ROBIN HOOD HACKERS
It’s revealing to compare the media coverage of the Paradise Papers hack to that of other high-profile data thefts.
It’s mostly been referred to in headlines as a ‘leak’ rather than a ‘hack’ for a start. An entirely accurate description, admittedly, but it certainly underplays the role of the data thief.
The focus, of course, is on the public figures – the Queen, Tory donor Lord Michael Ashcroft and Canadian Prime Minister Justin Trudeau – who have squirreled away millions of dollars into offshore bank accounts. Bono’s presence is particularly delicious for those who see his philanthropy as ostentatious and hypocritical.
By contrast, the Guardian used the words ‘stolen’ and ‘cybersecurity’ in the opening sentence of its report of the Equifax hack.
The Telegraph – hardly the scourge of the super-rich – relegated the security dimension to a secondary role, saying in the first sentence that “the 13.4 million files [obtained] show the complex financial dealings of the super-rich and major global corporations.”
In other words, it is the contents of the information stolen that is of interest, not the criminality of the hack.
Public interest defence
There is a sense with this breach, and in many similar scenarios, that the hackers have a public interest defence – in the minds of the public, if probably not in those of any judge passing judgement.
When 143 million ordinary Americans have their personal information compromised, nothing but sympathy is forthcoming. But sympathy is in short supply in this case.
Living with stagnating incomes and severe cuts to public services since the 2009 crash, the public is in mood to sympathise with tax-dodging billionaires.
The hack is a reminder that cybercrime is sometimes motivated by loftier aspirations than making money
The case shows how perceptions of morality and criminality do not always converge. The hackers were unequivocally committing a crime as they exposed financial activities that probably weren’t illegal in many or all cases (although that remains to be seen).
Should the hackers ever be apprehended – which is doubtful – they will probably be cheered as they enter court.
The hack is a reminder that cybercrime is sometimes motivated by loftier aspirations than making money (although that is the driver in most cases). As well as doing it for the sheer thrill, hackers do it to expose injustice, for political ends or even to redistribute money Robin Hood-style.
And if you want to take on the Man, then hacking is a highly appealing way of doing it: The impact can be profound (the Paradise Paper case shows), the chances of getting caught are fairly low and you needn’t encounter physical violence or even leave your home to do it.
“You used to have to sneak into offices to leak documents. You used to need a gun to rob a bank. Now you can do both from bed with a laptop in your hand,” wrote Robin Hood hacker ‘Phineas Fisher’ in his ‘DIY Guide to Hacking.
“Intruders won’t be found”
Ilia Kolochenko, CEO of cybersecurity firm High-Tech Bridge, said: “Seems that this is another major hacking case where intruders won’t be found and prosecuted. Notwithstanding the allegations of wrongdoing offshore, a crime cannot be justified by investigation of unlawful activities. Victims should explore various legal avenues to claim damages, which may be quite significant.”
In an email sent to their clients, Appleby, the law firm whose data was breached, admitted that the hack on their servers occurred in October 2015. By the time the breach was spotted in May 2016 the files had already been accessed several times.
Said Kolochenko: “Law firms have become a very attractive target for cybercriminals. Hacking of their clients is quite costly, will likely be detected and investigated, and almost certainly will cause very serious counter-actions.
“Many law firms still carelessly rely on the law for data protection, but this is in vain. Paucity of financial resources and lack of qualified personnel preclude law enforcement agencies from investigating and prosecuting the vast majority of crimes committed in digital space. This creates a very dangerous atmosphere of unlawfulness and impunity in the Internet, undermining trust in the government and its ability to protect our society.
“It may be a good moment to think about imposing obligatory data security standards on law firms and practicing attorneys. Their data deserves at least the same level of protection as data of companies under PCI DSS or HIPAA compliance. Otherwise, visiting attorneys will become a very risky practice.”
Appleby understandably focused on legalities: “Appleby has thoroughly and vigorously investigated the allegations and we are satisfied that there is no evidence of any wrongdoing, either on the part of ourselves or our clients.
“We refute any allegations which may suggest otherwise and we would be happy to cooperate fully with any legitimate and authorised investigation of the allegations by the appropriate and relevant authorities.”
“Having researched the ICIJ’s allegations we believe they are unfounded and based on a lack of understanding of the legitimate and lawful structures used in the offshore sector.”
David Burt, the Premier of Bermuda, said: “We maintain high vigilance on any and all criminal activities, including cyber, as well as requiring leading standards on tax and transparency of all who do business here. We will not tolerate non-compliance in any of these areas, and are reviewing this incident and related matters, and will take any further action as required.”
Free Download: the CyberSecurity Crashcourse
Are you even aware if you have been the victim of a cybersecurity breach? This report will help you to find out and protect yourself, Eric Hansleman from 451 Research presents a rapid-fire overview of cybersecurity, because a firewall just won’t do, you need multi-layered defences to truly protect your data.