Demystifying the cyber-hackers
What is being kept safe, and how, and from whom, are not just engineering questions
This article is taken from the July 2023 issue of The Critic. To get the full magazine why not subscribe? Right now we’re offering five issues for just £10.
When I was teaching English as a foreign language — in Poland, where I still live — I had a student who loved video games. Every week he would talk about video games, video games, video games. It was getting rather dull. “Tell me, Mateusz,” I asked, “don’t you have some other hobbies?” “Well,” he mused, “sometimes I hack into people’s email accounts and read their emails.” “So!” I said, brightly. “Video games … ”
Hackers, Scott Shapiro writes in Fancy Bear Goes Phishing, disturb us with special force because their misdeeds defy our comprehension. It’s easy to imagine what goes into burgling a house: wait till everybody is asleep, find a dodgy window, prise it open and you’re in (apologies to any burglars who think I’m understating your professional skills — please keep away from my home). Hacking, though? What goes into hacking an email account? Is that something people are doing on the “Dark Web”? Is Russia involved?
Shapiro’s book is refreshingly above alarmism. Most of our individual issues with hackers, and malware, and viruses, he says, are avoidable. Don’t use obvious passwords or follow mysterious links, and you should be okay. Paranoia about cybercrime, indeed, can inculcate “learned helplessness”, Shapiro suggests, where people stop trying to keep their accounts secure because they think there is no point. (I suspect sheer laziness is more significant.)
Much of what hackers do is complex and arcane. Still, their work depends very much on human error. The Russian pilfering of emails from the account of Hillary Clinton’s 2016 campaign chairman John Podesta was successful because, when Podesta forwarded a duplicitous email to his IT department to see if he could trust it, their response of “this is a legitimate email” was missing an essential “not”.
Hackers are themselves human. Most of them seek pure financial gain. Once, they might have sold fraudulent arthritis medications. Shapiro tells compelling stories of eccentric characters who have disrupted online life, however. Here, we meet a student whose clever attempt to highlight security flaws by sending a harmless “worm” to spread between computers caused thousands of them to crash. Here, we meet an anonymous Iron Maiden-mad Bulgarian hacker with a point to prove.
I sometimes wonder if that student ended up reading my emails
Perhaps to avoid the further mystification of a mysterious subject, Shapiro does not dig into the extent to which hacking has been blended with radical politics, from the late progressive Aaron Swartz to the neo-Nazi Andrew “Weev” Auernheimer. It’s a shame. Paul Graham, founder of Hacker News, is quoted as saying, “The culture for making great software is slightly crazy people working late at night.” Sometimes, those slightly crazy people want to change the world.
The focus on the human returns in Shapiro’s concluding thoughts. He critiques the idea that cybersecurity is a primarily technological problem, requiring a technological solution. “It is a human problem that requires an understanding of human behavior.” For example, we should seek to identify and deter low-level cybercriminals before their activities escalate.
I think there is a balance to be found here. We should seek to intervene in the life of a heroin addict before he breaks into houses to steal things he can sell. A barking dog or looming CCTV camera can still be effective, though. Shapiro is nonetheless correct that we cannot just outsource our safety mechanisms. What is being kept safe, and how, and from whom, are not just engineering questions. “Solutionism,” he writes, “eclipses our moral agency and sense of responsibility.”
It’s a good point. After all, we can’t just blame “hackers” for our information being appropriated and misused. We give it away! The Chinese government wouldn’t need to hack into TikTok for data on its users. It could just demand it from ByteDance — the Chinese company that owns TikTok. The “surveillance capitalism” that Shoshana Zuboff critiques in her book of the same name — in which data related to our online activities is harvested, analysed and put to use in advertisements and political campaigns — need involve no hacking at all. We are, in general, voluntary if naive participants.
As yet more of our life depends on technology, the least that we can do is learn about what is happening. That might empower us to be safer online, or it might empower us to keep more of our lives offline — but we will at least escape vacuous complacence and learned helplessness. I sometimes wonder if that student ended up reading my emails. That said, I struggle to believe that they were quite as interesting as Call of Duty.
Enjoying The Critic online? It's even better in print
Try five issues of Britain’s newest magazine for £10Subscribe