Hackers aren’t heroes, and they aren’t just some kids being idiots

The problem with hackers is that they are somehow still seen as a bunch of anti-social kids and young adults acting out on the Internet in a way that is more nuisance than crime.  A bit like getting your brand new fence tagged by some scrote with a large marker.

The truth is that these are highly organised networks of sophisticated criminals that cause damage and extort money.

Right now, when someone is hacked, we tend to shift the blame on the people not running sufficient security, or having had some other lapse.   We victim blame.

Computer systems at South Korea’s nuclear plant operator have been hacked, the company said on Monday, sharply raising concerns about safeguards around nuclear facilities in a country that remains technically at war with North Korea.

The Korea Hydro and Nuclear Power Co Ltd (KHNP) and the government said only “non-critical” data was stolen by the hackers, and that there was no risk to nuclear installations, including the country’s 23 atomic reactors.

But the hacking was reported as the United States accused North Korea of a devastating cyberattack on Sony Pictures.

Experts voiced alarm that the controls of the nuclear reactors could be at risk.

“This demonstrated that, if anyone is intent with malice to infiltrate the system, it would be impossible to say with confidence that such an effort would be blocked completely,” said Suh Kune-yull of Seoul National University.

“And a compromise of nuclear reactors’ safety pretty clearly means there is a gaping hole in national security,” said Suh, who specialises in nuclear reactor design.

Just like you can break into any house, hackers can break into any computer system.  They just need time and eventually they find a way in, frequently using techniques where people are fooled into doing part of the job for them.   

Instead of treating these criminals, terrorists and digital war lords as heroes, it is time we start taking them more seriously.  Whether they are using your baby monitoring Cam to take photos of you naked as you go check on baby in the middle of the night, or they dump emails of bloggers or movie executives, or even if they take over a nuclear power plant, the mere act of accessing systems with the intent to commit a crime should be seen as a serious violation with huge penalties.

We tend to not think there is any harm done.  No blood.  No deaths.  No “real” victims.  But this is clearly not the case.  And even though hackers are currently not easily tracked and identified, this should not mean we shift the blame on the people we can identify:  the victims.

“You know, they were only running XYZ security, they were basically asking for it.”


– Reuters via Stuff


THANK YOU for being a subscriber. Because of you Whaleoil is going from strength to strength. It is a little known fact that Whaleoil subscribers are better in bed, good looking and highly intelligent. Sometimes all at once! Please Click Here Now to subscribe to an ad-free Whaleoil.

  • I’ve been doing some research on the “internet of thing”, the networked control and instrumentation on nearly all modern factories and plants and it is scary how little security is on most of these devices. I usually take internet security with a grain of salt, If somebody wants to hack my machines they are welcome to view my 15 year(and counting) spaceship model i’m drawing, so as long as i have a virus buster i don’t worry too much, but hackers could quite litterally flood valleys, shutdown power grids, seize control of power plants, factories and other infrastructure facilties. We do need to buy time by treating hackers as the crooks they are before the game of one upmanship they play leads one of them to do something very destructive.

    • Canucktoo

      Beware the internet of things and all things internet!!! Cyber security on fridges, CCTV cameras, VOIP phones etc is virtually non-existant and vulnerable to hacking. Hacking can be completely random – it is not necessarily targeted – malware is set loose by the crims and will enter any open ‘door’ it finds. We run a managed security operations centre (SOC) and we release several thousand anti-virus signatures to our clients each day to combat new malware – your desktop virus checker won’t hack it!! That gives you an idea of the magnitude of the problem which is worsening by the day – some of the scenarios you outline above are only a matter of time – count on it as people are very complacent about cyber security.

  • Nige.

    Hackers actively go out of their way to break through security the same way the a burgler actively breaks into a house. They knowingly violate your personal space. This is not like when you leave the door unlocked and someone who came to visit notices and decides to have a wee nosey. Hacking is big (criminal) business the same way that physical black markets are.

  • JC

    Nth Korea’s whole Internet went “totally dark” over the weekend and problems got worse as the days went by. Surely not the US?


    • LabTested

      looks like it:

      Mr Obama had said that the US would respond to the attack on Sony “in a place and time and manner that we choose”.

      ..state department said the US would not discuss publicly “operational details about the possible response options, or comment on those kind of reports in any way, except to say that as we implement our responses, some will be seen, some may not be seen”.


      • MaryLou

        Good. The only problem with it not being seen though, is it doesn’t send any message to any wannabe’s. Hopefully the “seen” bit will be relatively spectacular…

      • Korau

        Unlikely to be the US Government. Why would they show their hand (power) for such little return.

        More likely scenario here http://www.bloomberg.com/news/2014-12-22/north-korea-undergoing-internet-outage-network-researcher-says.html which suggests it’s likely to be some (group of) hacked off dicks who have taken the situation into their own hands and initiated a DDOS against a small number of routers.

  • Sally

    This is why the person who hacked Cam and also those who profited it by it ie Hager and the media have to be prosecuted. If the police don’t prosecute it will be sending a message to hackers that all is ok and they will continue to wreck havoc.

  • BloodyOrphan

    Our Australian website was hacked by an ISIS supporter recently, they replaced our Welcome page with black background and white Arabic (Sanskrit) and English slogans along the lines of “F*** USA / Australia / You” and “Death to the USA / Australia”

    We also had a ransom-ware attack on our Brisbane office.

    They were both easily corrected, but it just goes to show how bad it is in Australia at the moment.

    I reported both to the Brisbane police and the ransom-ware to IC3 in the states.

    • Goldfish

      The website “hack” would have been an automated one, some script kiddy would have a tool they run that automatically scans for holes/exploits, and when it finds one it uses it. It doesn’t discriminate in any way.

      The ransomware invariably relies on someone being stupid enough to download and run a malicious executable, frequently it propagates though “trust networks” like facebook.

      Never trust a link, and never just trust the person sending you a link. If you didn’t explicitly ask or look for it, don’t download it.

      • BloodyOrphan

        True in both cases, the ISP we use in Australia had problems on many of their clients websites, they tracked it down to a proxy server vulnerability in the end.

        The Ransom-ware was impersonating the NSW police, purporting to be a traffic camera offense, with an “evidential picture” link.

        My fix was to restore from backup etc, but some investigation showed the Ransom-ware came from a Russian mail server and was linked to an American website. Hence reporting it to IC3.

        From my investigations some people are actually paying the ransom using bitcoins etc, which to me is pure stupidity, for the sake of a few hours re-writing a document or restoring from backup you can save yourself a lot of money, and these guys deserve to be busted, the American authorities have already busted at least one ransom-ware site , and have published all the encryption keys for that particular hacker.

  • Goldfish

    I would be surprised if anything operational was stolen from South Korea, not when they’ve had North Korea being asses for the last 60 odd years, and China is just across the border.

    The hackers will enter, probe and explore regardless. Most companies would run things correctly, but occasionally they’ll strike it lucky and find a network where operational machinery or instruments are accessible via the regular office intranet.

    As for DRK’s internet going down – it will be more of a statement from the US to China than a retaliatory strike against DRK. They’ll be flexing some muscle, saying “look what we can do to your internet if we want to”.