The Bright Side of Being Hacked

Excerpt from an article in

The New York Times

Monday, March 05, 2012

The Bright Side of Being Hacked

By SOMINI SENGUPTA and NICOLE PERLROTH

SAN FRANCISCO — Hackers operating under the banner Anonymous have been poking a finger in the eye of one private company after another for two years now.

They steal files from inside corporate computer systems and occasionally, as in the case of Stratfor last week, dump company e-mail online for all to see.

The Stratfor hack, in which Anonymous claimed to have joined forces with WikiLeaks, drove home a clear lesson about the era of ubiquitous “hactivism,” or hacking as a form of protest.

Despite the arrests of dozens of suspected members of Anonymous and its offshoots worldwide, it is far from diminished. Nor have most of its corporate targets been irreparably damaged by the attacks.

Rather, what Anonymous has done, experts said at the big RSA computer security conference here last week, is raise the alarm about the unguarded state of corporate computer systems.

By and large, the Anonymous break-ins take advantage of gaping computer holes and gullible human beings. The hackers ferret out weak passwords and take advantage of unencrypted e-mail stashes. They persuade company employees — one is all it takes — to click on rogue Web sites or divulge a confidential piece of information, in an exercise known as social engineering.

“Anonymous is a wake-up call,” said Roger Cressey, senior vice president of Booz Allen Hamilton, a defense and intelligence contractor that was attacked by the group last summer. “Any company that is patting themselves on the back and saying that they’re not a target or not susceptible to attack is in complete and utter denial.”

More to the point, a company that is a target of Anonymous may also be the target of a far more potent adversary. The social engineering tactics that Anonymous members have repeatedly used are often similar to those used by criminal hackers and state-sponsored actors who penetrate company systems in order to steal valuable secrets, whether for monetary gain or competitive edge.