Cyber Vigilantes: Should We Cheer or Fear Them?
The ongoing drama starring hacker group Anonymous and beleaguered security company HBGary has taken a startling twist: In the wake of HBGary CEO Aaron Barr resigning, a group of House Democrats plans to use information gleaned from stolen electronic documents to launch an investigation of HBGary Federal along with two other federal tech contractors for plotting to attack and discredit pro-union opponents of the U.S. Chamber of Commerce, according to reports.
The latest development once again raises the question of the role so-called hacktivists -- members of Anonymous, supporters and contributors to WikiLeaks, white-hats who publicly disclose security vulnerabilities -- play in our world. They seem to fit best in the category of "vigilante," pushing both legal and ethical boundaries for often subjective greater good. The question remains, however, just where the line is drawn between a cyber vigilante who is more like Batman, and one who is more like the Joker.
Dirty politics 2.0
House Democrats are seeking to investigate an alleged plan by HBGary Federal, Berico Technologies, and Palantir Technologies, collectively dubbed Team Themis, to attack and discredit the Chamber's critics using unsavory and arguably illegal cyber-based techniques. These tactics are all laid out in the documents stolen and publicized by Anonymous.
The alleged tactics include planting false documents, such as fake financial information, for Chamber opponents to find. Were an opponent to make public the documents, the Chamber would prove them false, thus discrediting and embarrassing the opponent in the process.
Another tactic entails creating two fake online personas to infiltrate activist websites. One persona would achieve a trusted status by discrediting the other to gain access to insider information.
Yet another tactic, one the group allegedly engaged in already according to the stolen emails, is culling personal information about anti-Chamber activists, such as family and religious data.
Consider the source?
This aforementioned -- and again, alleged -- plot is troubling, no question. But also troubling is how quickly some members of Congress seek to use illegally acquired information to further their own political agenda.
For example, the forthcoming letter from lawmakers calling for the investigation in Team Themis describes the group's alleged plot as "deeply troubling," observing that "tactics developed for use against terrorists may have been unleashed against American citizens," according to the Washington Post.
The rhetoric is loaded, and the lawmakers who are shocked and appalled by Team Themis's alleged plan seem to conveniently ignore the fact that the same plan was revealed through tactics that also could be used against terrorists. Additionally, this plot was, in fact, unleashed against American citizens -- yet they were citizens who apparently were concocting naughty, naughty schemes.
Therein lies the ethical dilemma: Do the ends here justify the means? If there is an investigation and one or more people are indeed found guilty of plotting illegal activities, do we cheer for Anonymous?
Out of sight, out of mind?
Also, do cyber vigilantes have more leeway than criminals who engage in nontechnological techniques, the way some people might not view downloading pirated music in the same light as stealing a physical CD from the store?
For example, would supporters of Anonymous view this situation differently if a group of masked men and women broke into HBGary, Berico, and Palanti in the dead of night, stole computers or drives containing the various damning files, and shipped them to a contact in the House of Representatives?
The same questions can be asked of the group's successful hacking of Westboro Baptist Church's website over the weekend. The church arguably goaded Anonymous -- possibly as part of a publicity stunt -- to the point that Anonymous attacked. People who oppose the WBC -- notorious for adopting an offensive Web address -- will likely shed no tears; they may even cheer for Anonymous. But does that make Anonymous's actions, the defacement of a legitimate religious group's website, acceptable? Would supporters of the act view it differently if a group of men and women physically defaced the WBC's headquarters with spray paint?
These questions doesn't apply to Anonymous only, either. What about the group Goatse Security, that last June revealed thousands of email addresses of iPad users it had mined via a hole in AT&T's website in order to punish to company for not notifying customers their information had been stolen? Or Google security engineer Tavis Ormandy, who made public a vulnerability in Windows XP in an effort to get the company to fix the problem more quickly? What about the creators and defenders of WikiLeaks, some of whom readily engage in illegal activities in the name of freedom of speech?
Again, it's a complicated question, and there's no cut-and-dry answer. It's evident, however, that cyber vigilantes are out there, and they are proving themselves ready and willing to take drastic actions to further their causes. Whether or not you support their tactics, you almost certainly don't want to make enemies of them, a fact that has no doubt become entirely clear to now-former HBGary CEO Aaron Barr.
This story, "Should we cheer or fear cyber vigilantes like Anonymous?," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.