Several years ago, a fifteen-year-old boy logged onto the Internet under the alias ‘Comrade’. To some of us, our idea of computer or internet hacking might include breaking into an email account or viewing confidential company information. However, no one expected that ‘Comrade’ would cause a three-week shutdown at NASA, steal government email passwords, intercept over 3000 emails and download close to $2 million worth of software used to operate the international space station. If that was not shocking enough, he had twice gained access to the computers used by the Pentagon to monitor threats of nuclear and biological warfare.
Computer hacking has been around for as long as we can remember – certainly as long as we have had a World Wide Web. Occasionally, the news speaks of silly pranks which imply nothing more than a temporary shutdown of a website, although ‘Comrades’ hack forced a three-week shutdown for repairs and cost the U.S. government $41,000. Recently, the case of the hackers tampering with the CIA‘s website, changing the title to ‘Central Stupidity Agency’ and filling it with obscenities was merely a nuisance for the agency. It posed no real threat because the CIA‘s files are inaccessible via that Internet site. Undoubtedly, there are some who see humour in this – a civilian, probably not even a professional, outwitting an elite US agency. Then there are more serious crimes, which are no laughing matter. In one case of corporate espionage, two ‘heavy manufacturing’ firms were bidding on a $900 million contract; one outbid the other by a fraction of a percent. This was no co-incidence as the losing company later discovered that someone had broken into the company’s computer network and accessed files that contained bidding strategy information. In another case, authorities are chasing an individual who regularly hires U.S. teens to access confidential documents. One young hacker was paid $1,000 – and promised $10,000 more – for stealing design documents for kitchen appliances from U.S. firms. Beyond selling the trade secrets to a company’s competition, some hackers resort to extortion of the company. In Sweden, a 15 and 17 year old tried to extort $2 million from a cellular company to destroy information they had illegally downloaded. Like most cases of extortion, the criminal’s identity is especially difficult to trace and is magnified because of the nature of the Net. When the Internet was gaining immense popularity, businesses were scrambling to secure domain names and using the technology to expand their market. Seeing e-commerce as an untapped goldmine, many were eagerly diving headfirst into a slew of problems, including security breaches. Companies like eBay, Buy.com, Yahoo! Amazon and Excite were not prepared when ‘Mafiaboy’ decided to strike. The 16-year-old Montreal teen crippled their sites last year when he bombarded them with thousands of simultaneous messages, preventing legitimate users from gaining access. His five-day tirade caused an estimated $1.7 billion in damages. These malicious and insidious attacks threaten security and cost companies and organizations billions of dollars. A survey of the Fortune 1000 companies in 1999 estimates a loss of $45 billion from information theft and internet hacking. Of course, many organizations are taking extra security measures, including the usage of firewalls (a security mechanism that allows limited access to sites from the Internet). Still, hackers will gain access. If a fifteen year old can shutdown NASA, what hope is there? Recently, Ernst & Young, a major consulting and accounting firm, set up computer labs across North America which allow information security consultants to perform ‘ethical hacks’ to assess the strengths and weaknesses of a client’s networks and systems. By using existing hacker tools, they’re fighting fire with fire. ‘Ethical hackers’ are being paid thousands of dollars to provide clients with clear evidence of how vulnerable their networks are to attacks that could compromise their most sensitive information. This is proving an effective way of gauging the level of security within a system. Internet hacking has become so prevalent that it is almost synonymous with the computer subculture. This “computer geek” culture is portrayed on television (X-files, the Lone Gunmen) and in movies (Hackers, Anti-Trust) as cynical and often self-righteous. With that, there is a sense of rebellion against big business; the proverbial David struggling against a corporate Goliath. In many of these crimes, people do them to defy corporations or the government; money is not always the motive. However, it is an act that is still unacceptable that victimizes all who use the Internet. Viruses, shutdowns, crashes and email hacking will be the burden of the user, a company’s money lost to theft will be the burden of its customers and a government’s money spent on security will be the burden of its citizens. Is there anyone not affected by Internet crime? Nope.