icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
3 Jan, 2015 15:04

The greater good? ‘Love or hate hackers, you can’t ignore ‘em’

The greater good? ‘Love or hate hackers, you can’t ignore ‘em’

With Sony leaks, Anonymous and cyber wars, if 2014 has taught us anything, it’s that hackers are a force to be reckoned with. The key question is how to harness their vast potential for the greater good, says cyber security expert Keren Elazari.

READ MORE: Hack Check: RT's special coverage from the cyber frontline

RT:So you’ve argued that hackers really offer an opportunity to boost cybersecurity. But what about those who are clearly using their skills to cause damage to others?

Keren Elazari: It does not excuse the criminals and the pranksters who use their skills, their hacking skills, for illicit gains or criminal targets. However, I do believe that sometimes, hackers do have to demonstrate the threats that are prevalent in today’s world to spot the solution; in order to get the technology companies and governments to realize just how vulnerable we all are.

RT:But what about some of the recent high-profile attacks against PlayStation over Christmas. Don’t incidents like this prove that they are causing more harm than good?

KE: Well, I wouldn’t say the hacks to the PlayStation Network, the PSN, and the X-Box live gaming network over the holidays was for the greater good. In fact, it’s quite probable that the Lizard Squad and other hackers that have been affiliated with this attack are probably doing it to gain mostly a reputation for themselves and maybe for the lolz, as they call it. I don’t see the greater good in that. But it does bring me back to the point, that in 2014, in the past year, we have seen that cybersecurity really affects everyone and that is something we all have to keep in mind.

Reuters / Kevork Djansezian

'Multibillion-dollar company can be brought down by just few powerful hackers'

RT:Speaking about cybersecurity, it’s difficult not to talk about the recent Sony hack. What are your thoughts on that?

KE: So the hacks into Sony Pictures Entertainment, a major Hollywood studio, this has been perhaps the most dramatic event over the past year. However, it’s far from being concluded. We don’t really know who’s behind it, despite the fact that the FBI and the White House have come out with pretty direct allegations against North Korea. In fact, in the past few days, an alternative narrative suggested by some independent investigators [offers] a different story. Perhaps [the hackers] are in fact Sony insiders; disgruntled employees laid off in the last year seeking revenge on the company that put them out of work. So this story is far from being concluded. However, it does show us that a multibillion-dollar organization could be brought down by just a few powerful hackers. And that brings me back to the idea that hackers have a lot of power in their hands. So the main question here is how can we foster the ideas and the motivation to do the right thing, and not just cause damage and havoc.

RT:But how can we actually accomplish this goal of getting hackers to do the right thing, as you say, and not just cause damage?

KE: One thing I’m very much interested in, and in my own research and my own work I do speak a lot with the hacker community all around the world about this, is how can we really motivate that sort of attitude for hackers to create a positive impact? To uncover security vulnerabilities, but in a coordinated, responsible manner; to lead the attitude that they would like to see; responsible disclosure of security problems; reaching out to the companies that might be impacted by these problems, and getting better technology, safer technology out there.

Now these morals and ethics are something that have to be cultivated and fostered in a grassroots approach. It cannot be centralized or top down. It has to come from the hackers themselves. And that’s something I’m fascinated with personally. How can we incentivize and motivate more hackers to do the right thing?

‘Anonymous isn’t a group, it’s a phenomenon’

RT:And what about the hacktivist collective Anonymous and some of their more high-profile attacks? How do they fit into this picture?

KE: So first off, we have to say that Anonymous is not strictly an organization or a group. It’s more a phenomenon, a movement; it’s even a brand, if you will, for hacktivism. Right now there are many hacktivist groups around the world that use the Anonymous face and brand to amplify their messages. Secondly, I think that apart from taking down major websites, Anonymous has done a lot more. They’ve drawn global attention to issues such as inequality, corruption, they’ve taken down child pornography websites, they’ve assisted people in need all over the world, they’ve helped groups of dissenters and citizens’ uprisings really all around the world. They’ve really demonstrated how a distributed movement and phenomena happening all around the world can bring change and I really do feel they’ve accomplished a more than just take down a few websites.

AFP Photo / Jean-Philippe Ksiazek

'You can like them, you can hate them, but you cannot ignore them'

RT:Seeing that they’ve made attacks on the defense departments of different states, do you think they and others are prepared to go head-to-head with governments?

KE: When we hear about Anonymous taking down a specific defense organization, we have to see what has really happened. In most cases, this would be an attack on a public-facing website, for instance, not necessarily that defense organization’s internal systems. However, given my personal background and experience, I do believe that in 2014-2015 the world has learned that you cannot ignore hackers. You can like them, you can hate them, but you cannot ignore them. And so the question is, can we find ways to harness the power the hackers have and motivate them to use it for better causes and not just for damage.

‘The cyber Cold War is already here’

RT:There’s been a lot of talk regarding cyberattacks and espionage being conducted between various state actors. Do you believe a cyber Cold War is on the horizon?

KE: To be honest, I really think that a cybernetic or cyber Cold War is already at play right now and has been at play for the past few years between world powers, between clandestine espionage agencies, and hacktivists groups. So this is not a new thing. What’s new is that we’re hearing about it and discussing it openly. In regards to Syria, in my TED Talk, I mentioned the Syrian Electronic Army, which is actually not an army at all. It’s a group of hackers sympathetic to Bashar Assad and protective of his regime. They’ve conducted some pretty high-profile attacks on media targets, including Forbes and even the Associated Press’ Twitter account. However, there are other hackers assisting Syrian dissidents, hackers like the Telecomix group, who have been helping Syrians connect to the global Internet despite censorship. And so these types of new organizations or movements, hacktivist movements and also espionage agencies, these are the players on the world cyber stage right now and this cybernetic Cold War is here to stay.

RT

'Access to information is critical currency of power for 21st century'

RT:With so many global actors with the ability to influence world events through the cyber sphere, is there any way these forces can be regulated or kept in check?

KE: Access to information is the critical currency of power for the 21st century. This is what we’re seeing happening all around the world. We’re also seeing how whistleblowers and leaks challenge power balances. So is it possible to regulate hackers and their power? I’m not so sure. But I don’t think we need to necessarily regulate it, but rather foster those positive approaches; foster the approach of identifying security problems and reporting on them, and provide incentives to prevent the damaging release of information from happening. Now this is very tricky and there is a balance to be struck here. And it’s most definitely not something that I see as a centralized problem, or an issue that could be tackled from one centralized authority. Rather, this is a distributed issue that really touches on everyone; not just governments and militaries, by the way, but really everyday people that rely on technology for mostly anything in this modern day.

RT:But in this struggle between various actors, be they state or private, who do you think will win out in the end?

KE: Well, who’s going to win the day is a question we’d all like to see the answer [to]. But there’s probably going to be a series of cyber conflicts like we’re seeing right now between possibly disgruntled employees or it might be North Korea with regards to Sony and the American government. I would like to mention that even governments that have huge budgets and a lot of power, they sometimes hire some passionate hackers themselves. So the global hacker movements have more than passion to contend with here. The advantage, to the side of the hackers, is the fact that they are sometimes by themselves, working under the radar all around the world, yet many of them have found ways to collaborate and create some impact in the world. The question is, will they be able to create a positive impact?

The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of RT.

The statements, views and opinions expressed in this column are solely those of the author and do not necessarily represent those of RT.

Podcasts
0:00
25:24
0:00
26:44