Much like the War on Drugs or even the War on Terror, the inability of the American (and to a lesser extent Canadian) government and Federal law enforcement bodies to quell the onslaught of hacker attacks points to a larger systemic issue: the inability to combat decentralized opponents. Sure it may seem like good news when the FBI reports it has snagged the leader of the hacker commune LulzSec (followed by the revelation that he was a FBI informant anyways), but such arrests have done little to stop the brazen digital vigilantes.
The problem with fighting such decentralized adversaries is that they don’t need traditional leadership structures to operate, and even if there is a leader at the top of the chain, like in the case of LulzSec, I would guess that there are always two or three other hackers ready to take on his role immediately following his downfall. So just how bad is the hacker epidemic?
In a recent interview with the Wall Street Journal Shawn Henry, the FBI’s top cyber cop, offered his own grim assessment of the situation, stating that “we’re not winning” the war against hackers and the current methods employed to fight cyber-crime are outdated and “unsustainable.”
While law enforcement has been quick to champion its recent victories against the various hacker collectives that dot the globe, in reality such actions have done little to quell the torrent of hacker attacks and threats of attacks. In fact, in the wake of the LulzSec arrests, several companies and websites have been hacked, private user information posted for all to see.
Since the brazen hacker epidemic last summer I have found myself questioning the ability of law enforcement agencies on both sides of border to respond to this crisis, realizing that despite the efforts of our respective agencies, hackers are simply far more advanced than even our best online security measures.
It’s this inability to do any real damage to the hacker community that has Henry, the FBI’s cyber-czar, so frustrated. In his mind the current investigative and cyber-security measures simply don’t cut it, in large part because they view hackers as a static entity operating in a predictable way, while hackers have shown themselves to be supremely dynamic and adaptive.
“I don’t see how we ever come out of this without changes in technology or changes in behavior, because with the status quo, it’s an unsustainable model,” Henry told the Wall Street Journal, adding that its, “Unsustainable in that you never get ahead, never become secure, never have a reasonable expectation of privacy or security.”
The real problem, however, may not be the reality that our current tools and protocols are simply “unsustainable” in fighting this hacker epidemic, but instead the problem may be the lack of recognition of said reality. As we’ve said here innumerable times before, there seems to be a wilful desire on the part of government and private sector agencies to deny just how bad things are, a point that is surely both the source of both Henry’s grim assessment and my own ongoing scepticism.