Hacking, Hackers, and Hacktivism

From Technologies and Politics of Control
Jump to navigation Jump to search

April 22

Spend five minutes with anyone who studies “hackers” and you will quickly learn that the term is used to define a wide array of discrete subcultures, from homebrew computer programmers all the way through to military-industrial network vulnerability experts. If there is one unifying characteristic amongst all of these cultures (and there may not be), it is most likely the acknowledgement between these groups that the limitations imposed by code as a mode of regulating behavior can, and should, be subverted. Today we look to hackers, who they are, what they do, and what rules and norms govern those who do not recognize code as a governing influence.


Readings

Defining hackers, hacking, and hacktivism
  • Sauter uses the term "DDoS" throughout. This is an abbreviation for "distributed denial of service," a specific form of attack to a web server described in more detail here.
Law and law enforcement
Case studies

Optional Readings



Videos Watched in Class

Links

Class Discussion

Please remember to sign your postings by adding four tildes (~~~~) to the end of your contribution. This will automatically add your username and the date/time of your post, like so: Andy 10:28, 17 December 2013 (EST)
In July 2012, someone successfully hacked my iphone and installed spy software on it. Any and all movements on my iPhone were being stored/tracked unbeknownst to me, including app activity (Chase Bank, emails, etc) for one month. I found out about it when I had taken my iPhone in a shop to get checked out - the screen would glitch at times and would randomly lose about 1% per minute. (I learned this was when my GPS data was being tracked up to minute). Among other things, the next step was to file a police report of this incident for my personal safety, as I’ll never be certain which data of mine was compromised. At the time I went to local police, either they didn’t care enough or they just didn’t have proper protocol to handle it.
I understand this is a miniscule crime, in comparison to the huge cyber-crimes in the class readings. However, it lead me to research how equipped local police are for such smaller incidences. The result: They're not. (yet). I’m certain similar, smaller crimes will only increase over time and will be dealt with by the local police. While crime is increasingly moving online, state and local police are having a hard time keeping up. If the case is significant enough, the police have to hire specialized cyber-security companies to conduct digital investigations. The techniques the police will need to be equipped with are going to have to be more “IT specialist” and less “Law and Order” over the next few years. It seems hackers will be one step ahead, at a local level, until the police shift their skill set to more IT training. Marissa1989 02:41, 21 April 2014 (EDT)
I'm very glad you mentioned this because I completely agree. On a smaller level such as the local police, I agree that they do not have the resources or the structure in place yet to deal with hacking of cell phones and breaches of personal information. While large national crimes are handled properly, there should also be an active protocol for situations such as this, which happen very often. The lack of a targeted action by law enforcement against these small time criminals facilitate identity theft and unless there is a strong development in the law enforcement IT department, chances are these crimes will only increase with time. Lpereira 09:16, 22 April 2014 (EDT)
Several readings this week caused me to think about the perceived value, real and potential, of personal data. Targeted hacking of trade secrets, governments, publications like the New York Times and other large-scale operations are rooted in fairly straightforward incentives. So too are hacktivists and hackers that are "doing it for the lulz"- outcomes that are for more about provoking a response or creating change. Targeted hacks of individuals for personal data not only are much more difficult to prevent, identify and pursue on the part of law enforcement- they also happen on a scale that is not seen to have a significant enough impact economically, societally or organizationally to receive the attention truly deserved. Given the frequency of such instances, and the yearly increase in information and services processed solely online, the public service and private sector incentive to have structures in place to respond to such attacks surely must reach a tipping point soon? akk22 14:26, 22 April 2014 (EDT)-----

Cyber warfare will take on a greater importance in conventional warfare and Government hackers will be crucial to this. It only makes sense as weapons, communications and systems become more sophisticated. Hackers may be used to break into countries systems to steal data and cause widespread disruption or break into the phones of country leaders and their key staff. This is evidenced in the Ukraine crisis by relentless hacking attacks on Russian websites by Ukraninan hackers and visa-versa. http://www.bloomberg.com/news/2014-03-05/russia-ukraine-standoff-going-online-as-hackers-attack.html Marissa1989 01:06, 22 April 2014 (EDT)


Andy, thanks for your article on the Aaron Schwartz prosecution. As you put it, "CFAA is shockingly broad when it is laid out" -- but that's not the only issue with it. It's just another case of private industry co-opting the criminal justice system to enforce things that ought to be largely handled by the civil system (which strikes me as lousy public policy). As you noted in your quote from the CFAA itself, "access in violation of an agreement or contractual obligation, such as an acceptable use policy or terms of service agreement..." In other words, the CFAA makes it a crime to violate the AUP or TOS with your ISP. Outside of copyrights and information technology stuff, how common is it for the US government to get involved in criminalizing the violations of contracts between private parties? Jradoff 09:46, 22 April 2014 (EDT)


In the article "Hacking tool threatens Healthcare.gov site" a DDoS is the least of warranted concerns. A DoS attack is grave in nature and is rather simple to perform. Many attempts have been made to develop systems that could either launch a DoS attack or be immune to one, but to assume that the nefarious minds out there in the arena aren’t constantly working on new and novel methods to exploit systems is naïve and foolish. The rash and explosion of virus and malware activity in the recent decades testifies to the fact that there is no dearth of people working to venture into, exploit and topple your systems. The use of pre configured or automated tools that are easy to operate in order to pursue their disruptive activities against systems in a network are identifiable. . DoS attacks are nothing but an onslaught or assault against your system that will affect in that system not being able to accomplish its intended job. The direction of the argument within the article fails to look at the programming and structure of the website itself that may allow for significant data leakage. VACYBER 13:05, 22 April 2014 (EDT)




I have to say this is one of the topics I was most looking forward to this semester, particularly with the growing number of hacktivist groups and hackers. I was quite intrigued by the recent events around the Heartbleed bug, which they are calling one of the greatest security threats in the online era (http://en.wikipedia.org/wiki/Heartbleed). As I have noticed in many of your posts already, I believe the growing consensus is that hacking is here to stay and will likely become more predominate in our national security moving forward. As more and more functions of our society move online (think traffic grids, manufacturing processes, defense systems), the urgency to protect against hacking threats grows each year.

What will then intrigue me to hear is what is being done to slow down hackers, particularly those who may pose a greater security risk than say, taking over a facebook page. I believe part of the issue is that the NSA needs to be able to attract and retain elite computer hackers who can help in this regard, yet have been unable to do so. The best computer minds would rather take a payday from Google than work for the government at a more modest wage.

Can't wait to hear this lecture and see what there is to be said about slowing hackers in the future.

Drogowski 13:13, 22 April 2014 (EDT)


Grrr... The site logged me out while I wrote my last message and then proceeded to delete it :(

Any ways, I think this weeks' readings raise a lot of questions about the "morality" of internet behavior and online hacktivism. Interestingly, there seems to be an influx of individuals who wouldn't necessarily be apt to breaking and entering in the physical world, but who are doing just that via their computers. I wonder in these cases whether it is the ease, the relative security, or that it feels less invasive/illegal that draws people to hacking rather than more physically invasive means.

It also seems that there is a great degree of ambiguity to the laws which govern how one is expected to comport themselves online. This is made especially clear in Sarah Laskow's article, in which she points out that "The CFAA isn’t a law that journalists are taught to look out for." This presents us with a scary reality, that individuals like you and I, as well as professionals such as reporters, might be subject to laws which we might not realize exist or understand and could easily be breaking, just by doing what we think is simple research. While I understand the necessity of regulation, it can also be a catch-22.

Castille 15:14, 22 April 2014 (EDT)


As it is clear from readings and Aaron's case, the security of information is the crucial question of nowadays. Data contained in computer, data contained in mobile phone is so essential and important that they ruin lifes once they are disclosed. When it comes to criminalization of hackerisim or non-authorized access or "with exceeding authorizatiob" is a right direction from point of security. But, still I think that this is more technological issue rather than legislative. Aysel Ibayeva (Aysel 15:21, 22 April 2014 (EDT))