With the recent arrest of an Irish student for hacking, Emer Sugrue takes a look at the trend of incompetence in technology, and the treatment of those who expose it.
While hacking is not as glamorous or all-powerful as portrayed in fiction, it is still a problem faced by official institutions. Last month Donncha O’Cearbhaill, a first-year Trinity student, was arrested for allegedly hacking into and recording a conference call between the FBI and SOCA, the UK’s Serious Organised Crime Agency. The call was to discuss international plans for dealing with the hacking groups Anonymous and Lulzsec, of which O’Cearrbhaill is a member, and he duly put the contents of the exchange on Youtube. He has been charged in the US with one count of computer hacking conspiracy and one of ‘intentionally disclosing an unlawfully intercepted wire communication’, facing up to fifteen years in prison if found guilty. For context, the average time served for murder in Ireland is twelve years.
This was not O’Cearbhaill’s first offence. Last year he hacked into the Department of Foreign Affairs simply by guessing their passwords. Three of the passwords used by these government officials was ‘password’. The alleged hacking above stretched Mr. O’Cearbhaill’s supernatural hacking skills even further. The Gardaí have an email system designed specially by the foreign consultancy firm Accenture at a cost to taxpayers of sixty-one million euro, which is apparently so faulty that it is standard practice to forward emails to private unsecured Gmail accounts, which is what one hapless member of the Gardaí’s Computer Crime Investigation Unit did with the details of the conference call. O’Cearbhaill already had access to this Garda’s account because he had, once again, guessed the password.
The question is not whether it was illegal or even wrong; of course it was. It’s the digital equivalent of breaking into the Taoiseach’s office just to tip-ex “HA HA HA” on his desk. But if the person breaking in was a security expert and Enda Kenny didn’t know how a door worked, there might be a better use for the burglar than letting him rot.
This astonishing level of technical misunderstanding is endemic in world institutions. The generation in charge has very little understanding of computers, despite the huge number of social and criminal interactions that take place through them. This was not a dedicated terrorist organisation using the information to blackmail or destroy, it was a bored teenager doing it for a laugh. The CCIU not only couldn’t stop him, they couldn’t choose a more inventive password than ‘password’. The huge gaping flaws in the system have been exposed with no malice, and instead of making an effort to fix the system, they are throwing the people who revealed it in jail.
If this is the kind of lazy incompetence at the highest levels of our state, it’s hardly surprising that that same generation of people managed to destroy the country. We have seen the institutions of this country collapse around our ears in the last five years. They have mismanaged the government, the banks, the hospitals, and the police, and we are the ones who have to pay for their stupidity. We are the ones who face unemployment, fees, pay cuts, and tax increases to cover for the mistakes they have made. And when someone comes forward and reveals that the emperor has no clothes, they are punished. We are in a society that always shoots the messenger.
This isn’t corruption, it’s incompetence. Corruption isn’t good, but it implies that the corrupt are at least able to achieve something if given proper motivation. Incompetence is worse, because it can’t be either fixed or deterred. If we continue this tactic of shutting up whoever dares to show a flaw in the system, whether it is in law enforcement, government, or finance, we are doomed to repeat these mistakes over and over again. In the lead-up to the economic crisis many people cried out about what was going on, and how it couldn’t last, and they were silenced and scoffed at. Do we need a technological crisis before hackers are taken seriously?
Here’s a suggestion for any institution finding themselves hacked: Hire the hackers. Hire the people who find the loopholes; they clearly understand the system better than you do. Hacking is not as thrilling or mighty as it is often portrayed to be. It’s not a femme fatale in a catsuit fighting to recover her identity, it’s not a Hollywood nerd who’s only pretension to intellectualism or unattractiveness is a pair of glasses, nervously typing in an abandoned warehouse, ready to pull a gun out when the bad guys arrive, and it’s not a terrorist group trying to take down the indulgent bourgeoisie. Hacking is some teenager dicking around on a laptop while drinking Revamp, and if he can outwit a system purpose-built by highly paid officials, they are the ones who are at fault.