The week of August 9, 2015

The people behind the hacks

By Jesse Hicks

As I wrote in last week’s issue of the Kernel, talking about data breaches in 2015 often involves head-spinning numbers: dozens of known intrusions and millions of people affected. And like much of the cyberworld, the numbers can seem very abstract. What does it actually mean when millions of people have their Social Security numbers stolen? And how do we deal with the communication systems that allow such breaches to happen in order to prevent the next hack?

But not everything in the world of hacking is so abstract. After all, these are human systems, and behind them are human stories. In this issue, we focus on the human side of hacking, first with Kevin Collier’s profile of Hector Monsegur—also known as Sabu, the LulzSec and Anonymous hacker turned FBI collaborator who’s subsequently been blacklisted from the world of cybersecurity. As Collier details, after being released from prison, Monsegur has tried to make a living doing the one thing he’s good at—hacking—but has largely been shunned by the industry, with even his presence at conferences drawing protesters. Monsegur, though, remains defiant and determined.

Monsegur’s not the only one dealing with the repercussions of a criminal past, as Dell Cameron details in his profile of Jonah, a pseudonymous social engineer. Jonah spent much of his late teens traveling the world while ripping off large electronics companies, exploiting loopholes in their warranty and return systems. With a serial number, a laptop, and a cellphone, he could convince companies to mail him thousands of dollars worth of products, which he could then sell online to sponsor his lavish lifestyle. But all along he knew it was a matter of time before he got caught; he went straight before that could happen and now offers his services to to a private security firm. In short, he has the life Monsegur wants.

These are human systems, and behind them are human stories.

The notion that hackers make the best hires is a prevalent (if self-serving) one within the community. In William Turton’s history of the hacker group Lizard Squad, one member told him that Microsoft and Sony couldn’t handle their own security: “Like, if they went around prisons and hired people who were convicted for stuff like this, they would have a better chance at preventing attacks.” Turton shows how Lizard Squad, motivated by a desire for money and fame as much as the technical challenge of hacking, became one of the world’s most infamous cybersecurity threats.

Of course, the march to international infamy causes collateral damage. In Lizard Squad’s case, it was the millions of PlayStation and Xbox users who woke up Christmas morning unable to play their favorite games. In other hacks, it’s been people forced to cancel their credit cards or worry that their Social Security numbers have been compromised. But as Nico Sell argues in her essay for this issue, breaches aside, the Internet itself has become a place where individual privacy is not adequately protected. She argues that we need to rebalance our current technology to build a private Web that respects and protects individual privacy. If we don’t, the Internet will increasingly become a tool of surveillance, even more so than it already has.

Rounding out this issue, I interview author Alexa Clay about how the hacker ethos can help us imagine and create new economic worlds, and eternal teenager Aaron Sankin lays out everything you need to know about password security, explained by 19th century slang.

Enjoy the reading.

Photo via Adikos/Flickr (CC BY 2.0) | Remix by Jason Reed