Are you tired of news outlets, official, mainstream, counterculture, blogosphere, or militant (did I miss any?) spouting nonsense about hackers and security in general? While they’ll likely never get the moniker “hacker” used precisely right, we can at least hold them accountable for the crap they peddle as “news” about “hackers”.
Let’s start with foreign government “hackers”. If a government sponsored agent is attempting to break into a foreign government computer system, they are “hacking”, but they are not “hackers”. They are espionage agents. Criminals in one country, patriot in another. Some portion of foreign activity is state sponsored, and hence, is not hackers. Could we argue that these official or unofficial subcontractors in hostile security are in fact “hackers”? Sure, but then how to differentiate the regular hackers, the non-government sponsored bunch? We’d need to start clarifying them all as State Sponsored Hackers or Non-State Sponsored Hackers, with further breakdowns for official and unofficial. It’s easier just to call them agents, criminals, or spies who are using hacking techniques. But don’t call them hackers, because they’re not. While hackers have a variety of reasons for hacking, state activities is not one of them. It crosses a line. It’s like saying a police agent using Metasploit is a hacker. They’re not. They’re cops. Or police. The FBI does not employ “hackers”, it employs agents and uses subcontractors who use hacking techniques, but who are not hackers. Except maybe on the weekends, but that’s like having a secret identity, and if they get caught, they lose their official jobs.
Now lets look at the idiocy that is numerical misuse. To state that Company X is attacked 600,000 times a day is like saying that my internal combustion driven automobile explodes 20,000 times on my way to work. You reporters and bloggers peddling this plotz are IDIOTS. We mostly knew that already, but this is low hanging evidence that you’ll spew just about anything to fill space or drive revenue, regardless of sensibility. You’re terrible at the job of reporting and wouldn’t know a fact check if it ran up and bit you on the nose. Using the logic that produced “600,000 times a day” we can look at almost ANY WEBSITE ON THE ‘NET and find similar figures. So why didn’t you report that? Because Company X will drive more traffic, or is more impressive, or is what one person was truly interested in, and the rest of the blogosphere just gobbled it up and reprinted it to fill their pockets.
And by the way, 600,000 times a day for illicit access attempts is lightweight given the size of that particular company and its profile. A better story would have started with “Why does Company X only get 600,000 attempts at password breaking each day” when comparable sites can be hit millions of times in one day. That’s news, them not getting attacked more often. Finding out they get attacked is not news. Thinking that it is a high amount is not news, it’s just an indicator of the condition (IDIOCY in case you forgot). Checking on norms and numbers and arriving at a startling realization that is backed up with facts, now that is news worth printing. And plagiarizing.
So instead of just spewing drivel, make a decision. Either get out of the IDIOCY business you’re in or start doing some meaningful reporting. And this is copyrighted 2011 Digital Trust, LLC, in case you forgot.