This really shouldn't be so difficult. Hackers play with technology, question
authority, tend to be somewhat mischievous, and seem to always be getting
into trouble. Why is it the media seems to think that every time something
happens to a credit card number, a hacker is somehow responsible?
The latest flurry of media reports centers around "Russian hackers" who
are busy "stealing card numbers" off of online sites that are foolish enough
to leave them lying around. Let's be clear: people who figure out how
systems work through concentration and persistence are hackers, regardless
of whether or not what they are doing is within the law. But people who
steal, threaten, vandalize, torture, murder, etc. are not hackers - even
if credit cards are involved. It's really not that hard.
Of course the FBI doesn't make it any easier by announcing on Thursday that
organized criminal groups are engaged in a conspiracy of hacking and that
more than a million credit card numbers have been "stolen" and that more
than 40 e-commerce sites are affected. It's not
the hacking that's the problem - it's the people copying credit card numbers
because of the morons who leave them lying around! Morons attract criminals -
this is basic physics.
Hackers, in their naivete, constantly find security holes and tell people
about them. Then they wind up being blamed as if they had caused the problem.
This only makes matters worse because it encourages security holes to
be kept quiet. And that helps criminals take advantage of them.
By demonizing hackers, the lawmakers and the media get what they want -
control and ratings. People fear what hackers can and will do next and
they wind up supporting all kinds of draconian measures that will wind
up invading their privacy far more than any hacker could. And after a
while, people start to believe that every time a credit card is misused,
a hacker is somehow behind it. And since the security holes don't get fixed, this happens all the time.
We believe the threat to our privacy can be found in those online services
that store personal information about individuals without their consent
and/or without any encryption. This is what the media should be reporting
because that's where the real scandal lies.