Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

What should be done about this? 4

Status
Not open for further replies.
One point that I think needs to be made is that Internet anonymity is not a privacy right. As stated in the article, "The company declined to identify the Affinity customer who set up the Internet site, citing privacy restrictions." I would guess that 3/4 of this type of hacking would go away if the people knew they could not hide behind some Internet moniker.

Privacy is the right to be left alone, and to protect data about yourself. Anonymity is the desire to be unknown, and therefore, unaccountable for your actions. It's that lack of accountability that gives most people the courage to do that which they wouldn't even consider signing their name to.

I wonder how we would respond if someone called for a contest, where the winner was the person who could spray paint the most store front windows in a given amount of time. But now, using technology, we can do that to hundreds of storefronts in just seconds. Would the same person who sits comfortably behind an anonymous moniker and from the computer hacks hundreds of sites go out in broad daylight with a can a spray paint and display the message on dozens of store front windows? In some cases, sure, but I do believe they would be the exception.

What is the difference? One very real difference is anonymity. It’s hard to remain anonymous walking down the street while deploying your can of spray point. It’s interesting that even if you wore a costume and a ski mask, no one would consider taking that ski mask off to see your face as an invasion of privacy. And yet, we scream for civil right violations when someone wants to take off our Internet moniker mask. Secondly, there is the notion of physical property. We don’t seem to consider the website to be the same as the storefront window. But one is physical, and the other is not. Is this the same phenomenon that some think that stealing music is okay because you’re not taking a physical copy? It’s not okay to use spray paint on the storefront glass, because it physically exists, but it’s okay to spray point the storefront website because it’s not physical in the same sense.

We need to change the general notion that "the computer is just a machine". As the technology as evolved in a wide variety of areas, the computer has become more than a machine, it has become and extension of an individual or business; a new store front for the retail e-business. We need to protect that storefront from vandalism just as surely as if it were a large sheet of glass.

Today in many ways, the Internet is essentially a lawless environment, with its civility based solely on its users. I’m sure that sociologist are having some real fun studying human behavior in this environment – one without boundaries, not perceived to be physical, and basically anonymous.

What then needs to be done is to identify and prosecute the hackers for their crimes. Make it clear that a website will have the same degree of legal protection as a glass storefront window. You break the glass, you pay for it. You break the site, you pay for it.

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
CajunCenturion I noticed in the story that the "security experts" are warning companys to ensure that they have the latest patches etc.

Now I don't want to give the impression that I am defending hacker ~ far from it ~ though what I am suggesting is that people (especially companys) need to take more responsibility for their web-sites security.

Yes, in a perfect world "what is mine should be left alone". But we don't live in a perfect world, we could never live in a perfect world.

My sympathy for the "victim" takes a nose dive when I hear that the site which was "hacked" didn't have the latest updates applied. The implication from the security bod is that not everyone maintains their security.

How can we hold the moral high ground when we know that we didn't do as much as we could have to prevent the "crime". If people within IT or business have either a "don't care" or "make do" attitude, then hacks are going to continue.

The notion of the; Make it clear that a website will have the same degree of legal protection as a glass storefront window. You break the glass, you pay for it. You break the site, you pay for it.

This is an example from the "perfect world" which we don't live in. The streets are full of businesses that have metal shutters, wire meshes, toughened glass, security doors etc. There are many businesses who have been expoed to vandalism and the vandal was never caught.

It is unrealistic to expect web-sites to be inviolate. It is also unrealistic to expect to catch every "hacker" and have them pay for the damage. It is also unrealistic to expect that "hackers2 will be forced to foot the bill of repairs even if they are caught.

Business needs to wake up to its own responsibility and stop passing all the blame down to the hacker.

All the best.
 
PCLINE, I guess if you forget to lock all your windows and doors in your house can don't have metal bars over the windows and someone breaks into your house by throwing a brick through bay window of your house that the police should do nothing because after all you should have taken responcibility and you know its just not worth the effort to do anything. Because you know you where just inviting them in by not securing your place. Victims aren't at fault here. They don't have to take any responsibility for the crime. I agree that they should protect themselves but they are not at fault here. If your child was kidnapped from your front yard is it your fault for letting them play in the front yard? Problem is even with latest patches it doesn't mean your safe.

I agree that is unrealistic to catch every hacker just as it is unrealistic to catch every criminal but we shouldn't just sit back and tell the victims its their problem. There is a idea going around right now that the government should be getting involved with cyber defence just liket that handle normal physical threats. Ie providing more funds and resources to attacks agianst information attacks. Its interesting. How could they do it? We give liberties to police officers when chasing a criminals. Maybe we need to look at a similar situation with cyberspace.

I just think more needs to be done. People just don't think of the amount of money that virus's, worms, hacks, etc chews up. Maker of slammer virus should get life in prison with no chance of parole. These viruses cost billions of dollars to fix the damage and even more in lost productivity. You know with these big viruses they should do everything they can to track down the person/people an put them away for life. Make the punishment fit the crime. You cause 1.2 billion dollars worth of damage then kiss your freedom for the rest of your life goodbye.
 
PCLine - I understand that you're not defending hackers, but you are providing them a means of safe harbor.

Semper - I don't think PCLine feels the police should do nothing because you didn't have shatterproof windows with steel-reinforced concrete retaining walls, etc, etc. He is just saying that he'll have no sympathy for you if you don't, and that you have no right to take the moral high ground as a victim because you didn't do everything you could to prevent the crime. Clearly you didn't care about enough about your own property to the necessary degree in this non-perfect world in which we live. If you're unlucky enough that police can't find the burgler, then PCLine would say to you well, tough luck - you shouldv'e have taken better care of your property.

"Business needs to wake up to its own responsibility and stop passing all the blame down to the hacker." The business may be irresponsible, but that is not a crime and certainly not immoral. The hacker on the other hand, is a criminal.

You may think you're not defending the hacker, but isn't one type of defence to spread the blame around. And isn't that how you're providing defence to the hacker?

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Time to activate the "Web Force" as outlined by Tom Clancy?

Ed Fair
Any advice I give is my best judgement based on my interpretation of the facts you supply. Help increase my knowledge by providing some feedback, good or bad, on any advice I have given.
 
Real world analogies in IT... ugh here we go again, but you need to be more thoughtful about this storefront analogy. What are the police going to do because you didn't have the steel bars and what not is one of the questions right?

Well I'd posit that on after hours robbery #3 in a bad neighborhood in a municapility that is understaffed, they're going to tell you they're doing what they can, but please get a security door and an alarm. Then summarily go on to help someone who is willing to help themselves.

I'd also posit that most insurances won't pay off on car thefts where the doors are shown to be unlocked.

If the individual is caught, should the prosecuted in each of these cases... of course! Should we expect the authorities to work their buts off to catch someone who we could have easily deterred? I don't want to spend more tax dollars so that lazy sys-admin X doesn't have to work harder.

I'm all for catching and prosecuting the hackers... I think the contest is silly and dangerous, and anything to stop it is a good thing. But I find the draconian approach to hacking here very idealistic and therefore unproductive.

As far as the blame, in my head this works out pretty quickly. In criminal terms the hacker is 100% responsible. In terms of responsibility to share-holders, employees, customers the business is responsible to put up the appropriate security, obtain the appropriate insurances (financially and physically in the terms of backups and replacement glass and whatnot) and to keep both of these up to date and effective. Obviouslly that leaves other realms of responsibility which are fuzzier, but to me it covers the basics.

-Rob
 
Well put skiflyer. I'm not trying to say that the business should neglect their systems and provide a reasonable amount of effort to keep their systems safe. But that in no way effects the fact that in this case the criminal should be held 100% accountable.

I'm not compairing the billion dollar loss to anything other type of crime. I'm holding it on its own merit. Pure and simple that type of thing needs to be gone after. They might not find anyone some times but then they don't always find the criminals.
 
>most insurances won't pay off

Heh! I'm not sure we can use insurance companies as an indicator of the ethics of a situation...
 
You're quite correct strongm. Insurance companies have their own agendas and have no bearing on the ethics of this discussion.

I, however, feel very strongly about this issue and can only add emotional ferver and so will quietly sit on the sidelines.

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
I know it was a joke, but a note on why I bothered with the comment about insurance companies...

No, I wouldn't look to them for the ethics of the situation, but I would look to them to help answer the question asked about of how much security is enough security. Insurance companies play the odds, they're gamblers in some sense. And if the odds are overwhelmingly that you're going to get screwed, then they're going to write that situation into your policy and make sure they're not liable.

I wouldn't be surprised to see a tech policy with a clause like, if your system is compromised by a vulnerability which has been posted on (What is that site? CAN or something?) for X days then your policy is void.. or for which protection has been available for X days or some other similar bit of text.

-Rob
 
skiflyer - with respect to insurance companies - you're confusing security with greed. Insurance companies don't give a hoot about security, they only are looking for every possible angle to keep your money, and relieve them of their obligation to pay. Please don't confuse this in any way with hacking.

Good Luck
--------------
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top