It used to be that computer hackers came in two shades, black hat and white hat. Black hat refers to the nefarious hacker illegally trying to exploit network and computer security holes for gain or simple malice. White hat refers to hackers trying to highlight security lapses in order to warn others and work to patch vulnerabilities. With the recent hack of Ashley Madison, it appears that there is a third type of hacker trying to right moral or political wrongs instead of or in addition to potential economic gain.
In the early days of hacking I read about the exploits of Kevin Mitnick. As a teenager, he hacked into the networks and systems of technology and telecommunications companies and spent over five years in prison on two different occasions after being sentenced on federal wire fraud charges. Much of his success he attributes to social engineering, or the ability to charm passwords out of unsuspecting people. Now he is an information security consultant. He is a case of a black hat turned into a white hat.
I also enjoyed the 1989 book “The Cuckoo’s Egg,” by astrophysicist Clifford Stoll, which relates the tale of tracking a hacker who broke into Lawrence Berkeley National Laboratory and used it as a jumping off point to burrow into military and defense systems. The hacker was eventually caught, with Stoll’s help, and it was discovered that he was selling stolen information to the KGB.
Computer hacking has existed since computers were connected together in a network and people sought vulnerabilities in the technology. As computer code becomes ever more complicated, it raises the possibility of errors that can and will be exploited by either the black hats for monetary gain or malice or the white hats trying to highlight the vulnerability.
The Ashley Madison hack seems at first blush to be a hack of a different color. AshleyMadison.com is a website that matches people seeking adulterous affairs. Hackers identifying themselves as The Impact Team took over the site and announced they had stolen identity information of 33 million subscribers and threatened to publish that information unless the parent company, Avid Life Media (ALM), agreed to shut down the site. It appears the hackers were angry over the content and purpose of the site but in their manifesto they also blasted the practice of ALM charging $19 to have a profile removed from the site. To prove that a profile was not completely removed from databases, they released the names of two members who had paid to be eliminated from the site.
Whether the hackers were incensed with the moral foundation of the site or the economical injustice against members, this seems to be a different type of exploit. The Impact Team could still demand ransom for the stolen information, in which case I would put them squarely in the black hat camp, or they could use this hack as a platform for their cause, whatever that may be. Either way, this will no doubt be a topic of conversation at the upcoming information security conference sponsored by the likes of Microsoft and Cisco, which is oddly named the Black Hat Conference.
What do you think? While hacks of this type are still clearly illegal, their aim seems to be to prove a point instead of seeking monetary gain or notoriety. I wonder what’s next? Other dating websites? Perhaps gambling sites? Let me know your thoughts.
Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.