the same as the federal law’s maximum prison sentence for sexual offenders. Some people, however, are against this kind of punishment, as they don’t see cybercrime to be as bad as sexual offences. They want the penalty loosened, if not completely removed. If we were to remove the computer crime law completely, it’s safe to say that a cyberwar would break out. Now, companies victimized by cybercrime would suddenly have the opportunity to retaliate, thus resulting in a war between governments and cyber vigilantes. In the end, it might possibly end with the Internet being shut down for good, if things got out of hand.

Florida Tech claims that cybercrime will continue to be ever-present in our society, regardless of the best efforts of the criminal justice systems, but even though it might be true that there will continue to be cybercrime, we can do something to minimize the damage. We cannot stop crime, but we can control it. A course of action to minimize cybercrime on a global plan could be to create a law system that effectively will punish cybercrime. When criminals’ chances of escaping get closer to zero, the chance of an actual crime being committed will be heavily reduced. That doesn’t mean that 20 years of imprisonment will help significantly, though, as cyber criminals often are hackers, and if they’re able to hack into sites with top security, they’re more than capable of hacking into prison-systems, as well.

In a small country like Denmark, we have a legislation concerning computer crime. §263 states that “any person who, in an unlawful manner, obtains access to another person’s information or programs which are meant to be used in a data processing system, shall be liable to a fine, or to imprisonment not exceeding 1 year and 6 months” (Cybercrime Law).

A survey conducted to measure last year’s cybercrime in Denmark was made by PWC (2018), and it showed that since last year, there has been less attacks, but the attacks, that were made towards the more than 250 business leaders participating in the survey, were having a stronger impact than before. It also showed that only 20% of the respondents in the private sector are investing in an information and cybersecurity budget on over $1,000,000.

As PWC asserted, though the attacks aren’t coming in high numbers, the attackers make sure the damage will make up for it. Consequently, it will soon no longer be the private sector being on the receiving end of these cyberattacks. In order to prevent more businesses in Denmark from getting damaged, the government can rearrange our tax system to help companies raise their cybersecurity budget or just invest in tighter cybersecurity. That way, it might strengthen our society as well, seeing as we have a lot of talented individuals who are just waiting to get a decent job.

The University of Maryland’s Clark School conducted a similar survey and concluded that 1 in every 4 Americans have fallen victim to a cyberattack, and that every 39 seconds, a hacker hacks an Internet-connected computer (Alvarez Technology Group, 2018). Even though both surveys were conducted last year, it’s still reliable, as PWC, like the University of Maryland’s Clark School, is a valid source, and they conduct surveys like this every year, so it’s still up to date.

If we compare PWC’s results with the University of Maryland’s Clark School’s, there’s a vast difference between the two countries, and their approach to handling cybercrime. While Denmark considers cybercrime a serious breach of the law system, the American media instead chooses to portray cyber vigilantes as heroes, all the while they put so big emphasis on how big of a crime hacking is.

Morality of Cyber Justice

This brings us to the next issue, the morality of cyber justice. We would think that hackers have a strong sense of justice, or they’re after money, as their targets tend to be threats to society or the government, although neither scenario seems to be the case. HackerOne (2018) concluded, via a survey answered by hackers around the globe, that it wasn’t justice nor money that were their main motivation. Instead, it was for fun and the opportunity to learn new things that motivated them to hack. 20% in total answered that it was to do good in the world, or to protect and defend, but compared to the other 42% that answered it was either to have fun, to be challenged, or to learn new things, it’s safe to say that it’s not because hacktivists want to be considered a cyber justice warrior. So why does Hollywood choose to portray the hackers as the good guys, when they’re not trying to be the heroes?

According to BBC (2017), producers don’t think real life hacking will turn out to be entertaining enough for the audience, which might be true. In my hometown, many of the young generation watches a series called ‘Arrow’, where a young woman with high intelligence, Felicity Smoak, is portrayed as a cyber vigilante who hacks into top encrypted databases and helps shut down enemies. This kind of portrayal motivated many of my friend, myself included, to look further into hacking. Assuming, the Government probably wouldn’t want people, wanting to be like their TV idols, violating the online privacy legislations, which seems to be a big issue in the US.

Dr. Alan Westin did a study back in 1998 where he asked American citizens whether or not they were concerned about threats concerning their privacy online, where he found that 87% computer users answered that they were concerned about their Internet privacy (Lorrie F. Cranor, 2005). Though the source is quite dated by now, it’s a valid survey, and albeit the numbers might be very different now from 1998, online privacy is still a current concern of many.

In Denmark, like in many other countries, we have the hacking group, Anonymous. They consider themselves a legion, and they don’t care whether or not we view them as heroes. They hack for justice. They’re considered to be what we would call ‘grey hat hackers’, hackers that do bad things but for good purposes. With that said, it’s them who picks out the targets, not our government. Anonymous even targeted a political party, Socialistisk Folkeparti in 2014, after they signed a mass Internet surveillance bill, by releasing personal information on 20 of the party members. Anonymous declared that Socialistisk Folkeparti all wish for more privacy, but only for themselves and not their citizens (CPH Post, 2014).

So, if the government puts so much focus on catching hackers, as it troubles both the citizens and businesses, isn’t it bad to have the media show them as heroes? What we can do is to teach the citizens themselves how to protect themselves against cyberattacks, or we can make the media not portray cyber criminals as cyber vigilantes who have the right to interfere with warfare like they’re heroes. Unless, of course, they, objectively, are heroes?

Conclusion

In conclusion, I can say that my perspective has changed because of the research I’ve done. Whilst people publish plenty of articles about hackers, both giving them praise and blame, there’s no doubt that there are some hackers who are taking a stance against the wrongdoings of the world. We cannot blame people for wanting to help and defend their society from wars or from their own government.

Notwithstanding what has just been said, hacking, whether we like or not, is illegal, as it’s both a violation of the Computer Fraud and Abuse Act, and the legislations about online privacy. It doesn’t matter if their intentions are pure, when they’re doing something that goes against the law, it’s punishable. If we were to make hacking justified, legally, there would be a lot of people who would use this opportunity to cause chaos, and we can’t just give free passes to one half, but not the other half. Hence, in other words, no, despite the world’s current situation, hacking should not be justified, but we can fight unfairness in other ways than hacking. It’s something we, as a global society, should work towards together instead of turning it into something civil where it’s government versus citizens, or citizen against citizen.

Computer Hacking as a Real Problem of the 21st Century

Hacking is a complex way of interfering with someone’s computer. It is used by many criminals and it can be used for good as well. Hacking is identifying weakness in computer systems or networks to gain access. Computers are a huge impact in a business and is mandatory to run a successful company. To have that computer benefit for their business, it must have external communications with other businesses. This exposes them to the outside world and hacking.

Hacking is a big deal in our society. It has created hackers to attack the social network system. There is three of several damages that can be done, such as computer hacking would endanger personal life, affect companies, or large money-making businesses, and affect society and government. There are many types of hacking and people breaking into security and personal places without permission but how were they able to get there?

Figuring out personal details on a hacker is difficult. What makes it difficult is how high this hacktivist group is. Anonymous is a decentralized international hacktivist group that is widely known for its various DDOS cyberattacks against several governments. DDOS is a cyberattack that hackers used to flood your computer with fake users so that it overheats, and you cannot use the computer for much time because it has timed out and could not handle the users that were being infiltrated to the computer. Originated in 2003 on 4chan. Anonymous members can be distinguished in public by wearing the ‘Guy Fawkes’ masks which is called the anonymous mask as well, it distinguishes that they are yet person. “Hackers claiming affiliation with anonymous, or loosely organized group of hackers shut down websites containing child pornography and publicly released usernames released usernames for the websites”. Hacktivists can benefit our government and leak information for us from other countries but we still must remain cautious about them.

When a regular person thinks of a virus, they think of an obvious advertisement link that they can tell it is a virus, but it’s more complex than just that. When you click on a virus, it can retrieve and read sensitive information contained in an email, they can also hijack an email account to send and receive messages. They usually have documents attached to them in which you click it and it delivers malicious codes. “Viruses are small programs embedded in fries. Once a file is infected the virus can execute its function”. Antiviruses are applications that people pay for either annually or monthly for that specific application to protect that specific computer from getting hacked into or any virus trying to bypass its security. Many people in businesses use this method so that the company does not get disturbed through work, but experienced hackers can still be able to get through that type of security. Viruses can lead to you severely damaging your computer, and many software companies recommend that you buy an antivirus application to protect your computer and increase your security.

Cyber security is an important topic ensuring the safety of your computer. The vast majority of computers connected to the Internet are IBM compatible as are the few operating systems that control their function. Connecting through a wireless connection can potentially endanger you from getting hacked. “Wireless networks carry other security risks, as a rogue computer does not need to be physically connected to a network drop in order to acquire information”. Usernames and passwords are another important and vulnerable aspect of a computer network. Remembering a username and password that a specific person has created is important, computers are stored with information about passwords and usernames that only the owner of the computer should know.

Fraud is a way why people lose millions of dollars in which it contains lies and other false information. Many people lose money by lying or getting ‘scammed’ which is losing something as a result of an inaccurate or fraudulent claim. “That strategy could go beyond simple retaliation. As president Donald Trump might be able to empty his reputed deal making skills”. The president has to convince Russia from hacking U.S. government because of the situation going on between the election where there was supposedly a miscount leading to an excuse that it was unfair that Donald Trump and that Russia was a part of the situation. Fraud is a continuous problem between the U. S and Russia it has been back and forth ever since the accusation in the election.

Cybercrime is a traditional crime committed through a modern medium. This has been a huge complaint towards big businesses because since the business are mainly worked through computers and transfer a lot of their money online it is much easier for the hacker to interfere and retrieve some of that currency. This then makes the business lose money and go out of business. There are some who look upon these things as nothing, but a traditional crime committed through a modern medium, called cyberspace.

“It is a crime flowing either from an unlawful attack on computer systems or one committed with the assistance of such systems”. There are about eleven varieties of computer-rebel crimes. They have begun the first cybercrime law in the mid-1980s it regulates electronic commerce, with also penalties.

In conclusion, though not all people are victims to cybercrimes, they are still at risk. Crimes by computers vary, and they don’t always occur behind the computer, but they executed it by computer. The hackers’ identity is ranged between twelve years young to sixty-seven years old. The hacker could live three continents away from its victim, and they wouldn’t even know they were being hacked until it has already been fully surpassed by that specific hacker. Crimes done behind the computer are the 21st century problem. With the technology increasing, criminals don’t have to rob banks, nor do they have to be outside in order to commit any crime. They have everything they need on their lap. Their weapons aren’t guns anymore; they attack with the mouse cursors and passwords.

An Integrated Analysis of Computer Hacking

Did you know that in 2018, the total cost of cybercrime amounted to 1 trillion US dollars? In this digital age, almost everyone relies on some form of technology to store information. From social media accounts, bank accounts, to confidential government projects, there are countless pieces of information stored in computer systems, most of which users wish to conceal from the public. As a result, just hearing the word ‘hacking’ might lead you to think of devastating cybercrimes. While it is true that hacking has caused a lot of havoc on computer systems of individuals, organizations, or even governments across the globe, hacking has also been crucial to the development of modern computer technology. Aside from the common stereotypes, there are actually many facets of hacking that the public remains unenlightened on. This study will take a closer look at these neglected fronts and introduce a whole new world of hacking.

In general terms, hacking is the action of breaking into a computer system through any means, with intentions of which include but are not limited to compromising the system, causing delays, crashes, or exploiting data. The results of hacking could be beneficial or destructive, depending on the intentions of the hacker executing the attack. The term ‘black hat’ refers to a hacker who has malicious intentions and is hacking to achieve a selfish goal or to create a nuisance. Two common motivations of black hats are either to gain fame or to gain wealth. The term ‘white hat’ refers to a hacker who is hacking not to achieve malignant objectives but instead to find a vulnerability in a computer system in order to fix it. White hats are a contrast to black hats and usually have a strong sense of virtue.

Historical Development

The word ‘hacking’ can be traced back to the 1960s in the Tech Model Railroad Club of the Massachusetts Institute of Technology (Williams, 226). At that time, hacking wasn’t used on computers at all. Instead, the engineers and workers in the club hacked their advanced train systems, hoping that they could improve the functions of their train systems. Later, they moved on to using IBM 704’s computers, creating new paradigms and expanded the abilities of the computers. During this time, hackers had positive intentions, and they were pioneers of the modern computer industry (Williams, 153). For example, Dennis Ritchie’s and Keith Thompson’s UNIX operating system was created by hacking, and it was actually a really advanced system at the time (Ritchie, 35).

In the 1970s, while computer hackers continued to explore the abilities of computers, a new type of hacker appeared, called ‘phreakers’ (Chirillo, 6). Phreakers were phone hackers who used the internal-use tones of different telephone companies to ‘trick’ public telephones into dialing long-term calls without taking money from the user. Interestingly, one of these tones was the illustrious 2600 Hz tone, which were emitted from the toy whistle in Cap’n Crunch cereal packages. As a matter of fact, even Steve Jobs and Steve Wozniak were phreakers at this time (Leeson, 5).

After the 1980s, personal and household computers became more popular, and with the rising amount of computers, new types of hacking like viruses were created. The amount of bad hackers, or black hats rose significantly (Williams, 161). In this decade, the first ransomware, the notorious trojan horse virus, and many other malwares were invented (Burger, 5). It was also at this time that the legislature around the world started to make laws against hacking, like the Computer Fraud and Abuse Act in the United States, and the number of white hats, or ethical hackers who wanted to improve cybersecurity systems and computer networks, rose subsequently.

The next decade gave birth to some of the most notorious hackers of all time, like Kevin Mitnick, Kevin Poulsen, Robert Morris and Vladimir Levin.

Now, as we advance into the 21st century, the development of the Internet has led to a golden age of hacking, and large amounts of new hacking methods were developed such as DDoS attacks, baits, clickjacking, etc. Nowadays, computer systems of large companies, different governments, and personal computers are all in risk of cyberattacks, and these attacks can sometimes cause severe damage to the systems. According to the statistics of the Ponemon Independent Research Institute on Data Protection, the United States is at the top of the list of countries targeted by hackers, but many other countries also take up a significant portion of the attacks, including Taiwan. It is evident that despite the developments of new cybersecurity protocols, hackers and new hacking technology always seems to stay one step ahead; therefore, to understand hackers better, we need to analyze their motivation and the underlying economics of hacking.

The Motives of Hackers and the Economics Behind Hacking

Costs of hacking hackers can be separated into two main categories: white hats and black hats. Both types of hackers have to face an initial fixed expense that includes computers, cables, modems, and most importantly, electricity bills (Leeson, 18). In addition, other than the basic expenses, hacking itself is an unlawful action, so for black hats there is another underlying price–the law. Even white hats will have to face the law if they hack without approval. Due to these costs and risks, hacking isn’t something the majority of hackers will do just for fun under normal circumstances. Of course, there are always exceptions such as Kevin Mitnick or Kevin Poulsen, but there are very few of these examples compared to the number of hackers out there. Hackers must have a motivation, otherwise their actions would not fit in a supply-demand system (Leeson, 7).

Motives of White Hats

The motives of white hats that work for other companies is usually either to receive a salary while not violating the law, or to fix vulnerabilities in systems due to a sense of integrity. There are also white hats that don’t work for companies, and thus their motives are usually harder to analyze because they aren’t motivated by profit or any personal gains. These white hats are the minority of hackers that try to improve the cyber world while risking their own necks, as they are still hacking without approval.

Motives of Black Hats

Black hats can mainly be categorized into two categories: those who hack for fame and those who hack for profit.

1. Hacking for fame. One crucial concept that Schell gained from his research was that although hackers were viewed as nerds and geeks, oftentimes they behave just like normal people, and they also like to socialize with other members in the hacker community. This is why there are many hacker meetings, organizations, and communities around the world. Hackers who hack for fame basically strive to hack into strong systems to impress the hacking community and gain recognition among other hackers. As professor Leeson mentioned in ‘The Economics of Computer Hacking’, “In the language of economists, the hacking community has a reaction function, which specifies how this community reacts with fame to various quantities of hacking that are supplied by hackers. More hacking is rewarded with more applause and less with less applause. The hacking community’s reaction function is therefore positively sloped like the supply of hacking itself” (Leeson, 20).
2. Hacking for profit. For hackers who hack for profit, their main goal is to gain as much monetary value through hacking; thus, they commit crimes such as stealing money from other people’s bank accounts, selling classified information on the dark web, working for illegal organizations, etc. As a result, the supply and demand graph for the profit-driven hacking ‘market’ is much like the conventional one.

Percent Distribution of Hackers with Different Motives

Currently, a comprehensive and accurate analysis on the demographics, motives, lifestyles of hackers is the research project done by professors Bernadette Schell and John Dodge. In their project, they randomly surveyed 200 hackers from around the world who attended the H2K hacker convention held in New York and the DefCon 8 hacker convention held in Las Vegas (Schell and Dodge, 22). To make the survey data accurate, Schell and Dodge promised all those surveyed that this would be an anonymous survey. According to their analysis, of all the hackers they interviewed, only 11% of hackers were actually maliciously motivated. Of the rest of the hackers, 36% of the hackers just aimed to surmount challenges and test their programming skills, 34% of the hackers were white hats working for different companies, and 19% hacked plainly to make the world a better place (Schell and Dodge 30).

The Effect of Hacking on the Modern Society

Some of the positive effects hacking has brought include the improvement of cybersecurity technology across the world and the evolution of computer and software technology (Levy, 38). Of course, these developments come with a price, and that is the growth of illegal hacking. There are countless misconducts hackers can commit, and victims range from individuals, organizations, all the way to large government agencies. Most of these attacks are intentional attacks, and the effects of these attacks range from minor delays to complete shutdown of IT systems. The following are specific examples of cyberattacks and the disruption that can result from them.

• Attack on personal computers (the Wannacry Ransomware Attack). One instance of a hacker attack on PCs was the Wannacry worldwide ransomware attack in May, 2017, which caused a global breakdown of systems operating with Microsoft Windows (Brenner 58). In this attack, countless computer systems in over 150 countries were affected, and victims ranged from regular people to large companies. Victims were forced to pay a ransom via bitcoin within the time limit, or else their data inside the computer would be deleted.
• Cyber warfare. Other than stealing data, leaking confidential information, and other forms of sabotage on different IT systems, the development of cyberattacks has also brought forth a greater consequence – cyberwarfare. A century ago, when a country planned to harm another country without actually going to war, they could only perform actions in the forms of sanction, spying, assassinations, etc., and these actions were often easily exposed. Starting from World War Two, however, countries have started to advance their abilities of cyberattacks. In the modern world, cyber warfare has become so ubiquitous that on average, there is an intentional cyberattack every 39 seconds (Milkovich). This has forced many countries to put ever-increasing amounts of resources into developing defenses for their networks and establishing IT security teams. Cyberattacks can also leak classified information of different countries, thus leading to the collapse of the economy, diplomatic fallout, etc. (Carr, 74). Even worse, many of these attacks are false flag attacks, meaning the hackers disguise their attack so as to frame a particular party, group, or nation for performing it (Thomas, 80). One of these devastating attacks was on the Pentagon on April 21st, 2009. In this attack, several terabytes of data on the 300-billion-dollar Joint Strike Fighter project were leaked, and the entire communications network of the Pentagon shut down for more than an hour before the attack was brought under control (Carr, 37). It was presumed that the hackers were from China and that the Chinese government initiated the attack, but due to the false flag technique the hackers used, the source couldn’t be determined (Carr, 38). This example is just one of the hundreds of devastating cyberattacks that have happened to countries all over the world, and despite the constant improvements in cyber security, black hat hackers always seem to be one step ahead.

Conclusion

After looking at the evolution, the economics, and the effects of hacking, we have a clearer understanding of hackers and their vital impact on the world, but why is hacking a thing, and why are there so many hackers? It began as a method to explore and improve the potential abilities of computer systems, but things went downhill when new hacking methods like viruses and malware were born. A decade later, numbers of hackers rose, and an economic system of hacking developed following the rise of the popularity of hacking. Nowadays, not only does hacking constantly affect the individuals in the society, but it has also become a new method of war. So, why did the once ethical and beneficial hacking decay into a tool for crime? The answer lies in human nature-greed, vengeance, or maybe even the joy of watching others suffer. How can we stop unethical hacking? There is no possible answer. Human nature is the reason there is so much unlawful hacking going on, and as long as there are desires in the hearts of people, unethical hacking will never stop. Despite the attempts of white hats and improvements of cybersecurity, black hats will always find vulnerabilities in computer systems where they can drill through and fulfill their desires.