In late August 2013, the New York Times website was hacked for a second time that month, and was forced offline as its IT team scrambled to contain an attack it blamed on a shadowy group linked to the Syrian government.
That day, August 27th, Twitter and a number of other websites also announced that their security had been compromised. It was the most far-reaching attack by a group calling itself the Syrian Electronic Army, which hijacks internet, or IP addresses – and in recent months has ratcheted up its assault on major western news organisations. The BBC, the Daily Telegraph and the Financial Times have all been victims.
But its attack last month was the most extensive, and ensnared not just news organisations it sees as sympathetic to the Syrian opposition, but also social networking sites including Twitter, and online news aggregators such as the Huffington Post. Indeed, any organisation that shapes or influences public debate will likely continue to be at risk from such attacks.
An attack of this scope and size shows the growing threat of computer attackers. Hacking, like never before, is on the front line of cyber warfare, and it is already putting pressure on Western governments to take action.
The challenge facing these institutions is huge because hackers are good, often very good. This is why calls are growing louder for the US not to prosecute ninja hackers, but employ them.
In an interview with The Guardian in 2012, John Arquilla – now a defence analyst but formerly a government adviser to both Bush administrations during the Gulf wars – was adamant that these elite “rangers of the cyber sphere”, of which he said there were about 100 in the world mainly in Asia and Russia, needed to be brought on-side.
He recalled how he tracked down one such expert, and brought him to meet a CEO of a top US company. Within minutes the hacker had accessed the company’s system with a rudimentary handheld device, exposing a massive security flaw. “All hell broke loose,” said Arquilla.
It was July 2012 when Arquilla estimated there could be around 100 ‘super hackers’ around the world. But the prevalence of attacks on big name corporations, and the apparent ease at which they’re being conducted, suggests the community is growing, and they’re getting better at what they do.
Take a look at the Palestinian Khalil Shreateh that last month broke into Mark Zuckerberg’s Facebook account to prove a security lapse. He discovered it was possible to post on anyone’ s profile irregardless of friendship status – or lack of it. Facebook do have a scheme where they reward people financially (normally at least $500) who bring to attention security glitches, though on this occasion the social networking behemoth has refused to pay out because Shreateh chose to expose the flaw on the CEO’s personal timeline. The fact that an online campaign has raised around $12000 to reward Shreateh for his efforts is beside the point – the company had fundamentally reneged on its commitment to honour those who go out of their way to help it.
For all the calls that hackers should be embraced, not isolated, it seems there still remains much skepticism to the idea.