Several years ago, a fifteen-year-old boy logged onto the Internet under the alias “Comrade”. To some of us, our idea of computer or internet hacking might include breaking into an email account, or viewing confidential company information. However, no one expected that Comrade would cause a three-week shutdown at NASA, steal government email passwords, intercept over 3000 emails, and download close to $2 million worth of software used to operate the international space station. If that was not shocking enough, he twice gained access to the computers used by the Pentagon to monitor threats of nuclear and biological warfare.
Computer hacking has been around for as long as we can remember—certainly as long as we have the internet. Occasionally, the news speaks of silly pranks that imply nothing more than a temporary shutdown of a website, although Comrade’s hack forced a three-week shutdown for repairs, and cost the U.S. government $41,000. Recently, the case of the hackers tampering with the CIA‘s website, changing the title to “Central Stupidity Agency,” and filling it with obscenities was merely a nuisance for the agency. It posed no real threat because the CIA‘s files are inaccessible via that internet site. Undoubtedly, there are some who see humour in this—a civilian, probably not even a professional, outwitting an elite U.S. agency. Then there are more serious crimes, which are no laughing matter.
In one case of corporate espionage, two “heavy manufacturing firms” were bidding on a $900 million contract; one outbid the other by a fraction of a percent. This was no coincidence; the losing company later discovered that someone had broken into the company’s computer network and accessed files that contained bidding strategy information. In another case, authorities are chasing an individual who regularly hires U.S. teens to access confidential documents. One young hacker was paid $1,000—and promised $10,000 more—for stealing design documents for kitchen appliances from U.S. firms. Beyond selling the trade secrets to a company’s competition, some hackers resort to extortion of the company. In Sweden, a 15- and 17-year-old tried to extort $2 million from a cellular company in order to destroy information they illegally downloaded.
Like most cases of extortion, the criminal’s identity is especially difficult to trace and is magnified because of the nature of the internet. When the internet was gaining immense popularity, businesses were scrambling to secure domain names and using the technology to expand their market. Seeing e-commerce as an untapped goldmine, many were eagerly diving headfirst into a slew of problems, including security breaches. Companies like eBay, Buy.com, Yahoo! Amazon and Excite were not prepared when “Mafiaboy” decided to strike. The 16-year-old Montreal teen crippled their sites last year when he bombarded them with thousands of simultaneous messages, preventing legitimate users from gaining access. His five-day tirade caused an estimated $1.7 billion in damages.
These malicious and insidious attacks threaten security and cost companies and organizations billions of dollars. A survey of the Fortune 1000 companies in 1999 estimates a loss of $45 billion from information theft and internet hacking. Of course, many organizations are taking extra security measures, including the usage of firewalls. Still, hackers will gain access. If a fifteen-year-old can shutdown NASA, what hope is there?
Recently, Ernst & Young, a major consulting and accounting firm, set up computer labs across North America which allow information security consultants to perform ethical hacks to assess the strengths and weaknesses of a client’s networks and systems. By using existing hacker tools, they’re fighting fire with fire. Ethical hackers are being paid thousands of dollars to provide clients with clear evidence of how vulnerable their networks are to attacks that could compromise their most sensitive information. This is proving an effective way of gauging the level of security within a system.
Internet hacking has become so prevalent that it is almost synonymous with the computer subculture. This computer geek culture is portrayed on television and in movies as cynical and often self-righteous. With that, there is a sense of rebellion against big business; the proverbial David struggling against a corporate Goliath. In many of these crimes, people do them to defy corporations or the government; money is not always the motive. However, it is still an unacceptable act that victimizes all who use the internet. Viruses, shutdowns, crashes and email hacking will be the burden of the user, a company’s money lost to theft will be the burden of its customers and a government’s money spent on security will be the burden of its citizens. Is there anyone not affected by internet crime? Nope.