How the U.S. Government Is Screwing Up the War Against Cyberterrorism
The media coverage last Wednesday came in great, rolling, panicky waves: "Massive Cyberattack Hits Internet Users" (CNN.com); "Global Internet Slows After "Biggest Attack in History'" (BBC); ""Largest Cyberattack Ever' Is Happening Right Now, Threatens Rest of Web" (wired.co.uk); and so on and so forth.
It had something to do with a digital pissing match between a European anti-spam group called Spamhaus and a Dutch website-hosting company called Cyberbunker, and the effects were said to reverberate throughout the web. Except they didn't, really.
Gizmodo's Sam Biddle, ever the contrarian, volleyed back with a post titled "That Internet War Apocalypse Is a Lie"; he actually bothered to check with a couple of the companies that pay very close attention to cyberattacks: NTT, a massive, multinational internet "backbone" company, and Renesys, a global internet-monitoring firm. Neither firm, Biddle reported, saw evidence of the Spamhaus-Cyberbunker beef amounting to much.
There are plenty of real-deal cyber threats, but this one, he demonstrated, was little more than hype fueled by a self-promoting internet security firm that I won't name on principle.
Basically, the media can't get its story straight on the seemingly always-imminent internet meltdown. One day everything's under control; the next day all hell is breaking loose. In fact, in the case of The New York Times, the juxtaposition of those narratives came on sequential days. The paper's cyberattack story made its front page March 27; the day before, its front page featured a maddening story titled "Luring Young Web Warriors Is a Priority. It's Also a Game."
The gist of the report was that the Department of Homeland Security is enthusiastically recruiting mischievous young American hackers to combat evil foreign hackers who have been targeting government and private computer systems. Homeland Security has announced plans to hire 600 such hackers and has been working with security consultants on recruiting efforts, including the creation of a "Cyber Aces" hacking tournament for teens.
The maddening part of the Times report is that it made no mention of the fact that the federal government has zero credibility with the hacker community right now. Especially in the wake of the the January suicide of Aaron Swartz, a brilliant young programmer who was facing an overblown case the U.S. Justice Department mounted against him for using a clever hack to download millions of scientific articles from the JSTOR (Journal Storage) database through a Massachusetts Institute of Technology server.
It was a stunt he pulled not for personal gain (there's no black market for obscure journal articles), but to call attention to his ongoing campaign against profiteering in academia, as I noted in this space in January. "The world's entire scientific and cultural heritage," Swartz wrote back in 2008, "published over centuries in books and journals, is increasingly being digitized and locked up by a handful of private corporations. ... It's outrageous and unacceptable."
Swartz never actually released the articles he downloaded -- he returned them to JSTOR, which settled with him and opposed the government's prosecution -- but the Justice Department still threatened him with $4 million in fines and decades in jail in an attempt to force him to accept a plea bargain.
The bitter irony is that after Swartz's death, the Obama administration essentially declared that it agreed with him. A memorandum issued in February by the White House Office of Science and Technology Policy directed agencies involved with federally financed academic research to develop "clear and coordinated policies" to make such information publicly available within a year of publication -- i.e., to remove such works from behind the profiteering paywalls Swartz so vehemently opposed.
The U.S. Justice Department, meanwhile, insists that it stands by its prosecution of Swartz. (It had no choice but to dismiss the case, though, given the death of the defendant.) And the federal government continues to go after the wrong people, like Andrew Auernheimer, a hacker who exposed a security flaw in AT&T's servers that allowed him to access the private email addresses of a subset of iPad users. He did nothing malicious with those addresses, but he did tell Gawker about the exploit, and the blog ran a post titled "Apple's Worst Security Breach: 114,000 iPad Owners Exposed" in June 2010 that was deeply embarrassing for both AT&T and Apple.
You might think that Auernheimer, like Swartz, would be exactly the kind of guy Homeland Security would be interested in recruiting. A couple weeks ago, though, Auernheimer was sentenced to three and a-half years in prison.
But back to the media narrative du jour: The digital sky is falling! Hackers are causing internet Armageddon! Wait, never mind, not quite yet! Also: The Justice Department thinks all hackers are cyber terrorists! And: Homeland Security loves hackers and wants to hire them!
It can't be all of those things at once. Though somehow it is.
Simon Dumenco is the "Media Guy" media columnist for Advertising Age. You can follow him on Twitter @simondumenco.