Today’s headline alludes to a concept perhaps as old as civilization itself. Plato expressed it as, “Quis custodiet ipsos custodes?” Who will watch the watchers? In a spectacular demonstration of what a well-executed hack can do, an unknown hacker has virtually imploded the operations of a digital surveillance company known (ironically now) as Hacking Team. Despite the rather colorful name, this Italian security company has contracts with dozens of government agencies from all over the world, including the United States. Their product? Essentially spyware for conducting remote surveillance and other covert digital operations. The unknown hacker taunted the company and its employees by taking over Hacking Team’s Twitter account and began sharing extremely sensitive internal files through tweets purportedly coming from the company itself. Once the breach was discovered, Hacking Team contacted its clients and strongly recommended they cease using any of the company’s software. Given the general public distaste for Hacking Team’s type of software and the amount of daylight this shines on its customers, its highly likely that very few contracts will be renewed, leaving the company’s future in very uncertain terms.
What this means for you:
Unless you happened to be on the list of Hacking Team customers, there’s not a lot you need to worry from your own organization’s perspective. However, as a citizen of a supposedly democratic nation, you should be concerned about how our government agencies conduct themselves. Should law enforcement agencies be allowed to break the law in order to do their jobs? Who will watch the watchers? Are those people (I’m talking about Congress now) qualified to make proper decisions when they barely understand how the Internet works? To translate this into more relatable (and actionable) terms, do you understand enough about your own organization’s security and technology to make informed decisions on what to buy, what to use, and who to hire? In the case of Hacking Team, it appears that the hacker breached the company through the personal computers of its own system administrators, an irony within an irony. Are you adhering to the security standards to which you hold your own employees accountable?