Digicel's hack wack
Gordon Robinson, Contributor
Recently, the story about the breaching of Digicel's security systems by locally based hackers dominated the headlines.
What was frightening about the entire scenario was the apparent ease with which the purported mastermind hacked the Digicel network and the alleged motivation behind the enterprise. According to police sources, it was purely a commercially motivated attack with a view to joining Jamaica's burgeoning extortion trade. Mark you, as usual in Jamaica, nobody was saying anything definitive. Journalists using the provisions of the Access to Angell Act were told only that the allegations into the recent hacking were under investigation (see 'Digicel hacked', Gleaner, January 26, 2013).
Digicel's own statement, after trumpeting the arrest of a suspect, followed up with this fulsome disclosure: "... Whilst we are pleased with this development, unfortunately, we cannot comment further due to legal constraints that could compromise the ongoing police investigations."
Way to take it to the hackers, Digicel!
We are simply the best. We can find a blackmail opportunity in every activity. If you open a business, you're extorted by threats of violence to pay 'protection' money. If, as a nation, you try to expand your revenue base by permitting private companies to operate a lottery, scammers use the presence of a lottery to extort helpless senior citizens abroad, allegedly on the basis that they have won the lotto.
For those inclined to applaud lotto scammers as simply taking advantage of weak-minded foreigners, shame on you. My best information is very much to the contrary. My understanding is that lotto scammers are well prepared to be initially rebuffed. They research their victims' particulars and proceed, if there is any hesitation by proposed 'scammees', to threaten violence to family members unless the money is sent.
Those of us who engage in such careless frivolity as driving on the road are prey to cunning operators who manufacture motor vehicle collisions in order to extort money for imaginary injuries. If we take the bus, extortionists ride with us to collect their taxes, hence it being a good idea for someone to be on the bus to pray for us.
Now we can't even phone a friend if we need help to answer a trivia question. The extortionists now have wicked computer skills and want our private information in order to extort Digicel and then us if we want to keep our secrets secret. Everything about some of us as a people says we are Corrupt, Heartless, Antisocial, Overindulged Scammers ('CHAOS').
But this computer-hacking business is a worldwide trend. Who remembers the celebrated Rupert Murdoch hacking scandal in Britain whereby his News of The World newspaper was caught red-handed peeking into the personal lives of celebrities by hacking their phones? British PM David Cameron ordered a public enquiry which was led by Lord Justice Leveson. Four relatively minor employees were prosecuted for corruption (two pleaded guilty).
Murdoch, whom a select parliamentary committee found "exhibited wilful blindness to what was going on in his companies and publications", and stated that he was "not a fit person to exercise the stewardship of a major international company", simply shut down News of The World and still owns, through his ownership of Dow Jones, influential publications like The Wall Street Journal, Barron's Magazine, The Far Eastern Economic Review (based in Hong Kong) and Smart Money.
Murdoch's editor, Piers Morgan, despite the Leveson report finding that comments made in Morgan's testimony about phone hacking "clearly prove that he was aware that it was taking place in the press as a whole and that he was sufficiently unembarrassed by what was criminal behaviour that he was prepared to joke about it", moved on to the plum CNN job succeeding legend Larry King. But, what do you expect from a guy born Piers Stefan O'Meara, who changes his name to Piers Stefan Pughe-Morgan obviously to feign aristocratic origins?
Now the Chinese do it differently (hacking-wise; please, keep your minds above the belt). They hack the newspapers. In a news report datelined January 30, The New York Times complained bitterly about being hacked by the Chinese for the past four months. Apparently, Chinese hackers have infiltrated its computer systems and obtained passwords for its reporters and other employees. Why? According to The New York Times (NYT):
"The timing of the attacks coincided with the reporting for a Times investigation, published online on October 25, that found that the relatives of Wen Jiabao, China's prime minister, had accumulated a fortune worth several billion dollars through business dealings."
The Chinese, employing strategies previously associated with its military, used the most sophisticated techniques to get into NYT computers, but then limited their focus to information on one single story, the Wen family fortune. No celebrity information; no private information of reporters or any other news subjects was taken or even viewed. Again, according to the NYT story:
"Security experts found evidence that the hackers stole the corporate passwords for every Times employee and used those to gain access to the personal computers of 53 employees, most of them outside The Times's (sic) newsroom. Experts found no evidence that the intruders used the passwords to seek information that was not related to the reporting on the Wen family."
What's this? Patriotic hacking? And it's not only The NYT. The story continues:
"Last year, Bloomberg News was targeted by Chinese hackers, and some employees' computers were infected, according to a person with knowledge of the company's internal investigation, after Bloomberg published an article on June 29 about the wealth accumulated by relatives of Xi Jinping, China's vice-president at the time ... ."
That attempt wasn't as sophisticated as the NYT hacking operation and didn't succeed. NYT concludes:
"The mounting number of attacks that have been traced back to China suggest that hackers there are behind a far-reaching spying campaign aimed at an expanding set of targets, including corporations, government agencies, activist groups and media organisations inside the United States. The intelligence-gathering campaign, foreign-policy experts and computer security researchers say, is as much about trying to control China's public image, domestically and abroad, as it is about stealing trade secrets."
One thing is obvious from all this. It should come as no surprise to any corporate entity whose business depends on computer networks that hacking is now a clear and imminent danger. Did Digicel do anything to prepare for such an eventuality and guard against it? Who are its security experts and what safety systems were installed to prevent a 30-year-old alleged Jamaican hacker from going directly into its system without using any complicated routing or pre-installed malicious software?
Make no mistake about it. Digicel owes its customers a detailed explanation as to how this happened, exactly what information has escaped and what Digicel is doing to retrieve the situation. Compromising police investigations is the least of Digicel's problems. As usual, there's no mention of customer care. What's that?
Peace and love.
Gordon Robinson is an attorney-at-law. Email feedback to firstname.lastname@example.org.