Black Hats and Sock Puppets

In my last blog post I talked about the ethics of hacking and how it can be used as a tool for enacting social change and revealing injustice but as Harvey Dent would say “There are two sides to every coin” and so today I would like to talk about the darker side of hacking.  Off course with most things there are going to be people who use hacking for good and those that use it for evil. ‘Black Hat’ hackers are those that breach security systems for either malicious intent or self-gain. These are cyber criminals that program viruses, Trojans and botnets so they can access our personal data and scam us out of our money, steal our identities or tarnish our names. Think about the I Cloud hacking scandal also known as ‘The Fappening’, where over 500 private images of naked female celebrities were released onto the Internet through the image forum 4chan. These images were originally sent to partners, lovers ect in confidence and were not meant to be displayed for the public to see. The hacker responsible, Ryan Collins, used a phishing scheme (sending fake Apple messages) to obtain usernames and passwords from the victims and then illegally accessed their accounts simply because he could. What this meant for the celebrities involved was public humiliation and slut shaming which is not something any one should have to go through and not something high profile actresses, models and singers want jeopardising their careers.


The thing most concerning here is that the reason it is so easy for hackers like Ryan Collins to do this is because we choose keep our online operations almost entirely inside walled gardens; within these gardens the cost of entry is our privacy. When we use things like IPhones, Gmail, Facebook and Twitter we give companies the right to store our data and we even share it publically in the form of profiles, statuses, check in and selfies. Everything we do runs through a centralised system where it monitored, recorded and filed under our name. While these companies may not intend to use this data maliciously, claiming it is merely for tailoring advertising campaigns and keeping track of trends, their centralisation is their weakness because it puts everything into one convenient place. All a hacker needs is a singular password to gain astonishing amounts of detailed private data. Good hackers can often figure out your password simply by looking at the information you freely divulge on your account, let alone using malware programs to spy without your knowing.


Black Hat hackers have no code of ethics they do what they want at the expense of others but coming back to the whole ethical debate I had about hacking last week, I would like to discuss an instance where the hackers believed their actions to be righteous but to others may be seen as a gross violation of privacy. I’m sure you all remember the Ashley Maddison hacking scandal. In case you don’t Ashley Madison is a website owned by Avid Life Media for people seeking to cheat on their spouses. A hacker group called Impact Team hacked the site and instructed Avid Life Media to take Ashley Madison offline or else they would release all customer records, including profiles, sexual fantasies, credit card transactions, real names, addresses and emails. ALM, took no action and the hackers followed through. The leaked files were nearly 10 gigabytes in size and publicly revealed account details for the 32 million users.


While the perpetrators may see themselves as cowboys fighting for the sanctity of marriage and while maybe some of the people on that list were total scumbags, who are we to pass judgment on the acts of others in private? We don’t know what their relationships were like or what they may have been going through in moments of weakness and not to mention there would have been plenty of people on that site who only thought about cheating but never actually went through with it. I certainly do not condone the actions of the people on that site but it does make me question when did we decide that it is ok to ridicule people and take away their basic right to privacy because of the mistakes they have made and do we believe this was the optimal way for spouses and families to find out the truth? How many relationships were ended that might have been worked on given the time? How many friends and work places found out that in all honesty didn’t need to know? Ashley Madison’s clientele may have been in the wrong but illegally revealing that to the public didn’t make it right and in fact it lead to major consequences such as subsequent suicides. I have used this example because it highlights the idea that ethics are entirely circumstantial and lie within the eye of the beholder. Team Impact didn’t think what they did was wrong because they believed the site users to be the guilty party befitting punishment. Others might see Team Impact themselves as the guilty party having engaged in malicious hacker activity.

The last thing I would like to discuss today is when hackers use their skills not to spy on individuals but to influence them and who are the ones doing this…our governments off course. ‘Sock Puppeting’ is the act of creating a fake online identity used for purposes of deception. This technique can be used to sway public opinion by making it seem like more people either support or reject a cause, person or thing. It is an illegal practice that is sometimes used by marketers to make a brand seem more popular or by individuals on social media to make themselves look good.  In 2011, activists claiming to belong to Anonymous hacked private intelligence contractor HB Gary. What they found was a treasure trove documents that proved the US military had ordered a persona management software called ‘Metal Gear’. This software would allow, per installation,  fifty people to control up to 500 fake Twitter accounts, all of which would  be complete with background, history, supporting details and cyber presences that are technically, culturally, and geographically consistent. In 2013 in was also it was revealed that the South Korean National Intelligence Service had pumped out 1.2 million fake tweets in a bid to swing an election toward their preferred presidential candidate. To me this type of hacking is the darkest form imaginable as it attempts to subvert public discourse through the mass slandering of anyone who is deemed a threat to the agenda. It is literally a way of subduing free thought and implementing control by way of manipulation. It is the modern day variant of old fashioned propaganda.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s