Details of one of the largest (acknowledged) cyber-attacks are emerging, demonstrating the systemic vulnerabilities of global systems to small groups of individuals:
Elizabeth Dwoskin and Karla Adam (May 13, 2017). Nations race to contain widespread hacking. The Washington Post, https://www.washingtonpost.com/business/economy/nations-race-to-contain-widespread-hacking/2017/05/13/f6e5e992-3803-11e7-b412-62beef8121f7_story.html?utm_term=.6d5d20cb7fea&wpisrc=nl_headlines&wpmm=1The article reports that IDC, a research organization, estimates $73 billion went to organizations’ cybersecurity measures in 2016.
The attack was notable because it took advantage of a security flaw in Microsoft software found by the National Security Agency for its surveillance tool kit. Files detailing the capability were leaked online last month, though after Microsoft, alerted by the NSA to the vulnerability, had sent updates to computers to patch the hole.
Still, countless systems were left vulnerable, either because system administrators failed to apply the patch or because they used outdated software…
… “This was a completely preventable attack — to the extent that organizations have comprehensive patching systems in place,” said Paul Lipman, chief executive of the cybersecurity firm BullGuard. “However, life is never that simple.”
Despite this high spending, human error ranging from failure to update software promptly and malware in email attachments were attributed as responsible for the scope of effects.
I can understand “human error” given the daily deluge of electronic messages that we are excepted to monitor and respond to in a prompt fashion. I personally have 3 email accounts, two phone numbers, text messaging, a blog, etc. How much electronic information can we manage?
Hackers will always find ways around or through systems of controls.
Some hackers legitimize their illegal means through appeals to foundational values, such as those encoded in national constitutions and international charters. Should these hackers’ ends justify their means when those values are at-risk or compromised?
How would judgment be reached as to the goodness of those ends and the appropriateness of the means for their pursuit?
Can the court systems code not only for the law, but also for the larger principle?
I don’t know the answers to these questions, although I've been inclined to believe that hacking can serve a whistle-blowing function to reveal contradictions between the law and organizational practice.
But, other hackers make no pretense concerning ideals: motivated by money and/or mischief these hackers disrupt systems for personal gain alone.
This latest hack seems to be the latter kind.
I wonder what kinds of individuals would consciously and openly elevate their personal satisfaction over significant disruptions to collective welfare?