A subplot in the ongoing WikiLeaks saga involves hackers targeting attacks against companies, governments, and politicians they deem hostile to the Website.
Hackers in the other camp are also attacking WikiLeaks because they consider the release of hundreds of thousands of classified communications and thousands of diplomatic cables an act of war against the United States.
In another recent high-profile attack, a group of hackers wreaked havoc on Gawker Media sites for being “arrogant.” Millions of users' names and personal data were compromised during the course of the attack. In an email sent to the Website, Mediaite, an individual with the username “Gnosis” wrote that Gawker’s “arrogance” towards the hacker community incited the attacks.
However, these are only two incidents among thousands that occur every year. Anyone involved in the electronics supply chain should be concerned, of course. But how should you react?
The hacking community has gotten smarter, more adept, and much larger during the past few years. They are also politically active, as the high-profile attacks against WikiLeaks, its foes, and Gawker show.
Not taking the hacker community seriously can be likened to when leaders throughout history ignored the angry cries of its citizens. But in today's Internet age, outraged netizens are not burning down castles or storming the Bastille. Instead, they are organizing concerted attacks against network infrastructures that could easily bring down the operations of an OEM or any firm with a direct link to the supply chain.
Actually, the overwhelming majority of so-called hackers is not interested in causing chaos, but is just curious about how software and hardware work. Cracking security codes for them is like trying to solve a puzzle, not unlike trying to figure out a complicated physics or calculus problem. Modifying the Xbox machine code or getting past a modem’s security locks are but among thousands of sample hacks.
Electronics OEMs have used the court system to react against perceived hacker threats in the past. Texas Instruments Inc. (NYSE: TXN), for example, has sent cease-and-desist letters to individuals who communicated how they cracked its calculators’ device codes. Apple Inc. (Nasdaq: AAPL) has long sought to lock down its iPhone, which, of course, has just stoked the interest of those seeking to jailbreak the device. Then there is Microsoft Corp. (Nasdaq: MSFT), which shut down more than a million of Xbox Live subscribers’ accounts worldwide last year after discovering through Internet connections that owners had hacked their consoles.
Are OEM legal attacks against hackers the smartest and most far-sighted thing to do? I leave that subject open to debate. But a potential resolution could come down to something as simple as following basic codes of respect and decency that do not necessarily overlap with following the letter of the law.
It is perfectly legal -- in Europe, anyway -- for handset OEMs to allow telecommunications service companies to lock down smartphones so that users cannot download and use Skype, while forcing consumers to pay ridiculously high prices to make a phone call from France to Greece. Or Microsoft can shut down users’ accounts for doing what they want with Xbox consoles they have purchased. Also, remember that the Gawker attacks were triggered by something as seemingly benign as perceived snottiness.
At the end of the day, it comes down to realizing that there are legions of hackers who are prepared to react if they feel that your company has stepped on their toes. Also, anyone who has input about how the supply chain is managed should realize that network attacks are not just the security department’s problem, either. Many networks remain ridiculously easy to penetrate, yet funding gets blocked by bean counters who know little about what they are up against.
So whether would-be attackers are high-minded individuals who want to make a political statement or career criminals seeking to broker stolen data, listen to what the hacking community is saying, and never say "impossible," regardless of how secure your IT system is supposed to be.