Due in large part to the wild imaginations of modern media (both Hollywood and traditional news purveyors) and the average layperson’s less-than-thorough understanding of technology, the mythos of the “internet hacker” has grown larger than life, and is all-at-once mysterious, unstoppable, merciless, mercenary and at the same time held with the same regard as the boogeyman, ie. too scary to be real, right? Invariably depicted as leading an “alternative” lifestyle – whether it be mysterious lone-gun, angry anarcho-punk, sallow basement dweller, or “pencil-necked geek,” these stereotypical representations of “hackers” lead the average person to take them less seriously than a lawyer in a three-piece suit or surgeon in scrubs, which can lead to a mental devaluation of the actual threat. A recent presentation at a security conference in Washington, DC offered a different picture: that of an (as of yet) unnamed state-sponsored surveillance team managing a multi-million dollar budget and engaging in the seemingly mundane conversation of weighing the pros and cons of existing software versus building their own tools to covertly spy on and gather data from people’s smartphones.
What this means for you
The “buy or build” decision might sound familiar – it’s one that every modern organization faces numerous times – but that familiarity should alarm, not comfort you. Our biggest mistake is thinking cyber threat teams are like they are depicted in entertainment media instead of how they actually are: well funded, focused, professionally run and taking themselves very seriously. Gathering data, whether it be for political or financial gain, is a booming business for governments, traditional markets and a thriving criminal underworld, and oftentimes it’s impossible to draw clear lines between the three. Instead of a nuisance, the modern “hacker” is now a rival, competitor and threat rolled into one, and instead of some pimply-faced teen in a basement that goes by the handle “hAx4LuLz”, they are well-funded, organized teams operating under names like, “Arity Business Inc.” with well-defined product lines that are professionally marketed.
Don’t miss another important take-away from this: “hackers” are human as well, subject to making mistakes, like the one that unwittingly opened the kimono for this particular group, allowing the security researchers from Lookout to get an eye-opening glimpse into their daily operations. But don’t take false comfort from this fact. This same humanity also means that they are subject to making bad decisions about using their talents in pursuit of ethically questionable goals. They are just as easily swayed by fake news, greed, patriotism, fear or any of the numerous influences around us. In a world where Bill Gates is using his power and money to fight disease and poverty, surely his sociopathic doppelganger already walks among us, rising in the ranks of the cyber threat community and working for someone or thing that has much less noble pursuits in mind.
Image courtesy of Miles Stuart at FreeDigitalPhotos.net