Today a British teenager was arrested over the recent spate of hacking which has seen the likes of the NHS, the CIA and a range of companies like Sony and Nintendo's websites hacked open.
The arrest, co-ordinated by Essex Police and the FBI, saw a 19-year-old who is the supposed ringleader of notorious internet hacking group LulzSec taken into custody.
Yes, he broke the law. But is it fair to punish someone for exposing the security flaws which could have put us all at risk?
Hacking, you see, has become all the rage. Everybody who's anybody (read: a bedroom shut-in nobody) has been hacking into bigwigs' websites for a laugh, leaving messages inside their 'secure' servers and boasting on Twitter about how they could get access to all these companies' personal details. Aka, your personal details.
These are not simple little Norton firewalls. These are, in some cases, multi-million pound security software systems which have been compromised by groups of internet anarchists seemingly intent on watching the world burn, one web hack at a time.
LulzSec's now-notorious logo |
But have hackers, like the infamous 'LulzSec' and 'Anonymous' groups, become demonised unfairly? After all, these sites are supposed to be secure websites housing, in some cases, very sensitive data and have been hacked open as if it were as easy as shouting 'open sesame' at the NHS database.
Yes, some of the hacking has been silliness. The news site PBS posted a story stating that legendary, deceased rapper Tupac Shakur was actually alive and living in New Zealand. This was obviously useless, borderline dangerous joking by hackers at the expense of PBS.
But a lot of the hacks have actually served a beneficial purpose - they have exposed serious, some might say criminal, flaws in the supposedly secure systems of these websites.
Hacking group LulzSec allegedly left this message inside the NHS database which holds the names, addresses and other personal details of millions of people:
"While you aren't considered an enemy - your work is of course brilliant - we did stumble upon several of your admin passwords".
"We mean you no harm and only want to help you fix your tech issues".
If these apparently harmless hackers can hack in so easily, though, what's to stop a more malicious group from gaining access to the details of anyone on that NHS database?
Similarly, the group has highlighted serious flaws in the security of the government's 2011 census database; which surely holds enough information about each and every one of us to put all of us at risk of identity theft.
Whilst I would never condone what these hackers have done - after all, Anonymous put the PlayStation Network down for a month, at the estimated cost of some $100million to Sony - which could have repercussions for their employees.
And whatever their stated intentions, we should always be wary of any group which is openly admitting to accessing databases of personal information. It only takes one rogue, less noble member of LulzSec to sell on these personal details to someone unscrupulous to put everyone at risk.
But these hackers have shown us just how fragile these 'secure' databases really are. Sony held PS3 users' credit card details in its records, yet secured them so poorly that some bedroom-dwelling teen might have made off with the lot. Government bodies like the NHS, too, must be secure enough to stop any intrusion.
If they are going to force us to hand over our personal information, the least they could do is look after it properly.
Hacking is obviously illegal, and the arrest made today shows how seriously the authorities are taking it. But some blame must lay at the companies' cyber-doors.
If this spate of web attacks results in more secure databases for all our personal info, they may just have done us all a favour.
I'm not trying to argue that this teenage hacker is some modern day martyr. But this is one area in which the law clashes with ethics - we must all question whether it is really right to punish him when his actions may have helped get us all better protected.
Good point! I guess it is crucial to find ways to differentiate between those who hack in for the sole purpose of the challenge of hacking versus those who hack with malicious intent. The cyber laws has to be rewritten to accomodate this!
ReplyDelete