In a public show of force against cyber crime, 56 suspected hackers were arrested in the UK by the National Crime Agency. The list of those arrested included a 23-year-old man (those arrested were all men) suspected of breaking into the US Department of Defence in 2014. The rest of the arrests were people involved in fraud and money laundering and members of “hacking collectives” the Lizard Squad and D33DS. The Lizard Squad was involved in wide-spread distributed denial of service attacks on gaming sites and D33DS stole 450,000 user details from Yahoo!.
The arrests come hot on the heels of an announcement of the FREAK security vulnerability leaving thousands of sites using SSL unprotected as a result of the flaw. The UK’s National Cyber Crime Unit, amongst a large range of cyber security agencies are especially keen to drive the message home that taking advantage of these vulnerabilities would lead to a high probability of arrest. A BBC reporter was even “invited” to attend one of the arrests carried out by the National Crime Agency. In this case, the suspect was a 21-year-old student.
It is believed that the man arrested for the attack on the US Department of Defense did not obtain sensitive data but when posting about the attack, claimed to be speaking on behalf of a group called ISISD0M3RS. A post from the hacker(s) claimed that they were in control of DoD satellites and that they would send missiles if the allied air-strikes against ISIS were not stopped. However, the message also involved a bizarre implication that the Lizard Squad were somehow involved and so it is actually hard to tell how much of the “bragging” was actually just that and how much was actually really related to serious threats aligned to the terrorist group.
The problem of the largely young male hacker group that get involved in these types of hacks is that it essentially acts as a type of “social denial of service” attack on law enforcement agencies. The hacking of sites for bragging is a part of the culture to prove the level of skill of a hacker, often as a means of earning the right to access secretive hacker groups, or the secret hacking information they hold. Whilst the attacks are potentially damaging, they are not necessarily done with that as the prime objective.
This culture is not just the preserve of so-called “black hat” hackers, hackers working for the secret services can sometimes be little different. The recent report of the UK secret service agency GCHQ’s hack of SIM card manufacturer Gemalto, highlights the GCHQ staff boasting about getting control of Gemalto’s network and what they could now do with that access.
Cyber-Anthropologist Gabriella Coleman has characterised the many faces of the typical hacker belonging to groups such as Anonymous and LulzSec. This included the FBI informant Hector Xavier Monsegur aka “Sabu” who had to prove his hacking credentials to be accepted back into the trust of the group LulzSec. The impact of the revelations that Sabu was an FBI informant was the realisation that everything that he had done and said - especially through a very high profile Twitter account - was a lie.
In amongst all of the cyber crime, of which there is a great deal of damaging criminal activity, there is the equally active world of the cyber fantasist who is drawn to the world of hacking as a proof of technological prowess and the ability to wield power over powerful entities. The justification, whether it is an affiliation to a civil activist group like “Anonymous” tackling “issues” or to nation states as is the case of the Syrian Electronic Army may in part be an attempt to legitimise their actions.
The large scale of the arrests last week in the UK are clearly being staged for a show of force. The nature and psychological profiles of the hackers involved suggest that highlighting the risks involved in undertaking this type of activity may not serve to deter them for long, if at all.