Hackers Don’t Do It For the Money. It’s Much Darker Than That.

Hackers use their skills to hold people and companies hostage, usually under the guise of financial blackmail. But the motivations behind the hacker dynamic goes far beyond the profit motive. When a hack occurs, trust erodes, and when that happens, society begins to question what is real and who they can believe.

WannaCry was plastered all over social media for two weeks while major corporations, governments, and even my mom scrambled to update operating systems and plug holes in their IT infrastructure. It was a flurry of action with draconian undercurrents, and for the perps who delivered it, the result of their ransom attack netted them about $140,000. Considering the amount of chaos that resulted from the attack, that’s chump change.

People like to point out that hackers don’t do it for the money. It’s about the challenge and the ability to hoodwink those in power. OK, maybe there’s something Robin Hood’ish in that, in sort of a dark, twisted way. But what gets lost in the narrative of the disgruntled, wacky hackers is that some very real damage is done when they pry their way into places where critical work gets done. I’m not talking about the work of number crunching or transacting tenths of points on a bond. I’m more concerned with hacking that cuts too close to the essence of trust – in our businesses, in our government, and across the fabric of our society.

A hacker can deploy some simple, but malicious code, collect $140,000, and become a hero to coders and anarchists across the planet. But eventually, costs to those affected are recovered and patches are put into place and some of us get smarter about preparing ourselves and becoming less vulnerable. In those cases, we have assets to protect and it’s in our own interest to protect them. We may not like a 24 character password or hiring more admins to audit our S3 bucket configurations, but we do it and it acts as a form of insurance. How do we do bake into people’s brains the notion that security never stops and is never solved?

The damage to our institutions systems is incalculable, but it’s not about financial cost. How do we protect it? How do I ensure that my vote is properly counted? This is no doubt tricky; when it’s my data, I am responsible, in many ways, for who sees it. But there is less control over how it’s shared. The issue then becomes one of the demands and expectations I place on the vendors and organizations I entrust my business to.

Alan Greenspan, the former Chairman of the Federal Reserve, noted in his autobiography that he’s amazed at how many transactions in our modern society are still handled without contracts. Even in today’s digital age, so many agreements are made with just a handshake to seal the deal. But as we rely more on technology, that trust has to be insured with something more.

This isn’t an Orwellian scenario as much as it’s one about lack of vigilance. We have something worth protecting. We also happen to live at a time when technology can give us efficiencies and conveniences. The promise has been that in the realm of society and government, technology could bring citizens closer to decision-making and the wheels of power. It can make us more informed and better able to participate in what’s happening in the world. That’s good. But when we act on what we know, we have to have assurances that companies won’t leave S3 buckets open and vulnerable, or are blase about protecting customer data. It’s a lot to ask. But it’s not too much to ask.

The freedoms that technology provides us must be met with controls, monitoring, and protective efforts so our foundation remains stable while we continue the business of jousting and debating and doing all the things that help us evolve and improve the world we live in.