Recycling Hacker Fear-Mongering

May 31, 2009. Filed under news 1

The small community newspaper where I grew up, The Sentinel, once manufactured a story during a slow week by fixating on a letter writer who complained that their frontpage could be relied upon to cover the most depressing news imaginable: murder, robbery and suicide weren't particularly common within the community, but they certainly did dominant the cover. The paper's defense was rather simple: fear-mongering was essential for circulation numbers; they'd once tried focusing on more positive stories, but their sales went down, so they maintained the negative focus out of economic necessity.

Keeping newspapers alive by intentionally misleading readerships shares a strong parallel with the tragic case of Terri Schiavo: at great medical effort we can maintain a body's function, but without a soul the function loses purpose. Cherish the memories, but depart the past.

Of course, even in my flawed memory this recent wave of internet warfare hype seems a bit too familiar. Haven't we already done this one? Can't we remember the embarrassment of the first crackers-are-going-to-get-you wave which culminated in articles like this Special Report Anatomy of a hacking?

These articles have more in common with a Tom Clancy novel than with reality. Just feel the surge of adrenaline from these excerpts (all from the New York Times piece linked above):

The exotic nature of the work...

It's exotic like working in Quality Assurance is exotic. The difference is these elite cyber-assassin commandos don't report their bugs to the developers, but keep them to themselves. I can only imagine the pain that these highly train professionals feel when the engineers developing the software fix bug they have discovered. It must feel like being robbed, which I suppose is--in a sense--somewhat exotic.

...thousands of "hacker soldiers" within the Pentagon...

No, not really. Unless you mean programmers who work for the Pentagon, in which case, technically yes, but still no, not really.

The companies have been moving quickly to lock up the relatively small number of experts with the training and creativity to block the attacks and design countermeasures.

You could be forgiven for misunderstanding after reading this quote, but it turns out that this line of work is predominantly quite mundane. Individuals take widely known attack vectors, which is a glamorous term for problems with software. They then take this list and start writing scripts to exploit these various problems. Bowing to the law of large numbers, some exploits are undoubtedly quite clever, but mostly they are predictable exploits of common errors in code.

Discovering these exploits is an exercise in tedium. It is quite similar to performing academic research, but generally without the opportunity to publish your findings (especially for these vaunted cyber soldiers, if their discoveries are published then their value is eroded, whereas professional security researchers can make a great game of publicly shaming companies for vulnerabilities and thus heroically exposing the company's users to great potential harm).

...running advertisements for "cyberninjas"...

Hmm. About that.

...the most cutting-edge work...

I the specificity of this phrase, but I'm conflicted becauseĀ I'm pretty sure it doesn't mean anything. Foremost, software engineering isn't a field that is changing at the speed of light. Sure, we keep changing the wallpaper, but the foundation hasn't shifted much in a few decades. Where it has shifted, it has been largely from infusions from other fields like psychology, with research on communication and work habits.

...even the existence of research on cyberweapons was once highly classified...

This is a literary flourish to continue thrilling the spy-novel reader deep inside your heart. True, it was undoubtedly classified, but even if the president's exact location this evening is classified, you know he's almost certainly going to be eating dinner.

...set up "honey pots", the equivalent of sting operations, to lure hackers into digital cul-de-sacs...

Ack. Token usage of a quasi-technical term mixed with ambiguous verbiage. Which, when you come to think of it, happens to summarize most coverage on the upcoming cyber-trench-hacker-soldier-warfare-armageddon or whatever the hell it is supposed to be.

Although you might imagine that the sudden increase of news articles means today you are more vulnerable than yesterday, or at least more vulnerable than a decade ago, but--be reassured--you aren't. New buzzwords, but the same old schtick.