The thieves who made off with more than $2.5M from Citibank and caused the bank to issue 100,000 replacement bank cards have highlighted an alarming trend. Hackers are evolving. And, they are organizing and uniting. They even have a Twitter account. Before the advent of the Internet, we called these hackers "robbers" or "criminals" or the "mafia." However, now that the Internet has provided a way to enter the front door through the digital underground, hacking has evolved in to a disastrous enterprise.
I'm seeing the evolution of four kinds of hackers emerging into cohesive groups that we need to pay close attention to.
Mobsters: The hackers who attacked Citibank are probably "mobster" hackers. Mobsters are hackers who are connected to large-scale criminal enterprises bringing new meaning to the phrase "organized crime." In some cases, crime families are hiring hacking groups to procure log-in information for one site knowing that many consumers today are using the same log-in for their financial sites as well. Citibank seems like a perfect example of this kind of activity.
Taunters: Taunting hackers are just thumbing their noses at anyone who dares to believe they have good online security systems in place. These kinds of hacker are breaking security settings, stealing email addresses, and bypassing firewalls just to show that it can be done, usually to the great embarrassment of the company being preyed upon. The hackers who keep breaching Sony's systems and the CIA website are most likely taunters.
Activists: Activist hackers seem to have taken a nod from Taunters. While the act of hacking remains criminal, hackers who are breaching security to support a social cause aren't in it for the money. The hi-jacking of the PBS website to protest the Frontline story on WikiLeaks is a prime example as are the attacks on Visa, MasterCard, PayPal, and Sarah Palin. These are more like sit-ins, road blocks, and Green Peace protests.
Anarchists: The fourth and final kind of hackers are those who are working to dismantle governments, disrupt the lives of entire populations, or shut down some branch of government. Anarchist hackers may be engaged in what some might call terrorists activities and others might call citizen uproars or even revolutions. (On a side note, when sponsored by nation-states against enemies, they fall under counter-intelligence activities as well. See unleashing worms).
Whenever those destined to engage in criminal activity of any kind begin to unite and organize, good citizens must pay serious attention. Metamorphosis is a dynamic process, and the hacking evolution is no different. As certain groups gain strength and numbers, allegiances will shift and factions will break.
And as they declare war on each other, the good citizens of the world, like you and I, can find ourselves in a heap of collateral damage.
Follow Hemanshu Nigam on Twitter: www.twitter.com/hemanshunigam
Anonymous isn't "hackers" nor lulzsec, they are a group of hackers for certain but not all of them.
Its going to only get worse from here.
Taunters and activists do not deserve the same response, effort or criminal penalties.
Anarchists have not exactly been a major problem either.
The focus should be on the true criminals, wether they are organized or individuals.
I would also concur that without accountability for banksters and torturers, any effort to crack down on the lesser criminal class is hypocrisy and status quo PR that will gain little sympathy.
Poor Citi had to file an insurance claim and issue new debt cards, but grandma deserved to be foreclosed on?
The corporate mentality that paints activists as evil as mobsters is not in the reality based community.
Nor any post that treats Big Banks as victims.
Another problem is the employees in the countries where the outsourced IT shops have been relocated have superficial systems knowledge, despite the confidence of management in turning the system over to the foreign group, and one reason for this most may find astonishing. Corporations do not value the accurate documentation of their systems, and view a dedicated team of Tech Writers as a luxury, so the front-line operators and programmers are given documentation responsibility. The documentation does get updated, but by hand in the margins of existing manuals, not electronically. In the rush to outsource systems Management, under a time deadline, uploads the electronic version to a network for foreign workers, not realizing the most meaningful information in the manual margins are being dumped in the landfill ... robbing the remote employees of key pieces of information to manage and protect the systems properly.
Pretty picture?
I've also noted an additional alarming trend: the government has thrown it's full weight behind capturing and prosecuting such hackers all while ignoring going after the criminals within their own class and ranks. As long as that continues to be the reality, it will serve as a great rallying cry and PR for hackers to continue doing what they do.